MediawikiCIT - User contributions [en]

Business Continuity

2026-02-25T07:26:32Z

CITEditor: Created page with "= IT & Technology Continuity Plan = == 1.0 Objectives == === 1.1 Summary Statement === This document outlines the comprehensive strategy, procedures, and responsibilities for ensuring the continuity of critical IT services in the event of a significant disruption. The plan is designed to be a proactive and actionable guide for the IT team to minimize operational downtime, maintain data integrity, and facilitate a timely and orderly restoration of all essential technol..."

= IT & Technology Continuity Plan =

== 1.0 Objectives ==

=== 1.1 Summary Statement ===

This document outlines the comprehensive strategy, procedures, and responsibilities for ensuring the continuity of critical IT services in the event of a significant disruption. The plan is designed to be a proactive and actionable guide for the IT team to minimize operational downtime, maintain data integrity, and facilitate a timely and orderly restoration of all essential technological services that support the business.

=== 1.2 Problem Statement ===

The organization is heavily reliant on its IT infrastructure for all core business functions. Any significant disruption—ranging from hardware failure and cyberattacks to natural disasters—poses a direct threat to operational continuity, leading to potential financial loss, reputational damage, and an inability to serve customers. Without a formal, tested continuity plan, the response to such incidents would be reactive, disorganized, and inefficient, magnifying the impact of the disruption.

=== 1.3 Key Result Areas & S.M.A.R.T. Goals ===

* '''1.3.1 KRA 1: Service Availability'''
** '''Goal:''' Achieve a Recovery Time Objective (RTO) of less than 4 hours for High Priority systems (ERPNext, NextCloud) following a declared disaster.
** '''Deliverable:''' A fully restored and functional ERPNext instance at the designated DR site, validated within 4 hours during the quarterly drill.
* '''1.3.2 KRA 2: Data Integrity'''
** '''Goal:''' Ensure a Recovery Point Objective (RPO) of less than 1 hour for ERPNext and less than 2 hours for NextCloud.
** '''Deliverable:''' Implement and verify automated, hourly backups for ERPNext and bi-hourly backups for NextCloud, with daily reports confirming success.
* '''1.3.3 KRA 3: Infrastructure Resilience'''
** '''Goal:''' Ensure 100% of critical systems are protected from common power and environmental failures.
** '''Deliverable:''' All critical servers, network hardware, and storage are connected to a tested Uninterruptible Power Supply (UPS). Documented graceful shutdown procedures are tested semi-annually.
* '''1.3.4 KRA 4: Plan Readiness'''
** '''Goal:''' Validate the effectiveness of the DR plan and team preparedness on a consistent basis.
** '''Deliverable:''' Conduct and document quarterly restoration drills for at least one critical system, and full-team tabletop exercises semi-annually.

=== 1.4 Background ===

This plan is established as a core component of the organization's overall Business Continuity strategy. It recognizes that IT is a foundational pillar of business operations and that its resilience is paramount. This document formalizes previously informal processes, introduces auditable procedures, and assigns clear responsibilities to ensure a coordinated response to any IT incident.

== 2.0 Scope ==

* '''2.1 Systems Covered:''' This plan applies to all critical IT infrastructure, including virtualized environments (Docker), network hardware (PFSense firewalls, switches), and data storage (Synology, TrueNAS).
* '''2.2 Locations Covered:''' Makati Office, Tech Center (TC), and Cabuyao Manufacturing Plant.

== 3.0 Definitions ==

* '''BCP (Business Continuity Plan):''' The overall organizational plan for maintaining business functions.
* '''DR (Disaster Recovery):''' The subset of BCP focused on restoring IT infrastructure and operations.
* '''RTO (Recovery Time Objective):''' The maximum tolerable duration of an outage for a specific system.
* '''RPO (Recovery Point Objective):''' The maximum acceptable age of data that can be lost in an outage.
* '''Docker:''' A containerization platform used to package applications and their dependencies, enabling portability and rapid deployment.

== 4.0 References ==

=== 4.1 Organizational Process Assets ===

* 171023 CSC Basic Documentation Methodology
* 180818 IMS-01 MS DESCRIPTION (C).pdf

== 5.0 Responsible Parties and Roles ==

* '''IT Super Admin:''' Overall authority for plan activation, critical system changes, and privilege delegation during an incident.
* '''IT Admin Team:''' Responsible for executing recovery procedures, monitoring system status, and validating data integrity post-recovery.
* '''Site IT Personnel:''' First responders for on-site issues, responsible for local hardware management and assisting the central IT Admin team.

== 6.0 IT Continuity Processes ==

=== 6.1 System Monitoring ===

Proactive monitoring is the first line of defense, enabling the IT team to identify and address potential issues before they escalate into major incidents.

==== 6.1.1 Monitoring Scope ====

* '''Hardware Health:''' Monitor CPU temperature, disk health (S.M.A.R.T.), memory usage, and power supply status on all physical servers and NAS devices (Synology, TrueNAS).
* '''Network Performance:''' Track bandwidth utilization, latency, and packet loss on firewalls (PFSense), switches, and key network links. Monitor VPN tunnel status (Wireguard).
* '''Docker Container Health:''' Use tools like Portainer to monitor the status (up/down), resource consumption (CPU/RAM), and logs of all critical containers.
* '''Application Performance:''' Implement basic checks to ensure key applications (ERPNext, NextCloud, WordPress) are responsive.
* '''Backup Job Status:''' Monitor backup logs daily to confirm successful completion, check for errors, and verify data transfer volumes.
* '''Security Logs:''' Centralize and review logs from firewalls, servers, and key applications for unusual or malicious activity.

==== 6.1.2 Monitoring Tools ====

* '''Portainer:''' For real-time monitoring and management of all Docker containers.
* '''PFSense Dashboard:''' For network traffic, gateway status, and VPN monitoring.
* '''Synology/TrueNAS UI:''' For storage pool health, disk status, and hardware alerts.
* '''Custom Scripts/Alerts:''' Implement scripts to send email or messaging alerts for critical events, such as backup failures or high resource utilization.

=== 6.2 Backup and Restoration Policy ===

A multi-layered backup and restoration strategy is crucial for data protection and system recovery.

==== 6.2.1 Policy Regarding Backups and Restores ====

* '''Inventory of Systems:''' All critical systems will be inventoried with their designated backup schedule and recovery priority. Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) should be defined for each.
* '''Critical Systems Inventory (Virtual Machines - Docker Containers):'''

{| class="wikitable"
! System !! Priority !! RTO !! RPO
|-
| '''ERPNext (Dr)''' || High Priority || < 4 hours || < 1 hour
|-
| '''NextCloud (Dr)''' || High Priority || < 4 hours || < 2 hours
|-
| '''WordPress (Dr)''' || Medium Priority || < 8 hours || < 24 hours
|-
| '''NGINX Proxy Manager (Dr)''' || High Priority || < 2 hours || < 24 hours
|-
| '''Wireguard GUI (Dr)''' || High Priority || < 2 hours || < 24 hours
|-
| '''Portainer (Dr)''' || High Priority || < 2 hours || < 24 hours
|-
| '''SYNX (Synology Drive Sync) (Dr)''' || Configuration backup || < 4 hours || < 24 hours
|-
| '''Cicada (Dr)''' || (Define Priority) || (Define) || (Define)
|-
| '''Synopsis (Dr)''' || (Define Priority) || (Define) || (Define)
|}

* '''Restoration Tests:''' Full restoration drills for at least one critical system will be conducted quarterly. Individual file/data restoration tests will be conducted monthly to validate backup integrity. All test results will be documented.

==== 6.2.2 3-2-1 Backup Policy ====

* '''Three Copies of Data:''' We will maintain the primary data and at least two additional backups.
* '''Two Different Media:''' Backups will be stored on physically separate systems (e.g., primary server to a TrueNAS/Synology unit).
* '''One Off-site Copy:''' A complete backup copy will be maintained at a different geographical location to protect against site-wide disasters.
** '''Makati Data:''' Primary on local Synology, with an off-site copy synced to the Tech Center.
** '''Tech Center Data:''' Primary on local servers, with an off-site copy synced to the Cabuyao Plant.

==== 6.2.3 Virtualization & Containerization (Docker) Policy ====

* '''Strategy:''' The use of Docker containers simplifies disaster recovery by ensuring application environment consistency. Recovery focuses on restoring persistent data and re-deploying the container configuration.
** '''Backup Process:'''
*** '''Persistent Data:''' All Docker containers MUST use mounted volumes for persistent data. These volumes will be included in the host machine's regular backup schedule.
*** '''Configuration:''' Docker Compose (<code>docker-compose.yml</code>) files for all application stacks will be stored in a version-controlled repository (e.g., a local Git server) which is also backed up.
** '''Recovery Process:''' To restore a service, the IT team will:
*** Restore the persistent data volume from backup to a new host.
*** Pull the corresponding <code>docker-compose.yml</code> file.
*** Run <code>docker-compose up -d</code> to recreate the application stack. This allows for rapid and consistent redeployment on any machine with Docker installed.

=== 6.3 Risk Management ===

A structured approach to identifying, assessing, and mitigating risks to IT operations.

* '''6.3.1 Risk Identification:''' The IT team will hold an annual workshop to identify potential risks across categories: technical (e.g., hardware failure), operational (e.g., human error), and environmental (e.g., typhoon, power outage).
* '''6.3.2 Risk Analysis & Evaluation:''' Each identified risk will be evaluated based on its likelihood and potential impact on business operations. This will be used to prioritize mitigation efforts.
* '''6.3.3 Risk Treatment:''' For each significant risk, a mitigation strategy will be chosen:
** '''Accept:''' For low-impact/low-likelihood risks.
** '''Mitigate:''' Implement controls to reduce the likelihood or impact (e.g., redundant hardware, UPS).
** '''Transfer:''' Shift the risk to a third party (e.g., insurance, cloud services).
** '''Avoid:''' Change processes to eliminate the risk entirely.
* '''6.3.4 Monitoring & Review:''' The risk register will be reviewed and updated quarterly or after any significant incident.

=== 6.4 Disaster Recovery (DR) Scenarios ===

==== 6.4.1 Scenario: Manpower Disruption & Function Redundancy ====

* '''Description:''' Key IT personnel are unavailable due to illness, resignation, or other emergencies.
* '''Mitigation & Response:'''
** '''Documentation:''' All system configurations, procedures, and network diagrams are to be kept up-to-date in a central repository (e.g., NextCloud).
** '''Cross-Training:''' At least two team members must be trained on the recovery procedures for critical systems (ERPNext, NextCloud, Core Networking).
** '''Password Management:''' Critical system credentials will be stored in a secure, shared password manager accessible to authorized IT personnel.
** '''Succession Plan:''' A clear succession plan for the IT Super Admin role will be documented.

==== 6.4.2 Scenario: Malware and Security Breach ====

* '''Description:''' A ransomware attack or other security breach compromises servers and data.
* '''Mitigation & Response (Incident Response Plan):'''
** '''Isolate:''' Immediately disconnect the affected systems from the network to prevent further spread.
** '''Investigate:''' Determine the entry point and scope of the breach without compromising evidence.
** '''Eradicate:''' Remove the malware and patch the vulnerability.
** '''Recover:''' If systems are unrecoverable, perform a bare-metal restore. Wipe the affected systems, reinstall the OS, and restore configurations and data from a clean, verified backup (taken before the breach).
** '''Post-Mortem:''' Document the incident and implement changes to prevent recurrence.

==== 6.4.3 Scenario: Branch Disruption ====

* '''Description:''' A primary site (e.g., Makati Office) becomes completely inaccessible due to fire, natural disaster, or other major event.
* '''Mitigation & Response:'''
** '''Activation:''' The IT Super Admin declares a disaster and activates the DR plan.
** '''Failover:''' Operations will failover to the designated DR site (e.g., Tech Center for Makati).
** '''System Recovery:''' The IT Admin Team will begin restoring critical systems at the DR site using the off-site backups. The Docker recovery process (6.2.3) will be initiated for containerized applications.
** '''Network Rerouting:''' DNS records will be updated to point to the services running at the DR site.
** '''Communication:''' All employees will be notified of the situation and provided with new access instructions (e.g., updated VPN details).

==== 6.4.4 Scenario: ISP Telecom Outages ====

* '''Description:''' The primary internet connection at a key site fails.
* '''Mitigation & Response:'''
** '''Redundancy:''' Maintain a secondary, backup internet connection from a different ISP at the Tech Center and Cabuyao Plant.
** '''Automatic Failover:''' The PFSense firewall will be configured to automatically failover to the secondary ISP if the primary connection is lost.
** '''VPN Stability:''' The Wireguard VPN will be configured to function over either connection, ensuring remote and inter-branch connectivity is maintained.
** '''Communication:''' If both connections fail, use mobile data hotspots for essential communication and coordination.

==== 6.4.5 Scenario: Power and Water Interruptions ====

* '''Description:''' Short-term or long-term power outages, or water damage to the server room.
* '''Mitigation & Response:'''
** '''UPS:''' All servers, network equipment, and NAS devices are connected to an Uninterruptible Power Supply (UPS) to allow for graceful shutdown during short outages.
** '''Generator:''' For sites with a generator, procedures for starting and switching over will be documented and tested.
** '''Graceful Shutdown:''' If a prolonged outage is expected and no generator is available, a documented shutdown sequence will be initiated to prevent data corruption.
** '''Environmental Monitoring:''' Implement temperature and humidity sensors in server rooms to alert for HVAC failures or water leaks.

==== 6.4.6 Scenario: Limited On-site Access / Remote Work Mandate ====

* '''Description:''' Access to physical offices is restricted due to health crises, civil unrest, or other external factors, forcing all work to be done remotely.
* '''Mitigation & Response:'''
** '''VPN Capacity:''' Ensure the Wireguard VPN can handle the entire workforce connecting simultaneously. Monitor bandwidth and server performance.
** '''Remote Access:''' Confirm all critical applications (ERPNext, NextCloud) are accessible and performant over the VPN.
** '''Endpoint Security:''' Enforce security policies on remote devices (antivirus, disk encryption, secure passwords).
** '''Communication:''' Utilize cloud-based communication and collaboration tools to maintain operational effectiveness.

== 7.0 Documentation ==

''(This section will be detailed to outline the schedule and scope of BCP/DR testing.)''

== 8.0 Plan Review & Improvement ==

''(This section will be detailed to establish a formal process for reviewing and updating this plan annually or post-incident.)''

[[Category:IT Procedures]]
[[Category:Business Continuity]]
[[Category:Disaster Recovery]]
[[Category:Comfac]]

🌐 WordPress Website — You Own Everything, Learn Everything

2026-02-25T07:25:59Z

CITEditor: Created page with "= WordPress Website — You Own Everything, Learn Everything = == 1. Overview == We provide a '''complete WordPress setup''' where '''you own everything''' — domain, hosting, and content. Unlike paid hosting services that charge yearly and can lock you out of your own domain, this model gives you '''full control and zero recurring hosting costs'''. The only recurring fee is your '''domain registration via Cloudflare''' — typically '''₱400–₱2,000/year''', wit..."

= WordPress Website — You Own Everything, Learn Everything =

== 1. Overview ==

We provide a '''complete WordPress setup''' where '''you own everything''' — domain, hosting, and content. Unlike paid hosting services that charge yearly and can lock you out of your own domain, this model gives you '''full control and zero recurring hosting costs'''.

The only recurring fee is your '''domain registration via Cloudflare''' — typically '''₱400–₱2,000/year''', with free SSL, CDN, and security. Your one-time '''CAPEX cost''' for hosting hardware is about '''₱3,000''' for a Thin Client used as your home web server.

=== The Trade-Off ===

Traditional web hosting services charge between '''₱15,000–₱30,000 per year''' for hosting and custom email domains — and can hold your website or domain hostage if you stop paying. With our solution, your total annual cost is just '''₱400–₱2,000''', plus a '''₱60,000 setup fee''' for professional configuration and training.

You can also choose to work with our '''System Administrator students''', who can perform the same setup for much lower cost. However, if you prefer '''faster turnaround, higher reliability''', and consistent aftercare, our '''experienced professionals''' are the better choice over freelancers who may not always be available.

== 2. Hardware Setup ==

{| class="wikitable"
! Component !! Description !! Typical Cost
|-
| '''Home Web Server''' || Runs WordPress on a '''Thin Client PC''' (₱3,000–₱5,000). Low power, quiet, and stable for 24/7 uptime. || ₱3,000–₱5,000
|}

This setup runs quietly and efficiently for years with minimal upkeep.

== 3. Core Features & Benefits ==

{| class="wikitable"
! Feature !! Description !! Cost Impact
|-
| '''You Own Everything''' || Full control of domain, hosting, and files. || No vendor lock-in
|-
| '''Cloudflare Domain Hosting''' || Cloudflare acts as your domain registrar and DNS manager — offering global CDN, free SSL, and fast DNS resolution. || ₱400–₱2,000/year
|-
| '''Cloudflare Tunnel (Zero Trust)''' || Securely connects your home web server to the internet without exposing your IP. Features include encrypted connections, no port forwarding, and auto-renewing SSL certificates. || Free
|-
| '''Cloudflare Email Routing''' || Provides free email aliasing — route emails from your custom domain to Gmail or another provider. || Free
|-
| '''Shared Domain Management''' || Multiple authorized users can securely manage domain records, settings, and email routing under Cloudflare's shared access system. || Free
|-
| '''Local Web Server''' || Runs on your hardware—no cloud rental fees. || One-time CAPEX
|-
| '''Training Included''' || Learn how to manage, shop, and customize your WordPress site safely. || Included
|-
| '''Open Source Stack''' || Linux, WordPress, Cloudflare, Gmail. || No license cost
|}

== 4. Optional Features ==

{| class="wikitable"
! Feature !! Description !! Cost Impact
|-
| '''Power Protection (UPS)''' || Optional Uninterruptible Power Supply setup to protect against power loss and surges. UPS batteries typically need replacement every 2–3 years for continued reliability. || ₱800–₱2,000 initial, with battery upkeep
|-
| '''Local Backups''' || Optional backup solutions starting at '''₱5,000''' using a ₱3,000 Thin Client + ₱2,000 1TB external drive — which can also serve company operations. Learn more: https://www.comfac-it.com/blog-post/determining-the-backup-for-you || Optional
|}

== 5. Pricing Options ==

{| class="wikitable"
! Package !! Description !! Cost
|-
| '''Professional Setup (Recommended)''' || End-to-end setup, configuration, and 1-on-1 client training on WordPress use and customization. This includes: 2 hours for interview and requirements gathering; 6 hours of service delivery; 2 hours of review and change implementation. || ₱60,000 one-time
|-
| '''Training-Only Package''' || For those who already have WordPress and want to learn domain, hosting, and customization management. || ₱5,000
|-
| '''Student Developer Option''' || Built by trained OJTs under supervision. You pay them directly. || ₱5,000–₱10,000
|-
| '''Cloudflare Domain''' || Domain + SSL + CDN + DNS. || ₱400–₱2,000/year
|-
| '''.PH Non-Cloudflare Domains''' || More expensive (₱2,500–₱10,000/year). We can help you transfer to Cloudflare for lower cost. || Actual registrar fee
|}

== 6. Competing Services Comparison ==

{| class="wikitable"
! Provider Type !! Typical Annual Cost !! Ownership !! Domain Control !! Notes
|-
| Commercial WordPress Hosting & Support || '''₱15,000–₱30,000/year (or more)''' || You rent || Domain often controlled by vendor || Risk of lock-in, forced upgrades
|-
| '''Our Solution''' || '''₱400–₱2,000/year''' || You own || Full control || Minimal recurring cost; optional support available from Comfac-IT trainees or professionals at '''₱5,000/hour''', only when you need it.
|}

== 7. Technical Summary ==

* '''Server OS:''' Debian / Ubuntu
* '''CMS:''' WordPress (latest stable)
* '''Access:''' Cloudflare Tunnel (Zero Trust)
* '''Domain:''' Cloudflare Domain Hosting
* '''Email:''' Cloudflare Email Routing (Alias)
* '''Shared Management:''' Multi-user access control for DNS and domains
* '''Backup:''' Optional, guide: https://www.comfac-it.com/blog-post/determining-the-backup-for-you
* '''SSL:''' Cloudflare Universal SSL
* '''Power:''' Optional UPS setup (battery upkeep every 2–3 years)
* '''Hardware lifespan:''' 3–5 years continuous operation

== 8. Client Training Program ==

We include '''hands-on training''' on:

* How to choose safe WordPress themes and plugins
* How to avoid subscription traps or overpriced "managed" hosting
* How to buy domains and SSL certificates at fair rates
* How to customize your site design and content without paying third-parties
* How to back up, migrate, and restore your site
* How to read basic performance metrics

This empowers you to make '''informed technical and financial decisions''' about your website.

== 9. Typical Workflow ==

# '''Create Cloudflare Account''' — register or transfer your domain.
# '''Select or prepare Thin Client''' — we install and secure WordPress.
# '''Configure Cloudflare Tunnel and Email Routing''' — go live with free HTTPS and secure email forwarding.
# '''Full Handover''' — all passwords and access rights are yours.
# '''Training & Maintenance''' — we guide you on managing updates, backups, and improvements.

== 10. Call to Action ==

Start owning your website — not renting it. For less than ₱2,000 a year in running costs, you can host your own WordPress site safely at home. We'll teach you how to maintain it, shop for upgrades, and customize it confidently.

Message us for a consultation or demo. Choose '''professional setup''' or '''student-built option''' — both are open, transparent, and 100% yours.

== Footnotes ==

=== Why Comfac-IT and its Students Are More Affordable ===

10–20 years ago, website technology was expensive and inaccessible. Today, with '''cloud computing''', many of those costly services — like tunneling and email aliasing — have become '''free or low-cost'''. Yet, many hosting companies still charge '''₱15,000–₱30,000/year''' because their long-term clients don't realize better options now exist.

In the Philippines, the IT market remains '''underpriced compared to developed countries''', where populations rely on immigrant labor to sustain growth. '''Comfac-IT's goal''' is to make professional-grade IT services '''accessible and transparent''' — allowing small businesses to break free from high marketing costs and the '''Facebook monopoly'''.

As most Filipinos depend on Facebook as their primary online platform, many businesses have become captive to its algorithms and inflated ad prices. Bots now dominate much of the platform — when you pay for ads, '''bots fill the comments with malicious links, scams, and spam''', making ads unsafe and difficult to manage. If you disable comments, '''Facebook's algorithm punishes your page with lower engagement''', forcing businesses to pay even more for visibility.

Having your '''own website''' gives your business an independent online presence — one that can be discovered via '''AI and web searches''', not trapped within social media's ecosystem.

=== About Pricing Transparency ===

You can '''shop around WordPress freelancers on Facebook''' — prices range from '''₱30,000 to hundreds of thousands'''. What you pay for with '''Comfac-IT''' is our '''track record, clarity, and reliability''', ensuring you don't have to second-guess your provider or risk unfinished work.

[[Category:WordPress]]
[[Category:IT Services]]
[[Category:Sales]]
[[Category:Comfac]]

Comfac Sales Knowledge Base

2026-02-25T07:25:35Z

CITEditor: Created page with "= Comfac Sales Knowledge Base = == 1. Products and Services == === 1.1. Technology Solutions (Comfac Corporation) === * '''Data Center Design & Build:''' Comprehensive solutions including raised floors, structured cabling (inter-rack), and integration of all critical systems. * '''Power Management Systems:''' ** '''Uninterruptible Power Supply (UPS):''' From basic units to complex systems, including battery management. ** '''Electrical Engineering:''' Diagramming, ele..."

= Comfac Sales Knowledge Base =

== 1. Products and Services ==

=== 1.1. Technology Solutions (Comfac Corporation) ===

* '''Data Center Design & Build:''' Comprehensive solutions including raised floors, structured cabling (inter-rack), and integration of all critical systems.
* '''Power Management Systems:'''
** '''Uninterruptible Power Supply (UPS):''' From basic units to complex systems, including battery management.
** '''Electrical Engineering:''' Diagramming, electrical load scheduling, and calculation.
** Expertise in lighting solutions.
* '''Environmental & Internal Monitoring Systems (EMS):'''
** '''Industrial Controllers & EMS:''' Comprehensive environmental monitoring.
** '''Internal Monitoring Systems:''' Sourced from partners like Linkwise and Calvelo.
** '''Water Leak Detection:''' Critical for protecting hardware assets.
* '''Mechanical Engineering & Cooling Solutions (HVAC):'''
** '''Precision Air Conditioning Units (PACU):''' For precise temperature and humidity control.
** '''Containment:''' Implementation of Cold Aisle and Hot Aisle containment strategies.
** '''Humidity Analysis & Thermography:''' Certified Thermographers provide advanced HVAC analysis.
** '''VESDA (Aspirating Smoke Detection):''' Early warning smoke detection systems.
* '''Security & Safety Systems:'''
** '''Security Systems:''' Access Control, CCTV, and motion sensors.
** '''Fire Detection and Alarm Systems (FDAS):''' ECE-led design and implementation.
** '''Fire Suppression Systems:''' ME-led clean agent fire suppression.

=== 1.2. Workspace Solutions (Cornersteel Systems Corporation) ===

'''Note:''' Cornersteel Systems Corporation is a full-service firm specializing in the marketing and manufacturing of modular and custom-made furniture, as well as architectural and mechanical works for complete workspace fit-outs.

=== 1.3. IT Services and Consulting (Comfac Technology Options) ===

'''Note:''' This section will be expounded upon in the future to detail the full range of application, platform, data, and support managed services.

== 2. The Sales Process ==

=== 2.1. Customer Database Management ===

Comfac's customer database is managed in '''ERPNext'''. The goal is to maintain a comprehensive history of every customer interaction and transaction.

* '''Standard Records:''' Ideally, customer history is captured through standard '''Sales Orders (SO)''' with the naming convention <code>CF-SO-YYMMDD-##</code>.
* '''Historical Data Reconstruction:''' A project is underway to reconstruct past customer data from our '''CICADA archive system''', which contains up to 10 years of accounting data. These reconstructed records will be saved as '''Place Holder Sales Orders (PAST-SO)'''.
* '''PAST-SO Naming Convention:''' <code>CF-PSO-YYMMDD-##</code>. This clearly identifies these records as historical placeholders that may lack complete documentation compared to current sales orders.

=== 2.2. Definitions of Roles & Core Skills ===

While personnel currently multitask, our project-based nature means we shift between specialization (during high client volume for efficiency) and generalization (during low client volume).

* '''Sales Support:''' Specializes in, but is not limited to, responding to inquiries and managing ERPNext modules (CRM, Sales, Projects). This includes updating the Customer DB, generating Leads and Opportunities, managing campaigns, appointment setting, and ensuring all documentation (Sales Orders, Projects, Tasks, Issues, Sales Invoices) is current. They also handle manpower scheduling using SYNX.
* '''Sales Personnel:''' Primarily handle face-to-face client visits and reconnaissance. They physically visit clients to demo products and services and gather observable information about the client's condition and state by applying Business Analysis skills.
* '''Marketing:''' Performs market research, brand management, and executes marketing campaigns to generate qualified leads for the sales team.
* '''Technical Specialists:'''
** '''System Engineer:''' Means all the electrical, mechanical and auxiliary engineers.
** '''IT Specialists:''' Means all the network, system admin, ERPNext specialist, Controller Systems Engineers, and AI developers.
** '''Electrical Engineer:''' Designs and implements power distribution systems, performs load scheduling and calculations, and provides expertise in lighting solutions.
** '''Mechanical Engineer:''' Specializes in HVAC, precision cooling (PACU), containment strategies, and fire suppression systems.
** '''Auxiliary (ECE) Engineer:''' Handles Fire Detection and Alarm Systems (FDAS), security systems (Access Control, CCTV), and other low-voltage systems.
** '''Network/Pfsense Specialist:''' Manages network infrastructure, connectivity, and security, including firewall configuration.
** '''ERPNext Specialist:''' Manages, customizes, and supports our internal ERPNext system.
** '''System Admin:''' Manages the company's internal IT infrastructure, servers, and user support.
** '''Developers:''' Create and maintain software, applications, and system integrations.
** '''AI-Systems Developer:''' Focuses on creating and implementing AI-driven solutions and automation.
** '''Control Systems Engineer:''' Specializes in automation and control systems, including Building Management Systems (BMS).
* '''Business/Process Analysis:''' This is a required skill for all Comfac personnel. It involves diagramming and detailing a client's processes through observation and inquiry. The documented process is then verified and validated by the client's authorized personnel, forming the basis of our proposed solution. This allows us to clearly demonstrate the value and metrics (e.g., time and motion improvements) of our solution.

=== 2.3. Prospecting (Locating Qualified Prospects) ===

This step is about identifying and narrowing down who is worth approaching. The goal is to filter potential buyers into a list of qualified leads.

* '''Marketing Analysis and Research'''
** Study industry trends, competitive environment, and market gaps.
** Identify target industries, regions, and company profiles that align with your solution.
** Evaluate external signals (e.g., regulatory changes, technological shifts, economic conditions) that create opportunities.
* '''Customer Database Analysis and Research'''
** Mine internal CRM and past records for dormant accounts, repeat buyers, or referral opportunities.
** Segment prospects by potential revenue, buying cycle stage, and decision-making structure.
** Apply qualification criteria (budget, authority, need, timeline) at a high level before investing effort.

=== 2.4. Pre-Approach (Planning the Sales Presentation) ===

This is the preparation phase before engaging with the prospect directly. The goal is to generate viable leads and prepare tailored approaches.

* '''Lead Generation'''
** Gather warm leads from inbound inquiries, networking, referrals, events, or digital campaigns.
** Research each prospect's organizational structure, financial position, and prior solutions.
** Identify the prospect's likely pain points using proxy indicators (e.g., competitor tools, industry bottlenecks).
** Prepare tailored entry strategies (e.g., referral introductions, value proposition pitches, demos).

=== 2.5. Approach (Initiating Contact) ===

The point of first direct engagement. The aim is to establish trust quickly and open the door for requirements discussions.

* '''Warm Calls'''
** Reach out using references or prior engagement context.
** Position the conversation as problem-solving, not selling.
** Secure permission to continue with deeper discovery.
* '''Prospect Visits'''
** Conduct site visits or face-to-face meetings when possible.
** Observe workflows, operational challenges, and environment firsthand.
** Document explicit (stated) and implicit (unstated) needs.
* '''Customer Support'''
** Respond to early questions with speed and clarity.
** Offer educational content (e.g., white papers, case studies, benchmarks).
** Use this as a "soft approach" that nurtures leads before a formal requirements cycle.

=== 2.6. Requirements Management (Presentation & Demonstration as Iterative Cycle) ===

This reframes the traditional "presentation & demo" into a requirements-driven cycle. The principle: gather, validate, propose, iterate.

* '''Cycle Iterations (2–3 recommended)'''
** '''Cycle 1:''' Capture requirements (must-haves, pain points, constraints). Present a high-level solution concept.
** '''Cycle 2:''' Validate and refine requirements against technical/financial feasibility. Present a tailored proposal.
** '''Cycle 3 (if needed):''' Address objections, align addendums, finalize technical and financial terms.
* '''Handling Minor or Soft Requirements'''
** Classify non-critical requirements as addendums.
** Include them in the contract under Change Orders or Follow-up Billing to avoid scope creep.
** Maintain clear traceability of which requirements are core vs. deferred.
* '''Outputs of Each Cycle'''
** Updated requirements document (validated by customer).
** Revised solution proposal or demo.
** Decision log capturing approvals, rejections, and open issues.

=== 2.7. Closing (Win/Loss Decision) ===

Formal conclusion of the presales cycle. The purpose is to close cleanly, whether win or loss.

* '''Clear Win'''
** Document signed agreement (Sales Order, Service Agreement, or equivalent).
** Initiate handover to operations: project kickoff documentation, scheduling, and team assignment.
** Ensure customer expectations are aligned with deliverables.
* '''Clear Loss'''
** Deliver a loss summary package to the prospect: your understanding of their requirements, the solution you proposed, and gaps that caused the loss.
** Capture lessons learned in CRM for future strategy (competitor tactics, pricing objections, requirement misfit).
** Leave a positive impression for potential re-engagement ("not now" can become "later").

=== 2.8. Post-Sale Follow-Up ===

This ensures long-term relationship building and lays the groundwork for upsell/renewal.

* '''Implementation Support'''
** Provide immediate onboarding and issue resolution.
** Ensure smooth handover from presales to delivery/operations.
* '''Customer Success & Relationship Management'''
** Schedule regular check-ins (weekly during ramp-up, quarterly thereafter).
** Collect feedback on performance vs. expectations.
** Document any new or evolving requirements into CRM for future engagement.
* '''Upsell and Expansion'''
** Review opportunity cost for customer (what are they losing by not expanding adoption?).
** Offer incremental solutions tied to their evolving needs.

=== 2.9. Summary Flow ===

'''Prospecting → Pre-Approach → Approach → Requirements Management (Iterative) → Closing (Win/Loss) → Post-Sale Follow-up'''

=== 2.10. Key Skills for Sales Personnel ===

The following key skills will be observed, identified, and measured for all sales personnel:

* '''Etiquette/Protocol:''' Professional conduct and adherence to business formalities.
* '''Fashion/Panache:''' Professional and appropriate personal presentation.
* '''Conversation:''' The ability to engage clients in meaningful and persuasive dialogue.
* '''Carousing:''' Skill in building rapport and relationships in social settings.
* '''Inquiry:''' The ability to ask insightful questions to uncover needs and pain points.
* '''Research/Reporting:''' Diligence in gathering information and presenting it clearly.
* '''Problem Solving/Technical Expertise:''' The capacity to understand and solve client challenges.

=== 2.11. Sales Team Roles and Responsibilities ===

* '''Sales Personnel (Entry Level):''' Focuses on lead generation, initial client contact, and learning the sales process. Responsible for prospecting and setting appointments.
* '''Account Specialist (Associate Level):''' Manages a portfolio of clients, builds relationships, and handles the full sales cycle for smaller to mid-sized projects. Promotion to this rank is based on achieving performance KPIs and establishing a number of strong client relationships.
* '''Account Manager (Senior Level):''' Manages key accounts and large-scale, complex projects. Responsible for strategic relationship management and has a proven track record of won projects and a significant number of established clients.
* '''Role of Technical Specialists in Sales:'''
** System Engineers and IT Specialists may accompany Sales personnel in key sessions to provide technical expertise.
** The primary role of a '''System Engineer''' during a sales visit is for the '''Qualification of Opportunities'''. Their involvement is contingent on the client providing a Terms of Reference (TOR), detailed technical specifications, OR demonstrating a clear timeline and commitment to the project.
** '''Priority Note:''' Technical Specialists (both System Engineers and IT Specialists) will always prioritize ongoing projects, internal product development, and training over sales visits that lack clear buying intent.

=== 2.12. Notable Projects ===

* '''ING Data Center:''' 170M project. Noted for being potentially over-designed, leading to punchlisting discussions regarding the PACU.
* '''Solaire:''' 62M project.

== 3. Target Market and Ideal Customer Profile ==

=== 3.1. Key Industries ===

* Banking and Finance
* BPO and Call Centers
* Government Agencies
* Healthcare
* Manufacturing & Semiconductor (SemiCon)
* Hospitality (e.g., Widus, Solaire)
* Retail
* Telecommunications
* Utilities

==== 3.1.1. Note on Customer Profiling & Upkeep Cycles ====

It is critical to build a detailed profile for every client within these industries. Many of their core technology components have predictable upkeep and replacement cycles, creating recurring revenue opportunities. Sales and account management should track and anticipate the following:

* '''Server Refresh Cycles:''' Clients often look to replace servers that are 3 years or older.
* '''UPS Battery Replacement:''' UPS batteries typically require replacement every 2-3 years. Proactive engagement can turn this into a planned service rather than an emergency response.
* '''Process Improvements:''' Continuous opportunities exist for our IT Specialists to propose and implement process improvements, enhancing client efficiency and strengthening our partnership.

=== 3.2. Ideal Customer Profile ===

* '''For Technology Solutions:''' Companies building or upgrading data centers, requiring robust power and cooling solutions, or in need of comprehensive IT support and managed services.
* '''For Workspace Solutions:''' Businesses setting up new offices, renovating existing workspaces, or requiring custom-designed furniture and fit-out solutions.
* '''For IT Services and Consulting:''' Enterprises looking to streamline their IT operations, migrate to the cloud, or leverage data and analytics to drive business growth.

== 4. Competitive Landscape ==

* '''Key Competitors (Philippines):''' ''This section should be populated with a detailed analysis of Comfac's main competitors for both technology and furniture solutions in the Philippines.''
* '''Comfac's Unique Selling Propositions (USPs):'''
** '''In-House Expertise:''' A team of licensed and certified experts in various fields.
** '''Extensive Experience:''' Over 35 years of experience in the industry.
** '''Comprehensive Offerings:''' A wide range of products and services to provide end-to-end solutions.
** '''Full Integration (IT equivalent of a Total Fitout):''' Many companies lack the internal purchasing and project management bandwidth for complex technology projects that require extensive sourcing and coordination. Comfac's specialty is full IT integration, acting as the IT equivalent of a 'Total Fitout' (similar to how Cornersteel handles workspace fit-outs). This means we manage all subcontractors, services, and technologies, providing a single point of accountability for the entire project.
** '''Strong Partnerships:''' Strategic partnerships with leading global business partners.

== 5. Employee Development and Certifications ==

=== 5.1. Hiring Profile & Compensation ===

* '''Target Graduates:''' Mechanical, Industrial, or Electrical Technology graduates.

=== 5.2. Training and Onboarding ===

* '''Strategy:''' This Knowledge Base will be the primary training tool for Engineering OJTs.
* '''Onboarding Period:''' 4 months focused on product knowledge.
* '''Goal (Mid-October):''' Develop a presentation deck and an automated test based on this knowledge base for certification.
* '''Focus:''' Product knowledge and soft skills.

=== 5.3. Key Professional Certifications ===

* '''Certified Data Center Professional (CDCP):''' An entry-level diploma course based on memorization. The exam has 40 questions with a 70% passing mark.
* '''Certified Data Center Specialist (CDCS):''' Advanced certification.
* '''Thermographer Certification:''' For Mechanical Engineers specializing in advanced HVAC analysis.
* '''Professional Regulation Commission (PRC) License:''' Required for engineers in design roles.

=== 5.4. Industry Standards ===

==== 5.4.1. Data Center Uptime Tiers ====

* '''Tier I: Basic Capacity'''
** Single, non-redundant path for power and cooling.
** No protection against unplanned downtime.
** '''Uptime:''' 99.671% (28.8 hours of downtime per year).
* '''Tier II: Redundant Capacity Components'''
** Adds redundant components (N+1) to the Tier I design.
** Improved protection against downtime from component failures.
** '''Uptime:''' 99.741% (22 hours of downtime per year).
* '''Tier III: Concurrently Maintainable'''
** Multiple independent distribution paths for power and cooling. Only one path is active at a time.
** Every component can be removed, replaced, or serviced without disrupting operations.
** '''Uptime:''' 99.982% (1.6 hours of downtime per year).
* '''Tier IV: Fault Tolerant'''
** Multiple, independent, and physically isolated systems that are all active.
** Can withstand any single, unplanned equipment failure without impacting operations.
** '''Uptime:''' 99.995% (26.3 minutes of downtime per year).

==== 5.4.2. ISO Certifications ====

* '''ISO 9001: Quality Management System (QMS):''' Ensures we consistently provide products and services that meet customer and regulatory requirements. An Integrated Management System (IMS) combines this with other systems.
* '''ISO 14001: Environmental Management:''' Manages our environmental responsibilities in a systematic manner.
* '''ISO 45001: Occupational Health and Safety:''' Focuses on creating better and safer working conditions.
* '''ISO 20000: IT Service Management (ITSM):''' A framework for delivering effective and reliable IT services.
* '''ISO 27001: Information Security Management:''' Manages the security of assets such as financial information, intellectual property, and employee details.
* '''ISO 22301: Business Continuity Management:''' Specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.

== 6. Key Partners & Subcontractors ==

* '''Structured Cabling:''' Subcontracted to TCF.
* '''Internal Monitoring Systems:''' Linkwise and Calvelo.

== 7. Customer Support and After-Sales Service ==

* '''Lead by ESCO:''' ESCO handles Building Management Systems (BMS) and after-sales support.
* '''24/7 After-Sales Service:''' Comfac offers round-the-clock after-sales service to its clients.
* '''Support Channels:'''
** '''Phone:''' (62) 867-8301 to 28
** '''Email:''' sales@comfac.tech
* '''Service Level Agreements (SLAs):''' ''Details of specific SLAs for different products and services should be outlined here.''
* '''Common Support Issues and Troubleshooting:''' ''A list of frequently asked questions and common support issues, with their resolutions, should be documented here.''

[[Category:Sales]]
[[Category:Knowledge Base]]
[[Category:Comfac]]

Industrial Controllers and Water Utilities 251011

2026-02-25T07:25:11Z

CITEditor: Created page with "= Integrating Smart Infrastructure: Applying Network, Industrial Control, Software, and Manufacturing Technologies to Water and Power Systems = == 1. Introduction == Our team's expertise spans networking, industrial controllers, software development, and manufacturing technology. This combination allows us to bridge traditional infrastructure systems with modern digital control and automation. With the sharp decline in microcontroller and IoT sensor costs, it's now pos..."

= Integrating Smart Infrastructure: Applying Network, Industrial Control, Software, and Manufacturing Technologies to Water and Power Systems =

== 1. Introduction ==

Our team's expertise spans networking, industrial controllers, software development, and manufacturing technology. This combination allows us to bridge traditional infrastructure systems with modern digital control and automation. With the sharp decline in microcontroller and IoT sensor costs, it's now possible to monitor and manage both '''water and power systems''' with precision and efficiency.

We also possess the '''software engineering and IT infrastructure capability''' to deploy these systems at scale — from '''industrial SCADA servers''' to '''residential implementations''' using thin clients and single-board computers (SBCs), making real-time monitoring systems affordable at roughly '''₱5,000 per node'''.

This document outlines how our capabilities can be applied to smart water management, grid-integrated energy systems, and infrastructure rehabilitation through new materials and methods. These systems are not only integral to our '''green projects'''—including the Photobioreactor (PBR) water monitoring systems—but also serve as the foundation for '''smart home and facility applications'''.

== 2. Smart Water Management and Real-Time Monitoring ==

Traditional water utilities rely on manual inspection and legacy metering systems. Modern approaches enable continuous, precise monitoring of every node in the network, from the main supply to individual fixtures.

=== High-Reliability Flow Monitoring ===

* Every flow path can now be equipped with a '''high-reliability monitoring system''' using redundant sensors and industrial-grade controllers.
* '''Each household''', and even each fixture such as a bathroom or kitchen sink, can have '''real-time input of their water consumption''', viewable on digital dashboards or mobile apps.
* Our team can deploy '''low-cost SBC-based interfaces''' to display real-time data for residents or operators using open-source visualization tools.
* The same technology stack applies to '''industrial and facility-level monitoring''', giving operators continuous visibility over utility performance.

=== Components and Process ===

* '''Microcontrollers (MCUs):''' ESP32, STM32, or Raspberry Pi Pico boards for node-level intelligence.
* '''Flow and Pressure Sensors:''' Measure usage, detect anomalies, and predict leaks.
* '''Communication Networks:''' Use LoRa, NB-IoT, or LTE-M for long-range, low-power data transmission.
* '''Centralized Monitoring:''' Integrate with SCADA or ERPNext for visualization and reporting.

=== Advanced Infrastructure Rehabilitation ===

New '''pipe re-lining and re-resin technologies''' allow the interior of pipes to be restored without excavation. The process injects resin into the existing pipeline, forming a new internal layer that seals leaks and extends the pipe's lifespan. This method minimizes disruption, cost, and environmental impact.

These re-resin and smart monitoring solutions form part of our '''PBR water monitoring system''', linking fluid movement, flow rate, and nutrient control in both industrial and residential applications.

== 3. Smart Power Systems and Grid Integration ==

In power systems, the same IoT, software, and industrial control frameworks are being applied to create '''Smart Grids''' — networks that intelligently balance generation, storage, and demand.

The subsystem where the grid can pull or supply power from connected batteries or distributed storage is known as a '''Grid-Interactive Energy Storage System (GESS)''', also referred to as '''Distributed Energy Resources (DER)''' or '''Grid-Tied Battery Systems'''.

=== Key Features ===

* '''Two-Way Power Flow:''' The grid can both draw from and feed into distributed batteries or renewable sources.
* '''Monitoring and Control:''' Voltage, frequency, and load management via PLCs, SBCs, or industrial controllers.
* '''Integration with Renewables:''' Synchronizes solar, wind, and micro-hydro sources.
* '''Edge Computing:''' Enables local decision-making to maintain stability.

=== Household-Level Application ===

Similar to water flow monitoring, '''each home or facility can track power consumption and storage in real time''', identifying patterns, predicting demand, and optimizing usage automatically. Our IT infrastructure allows for '''low-cost home servers or SBCs''' to provide the same functionality available in industrial SCADA systems.

=== Benefits ===

* Improves reliability and efficiency of power delivery.
* Reduces peak demand and energy waste.
* Enables decentralized and renewable energy generation.

== 4. Convergence of Water and Power Systems ==

Our combined '''networking, software, and automation expertise''' enables the unification of water and power management under a single data and control framework.

{| class="wikitable"
! Technology !! Water Systems !! Power Systems
|-
| '''IoT Sensors''' || Flow, pressure, leak detection || Voltage, current, frequency
|-
| '''Industrial Controllers''' || Local valve and pump control || Load balancing, switchgear management
|-
| '''Network Infrastructure''' || LoRa, Wi-Fi, Ethernet || Modbus, MQTT, IEC 61850
|-
| '''SCADA Integration''' || Flow and pressure visualization || Power flow and load management
|-
| '''Predictive Maintenance''' || Leak prediction || Transformer/battery health
|-
| '''Thin Clients / SBCs''' || Local dashboards for water tracking || Household energy monitoring
|}

By merging these domains, our facilities can achieve a '''fully monitored utility grid''' that tracks consumption, efficiency, and operational health across all systems.

== 5. Manufacturing and Deployment ==

Our in-house manufacturing capability can produce the enclosures, sensor mounts, and custom boards needed for these smart systems. Combined with our software and network infrastructure skills, we can:

* Rapidly prototype and scale IoT devices.
* Develop open-source-ready software dashboards and APIs.
* Create modular and serviceable sensor nodes.
* Integrate industrial controllers with legacy infrastructure.
* Deploy '''affordable residential systems''' using thin clients and SBCs.

== 6. Strategic Opportunities ==

# '''Prototype Smart District Nodes:''' Deploy pilot systems for water and power in parallel.
# '''Integrate Data into ERPNext:''' Use dashboards for operations, maintenance, and planning.
# '''Collaborate with Local Utilities:''' Offer smart retrofits using open-source and locally manufactured components.
# '''Adopt Non-Destructive Upgrades:''' Promote re-resin pipe repair and modular smart meters.
# '''Extend to Homes and Communities:''' Use the same low-cost SBC and thin-client setups for household-level monitoring and resource optimization.

== 7. Conclusion ==

The convergence of low-cost electronics, industrial automation, software, and network technology enables us to modernize utilities at a fraction of past costs. Whether it's a water system tracking every liter or a power grid dynamically sharing energy with distributed batteries, every flow—of water or electricity—can now be monitored with high reliability and precision.

By aligning these systems with our '''Photobioreactor (PBR) green initiatives''', we establish a unified foundation for sustainability and operational intelligence. Our goal is to make these technologies accessible—first in our facilities, then in communities—so that every household can monitor and optimize its water and energy use in real time, through '''₱5,000-level implementations''' built on open-source and locally supported technologies.

[[Category:IoT]]
[[Category:Infrastructure]]
[[Category:STEWARD]]
[[Category:Comfac]]

Skills and Competencies for IT Staff Trained in pfSense

2026-02-25T07:24:09Z

CITEditor: Created page with "= Skills and Competencies for IT Staff Trained in pfSense = == Basic Networking Knowledge == '''Note:''' If the fundamentals in this section are not proficient, additional catching up and self-study will be required before proceeding with pfSense-specific configurations. === Networking Fundamentals === * Understand the purpose and function of a network: connecting devices, sharing resources, and enabling communication. * Identify common network devices: switches, rou..."

= Skills and Competencies for IT Staff Trained in pfSense =

== Basic Networking Knowledge ==

'''Note:''' If the fundamentals in this section are not proficient, additional catching up and self-study will be required before proceeding with pfSense-specific configurations.

=== Networking Fundamentals ===

* Understand the purpose and function of a network: connecting devices, sharing resources, and enabling communication.
* Identify common network devices: switches, routers, firewalls, access points, servers, and client devices.
* Learn IP addressing basics (IPv4/IPv6), subnetting, and DNS/DHCP roles. Static and Dynamic IP, NAT (Network Address Translation) basics.

=== Typical Configurations ===

* Home vs. enterprise network setups. The critical techniques in scaling and managing larger and larger networks. How to organize and track hosts and IPs and servers.
* Understanding of wired vs. wireless connections and their use cases. The ability to troubleshoot latency, wireless interference (channel assignment), and optimization.
* VPN creation - WireGuard, ZeroTier, and paid VPN services.

== Core Networking Setup ==

=== WAN and LAN Configuration ===

* Set up WAN connection with ISP (DHCP, PPPoE, or Static IP).
* Configure LAN interface for internal network.
* Assign DHCP or static IP addressing for devices.

=== Interfaces ===

* Add, remove, and configure additional interfaces.
* Bind interfaces to networks with proper IP ranges.

== Troubleshooting ==

=== Backup and Restore ===

* Perform manual configuration backups and restores.
* Configure AutoConfigBackup service.
* Regularly download and archive backup files for recovery assurance.

=== Connections and Firewall Logs ===

* Analyze firewall logs to identify blocked/allowed traffic and misconfigurations.
* Trace connection attempts and NAT translations.

=== Performance Checks ===

* Monitor and reconfigure RRD data collection for accuracy.
* Reassess load balancing configurations when performance issues arise.

=== Upgrade/Resource Justification ===

* Gather data from graphs, logs, and monitoring tools to support the case for hardware upgrades or prioritization of resources.

=== pfBlockerNG for Bandwidth Efficiency ===

* Use pfBlockerNG to block ads and trackers.
* Prevent preloading of ads and video content, which can otherwise cause significant bandwidth consumption.

== Intermediate Configuration ==

=== VLANs (Virtual LANs) ===

* Create VLAN interfaces.
* Tag VLANs appropriately for segmentation.
* Configure inter-VLAN routing and access restrictions.

=== Aliases ===

* Define host, network, and port aliases for easier firewall rule management.
* Use aliases to simplify large or frequently updated rule sets.
* Leverage aliases to help design and assign VLANs without tracing every device manually, while still physically tagging devices and connections for accuracy and accountability.

=== Gateway Groups ===

* Configure multiple gateways.
* Set up '''load balancing''' across ISPs.
* Set up '''failover''' for redundancy.

== Firewall Fundamentals ==

=== Firewall Rules ===

* Understand pass, block, and reject behavior.
* Configure rules for WAN, LAN, and VLAN interfaces.
* Implement rules for DMZ environments.

=== DMZ Setup ===

* Place public-facing servers in isolated segments.
* Apply strict firewall rules between DMZ, LAN, and WAN.

=== QoS (Quality of Service) ===

* Configure traffic shaping to prioritize critical applications (VoIP, ERP, video conferencing).
* Manage bandwidth allocation to prevent congestion.

== VPN and Tunnels ==

=== VPN Basics ===

* Configure IPsec for site-to-site and secure remote connections.
* Set up OpenVPN for flexible client access.

=== WireGuard (Preferred) ===

* Deploy WireGuard as the primary VPN due to its simplicity and performance.
* Highlight cost-effectiveness: can run on a Contabo VM (~₱4,000/year) compared to costly ISP-provided IP addresses.
* Using the WireGuard Docker in a VM, administrators can create unlimited VPN groups, since it leverages UDP hole punching and coordinating servers for efficient scaling.

== Advanced ==

=== Captive Portal ===

* Configure pfSense Captive Portal for guest or managed access networks.
* Note that Captive Portal can be resource-intensive, requiring significant bandwidth and processing power.
* May require a dedicated system to run efficiently in large deployments.

=== Graphing and Dashboarding ===

* Go beyond built-in RRD graphs with advanced monitoring and visualization.
* Integrate external dashboard tools (Grafana, InfluxDB, etc.).
* Build custom dashboards for latency, throughput, and traffic analysis to support proactive troubleshooting.

[[Category:Networking]]
[[Category:pfSense]]
[[Category:IT Training]]
[[Category:Comfac]]

IT IMPORTS PROCESSES

2026-02-25T07:23:46Z

CITEditor: Created page with "= IT Imports Process = This addendum describes the '''interim process''' for imports while Comfac Corporation's '''List of Importables (LOI)''' is still under BOC processing. Until Comfac's LOI is fully approved, imports requiring NTC permits will be consigned under '''Cornersteel Systems Corporation (CSC)'''. '''Prepared by:''' Justin Aquino '''Date:''' October 2025 '''Revision:''' 1.1 '''Reference:''' NTC NSW Guidelines; BOC Form 392911581638; NTC Form 09..."

= IT Imports Process =

This addendum describes the '''interim process''' for imports while Comfac Corporation's '''List of Importables (LOI)''' is still under BOC processing. Until Comfac's LOI is fully approved, imports requiring NTC permits will be consigned under '''Cornersteel Systems Corporation (CSC)'''.

'''Prepared by:''' Justin Aquino 
'''Date:''' October 2025 
'''Revision:''' 1.1 
'''Reference:''' NTC NSW Guidelines; BOC Form 392911581638; NTC Form 0925256884622

== 1. Purpose ==

To ensure continuity of import operations for Netgate, networking, and wireless equipment while avoiding shipment delays caused by pending LOI approval for Comfac.

== 2. Parties Involved ==

{| class="wikitable"
! Party !! Role / Function
|-
| '''Sales / Support''' || Coordinates orders with suppliers, checks readiness of NTC permit requirements, and provides documentation details to Purchasing.
|-
| '''Purchasing''' || Places the order with foreign suppliers, manages invoices and AWB, and ensures Cornersteel is listed as consignee.
|-
| '''Cornersteel Systems Corporation (CSC)''' || Acts as the consignee for customs purposes. Handles NTC permit under CSC's name.
|-
| '''Broker (DHL / FedEx)''' || Processes importation and ensures shipment references (invoice, AWB, permit) match CSC consignee data.
|-
| '''NTC / BOC''' || Approves and clears the shipment per standard procedure.
|}

== 3. Updated Consignee Information ==

'''Consignee Name:''' Cornersteel Systems Corporation (CSC) 
'''Address:''' 536 Calbayog Street, Brgy. Highway Hills, Mandaluyong City, 1500 Philippines 
'''TIN:''' 000-315-460-000

'''Comfac Corporation (for future imports):''' 
'''Address:''' 536 Calbayog Street, Brgy. Highway Hills, Mandaluyong City, 1500 Philippines 
'''TIN:''' 000-052-623-000

== 4. Interim Import Process (When Comfac's LOI is Pending) ==

=== Step 1 – Coordination ===

* Sales/Support informs Purchasing that Comfac's LOI is pending.
* Purchasing designates CSC as consignee for the import.
* Notify supplier and broker of this change.

=== Step 2 – Supplier Documentation ===

==== Commercial Invoice ====

The '''Commercial Invoice''' serves as the official billing document used for customs declaration and tax computation. It lists the products, quantities, unit prices, and total value of the shipment. This document is legally binding and is required by both '''NTC''' and '''BOC''' for import clearance.

* Typically issued '''2–3 days after the electronic (Proforma) Invoice''' is generated and the order has been confirmed.
* It must include details identical to those in the packing list and AWB, and show the consignee's full name, address, and TIN.

Foreign supplier must issue the following '''under CSC's name''':

* Commercial Invoice
* Packing List
* Air Waybill (AWB)

All documents must clearly show:

<blockquote>'''Consignee: Cornersteel Systems Corporation, 536 Calbayog St., Mandaluyong City, 1500 Philippines, TIN 000-315-460-000'''</blockquote>

=== Step 3 – NTC Permit Application (CSC) ===

* Apply for the NTC Permit to Import using CSC's name.
* Attach all required documents (invoice, AWB, packing list, technical sheet, manufacturer certificate).
* Follow NSW procedure per standard guideline.

=== Step 4 – BOC Processing ===

* Broker files the '''BOC Single Administrative Document (SAD)''' under CSC's name.
* Ensure the '''NTC Permit Reference''' is entered in Box 31 of the SAD.
* Duties and VAT are computed using the shipment's commercial value.

=== Step 5 – Release & Turnover ===

* Once cleared by BOC, shipment is released under CSC.
* Internal turnover memo documents transfer of ownership to Comfac after clearance.

== 5. Foreign Supplier Purchasing Details ==

When ordering from overseas suppliers (e.g., Netgate, AliExpress, DigiKey, Mouser, etc.):

{| class="wikitable"
! Field !! Requirement
|-
| '''Invoice Header''' || Must list Cornersteel Systems Corporation as consignee.
|-
| '''Delivery Address''' || Same as consignee address (Mandaluyong).
|-
| '''Payment Terms''' || Prepaid (T/T or Credit Card via corporate account).
|-
| '''Declared Value''' || True commercial value (no under-declaration).
|-
| '''HS Code''' || 8517.62.99 (Firewalls, routers, switches).
|-
| '''Shipment Mode''' || Air freight (DHL / FedEx) preferred for tracking and AWB issuance.
|-
| '''Attachments for Import''' || Type Approval / Compliance Certificate (FCC/CE), Invoice, Packing List, AWB.
|}

== 6. Transition Back to Comfac ==

Once Comfac's LOI is approved:

# New shipments revert to '''Comfac Corporation''' as consignee.
# NTC and BOC forms are updated to reflect Comfac's registration.
# Purchasing and Sales are notified via internal memo to discontinue CSC consignee use.

== 7. Sub-Process: Technical Brochure and Specification Management ==

'''Purpose:''' To ensure all NTC-required technical documents (brochures, datasheets, compliance certificates) are organized and easily accessible for future import applications.

=== Step A – Document Collection ===

* Occurs during '''Step 2 – Supplier Documentation''' in the import process.
* Sales / Support requests the following from the supplier for each model:
** Manufacturer's Brochure / Technical Data Sheet (TDS)
** Compliance Certificate (FCC / CE / ISO)
** High-resolution product photo (optional, for reference)

=== Step B – Centralized Repository ===

All brochures, specs, and datasheets must be stored in '''NextCloud''' under:

<blockquote><code>/Shared/Imports/Technical_Specifications/</code></blockquote>

=== Step C – Master Product Reference Table ===

A shared document (spreadsheet or wiki) named '''"Master Product Catalog – Imports"''' shall maintain the following fields:

{| class="wikitable"
! Field !! Description
|-
| '''Supplier''' || Company name providing the item (e.g., Netgate, Mouser, AliExpress)
|-
| '''Model Number / Product Name''' || As stated in invoice and supplier catalog
|-
| '''Tariff / HS Code''' || Used for customs declaration (e.g., 8517.62.99)
|-
| '''Link to Manufacturer Page''' || Direct hyperlink to product page or source URL
|-
| '''Link to Brochure / TDS''' || Hyperlink to stored PDF in NextCloud folder
|-
| '''Notes / Category''' || Type of equipment (Firewall, Router, Access Point, etc.)
|}

=== Step D – Ownership and Updates ===

* Maintained by '''Purchasing''' with support from '''Sales / Support'''.
* Updated whenever a new product or supplier is introduced.
* Reviewed quarterly to ensure active links and document integrity.

This ensures compliance with NTC documentation requirements, faster re-use of prior permits, and centralized technical reference for import submissions.

=== Step E – Locating Official Tariff Codes ===

For assigning the correct '''AHTN / HS Codes''', refer to the official Philippine Tariff and Customs Code database:

* https://finder.tariffcommission.gov.ph/ — Allows you to search by keyword (e.g., router, camera, microcontroller) and provides the applicable '''AHTN 2022 code''', description, and tariff rate.
* '''Comfac IT Product Database (External):''' https://next.comfaccorp.com/s/NRDK9Kn4C6Y6YbX
* '''Comfac IT Product Database (Internal):''' https://next.comfaccorp.com/f/153015

[[Category:IT Procedures]]
[[Category:Procurement]]
[[Category:Imports]]
[[Category:Comfac]]

System Hardening Strategy: Win2Lin Migration & Infrastructure 251129

2026-02-25T07:23:17Z

CITEditor: Created page with "= Comprehensive System Hardening Strategy: Win2Lin Migration & Infrastructure = == Part 1: Definitions & Key Concepts == Before executing the strategy, the team must be aligned on the following core terminologies and concepts used throughout this document. === Technical Definitions === * '''Golden Image (SIMG):''' A pre-configured template of an operating system (Ubuntu) containing all necessary drivers, software patches, and standard applications. This is created on..."

= Comprehensive System Hardening Strategy: Win2Lin Migration & Infrastructure =

== Part 1: Definitions & Key Concepts ==

Before executing the strategy, the team must be aligned on the following core terminologies and concepts used throughout this document.

=== Technical Definitions ===

* '''Golden Image (SIMG):''' A pre-configured template of an operating system (Ubuntu) containing all necessary drivers, software patches, and standard applications. This is created once and deployed to multiple machines to ensure consistency.
* '''Compatibility Layers:''' Software interfaces that allow applications written for one operating system (Windows) to run on another (Linux) without a full virtual machine.
** ''Wine:'' The foundational compatibility layer.
** ''CrossOver:'' A polished, supported version of Wine for enterprise use.
** ''Bottles:'' A GUI manager for Wine prefixes, allowing isolated environments for specific apps.
* '''WinBoat:''' An Electron-based tool that runs Windows applications on Linux by encapsulating a Windows VM inside a Docker/Podman container. Unlike standard VMs, it uses FreeRDP and RemoteApp protocols to composite Windows apps seamlessly onto the Linux desktop, making them appear native.
* '''FreeIPA:''' An integrated Identity and Authentication solution for Linux/Unix networked environments (similar to Microsoft Active Directory).
* '''ZFS (Zettabyte File System):''' A combined file system and logical volume manager used by TrueNAS. It is famous for data integrity, utilizing checksums to prevent silent data corruption.
* '''ECC Memory (Error-Correcting Code):''' RAM that detects and fixes common internal data corruption. Critical for ZFS to prevent writing corrupted data to the disk during scrubbing.
* '''IDS/IPS (Intrusion Detection/Prevention Systems):''' Network security appliances that monitor traffic for malicious activity (Snort, ZenArmor).

=== Key Practices ===

# '''Open-Source First:''' Prioritize FOSS (Free and Open Source Software) to reduce licensing costs and increase customizability. Proprietary software is only used when no viable alternative exists.
# '''3-2-1 Backup Rule:''' Maintain three copies of data, on two different media types, with one copy offsite.
# '''Observation-First & "Mental-Pull" Learning:''' We distinguish between ''Certification Study'' and ''Operational Focus''.
#* '''Certification:''' We accept "Theory Dumping" as necessary for exams (e.g., CISSP). We manage this via '''Anki, Spaced Repetition, and Active Recall''' to build long-term retention.
#* '''Operations:''' We strictly protect the '''Working Memory''' of our staff. We do not burden them with theories they do not currently need to solve the problem at hand. Training utilizes a '''"Mental-Pull" system''': trainees must encounter the friction or problem first to understand why a solution is needed, ensuring their mental energy is focused on immediate analysis rather than abstract memorization.
# '''Network Segmentation:''' Using VLANs to isolate sensitive backend traffic (Storage/Management) from general user traffic and guest access.
# '''Hands-On Restoration/Recovery Philosophy:''' We explicitly accept the cost of damaging equipment (e.g., "using up write-life" on disks) during training. While most organizations avoid this to spare hardware, we prioritize these exercises because we require our Security and SysAdmin teams to have drilled these recovery scenarios under real stress. Hardware is replaceable; data recovery skills are not.

== Part 2: The Front-End Strategy (Win2Lin) ==

'''Philosophy: The User-Centric Feedback Loop'''

The Front-End Strategy is defined by End-User Interaction. It is not a static deployment but an iterative process of observation and updates.

* '''The Principle:''' We cannot simply force a new OS on users. The Front-End team '''observes''' actual workflows, identifies friction, and updates the strategy based on real use cases.
* '''The Goal:''' System Hardening is the outcome, but User Acceptance is the vehicle. If the tool is unusable, security is bypassed. Therefore, the Front-End constantly "checks in" with the user base to define the requirements that the Back-End must solve.

=== 1. OS Deployment & The Golden Image (SIMG) ===

* '''Base OS:''' Ubuntu LTS (Long Term Support) for stability and hardware support.
* '''Development Hardware:''' A dedicated "Master Laptop" will be used to construct the SIMG. This ensures the image is built on actual hardware, allowing for driver verification before mass deployment.
* '''SIMG Construction:'''
** Install Ubuntu Base.
** Apply distinct UI customization (GNOME/KDE) to mimic familiar Windows workflows (Taskbar, Start Menu) to lower the learning curve.
** Pre-install the '''Priority App List'''.
* '''Network Boot & Installation:'''
** Setup a PXE (Preboot Execution Environment) server (e.g., FOG Project or Clonezilla Server).
** Configure the network to allow workstations to boot from the LAN, pull the SIMG, and install it automatically, reducing deployment time from hours to minutes.

=== 2. Windows Compatibility Strategy ===

For applications that absolutely require Windows, we will utilize a tiered compatibility approach focused on isolation:

* '''Tier 1: Native Alternatives (Preferred):''' Use Linux native versions where possible.
* '''Tier 2: Wine/Bottles:''' For simple legacy executables. Bottles will be used to manage "prefixes," keeping app dependencies isolated in sandboxes.
* '''Tier 3: CrossOver:''' For critical business apps (e.g., MS Office legacy, specific accounting tools) where paid support is required for stability.
* '''Tier 4: WinBoat / Containerized High-Performance Integration:''' For stubborn apps that require a genuine Windows kernel but need to feel "native" to the user workflow, we implement WinBoat.
** '''Reference:''' [https://github.com/TibixDev/winboat TibixDev/WinBoat on GitHub]
** '''Mechanism:''' WinBoat wraps a Windows VM inside a Docker/Podman container. It uses the RemoteApp protocol to "break" the application window out of the VM, allowing it to sit on the Linux desktop alongside native apps.
** '''Hardware Requirement:''' Host workstations must be upgraded to '''32GB - 64GB RAM'''.
** '''Resource Allocation:'''
*** '''Linux Host:''' Allocated '''4-6GB RAM'''. This is sufficient for the host OS to manage I/O and network traffic efficiently.
*** '''WinBoat Container:''' The remaining RAM (26GB+) is dedicated to the containerized Windows environment.
** '''Optimization:''' The underlying Windows image is debloated for '''Fast Boot'''. Because it utilizes KVM/QEMU with virtio drivers, it achieves near-native performance while keeping the Windows environment strictly isolated from the host Linux kernel.

=== 3. Transition Strategies & Training ===

* '''LibreOffice Migration:'''
** Identify "Power Users" who use complex macros in Excel.
** Conduct workshops specifically on ''LibreOffice Calc'' vs. ''Excel'' differences.
** Create a "cheat sheet" for common UI differences.
* '''The "Salonga" FreeCAD Transition:'''
** '''Objective:''' Move CAD workflows from AutoCAD to FreeCAD.
** '''The Critical Workflow:''' Nicco Salonga's methodology will be the standard. This involves using ODA File Converter or similar plugins to handle legacy .DWG files.
** '''Automation:''' Develop Python scripts within FreeCAD to batch-convert existing .DWG libraries to FreeCAD formats or .DXF, automating the ingestion of legacy blueprints.

== Part 3: The Back-End Strategy (Infrastructure & Storage) ==

'''Philosophy: Adaptive Engineering'''

The Back-End Strategy operates "Behind the Curtain." It represents the higher-level engineering layer that must support the Front-End.

* '''The Principle: Backend Adapts to Frontend.''' We seek to change user behavior, but we do not use force, coercion, or eliminate choice. Instead of mandating that users fit a rigid server structure, we use '''automation and scripting''' to customize the Back-End to meet the requirements of the Front-End, reducing friction to naturally encourage the desired workflows.
* '''The Reality:''' Handling the nuanced behaviors of many end-users is the hardest variable. Controlling servers is comparatively easy. Therefore, the Back-End must be flexible, utilizing advanced configurations (custom scripts, specific permissions, automated routing) to make the user's life easier while maintaining security.

=== 1. Identity & Access Management (IAM) ===

* '''FreeIPA Migration:'''
** Deploy FreeIPA to replace decentralized user management.
** Enforce centralized SSH key management and sudo rules.
* '''Enhanced User Management:'''
** Implement Role-Based Access Control (RBAC).
** '''Permissions Matrix:''' Define clear read/write/execute permissions for Engineering, Admin, and General Staff groups to prevent accidental data deletion.

=== 2. TrueNAS Deployment & Hardware Tiers ===

We will deploy '''three''' distinct categories of TrueNAS servers: the '''NE-NAS''', the '''EC-NAS''', and the '''Warrantied Unit'''.

==== A. NE-NAS (Non-ECC Testing) ====

* '''Purpose:''' Familiarization with the TrueNAS Scale interface, networking setup, and UI navigation. '''NOT''' for critical long-term data.
* '''Hardware Specs:'''
** '''Motherboard (Standard Option):''' Intel Celeron N5105 ITX Industrial NAS Motherboard (4 Cores, 4 Threads, Low Energy, 4x 2.5GbE i225, 6x SATA, M.2).
** '''Motherboard (Performance Option):''' N150 NAS Motherboard (Intel N150, DDR5, 6x SATA 3.0, 4x Intel I226 2.5G, 2x M.2 PCIE, Mini ITX 17x17cm) - '''~PHP 17,000'''.
** '''Chassis:''' Jonsbo N-Series NAS Case.
** '''Drives:''' Used/Donated mixed-capacity drives.
* '''Role:''' The '''NE-NAS''' serves as the sandbox for the team to break things without fear.

==== B. EC-NAS (DIY ECC-Capable) ====

* '''Purpose:''' Long-term storage, 3-2-1 backup repository, and data integrity.
* '''Hardware Specs (Target Architecture):'''
** '''Motherboards (SOC with ECC):'''
*** ''Option A:'' ASRock Rack C3758D4I-4L (Intel Atom C3758, 8 Cores).
*** ''Option B:'' ASRock Rack C3558D4I-4L (Intel Atom C3558, 4 Cores).
*** ''Reference:'' ASRock Rack product page: <code>https://www.asrockrack.com/general/productdetail.asp?Model=C3758D4I-4L</code>
** '''RAM:''' DDR4 ECC UDIMM (Crucial for ZFS self-healing).
** '''Chassis:''' Jonsbo N2/N3 (5 bay) or N5 (Up to 12-16 bay with expansion) to allow ZFS pool expansion.
* '''ZFS Configuration:'''
** Pools will be set up in Raid-Z2 (allowing 2 drive failures) for high availability.

==== C. The Warrantied Enterprise Unit (Vendor Supported) ====

* '''Purpose:''' Mission-critical core infrastructure where uptime is contractually guaranteed.
* '''Hardware Specs:''' Official TrueNAS Hardware (Mini X+ or Mini R Series).
* '''Cost Reality:''' TrueNAS hardware includes a premium for support.
* '''Operational Constraint:''' Because these units are under warranty, we cannot perform physical failure drills on them. We must rely on the '''EC-NAS''' and '''NE-NAS''' for destructive testing.
* '''Purchase Decision:''' We will proceed with acquiring the following configurations:

{| class="wikitable"
! Option !! Model (Mini/Rack) !! Specs !! Price (USD) !! Est. Price (PHP) !! VAT (12%) !! Total (PHP w/ Customs)
|-
| '''Option 1''' || Mini Tower (Diskless) || 8-Core, 64GB RAM, 2x 10GbE, Empty Bays || $2,009.00 || ₱120,540.00 || ₱14,464.80 || '''₱155,004.80'''
|-
| '''Option 2''' || Mini Tower (50TB) || 8-Core, 64GB RAM, 2x 10GbE, 5x 10TB HDDs || $3,359.00 || ₱201,540.00 || ₱24,184.80 || '''₱245,724.80'''
|-
| '''Option 4''' || Rackmount (100TB) || 8-Core, 64GB RAM, 2x 10GbE, 10x 10TB HDDs || $5,109.00 || ₱306,540.00 || ₱36,784.80 || '''₱363,324.80'''
|}

''Note: Totals include an estimated ₱20,000 customs/shipping buffer per unit.''

=== 3. Backup Intervals & Retention Policy ===

To manage the approximately '''2TB of active operational data''', we implement a tiered backup schedule. This schedule is designed to balance robust protection with storage constraints (budgeted at ~100GB of "new" data growth per month).

==== A. Definitions & Categories ====

* '''Intra-Day Snapshots (Local Protection):''' Lightweight, block-level markers on the TrueNAS file system. We perform these '''3 times per day''' (e.g., Morning, Noon, Evening). These provide "Undo" functionality for accidental file deletions or versioning within the active work week.
* '''Daily / Nightly Backups (Short-Term Recovery):''' Executed during off-hours (11pm–3am). Captures all active files, system configs, and database dumps. This is the primary defense against ransomware or corruption discovered the next morning.
* '''Weekly Full Backup (Deep Restoration):''' A comprehensive copy of the entire dataset. Stored off-site or on independent hardware. Used if nightly backups fail or contain corrupted chains.
* '''Monthly Archive (Compliance):''' Long-term, immutable copies kept for legal, financial, and audit purposes.

==== B. The "Rolling Count" Retention Schedule ====

We will configure TrueNAS automated snapshots to maintain the following retention depth:

* '''Intra-Day (3x/Daily):''' Keep last '''15''' snapshots (provides '''5 days''' of granular coverage).
* '''Daily:''' Keep last '''14''' snapshots (2 weeks coverage).
* '''Weekly:''' Keep last '''4''' snapshots (1 month coverage).
* '''Monthly:''' Keep last '''12''' snapshots (1 year coverage).
* '''Annual:''' Keep last '''5-7''' snapshots (Legal/Audit Requirement).

==== C. Storage Economics (The 100GB/Month Rule) ====

Based on an estimated '''3.3GB/day''' change rate, the storage consumption for backups is allocated as follows:

* '''Intra-Day Snapshots:''' ~170MB per snapshot (3x/day) -> '''~15GB/month total'''.
* '''Nightly Backups:''' ~2GB per backup -> '''60GB/month total'''.
* '''Weekly Backups:''' ~5GB per backup -> '''20GB/month total'''.
* '''Total Monthly Consumption:''' '''~95GB''', fitting within the 100GB growth budget.

==== D. The Data Flow ====

# '''Source:''' '''EC-NAS''' (Production).
# '''Local Target:''' ZFS Snapshots stored locally for instant rollback.
# '''Remote Target:''' Nightly replication to the '''Backup NAS''' (Off-site or separate building).
# '''Cold Storage:''' Monthly encrypted archives pushed to cold storage (Cloud/Tape/Offline HDD).

=== 4. The "Hands-On" Restoration Protocol ===

* '''The Philosophy:''' "A backup is only a backup if you have successfully restored from it." The team must perform '''live restorations''' to solve the lack of direct experience.
* '''Specific Technical Drills:'''
*# '''Deja Dup / Incremental Restore:'''
*#* ''Scenario:'' A user accidentally overwrites a critical file.
*#* ''Drill:'' Trainees must use Deja Dup to navigate the timeline and restore a specific version of a file from 3 days prior, verifying integrity.
*# '''ZFS Snapshots & Cloning:'''
*#* ''Scenario:'' Ransomware simulation or massive data corruption.
*#* ''Drill:'' Execute a ZFS Rollback to a previous snapshot. Additionally, practice '''Cloning''' a dataset to test upgrades without affecting the live file system.
*# '''Rsync Automation & User Sync:'''
*#* ''Scenario:'' Automating the 3-2-1 backup pipeline.
*#* ''Drill:'' Configure rsync tasks in TrueNAS to push data to a secondary remote target. Validate that permissions persist and that "linked" TrueNAS users sync correctly.
*# '''The Hardware Failure Drill:'''
*#* ''Scenario:'' Physical drive failure.
*#* ''Drill:'' Instructor pulls a drive from the running '''NE-NAS'''. Trainee must identify the dead drive via serial number and perform the resilvering process.

=== 5. Network Security (Netgate & pfSense) ===

* '''Gateway:''' Netgate appliance running pfSense.
* '''VLAN Implementation:'''
** ''VLAN 10:'' Management (TrueNAS, FreeIPA, Switches).
** ''VLAN 20:'' Staff/Workstations (Ubuntu).
** ''VLAN 30:'' Guest/IoT (Isolated).
* '''VPN:''' OpenVPN or WireGuard server deployment on pfSense for remote secure access to the FreeCAD file server.
* '''Threat Detection (IDS/IPS):'''
** '''Snort:''' Will be configured initially for signature-based detection (known threats).
** '''ZenArmor:''' We will evaluate the free vs. paid tier of ZenArmor for application-layer filtering (Layer 7 inspection), specifically to block telemetry or unwanted external connections from the compatibility layers (Wine/Windows apps).

== Part 4: Personnel & Organizational Development ==

To sustain this infrastructure, we must formalize the career growth of our IT staff.

=== 1. Career Tracking: The SysAdmin to Security Specialist Pipeline ===

* '''Concept:''' Create a dedicated pathway for high-performing System Administrators to evolve into Security Specialists.
* '''Rationale:''' As the network becomes more segmented (VLANs) and monitored (IDS/IPS), we need dedicated eyes on security logs and threat intelligence, rather than just "keeping the lights on."
* '''Critical Certification Study:'''
** '''Resource:''' [https://ankiweb.net/shared/decks?search=CISSP AnkiWeb CISSP Decks]
** '''Mandate:''' Both the Lead Security Specialist and key staff members (specifically Justin) are required to utilize these flashcard decks weekly to prepare for CISSP certification. This spaced-repetition learning is critical for mastering the vast vocabulary and concepts required for ISO compliance.

=== 2. ISO 27001 Compliance & Internal Penetration Testing ===

To validate our hardening efforts, we will adopt the '''ISO/IEC 27001''' Information Security Management framework and conduct regular internal testing.

* '''Internal Penetration Testing Strategy:'''
** '''Objective:''' We do not rely solely on theoretical security; we actively test user awareness and system resilience.
** '''The "Benign Malware" Test:'''
*** We will deploy simple, safe testing files designed to "flag" a PC when executed. These files mimic malware behavior (e.g., calling back to a command and control server) without causing actual damage.
*** '''Methodology:''' If a user downloads and runs the test file (thinking it is a legitimate document/installer), the file simply pings the IT dashboard with the workstation's hostname.
*** '''Action:''' Users who "fall" for the test are not punished but are immediately flagged for a 15-minute re-training session on identifying suspicious files.
** '''Tools:''' We will utilize open-source resources from GitHub for these simulations:
*** ''GoPhish:'' For managing the simulation campaigns and email delivery.
*** ''Canarytokens / OpenCanary:'' For creating "tripwire" files (PDFs, Word docs) that alert us when opened.
*** ''Atomic Red Team:'' For testing specific system defenses against known attack techniques.

=== 3. The Learning Structure: Balancing Security vs. Convenience ===

* '''The Core Conflict:''' High security often equals high inconvenience. Our team's learning progression focuses on managing this "Friction." We do not just enforce security; we engineer away the annoyance while keeping the protection.
* '''Senior Role (Security Specialist / Lead SysAdmin):'''
** ''Focus:'' Analyzing the "Cost of Security." Auditing FreeIPA logs and Snort/ZenArmor alerts not just for threats, but for ''false positives'' that slow staff down.
** ''Strategic Optimization:'' Designing "Invisible Security." For example, if WinBoat startup is too slow (causing users to bypass it), the Senior role must optimize the Docker container/VM boot times to make the secure option the ''easy'' option.
** ''Mentorship Duty:'' Mentoring the Junior SysAdmin and '''Security OJTs (On-the-Job Trainees)'''.
*** ''Philosophy:'' '''"Exploration First."''' We avoid purely theoretical training. Instruction begins with examining our actual Front-End vs. Back-End architecture and identifying live vulnerabilities to harden.
*** ''Methodology:'' '''Mythbusting & Actual Tests.''' Theory is introduced only ''after'' trainees have seen a vulnerability in action. Trainees run controlled exploits to understand how vulnerabilities develop, debunking security myths through direct observation.
* '''Junior Role (Junior System Administrator):'''
** ''Focus:'' The "Friction Logger." Actively monitoring helpdesk tickets for complaints where security measures obstruct workflows (e.g., "I can't print from the guest VLAN").
** ''Operational Task:'' Implementing the "Compromise Strategies" defined by the Senior. E.g., setting up a specific printing proxy rather than opening the whole network, or white-listing specific benign workflow tools in AppArmor/SELinux.
** ''Growth Plan:'' Learning to script automations that reduce user manual input for security tasks (e.g., auto-mounting encrypted ZFS datasets upon login).

=== 4. The Honeypot Lab (Seasonal Threat Research) ===

* '''Operational Trigger:''' This initiative is '''seasonal''', activated only when the department has sufficient bandwidth and a cohort of '''Security Interns/OJTs'''.
* '''Objective:''' To move beyond theoretical defense by capturing and analyzing ''actual'' attack vectors attempting to breach our specific facilities and systems.
* '''The Workflow:'''
*# '''Deployment:''' Deploy low-interaction honeypots (e.g., ''Cowrie'' for SSH, ''Dionaea'' for malware) on isolated, monitored VLANs (The "Zoo").
*# '''Sample Collection:''' Interns collect payloads and logs of attempted intrusions.
*# '''Analysis & Intelligence:'''
*#* '''Documentation:''' Cataloging the specific vectors used.
*#* '''Cross-Referencing:''' Checking hashes and IPs against global threat intelligence databases (e.g., VirusTotal, Talos, AbuseIPDB).
*#* '''Trend Analysis:''' Comparing our local attack data against global reports to see if we are being specifically targeted or swept up in automated campaigns.
*# '''Feedback Loop:''' Findings are used to update the '''Snort''' rules on the Production Netgate firewalls and to create new "Benign Malware" samples for staff training.

== Part 5: Regulatory Compliance & Data Privacy (DPA/NPC) ==

This section operationalizes the mandates from our '''Data Privacy Manual''' (Comfac Data Privacy Manual) to ensure our technical strategy aligns with the Data Privacy Act (DPA) and National Privacy Commission (NPC) regulations.

=== 1. Mandatory Notification Protocols ===

* '''The 72-Hour Rule (NPC):'''
** '''Requirement:''' In the event of a Personal Data Breach that involves sensitive personal information, unlawful acquisition, and a risk of serious harm, we are '''legally mandated''' to notify the National Privacy Commission (NPC) within '''72 hours''' of knowledge or reasonable belief of the breach.
** '''Action Plan:''' The Lead Security Specialist must immediately assess any "Critical" alert from Snort/ZenArmor to determine if it meets the criteria for NPC notification.
* '''The 24-Hour Rule (Internal):'''
** '''Requirement:''' The Data Privacy Response Team must notify the Company Management and prepare a detailed incident documentation within '''24 hours''' of the discovery of any Security Incident or Breach.
** '''Procedure:''' A standardized "Incident Report Form" (Annex J of the Manual) must be pre-loaded onto the Management VLAN for immediate access.

=== 2. Integration with Technical Hardening ===

Our infrastructure strategy is designed to satisfy the "Security Measures" (Article V) of the Privacy Manual:

* '''Encryption (Article V, Sec 2.4):'''
** ''Implementation:'' All TrueNAS ZFS datasets containing Personal Data (Payroll, HR, Client Info) must utilize '''ZFS Native Encryption'''.
** ''Endpoint:'' All Ubuntu laptops ("Golden Image") must use '''Full Disk Encryption (LUKS)'''.
* '''Access Control (Article V, Sec 1.4):'''
** ''Implementation:'' The migration to '''FreeIPA''' satisfies the requirement that "Only Authorized Personnel" may access data. We enforce this via RBAC (Role-Based Access Control) to ensure permissions are granted on a "Least Privilege" basis.
* '''Breach Prevention (Article VI, Sec 3):'''
** ''Implementation:'' The '''Internal Penetration Testing''' (Benign Malware/Phishing Simulations) described in Part 4 is the direct operationalization of the requirement to "periodically conduct a Privacy Impact Assessment and identify risks."

== Part 6: Breach & Emergency Response Protocols ==

This section outlines the precise, step-by-step technical response to a confirmed Security Incident. '''We operate on a "Scorched Earth" policy: we do not attempt to "clean" infected machines; we wipe and restore them.'''

=== 1. The "SIMG" Strategy (The Golden Hammer) ===

* '''Definition:''' '''SIMG (System Image)''' is a verified, immutable snapshot of our organization's ideal operating state. It contains the approved OS, drivers, and software stack, free of any malware or configuration drift.
* '''Strategic Role:''' In a breach scenario, the SIMG is our primary recovery tool. We do not spend hours troubleshooting a compromised endpoint. We re-image it with the SIMG in minutes.

=== 2. The Emergency Response Pipeline ===

'''Step 1: Immediate Isolation (Network Kill Switch)'''

* '''Action:''' Upon confirmation of a breach (via Snort/ZenArmor alert), the Security Specialist isolates the affected VLAN via the Netgate pfSense interface.
* '''Goal:''' Stop lateral movement. The affected machines are cut off from the Internet and the TrueNAS backend.

'''Step 2: The "Nuke and Pave" (Re-Imaging)'''

* '''Primary Method (Network Boot):'''
** The SysAdmin triggers the PXE Server (FOG/Clonezilla).
** Affected machines are rebooted into the network installer.
** The current OS is completely overwritten by the '''SIMG'''. This guarantees 100% removal of malware/ransomware.
* '''Secondary Method (The "Go Bag" USBs):'''
** '''Scenario:''' If the network itself is compromised, saturated, or physically severed.
** '''Preparation:''' The IT team maintains a physical "Go Bag" containing 10+ high-speed USB drives, each pre-loaded with the latest SIMG.
** '''Execution:''' Junior SysAdmins physically move to endpoints, plug in the USB, and manually re-image the machine. This air-gapped restoration method bypasses any network-based attacks.

'''Step 3: Data Restoration (The ZFS "Time Machine")'''

* '''Action:''' Once the endpoints are clean (re-imaged), they are reconnected to the network.
* '''Recovery:'''
** '''User Data:''' Is NOT stored on the endpoint. It resides on TrueNAS.
** '''ZFS Rollback:''' If the malware encrypted files on the server before isolation, the Admin accesses the TrueNAS web UI.
** '''Command:''' Navigate to ''Storage > Snapshots''. Select the snapshot from ''before'' the breach (e.g., 1 hour ago). Click '''Rollback'''.
** '''Result:''' The file system instantly reverts to its clean state. No decryption payment is ever needed.

'''Step 4: Post-Mortem & Reporting'''

* '''Action:''' The Data Privacy Response Team (DPRT) convenes immediately after technical containment.
* '''Output:'''
** File the '''24-Hour Internal Incident Report'''.
** If applicable, file the '''72-Hour NPC Notification'''.
** Review Snort logs to identify the entry point (Patient Zero) and update the SIMG or Firewall rules to prevent recurrence.

[[Category:Security]]
[[Category:Infrastructure]]
[[Category:Linux]]
[[Category:Comfac]]

SOP: Network Troubleshooting & pfSense Monitoring 251130

2026-02-25T07:22:53Z

CITEditor: Created page with "= SOP: Network Troubleshooting & pfSense Monitoring = '''Source:''' [https://www.youtube.com/watch?v=utZ6kQpGRoc Lawrence Systems: pfSense Packet Loss and Latency Monitoring Guide] '''Purpose:''' To standardize the diagnosis of intermittent internet connectivity issues using the "Fault Isolation" methodology and pfSense Gateway Monitoring tools. '''Target Audience:''' IT Support, Network Administrators, and Technical Staff. == Part 1: The Methodology (Fault Isolat..."

= SOP: Network Troubleshooting & pfSense Monitoring =

'''Source:''' [https://www.youtube.com/watch?v=utZ6kQpGRoc Lawrence Systems: pfSense Packet Loss and Latency Monitoring Guide]

'''Purpose:''' To standardize the diagnosis of intermittent internet connectivity issues using the "Fault Isolation" methodology and pfSense Gateway Monitoring tools. 
'''Target Audience:''' IT Support, Network Administrators, and Technical Staff.

== Part 1: The Methodology (Fault Isolation) ==

The goal of troubleshooting is not just to fix the problem, but to '''prove''' where the failure lies. We use the '''Process of Elimination''' to isolate variables in the connection chain.

=== The Connection Chain ===

Visualize the path data takes from the user to the internet. A failure at any point breaks the chain.

=== Isolation Logic ===

* '''Isolate the Device:''' If only ''one'' user drops, the issue is at '''Node A'''.
* '''Isolate the Local Network:''' If ''all'' users drop, but pfSense can still ping the modem, the issue is at '''Node B'''.
* '''Isolate the ISP:''' If pfSense cannot reach the Public Internet ('''Node F''') despite a valid link to the Modem ('''Node D'''), the issue is likely '''Node E''' (The ISP).

== Part 2: Configuring pfSense for Accurate Monitoring ==

By default, pfSense monitors the '''Gateway IP''' (usually the ISP's local modem or first hop). You must determine if this is the correct target based on your equipment setup.

'''Objective:''' Ensure we are monitoring the ''Internet'', not just the local modem.

=== Step 1: Verify Equipment Mode & Monitor IP ===

# Navigate to '''System > Routing > Gateways'''.
# Click the '''Edit (Pencil)''' icon next to the primary WAN gateway (e.g., WAN_DHCP).
# Check the '''Monitor IP''' field.

'''Scenario A: Modem is in Bridge Mode (Public IP on pfSense)'''

If your modem is in Bridge Mode, the Gateway IP is usually the ISP's first hop on their network.

* ''Verdict:'' Default settings are usually fine, but changing to a public DNS (Step 2) is still recommended for reliability.

'''Scenario B: Modem acts as Router (Private IP on pfSense)'''

If your pfSense WAN has a private IP (e.g., 192.168.x.x), the default Gateway is just your local modem.

* ''Verdict:'' '''You MUST change the Monitor IP.''' Monitoring the default gateway only confirms the cable between pfSense and the modem is working. It tells you nothing about the actual internet connection.

=== Step 2: Set an Off-Premise Monitor IP ===

To test the actual internet connection, set the '''Monitor IP''' to a stable, off-premise target:

* <code>1.1.1.1</code> (Cloudflare DNS)
* <code>8.8.8.8</code> (Google DNS)
* <code>208.67.222.222</code> (OpenDNS)
* ''Corporate Option:'' The IP of the company VPN or Relay Server.

Click '''Save''' and '''Apply Changes'''.

=== Step 3: Tune Latency Thresholds (Optional) ===

If using high-latency connections (Starlink, Satellite, LTE) or if you see false alarms:

# In the Gateway Edit screen, click '''Display Advanced'''.
# Adjust '''Latency Thresholds''' (Lower/Upper limits in ms).
# Adjust '''Packet Loss Thresholds''' (Percentage limits).

== Part 3: Visualizing "Intermittent" Issues (RRD Graphs) ==

Intermittent issues are difficult to catch in real-time. pfSense RRD (Round-Robin Database) graphs provide historical evidence.

=== Accessing the Quality Graph ===

# Navigate to '''Status > Monitoring'''.
# Click the '''Wrench Icon''' (View Settings).
# '''Category:''' Select System.
# '''Graph:''' Select Quality.
# '''Time Period:''' Select 1 Day (for immediate issues) or 1 Month (for pattern analysis).
# Click '''Save View''' to make this your default if desired.

=== Interpreting the Data ===

* '''Packet Loss (Red Bars):''' Vertical red bars indicating data that never reached the destination. '''Any''' red bars usually indicate a physical line fault or severe ISP failure.
* '''Latency/Delay (Blue Line):''' The time it takes for a ping to return.
* '''Standard Deviation (Jitter):''' How much the latency varies.

== Part 4: Root Cause Analysis (Correlation) ==

To prove the cause, we overlay different metrics to see what else was happening on the firewall during the spike.

# In '''Status > Monitoring''', click the '''Wrench Icon'''.
# '''Left Axis:''' Set to Quality (Packet Loss/Delay).
# '''Right Axis:''' Select a correlation metric (see below).
# '''Update Graph.'''

=== Correlation Scenarios ===

'''Check 1: Bandwidth Saturation'''

* ''Right Axis:'' Traffic (WAN Throughput)
* ''Analysis:'' If Latency spikes exactly when Traffic is high, the pipe is full.
* ''Action:'' Upgrade bandwidth or implement Traffic Shaping (QoS).

'''Check 2: CPU/System Overload'''

* ''Right Axis:'' System > Processor
* ''Analysis:'' If Packet Loss correlates with 100% CPU usage, the firewall hardware is the bottleneck, not the ISP.

'''Check 3: VPN Usage'''

* ''Right Axis:'' OpenVPN or WireGuard > Users (or Traffic)
* ''Analysis:'' If instability begins exactly when remote users connect, the VPN encryption overhead may be stressing the CPU or saturating the upload speed.

'''Check 4: The "Clean" Failure (ISP Fault)'''

* ''Analysis:'' If Packet Loss (Red Bars) occurs when Traffic is '''flat/low''' and CPU is '''idle''', the issue is external.
* ''Action:'' '''Contact ISP.''' (See Part 5).

== Part 5: Evidence Gathering & Reporting ==

ISPs often dismiss intermittent complaints. Providing raw data logs forces escalation.

=== Exporting Data to CSV ===

# In '''Status > Monitoring''', load the view showing the issue (e.g., "1 Month Quality" or "3 Month View").
# Click the '''Export Button''' (Arrow pointing into a box) below the graph.
# Save the .csv file.

=== Visualizing in LibreOffice Calc / Excel ===

# Open the CSV file.
# Select the '''Timestamp''' column and the '''Packet Loss''' column.
# Insert a '''Line Chart'''.
# '''Highlight the outages.'''
#* ''Example:'' "Connection drops daily between 14:00 and 16:00."
# Save the chart as a PDF and attach it to the ISP Support Ticket.

'''Note:''' When submitting this data to an ISP, explicitly state: ''"I have isolated the issue to the modem/street level. My internal firewall logs show packet loss to 8.8.8.8 occurring during periods of zero bandwidth usage, ruling out local congestion."''

== Part 6: Multi-WAN Performance Comparison ==

In environments with multiple gateways (Load Balancing or Failover), comparing performance simultaneously is critical to ruling out shared hardware failures (e.g., the firewall itself) versus specific ISP failures.

=== Configuring the Comparative Graph ===

# Navigate to '''Status > Monitoring'''.
# Click the '''Wrench Icon''' (Settings).
# Configure the axes to display two ISPs at once:
#* '''Left Axis:'''
#** Category: System
#** Graph: Quality
#** Specific Selection: WAN_DHCP (Primary ISP)
#* '''Right Axis:'''
#** Category: System
#** Graph: Quality
#** Specific Selection: OPT1 or WAN2 (Secondary ISP)
# Click '''Update Graph'''.

=== Interpreting Comparative Data ===

This view allows you to see if an outage is '''Global''' (Router/Power issue) or '''Isolated''' (ISP issue).

{| class="wikitable"
! Graph Observation !! Diagnosis
|-
| '''Only Primary ISP shows Packet Loss''' || '''Isolated ISP Failure.''' The issue is specific to the Primary ISP line. The firewall hardware is functioning correctly because the Secondary ISP is clear.
|-
| '''Both ISPs show Packet Loss simultaneously''' || '''Global Hardware Failure.''' If two independent ISPs fail at the exact same second, the issue is likely the pfSense hardware (CPU overload), a shared switch, or a power fluctuation.
|-
| '''Secondary ISP shows high Latency''' || '''Backup Quality Check.''' Ensure your backup line is actually viable. High latency on a backup line might mean it is unsuitable for failover.
|}

[[Category:SOP]]
[[Category:Networking]]
[[Category:pfSense]]
[[Category:Comfac]]

TrueNAS Configuration Options & Scale Options 251130

2026-02-25T07:22:25Z

CITEditor: Created page with "= TrueNAS Configuration Options & Pricing = '''Reference:''' https://www.truenas.com/configure-and-buy-truenas-mini/ '''Note:''' It's better to configure first using the Configuration Tool, THEN send the configuration for quotation for international orders. Because TrueNAS has a slow quotation period, it's better to build it there first then ask for a quote. == Pricing Table == {| class="wikitable" ! Option # !! Specs (Details) !! Dollar Value (USD) !! PHP Value (x60..."

= TrueNAS Configuration Options & Pricing =

'''Reference:''' https://www.truenas.com/configure-and-buy-truenas-mini/

'''Note:''' It's better to configure first using the Configuration Tool, THEN send the configuration for quotation for international orders. Because TrueNAS has a slow quotation period, it's better to build it there first then ask for a quote.

== Pricing Table ==

{| class="wikitable"
! Option # !! Specs (Details) !! Dollar Value (USD) !! PHP Value (x60) !! 12% VAT (PHP) !! Total (PHP) (Inc. VAT & 20k Customs)
|-
| '''Option 1''' || Mini Tower (Empty/Diskless) • 8 Core CPU • 64 GB RAM • 2x 10Gb Networking • 0TB Storage (Empty Bays) • 1 Year Warranty • TrueNAS Scale || $2,009.00 || ₱120,540.00 || ₱14,464.80 || ₱155,004.80
|-
| '''Option 2''' || Mini Tower (5x 10TB) • 8 Core CPU • 64 GB RAM • 2x 10Gb Networking • 5x 10TB HDDs • 1 Year Warranty • TrueNAS Scale || $3,359.00 || ₱201,540.00 || ₱24,184.80 || ₱245,724.80
|-
| '''Option 3''' || Mini Tower (5x 14TB) • 8 Core CPU • 64 GB RAM • 2x 10Gb Networking • 5x 14TB HDDs • 1 Year Warranty • TrueNAS Scale || $3,809.00 || ₱228,540.00 || ₱27,424.80 || ₱275,964.80
|-
| '''Option 4''' || Rackmount (10x 10TB) • 8 Core CPU • 64 GB RAM • 2x 10Gb Networking • Short Rail Kit • 10x 10TB HDDs • 1 Year Warranty • TrueNAS Scale || $5,109.00 || ₱306,540.00 || ₱36,784.80 || ₱363,324.80
|-
| '''Option 5''' || Rackmount (10x 14TB) • 8 Core CPU • 64 GB RAM • 2x 10Gb Networking • Short Rail Kit • 10x 14TB HDDs • 1 Year Warranty • TrueNAS Scale || $6,219.00 || ₱373,140.00 || ₱44,776.80 || ₱437,916.80
|}

== See Also ==

* [[TrueNAS Business Plan: Project 251212]]
* [[System Hardening Strategy: Win2Lin Migration & Infrastructure 251129]]

[[Category:TrueNAS]]
[[Category:Hardware]]
[[Category:Pricing]]
[[Category:Comfac]]

Offline Malware Remediation & Data Recovery

2026-02-25T07:22:01Z

CITEditor: Created page with "= SOP: Offline Malware Remediation & Data Recovery (The "Crash Kit" Protocol) = '''Department:''' IT / Comfac Group of Companies '''Effective Date:''' 2025-12-06 '''Reference ID:''' SEC-OPS-04 == 1. Overview and Asset Classification == This procedure outlines the standards for using Linux-based boot environments to isolate, diagnose, and repair compromised workstations. To ensure hardware longevity and operational security, we utilize two distinct tiers of bo..."

= SOP: Offline Malware Remediation & Data Recovery (The "Crash Kit" Protocol) =

'''Department:''' IT / Comfac Group of Companies 
'''Effective Date:''' 2025-12-06 
'''Reference ID:''' SEC-OPS-04

== 1. Overview and Asset Classification ==

This procedure outlines the standards for using Linux-based boot environments to isolate, diagnose, and repair compromised workstations.

To ensure hardware longevity and operational security, we utilize two distinct tiers of bootable media. Staff must select the appropriate tool for the task based on resource availability and required privileges.

=== Tier 1: Standard Live USB (LUSB) - The "Disposable" ===

* '''Hardware:''' Standard USB Flash Drive (16GB+).
* '''Configuration:''' Read-Only Ubuntu Live ISO (Amnesiac).
* '''Target Audience:''' '''OJTs (On-the-Job Trainees)''', General Staff, Minor Troubleshooting.
* '''Context:''' We maintain a high volume of LUSB units for daily maintenance and simple diagnostics. These units are low-cost and expendable.
* '''Use Case:''' Quick hardware checks, memory testing, or one-off file access. No data or logs are saved after reboot.

=== Tier 2: Persistent Crash Kit (PCK) ===

* '''Hardware:''' 2.5" SATA SSD (128GB+) in USB 3.0 Enclosure.
* '''Configuration:''' Full Ubuntu Installation (Persistent) with encrypted /home directory.
* '''Target Audience:''' IT Staff & Administrators '''ONLY'''.
* '''Context:''' '''Strictly Limited Quantity.''' PCKs contain paid, licensed software (Bitdefender Endpoint Security Tools) and are restricted due to licensing costs. They are not to be issued to OJTs.
* '''Use Case:''' Deep forensics, malware removal, large data recovery, and evidence logging.
* '''Why SSD?''' Flash drives cannot handle the "write amplification" of a persistent OS running antivirus updates and logs. Using a flash drive for a PCK will result in hardware failure within days/weeks.

== 2. PCK Security Protocols (CRITICAL) ==

The '''Persistent Crash Kit (PCK)''' is a privileged security tool. Misuse can compromise the kit itself or the data being recovered.

# '''Root vs. User Separation:'''
#* The PCK has a '''Root (Superuser)''' account and a standard '''User''' account.
#* '''Rule:''' Never operate the GUI as Root. Log in as the standard user. Use <code>sudo</code> explicitly for scanning or mounting drives.
#* '''Privilege Hygiene:''' Do not grant executable permissions (<code>chmod +x</code>) to any file recovered from a Windows host.
# '''Chain of Custody:'''
#* PCKs contain sensitive logs and potentially recovered PII (Personally Identifiable Information). They must be encrypted (LUKS) and stored securely when not in use.

== 3. Theory of Operation: Kernel Isolation ==

Understanding why this technique is safe is required for all IT staff handling infected machines.

* '''Kernel (Operating System):''' https://en.wikipedia.org/wiki/Kernel_(operating_system)
* '''User Space:''' https://en.wikipedia.org/wiki/User_space_and_kernel_space

=== 3.1 The "Dormant State" ===

When a compromised Windows PC boots from a PCK:

# '''BIOS Handover:''' The BIOS loads the Linux Kernel from the USB SSD, not the Windows Kernel from the internal HDD.
# '''Inert Malware:''' Windows malware files (.exe, .dll) rely on the Windows API to execute. In the Linux environment, these files are merely static data. They cannot run, self-replicate, or hide.

=== 3.2 The Executable Barrier (ELF vs. PE) ===

* '''Windows:''' Uses '''PE''' (Portable Executable) format. https://en.wikipedia.org/wiki/Portable_Executable
* '''Linux:''' Uses '''ELF''' (Executable and Linkable Format). https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
* '''System Call:''' execve - https://man7.org/linux/man-pages/man2/execve.2.html

If a user accidentally double-clicks a Windows virus inside the PCK, the Linux Kernel checks the file header, sees it is not ELF, and rejects the execution request (execve error).

== 4. Operational Workflow ==

=== Phase 1: Isolation Boot ===

# '''Disconnect Network:''' Unplug the ethernet cable to prevent lateral movement (Worm behavior).
# '''Boot PCK:''' Insert the PCK SSD, power on, and enter the Boot Menu (F12/Del). Select the USB SSD.

=== Phase 2: Diagnosis & Scanning ===

Once the internal Windows partition is mounted (e.g., <code>/media/admin/WindowsVolume</code>), proceed with multi-engine scanning using the licensed tools on the PCK.

'''Primary Engine: Bitdefender Endpoint Security Tools (Linux)'''

* '''Update:''' <code>sudo /opt/bitdefender-security-tools/bin/bduitool update -ps</code>
* '''Scan:''' <code>sudo /opt/bitdefender-security-tools/bin/bduitool scan -s -f custom /media/admin/WindowsVolume</code>

'''Secondary Engines (If Licensed/Available on PCK):'''

If the primary scan is inconclusive, utilize secondary licensed Linux agents installed on the PCK:

* '''ESET SysRescue / Endpoint Antivirus for Linux:''' Good for detecting Potentially Unwanted Programs (PUPs).
* '''Sophos Antivirus for Linux:''' Useful for cross-verification of signatures.
* '''ClamAV (Open Source):''' <code>clamscan -r /media/admin/WindowsVolume</code> (Useful for a "second opinion" if licenses are maxed out).

'''Reporting & Knowledge Sharing (Mandatory)'''

Detection is only the first step. The incident must be documented to drive Corrective and Preventive Actions (CAPA) and build institutional knowledge.

# '''The Scientific Report Structure:''' Technicians must document the incident in the IT Team Channel/Wiki using the following structure:
#* '''Observations:''' List physical or digital symptoms (e.g., "User reported slow performance," "Unknown process utilizing 90% CPU").
#* '''Hypothesis:''' State the suspected cause (e.g., "Likely a cryptocurrency miner installed via browser extension").
#* '''Testing & Verification:''' Detail the steps taken to prove or disprove the hypothesis (e.g., "Mounted drive in PCK, scanned with Bitdefender, identified ''Trojan.Generic.Miner'' in AppData").
# '''Evidence Collection:'''
#* '''Screenshots:''' Capture scan logs, error messages, and directory structures.
#* '''Sample Isolation:''' If a unique malware sample is found, compress it into a '''Password Protected ZIP''' (Password: <code>infected</code>).
#* '''Quarantine:''' Upload the ZIP to the designated '''Cloud Quarantine Folder'''. '''DO NOT''' email samples.
# '''Wiki Knowledge Base:'''
#* Add the findings to the IT Wiki.
#* '''Goal:''' Make the lesson searchable. Staff are not expected to memorize every threat, but they must be able to retrieve the solution if the issue recurs.

=== Phase 3: Preservation & Extraction ===

'''Policy:''' We do not simply "Format and Reimage" if data recovery is possible. However, we strictly prohibit restoring "loose" files which may reinfect the network.

# '''Compression as Quarantine:'''
#* '''Action:''' Select the user's critical data (Desktop, Documents, Pictures).
#* '''Method:''' Create a '''Password Protected Zip/Tar Archive'''.
#* '''Tool:''' https://man7.org/linux/man-pages/man1/zip.1.html
#* '''Command:''' <code>zip -e -r user_recovery_date.zip /media/admin/WindowsVolume/Users/JaneDoe/Documents</code>
#* '''Why:''' This encapsulates the data. If a virus was missed, it is now locked inside a password-protected container that cannot auto-execute when placed back on a Windows machine.
# '''Integrity Verification:'''
#* Open random non-executable files (PDF, JPG, TXT) inside the Linux environment using native tools (Evince, Image Viewer).
#* '''Goal:''' Confirm files are not encrypted by Ransomware.
#* '''Safety:''' Opening a .doc in LibreOffice is safe as it cannot execute Windows Macros.

=== Phase 4: Reformatting & Re-imaging ===

Once data is extracted to the '''Password Protected Archive''':

# '''Wipe Partition Table:'''
#* Use GParted or fdisk to delete all partitions on the infected drive.
#* '''Deep Wipe (Optional for high-risk infections):''' Use <code>dd</code> or <code>shred</code> to overwrite the first 500MB of the drive to destroy the Master Boot Record (MBR) and Partition Table.
#* '''Command:''' <code>sudo dd if=/dev/zero of=/dev/sdX bs=1M count=500</code> (Where sdX is the internal drive). https://man7.org/linux/man-pages/man1/dd.1.html
# '''Reinstall:'''
#* Boot from a clean Windows Installation Media (Standard LUSB or separate installer) and proceed with a fresh OS install.
# '''Restore:'''
#* Copy the '''Password Protected Archive''' back to the new Windows installation.
#* Scan the archive ''again'' with the fresh Windows Antivirus before unzipping.

== 5. BIOS/UEFI Level Threats ==

In rare cases, malware may reside in the motherboard firmware (UEFI/BIOS), surviving drive replacement and reformatting.

* '''Rootkit:''' https://en.wikipedia.org/wiki/Rootkit
* '''Unified Extensible Firmware Interface (UEFI):''' https://en.wikipedia.org/wiki/UEFI
* '''LoJax (Example):''' https://en.wikipedia.org/wiki/LoJax

=== 5.1 Indicators of BIOS Compromise ===

* '''Persistence:''' Malware reappears immediately after a full disk wipe and fresh Windows install.
* '''Settings Lock:''' BIOS settings are password protected (and IT did not set the password) or settings revert automatically.
* '''Boot Order:''' The boot order changes automatically to prioritize an unknown network path or hidden partition.

=== 5.2 Testing & Remediation ===

Directly scanning BIOS firmware is difficult without specialized hardware tools (e.g., Chipsec). We rely on '''Behavioral Diagnosis'''.

# '''The "Wipe Test":''' If a machine is wiped (Phase 4), reinstalled, and immediately alerts for the ''same'' malware upon first boot (before network connection), assume BIOS compromise.
# '''Remediation (Reflash):'''
#* Download the latest BIOS firmware from the vendor website (using a clean PC).
#* Save it to a clean FAT32 USB.
#* Boot into BIOS and use the "Flash Utility" to overwrite the current firmware.
#* ''Note:'' This does not guarantee removal of advanced persistent threats (like BlackLotus), but is the standard first-line defense.
# '''Escalation:''' If reflashing fails, the motherboard hardware is considered compromised and must be physically replaced.

== 6. Ransomware Policy & Legal Compliance ==

'''Warning: Strict Adherence Required'''

If the diagnostic reveals active Ransomware (files encrypted with extensions like .locked, .enc, etc.):

# '''NO PAYMENT PERMITTED:''' Under no circumstances will the Comfac Group of Companies pay a ransom.
# '''Legal Basis:''' Paying a ransom allows funds to flow to criminal syndicates. This is a potential violation of the Anti-Money Laundering Act (AMLA) of the Philippines (Republic Act No. 9160). Facilitating such payments can expose the company and individual staff to criminal liability.
#* '''RA 9160:''' https://en.wikipedia.org/wiki/Anti-Money_Laundering_Act_of_2001
# '''Procedure:'''
#* If data is encrypted and no backups exist, the data is considered '''Lost'''.
#* Preserve the encrypted drive image ONLY if required by Legal/HR for investigation.
#* Proceed to wipe and reimage.

''End of SOP''

[[Category:IT Procedures]]
[[Category:Security]]
[[Category:SOP]]
[[Category:Comfac]]

ERPNEXT Payroll POC 251212

2026-02-25T07:21:25Z

CITEditor: Created page with "= ERPNext Payroll Proof of Concept (POC) - Step-by-Step Guide = This guide outlines the process to validate ERPNext for your payroll requirements, specifically tailored for a Philippine context (BIR compliance, attendance-based pay, and multi-entity rollout). Reference: [https://docs.frappe.io/hr/payroll-setup Payroll Setup] == Phase 1: The Foundation (Prerequisites) == ''Goal: Prepare the system with the minimum data required to process a dummy transaction.'' === 1..."

= ERPNext Payroll Proof of Concept (POC) - Step-by-Step Guide =

This guide outlines the process to validate ERPNext for your payroll requirements, specifically tailored for a Philippine context (BIR compliance, attendance-based pay, and multi-entity rollout).

Reference: [https://docs.frappe.io/hr/payroll-setup Payroll Setup]

== Phase 1: The Foundation (Prerequisites) ==

''Goal: Prepare the system with the minimum data required to process a dummy transaction.''

=== 1.1 Accounting Setup (Chart of Accounts) ===

Ensure the following accounts exist in your '''Chart of Accounts''' (Accounting > Chart of Accounts):

* '''Expenses (Profit & Loss):'''
** Salaries and Wages
** Employer's SS Contribution (SSS/PhilHealth/HDMF share)
** ''Provision for Separation/Redundancy (Optional for Forecasting)''
* '''Liabilities (Balance Sheet):'''
** Payroll Payable (Net Pay)
** SS Payable (Employee + Employer share)
** Withholding Tax Payable (BIR)

=== 1.2 Master Data Setup ===

# '''Company:''' Ensure "ESCO" (or your target entity) is set up.
# '''Department:''' Create basic departments (e.g., HR, IT, Operations).
# '''Designation:''' Create basic roles (e.g., Officer, Manager).
# '''Holiday List:''' Create a "Regular Holidays 2025" list.
#* ''Note:'' This is crucial for calculating "Working Days."

== Phase 2: Scenario A - Fixed Salary (No Attendance) ==

''Goal: Generate a Salary Slip and Accounting Entries for a regular employee without worrying about daily attendance tracking.''

=== 2.1 Create Salary Components ===

Go to '''Payroll > Salary Component > New'''.

# '''Basic Pay:''' Type = Earning.
# '''Allowance:''' Type = Earning.
# '''SSS Contribution:''' Type = Deduction.

=== 2.2 Create Salary Structure ===

Go to '''Payroll > Salary Structure > New'''.

* '''Name:''' "Regular - Monthly Fixed"
* '''Company:''' ESCO
* '''Earnings Table:''' Add Basic Pay and Allowance.
* '''Deductions Table:''' Add SSS Contribution.
* '''Mode of Payment:''' Bank Transfer.

=== 2.3 Create Employee ===

Go to '''HR > Employee > New'''.

* '''First Name:''' Juan
* '''Last Name:''' Dela Cruz (Fixed)
* '''Date of Joining:''' 3 months ago.
* '''Status:''' Active.

=== 2.4 Assign Salary Structure ===

Go to '''Payroll > Salary Structure Assignment > New'''.

* '''Employee:''' Juan Dela Cruz (Fixed).
* '''Salary Structure:''' "Regular - Monthly Fixed".
* '''Base Pay:''' Enter the monthly amount (e.g., 25,000).
* '''Condition:''' Leave blank for now.

=== 2.5 Process Payroll (The Workflow) ===

# '''Payroll Entry:''' Go to '''Payroll > Payroll Entry > New'''.
#* Select Payroll Period.
#* Check "Validate Attendance" = '''Unchecked''' (Crucial for this step).
#* Click "Get Employees" -> "Create Salary Slips".
# '''Verify Slips:''' Open the generated Salary Slip. Check if Basic + Allowance - SSS = Net Pay is correct.
# '''Submit:''' Submit the Payroll Entry.
# '''Accrual (Journal Entry):''' Click "Make Bank Entry" or check the Journal Entry created automatically.
#* ''Result:'' Debit Salary Expense, Credit Payroll Payable.

== Phase 3: Scenario B - Attendance-Based & Variable Pay ==

''Goal: Prove the system can handle "No Work, No Pay", Lates, and Absences based on uploaded data.''

=== 3.1 Setup "Daily" Components ===

# '''Salary Component:''' Create "Basic (Daily)".
# '''Salary Structure:''' Create "Rank and File - Attendance Based".
#* '''Formula:''' <code>base * (payment_days / total_working_days)</code> or specific daily rate logic.

=== 3.2 Create Employee & Assignment ===

# '''New Employee:''' "Maria Santos (Attendance)".
# '''Assignment:''' Assign the "Attendance Based" structure.

=== 3.3 Import Attendance Data (The Spreadsheet Test) ===

Instead of manual entry, use the '''Data Import''' tool.

# '''Download Template:''' Go to Data Import > New > Document Type: '''Attendance'''. Download the CSV template.
# '''Fill Data:''' Populate the CSV with:
#* Present days (Status: Present).
#* Absent days (Status: Absent).
#* ''Note:'' Ensure dates match the payroll period you are testing.
# '''Upload:''' Attach and Import the CSV.

=== 3.4 Process Payroll with Validation ===

# '''Payroll Entry:''' Create New.
# '''Settings:''' Check '''"Validate Attendance"'''.
# '''Execution:'''
#* The system will auto-calculate Payment Days (Total days in month - Absents - LWP).
#* Check Maria's Salary Slip. If she was absent 2 days, her Basic Pay should be pro-rated (or deducted, depending on your formula).

== Phase 4: Earnings, Deductions & Tax Compliance (PH Context) ==

''Goal: Achieve the "Complete Salary" requirement, including progressive tax calculation.''

=== 4.1 Income Tax (Progressive/Annualized) ===

* '''Concept:''' Philippine tax is based on ''net taxable annual income''. Monthly deductions are merely "withholdings" (advance payments). As income fluctuates (OT, LWOP, Bonuses), the projected annual tax bracket changes.
* '''Option A (Standard Tax Slab):''' Setup '''Payroll > Income Tax Slab'''. Use the annualized TRAIN law tables.
** ''ERPNext Logic:'' The system typically projects annual income by taking (Current Month Earnings * Remaining Months) + YTD Earnings. It then applies the tax slab to find the annual tax, divides it by months to find the monthly deduction.
* '''Option B (Simplified POC Formula):''' For the POC, you can use a Python formula in the Salary Component to mimic the manual calculation if the projection logic is too complex for the initial test.

=== 4.2 Statutory Deductions (SSS, PhilHealth, HDMF) ===

* '''SSS:''' Create a '''Salary Component Formula''' using the base amount to look up the deduction bracket, or use ERPNext's '''PH Localization''' app if available (which has standard tables).
** ''POC Shortcut:'' For the POC, just use a fixed deduction or a simple % formula to prove the deduction line appears.

=== 4.3 BIR Form 2307 vs. 2316 ===

* '''Important Distinction:'''
** '''BIR 2316:''' This is the Certificate of Compensation Payment. This is generated for '''Regular Employees''' (Phase 2 & 3). ERPNext has a standard report for this or a "Tax Deduction" report that maps to it.
** '''BIR 2307:''' This is for '''Expanded Withholding Tax''' (Creditable). This is typically for '''Contractors/Consultants''' (Job Order), NOT regular employees.
* '''POC Action for 2307:'''
** If you pay consultants via Payroll: You must create a separate Salary Structure (e.g., "Consultant Fees") and a Tax Component (e.g., "EWT 2%").
** ''Recommendation:'' Usually, 2307 is generated via '''Accounts Payable (Purchase Invoice)''' in ERPNext, not Payroll. If you ''must'' do it in Payroll, you will likely need a Custom Print Format to print the data onto the 2307 layout.

=== 4.4 Year-End Annualization (The "Tax Refund/Payable" Scenario) ===

* '''The Logic:''' In December (or separation), you must reconcile:
** (Total Actual Annual Taxable Income × Tax Rate) - (Total Taxes Withheld Jan-Nov) = December Tax Due (or Refund).
* '''POC Simulation Steps:'''
*# '''Simulate Fluctuation:''' Run payroll for Oct & Nov with different amounts (add OT in one, LWOP in another) to create a variation in tax withheld.
*# '''The 13th Month:''' Process 13th Month Pay (ensure the first 90k is set as non-taxable in the component settings).
*# '''The December Run (Annualization):'''
*#* Run the final payroll.
*#* '''Validation:''' Manually calculate the total annual tax due in Excel. Compare it with the ''cumulative'' tax deducted in ERPNext by the end of Dec.
*#* '''Adjustment:''' If the system calculation differs from your manual "Annualization" (due to rounding or specific PH logic nuances), use the '''"Additional Salary"''' tool to insert a specific "Tax Adjustment" component to force the final tax figure to match the penny.

== Phase 5: Advanced Calculations & Roadmap ==

''Goal: Move beyond basic net pay to "Total Cost of Ownership" forecasting and prepare for automated statutory reporting.''

=== 5.1 Severance & Redundancy Forecasting (Total Cost of Employment) ===

Companies often underestimate the liability accrued per year of service. To accurately forecast the '''Total Cost of Ownership (TCO)''' of an employee, we must account for potential redundancy pay mandated by the Philippine Labor Code.

* '''The Law (Redundancy):''' An employee terminated due to redundancy (superfluous position) is entitled to '''at least one (1) month pay for every year of service'''. (Article 283/298 of the Labor Code).
** ''Note:'' This is distinct from Retirement Pay (RA 7641), which is 22.5 days per year. Redundancy is more expensive.
* '''Forecasting Method:'''
** Create a '''Report''' (Script Report) in ERPNext that calculates: Current Monthly Basic * Years of Service.
** This figure represents the "Contingent Liability" if the company decides to downsize or restructure today.
** '''POC Action:''' Demonstrate a custom report or a spreadsheet export from ERPNext Employee Master that computes this column dynamically.

=== 5.2 Roadmap for Automation (Comfac Customization) ===

Before Comfac develops the custom apps/scripts to generate Philippine statutory reports automatically, we must document the '''Manual Pre-Customization Workflow'''.

'''The "Alphalist" (BIR) Roadmap:'''

# '''Current State (Manual):'''
#* Export "Salary Register" from ERPNext to Excel.
#* Manually map columns to the '''BIR Alphalist Data Entry Module''' (Part 1 - Sched 1).
#* '''Pain Point:''' Consolidating data from multiple "Payroll Entries" throughout the year.
# '''Target State (Automated):'''
#* '''Custom Script:''' A button "Generate Alphalist DAT File" in the Payroll Module.
#* '''Logic:''' It aggregates all ''Submitted'' Salary Slips for the fiscal year, groups them by Employee TIN, and formats the output into the specific DAT file structure required by the BIR eSubmission validation tool.

'''Statutory Contributions Roadmap:'''

* '''SSS (R-3 / Collection List):'''
** ''Manual:'' Pivot table of Salary Slips > Deductions > SSS.
** ''Automated:'' Generate the standard SSS text file format for bank upload.
* '''PhilHealth (RF-1) & HDMF (MCRF):'''
** ''Manual:'' Excel export and manual formatting.
** ''Automated:'' XML/Excel export matching the agency's specific template columns.

== Phase 6: Mapping & Documentation ==

''Goal: Record the evidence for stakeholders.''

=== 6.1 Screen Recording List ===

Record these specific clips (1-2 mins each) for the POC presentation:

# '''"The Setup":''' Briefly showing the Employee Master and Salary Structure.
# '''"The Input":''' Showing the Data Import of the Attendance CSV.
# '''"The Process":''' Clicking "Create Salary Slips" and seeing the batch generated.
# '''"The Result":''' Opening a PDF Salary Slip showing Earnings, Deductions, and Net Pay.
# '''"The Accounting":''' Showing the General Ledger entry (Debits/Credits).

=== 6.2 Rollout Plan (Entity Sequence) ===

# '''ESCO (Pilot):''' Run parallel payroll (ERPNext + Excel) for 1 month.
# '''Comfac:''' Copy Salary Structures from ESCO, adjust for specific allowances.
# '''CTOGS/CTONZPH:''' Specialized structures (e.g., project-based pay).

== Checklist for "Complete Salary" ==

* [ ] '''Gross Pay:''' Accurate based on attendance/fixed rate.
* [ ] '''Overtime:''' Added via "Additional Salary" or Timesheets.
* [ ] '''Deductions:''' SSS, PHIC, HDMF visible on slip.
* [ ] '''Tax:''' Withholding tax calculated progressively (Monthly vs Annualized).
* [ ] '''Annualization:''' Year-end tax adjustment (Refund/Payable) verified.
* [ ] '''Severance Forecast:''' Report created to show accrued redundancy liability per employee.
* [ ] '''Net Pay:''' Matches manual Excel computation to the centavo.
* [ ] '''Accounting:''' Journal Entry balances.
* [ ] '''Bank Advice:''' "Bank Remittance" report generated for the bank.

[[Category:ERPNext]]
[[Category:Payroll]]
[[Category:Philippines]]
[[Category:Comfac]]

TrueNAS Business Plan: Project 251212

2026-02-25T07:21:01Z

CITEditor: Created page with "= TrueNAS Business Plan: Project 251212 = ''Internal Strategy Document | For Team & Sales Distribution'' '''Date:''' December 12, 2025 == 1. Executive Summary == We are democratizing enterprise-grade storage while securing our own supply chain. This project is not just about selling NAS units; it is about cementing Comfac's hardware ecosystem. '''Strategic Relevance:''' Our infrastructure standard is Netgate (PfSense) + TrueNAS. By mastering TrueNAS hardware depl..."

= TrueNAS Business Plan: Project 251212 =

''Internal Strategy Document | For Team & Sales Distribution'' 
'''Date:''' December 12, 2025

== 1. Executive Summary ==

We are democratizing enterprise-grade storage while securing our own supply chain. This project is not just about selling NAS units; it is about cementing Comfac's hardware ecosystem.

'''Strategic Relevance:'''
Our infrastructure standard is Netgate (PfSense) + TrueNAS. By mastering TrueNAS hardware deployment, we gain control over the entire stack—from the network edge (PfSense) to the data core (TrueNAS). This allows us to deploy complex, self-hosted environments for clients that integrate seamlessly with our existing networking solutions.

'''The "Comfac Advantage":'''
We leverage our direct purchasing channels (Japan & direct manufacturers like Toploong) to procure hardware at competitive prices that local competitors cannot match.

== 2. Product Lineup ==

=== A. NENAS (Non-ECC NAS) - The "CF Growth" Series ===

* '''Target:''' Prosumers, SMBs, Branch Offices.
* '''Sourcing Partner:''' '''Toploong''' (Shenzhen Toploong Technology Co., Ltd).
* '''Hardware:''' Toploong 4-Bay / 1U Chassis + Warrantied SOC Boards.
* '''Strategy:''' The volume driver to build brand presence.

=== B. ENAS (ECC NAS) - The Enterprise Tier ===

We are splitting ENAS into two distinct categories. '''Our primary sales goal is to sell mostly ENAS units due to their reliability and higher value.'''

'''1. IXS Series (Official iXsystems)'''

* '''Product:''' Genuine TrueNAS hardware (Mini, F, M, H, X, R Series).
* '''Role:''' The "Safe Choice" for high-compliance industries.

'''2. CF Series (Comfac Custom Enterprise)'''

* '''Product:''' Comfac-sourced high-performance builds (Toploong/Custom Rackmounts).
* '''Target:''' Cost-conscious enterprises.

=== C. High-Performance Compute (The Top 5%) ===

* '''Target:''' AI Startups, Video Rendering Houses, Big Data Analytics.
* '''Price Range:''' '''₱400,000 - ₱4,000,000'''
* '''Role:''' Highly specialized servers (GPU Clusters, All-Flash Arrays). While this is only ~5% of our unit volume, it represents a significant revenue chunk and prestige.

== 3. The "Turnkey" Value Proposition ==

We are not just selling storage; we are selling a '''Self-Hosted Infrastructure'''.

'''The "Philippine User" Master Image:'''
We provide downloadable, pre-configured images optimized for the local context (bandwidth efficient, pre-hardened security).

'''Expanded Software Stack:'''

* '''Core Storage:''' TrueNAS Scale (ZFS).
* '''Productivity:''' '''NextCloud''' (Files), '''Collabora Cloud''' (Office Suite/Docs), '''Frappe''' (ERP).
* '''Media & Memories:''' '''Immich''' (Google Photos replacement - Critical for home users).
* '''Operations:''' '''Synx''' (Scheduling), '''Secada''' (Paperless/E-docs).
* '''Comms:''' '''MailCow''' (Private Email - Pre-loaded for easy deployment).
* '''IoT/AI:''' Home Assistant, NVR, OpenWebUI (Local LLMs).

'''The Service Layer:'''

* '''Setup:''' Full RAID configuration and network integration.
* '''Support:''' "We do all the support." 1:5 spare parts ratio ensures we are the warranty provider.

== 4. Manufacturing & Growth Roadmap ==

=== Phase 1: The Foundation (Years 1-2) ===

* '''Goal:''' Grow from '''10 to 100 units/year'''.
* '''Focus:''' Perfecting the "Master Image" and the "1:5 Spare Parts" logistics.
* '''Hardware:''' Direct import of Toploong chassis; local assembly.

=== Phase 2: The Scale Up (Years 3-4) ===

* '''Goal:''' Grow from '''100 to 1,000 units/year'''.
* '''Transition:''' Shift to custom fabrication (CSC Plant) to improve margins.
* '''Support:''' Establish a dedicated, certified support team to handle the 1,000+ deployed units.

== 5. Pricing & Financial Model ==

=== Pricing Strategy ===

* '''Formula:''' Selling Price = Total Cost / 0.6 (Target Margin: 40%).
* '''Total Cost Includes:''' Hardware BOM + Labor + 20% Spare Parts Allocation.

=== The "Peace of Mind" Warranty Strategy ===

* '''The 1:5 Rule (Internal Electronics):''' For every '''5 units sold''', we stock '''1 complete spare SOC Motherboard'''. Because we utilize System-on-Chip (SOC) architecture, the motherboard contains the entire processing engine (CPU/Controller), allowing us to instantly replace the critical core if it fails.
* '''Deep Repair Capability (Micro-Soldering):''' We demand complete repair diagrams from our suppliers to enable component-level repair.
** '''Goal:''' Ability to replace individual capacitors or controllers rather than discarding boards.
** '''Contingency:''' If diagrams are unavailable, we will budget for '''professional reverse-engineering services''' to map the boards ourselves.
* '''External Housing Strategy:''' For non-electronic components (Cases, Brackets), we are slowly developing our 3D printing capabilities to mass-produce these parts.
** '''Open Repair:''' We will make the '''3D printable files''' available, allowing our support network to fabricate replacements locally if needed.

=== Pricing Tiers (Calculated Estimates) ===

* '''NENAS Entry:''' ~₱76,700 (4TB Mirror)
* '''NENAS Standard:''' ~₱126,700 (10TB Mirror)
* '''ENAS (CF Series):''' ~₱181,700 (20TB RAID5, ECC)
* '''ENAS (IXS Series):''' Market List Price + Service Fee.

''(Note: Prices fluctuate with HDD market rates. The /0.6 multiplier is the constant.)''

== 6. Sales Strategy (Talking Points) ==

* '''To the Customer:''' "Stop paying monthly cloud fees. With Immich and NextCloud, you own your photos and files."
* '''To the Sales Team:''' "Focus on ENAS. It's the gold standard. But keep the 400k+ servers in your back pocket for the AI and Video clients."

== 7. The Ecosystem & 2030 Vision (The "Assembler" Goal) ==

'''Strategic Horizon: 2030-2035'''

Our long-term mission extends beyond profit. Comfac's "Assembler" goal is to re-establish computer production in the Philippines as a critical pillar of national self-sufficiency. This hardware manufacturing capability serves as the technology base from which all our other innovations will draw.

'''The "Control Center" Paradigm: Consolidation & Optimization'''

We are redefining what a "Control Center" is. It is not just a room with screens; it is a Consolidation and Optimization of Resources.

* '''Distributed Redundancy:''' A "Central Hub" does not mean a single point of failure. Our Control Centers are distributed. Because we use '''Open Source software''' (TrueNAS, Frappe, Home Assistant), there are '''no licensing barriers''' to deploying redundant nodes. The only cost is the hardware and management overhead.
* '''Convergence:''' '''Comfac Engineering and Comfac IT''' are uniting to build these centers. Whether it is a Data Center, a Command Center, or a MicroData Center, the underlying hardware requirement is the same: Server-grade reliability.

'''TrueNAS as the Universal Stack'''

Our TrueNAS hardware is the common denominator across all our verticals. It powers:

* '''Enterprise Systems:''' Inventory, HR, Payroll, Accounting, and Resource Management (ERPs).
* '''BMS & Infrastructure:''' The '''Steward-BMS''' and '''Steward-AirCon-Units (SACU)''' will utilize these servers for local control, logging, and automation.
* '''Edge Computing & AI:''' From on-premise AI models to Edge caching, TrueNAS is the hypervisor.

'''The "Comfac Graduate" Initiative (The Workforce):'''

As we scale to 1,000+ units/year, we cannot support every device centrally. We must build a Network of Trust.

* '''Target:''' IT Graduates and Technicians trained by us.
* '''Concept:''' We empower them to make a living by reselling our hardware and selling ''their own'' support services.
* '''Affordability:''' We offer profit-sharing or tiered dealer pricing to ensure the tech is affordable for them to start their business.
* '''Outcome:''' A distributed network of independent, certified support agents who maintain this national technology base. They get a livelihood; we get scale.

== 8. Operational Requirements ==

# '''Procurement:''' Establish direct volume pricing with Toploong and '''negotiate access to schematic diagrams''' for SOC motherboards.
# '''R&D:''' Finalize the '''Immich''', '''Collabora''', and '''MailCow''' integrations into the Master Image.
# '''Inventory:''' Secure 10TB drives and ECC RAM kits.

[[Category:TrueNAS]]
[[Category:Hardware]]
[[Category:Business Plan]]
[[Category:Comfac]]

IT Purchase Requests 241126

2026-02-25T07:20:37Z

CITEditor: Created page with "= IT Purchase Requests = == 1. Objectives == The objective of this procedure is to standardize and streamline the Purchase Request (PR) process within ERPNext to ensure: * Efficient tracking and approval of purchases. * Alignment with budgetary and operational requirements. * Transparency and accountability in procurement. '''Key Results:''' * Reduced PR processing times. * Compliance with item categorization and financial protocols. * Clear monitoring of IT Costs...."

= IT Purchase Requests =

== 1. Objectives ==

The objective of this procedure is to standardize and streamline the Purchase Request (PR) process within ERPNext to ensure:

* Efficient tracking and approval of purchases.
* Alignment with budgetary and operational requirements.
* Transparency and accountability in procurement.

'''Key Results:'''

* Reduced PR processing times.
* Compliance with item categorization and financial protocols.
* Clear monitoring of IT Costs.
* Clear assignment of roles and responsibilities.

== 2. Scope ==

This procedure applies to all departments utilizing ERPNext for procurement, specifically for Information Technology (IT) items and services. The guidelines encompass:

* '''Activities:''' Creation, checking, review, and approval of PRs.
* '''Workflows:''' Following the Rank-and-File to Director approval hierarchy.
* '''Resources:''' ERPNext system, item codes, and specifications.
* '''Timeline:''' PRs must be approved 5 days of submission, or noted or rejected or delayed.

== 3. Definitions ==

* '''PR (Purchase Request):''' A formal request to procure goods or services.
* '''Item Code:''' A unique identifier for goods or services in ERPNext.
** Physical Items need to have "Keep Stock" in check. Services or Online Digital Items cannot have these items checked. This ensures the item can be physically received.
* '''Department:''' It should be MIS - CSC. This is the department requesting. When MIS requests for other departments, ensure the PROJECT reflects the department it is used for.
* '''Projects:''' Determines where to charge these items.
** NEVER USE In-house or IN-HOUSE or any similar project. Identify the Fiscal Year and MIS group as the project. This item will be charged to the department.
*** 2025 MIS TC Operations
*** 2025 MIS PL Operations
*** 2025 MIS Mk Operations
** Use the SO/JO of Projects.
** Ordering for Other Departments - if the costs are part of the department's overhead - Charge to the Department's Project.
** When the department requesting doesn't know who to charge to, they escalate.
** '''NCO (Non-Commercial Orders):''' These are small for internal projects.
* '''Branch:''' Ensure the correct branch is reflected.
* '''MIS:''' Management Information Systems branch responsible for IT oversight.

=== Item Code Guidelines ===

{| class="wikitable"
! Item Code !! Item Description Examples !! Description
|-
| '''Ink and Toner''' || Ink, toner cartridges || Printing consumables.
|-
| '''Computer Components''' || CPUs, GPUs, motherboards || Any hardware installed inside a computer housing.
|-
| '''IT Accessories''' || Adapters, cables, headphones || Any external peripherals or accessories.
|-
| '''IT Electronics''' || Cameras, drones, conferencing equipment || Broad category for electronic devices and equipment.
|-
| '''Computer Server''' || Dedicated server systems || Servers and server-grade components.
|-
| '''Network Equipment''' || Switches, routers, modems || Networking and related hardware.
|-
| '''IT Consumables''' || Thermal paste, labels || General IT consumables not included in Ink and Toner.
|-
| '''Mobile Device''' || Phones, tablets || Smartphones, cell phones, and tablets.
|-
| '''Desktop Computer''' || PCs, workstations || Standard desktop computers.
|-
| '''IT Services''' || Training, consulting || Services like training or professional IT services.
|-
| '''Biometrics''' || Fingerprint scanners || Timekeeping or access control devices.
|-
| '''Software''' || Cloud, perpetual licenses || Software licenses and subscriptions.
|-
| '''Laptop''' || Lenovo Laptop, Asus Laptop, Macbook || Put the model of the laptop and specifications.
|}

== 4. References ==

* ERPNext User Guide.
* Company procurement policy document.
* Organizational Process Asset: 171023 CSC Basic Documentation Methodology.

== 5. Responsibilities ==

=== 5.1. Rank and File Staff ===

* Create PRs with accurate details and specifications.
* Assign appropriate item codes.
** Ensure to use Descriptions for the Specifications.
** If there is a need for an Item code, escalate - additional item codes are only needed if without it our batching system is not sufficient.
* Submit PRs for checking.
* When approved, monitors.

=== 5.2. Senior Staff ===

* Verify PR accuracy and completeness.
** Ensure the Fields are Correct. It is crucial it would be easy to sort costs of IT and its project with the many departments IT requests from.
* Return incomplete PRs for revision.
* Submit verified PRs for review.

=== 5.3. Department Head ===

* Ensure PR aligns with departmental needs and budget.
* Approve or escalate the PR to the Director/Manager.

=== 5.4. Director or Manager ===

* Perform final review.
* Approve or reject the PR for procurement.
* Ensure that it is assigned to the SPLD.
* Ensure that there is staff monitoring this.

== 6. Procedure ==

=== 6.1. Step 1: Creation of PR ===

* '''Actor:''' Rank and File Staff.
* '''Action:''' Create PR in ERPNext using the correct information:
** '''Project Naming Convention:''' FY + ''Dept + Branch + Function'' (e.g., 2025 MIS TC Operations).
** '''Item Codes:''' Refer to the predefined '''Item Code Guidelines''' above.
** '''Specifications:''' Include detailed descriptions, avoiding redundant item codes.

=== 6.2. Step 2: Checking ===

* '''Actor:''' Senior Staff.
* '''Action:'''
** Validate PR data for completeness and correctness.
** Confirm budget alignment.
** Submit verified PR for departmental review.

=== 6.3. Step 3: Review ===

* '''Actor:''' Department Head.
* '''Action:'''
** Ensure the PR meets departmental requirements.
** Approve or reject the PR.
** Forward approved PR to the Director or Manager.

=== 6.4. Step 4: Approval ===

* '''Actor:''' Director or Manager.
* '''Action:'''
** Perform the final review of PR.
** Approve PR for procurement or reject with reasons.
** Assign SPLD Staff to process it.
** Alert the Preparer to monitor this.

== 7. Documentation ==

* '''Activity Log:'''
** Record of PR status updates in ERPNext.
** Timestamped actions for creation, checking, review, and approval.
* '''Archiving:'''
** All PRs to be stored in the ERPNext system for audit and reference.

'''Notes:''' Subscriptions and Recurring Costs should be in ERPNext. Currently Internet and Recurring subscriptions are not monitored by ERPNext. This should all be in ERPNext.

[[Category:ERPNext]]
[[Category:IT Procedures]]
[[Category:Procurement]]
[[Category:Comfac]]

Comfac ERPNext Strategy Canvas (Expanded)

2026-02-25T07:20:09Z

CITEditor: Created page with "= Comfac ERPNext Strategy Canvas (Expanded) = This document details the core components, strategic advantages, and operational challenges of the Comfac business model, focusing on the integrated ecosystem that drives the Comfac ERPNext initiative in the Philippines. == 1. Go-to-Market (GTM) Fundamentals == The Comfac strategy is underpinned by several powerful value-scaling mechanisms inherent in technology platforms and open-source models. === 1.1 Product Value-Scal..."

= Comfac ERPNext Strategy Canvas (Expanded) =

This document details the core components, strategic advantages, and operational challenges of the Comfac business model, focusing on the integrated ecosystem that drives the Comfac ERPNext initiative in the Philippines.

== 1. Go-to-Market (GTM) Fundamentals ==

The Comfac strategy is underpinned by several powerful value-scaling mechanisms inherent in technology platforms and open-source models.

=== 1.1 Product Value-Scaling Effects ===

==== A. Network Effects ====

The platform's value increases as the number of connected users grows, improving communication and collaboration potential across the ecosystem (e.g., knowledge sharing, implementer support).

==== B. Data Network Effects ====

The product offering, particularly the Philippine Localization (PL), improves directly with the volume and complexity of user-generated data, leading to enhanced accuracy in tax compliance and reporting tools.

==== C. Learning Effects ====

Continuous user feedback from both students and SME clients is systematically integrated into the product roadmap, ensuring perpetual refinement of tools, documentation, and the core PL module.

==== D. Economies of Scale ====

As the user base expands, the cost of maintaining the core open-source PL, developing proprietary tools, and delivering support decreases per user, increasing profitability and competitive pricing ability.

==== E. Ecosystem / Complementor Effects ====

The integrated services, including Accreditation-as-a-Service, Turnkey Hardware, and the AI/ML stack, act as complements that significantly increase the utility and demand for the core ERPNext platform. Examples include the '''Apple ecosystem''' (where the iPhone becomes indispensable when paired with the Mac and Watch) or '''Steam/Valve Games''' (where the core game library is amplified by community tools and hardware). Comfac's non-ERP services (Nextcloud, TrueNAS, pfSense) serve to '''complete''' the Frappe solution into a full-stack offering.

==== F. Self-Service Systems ====

Automating tasks that previously required human staff, such as routine support and onboarding, using tools like kiosks, webstores, and ERPNext portals. This automation is powered by '''Retrieval-Augmented Generation (RAG) Small Models and Fine-Tuning''' on Comfac's specialized AI/ML Edge Compute Layer, ensuring efficiency and localized accuracy.

==== G. Community-Led Growth (CLG) ====

Trained students and certified implementers become evangelists, driving adoption through their professional networks and directly implementing the ERP for small and medium enterprises (SMEs).

==== H. Open-Core Strategy ====

Comfac utilizes an open-core model: providing the core ERPNext Philippine Localization freely while generating revenue and funding R&D through paid support, advanced tools, and accreditation services.

== 2. Comfac Localization Strategy: Open-Source Core and Value-Added Support ==

Comfac's strategy is built on maximizing adoption of the Philippine Localization (PL) by keeping the core compliant package free, while providing essential paid services, tools, and training for organizations that require professional support or rapid deployment.

=== 2.1 The Free Tier: GPLv3 Open-Source PL ===

The Philippine Localization (PL) is hosted openly on '''GitHub''' under the '''GPLv3 license''', making it '''free of charge''' and fully available for community use, modification, and distribution. Any user, including students and external developers, has the ability to '''DIY (Do-It-Yourself)''' their implementation without needing to purchase services from Comfac.

The core PL package includes foundational components necessary for local compliance:

* '''Financial Statements (FS):''' Standardized templates ready for printing, tax submissions, and accountant review notes.
* '''Chart of Accounts (COA):''' Standardized, BIR-compliant Chart of Accounts setup.
* '''Essential Taxes:''' Basic VAT and other non-complex tax configurations.
* '''Payroll Configuration:''' Localized payroll structure, including automated calculation of mandatory contributions (SSS, PhilHealth, Pag-IBIG) and necessary tax withholding.

To activate the PL and fully configure the ERPNext instance for the Philippines, users will be required to input a '''Comfac Partner Code''' during initial setup. This mandatory step allows Comfac to track the installation base, facilitate community-level support, and integrate the user into the Comfac ecosystem without restricting the open-source license.

=== 2.2 Revenue Model: Services, Managed Solutions, and the Innovation Fund ===

Comfac's primary funding and revenue are derived from selling '''specialized manpower, certified expertise, and managed services''', ensuring compliance with the fundamental Open-Core strategy. A core underlying principle is using open source for speed, allowing us to go quickly. While people are free to copy and use the PL and all Comfac's open-source tools (GPLv3), the skills and support required for complex use cases remain the core service.

* '''Revenue Generation (Services and Managed Access):''' Comfac monetizes the ecosystem by offering services to organizations that statistically require professional implementation, assurance, and speed over Do-It-Yourself deployment. Revenue sources are mainly derived from:
** '''Skilled Manpower:''' Superior '''Certified Training, Expert Support, Implementation Solutions, and Integration Services'''.
** '''Managed Access:''' Charging for '''paid access to managed, hosted solutions''' that cover the hosting and maintenance costs of the Comfac ecosystem tools for organizations prioritizing zero-maintenance operation.
** '''Pricing:''' Support and Training hours are currently priced at '''5,000 PHP/hour''' (Late 2025 rates).
** '''Monetization Rationale:''' Comfac is strategically betting that enough organizations will require the complex support necessary for tax compliance, data migration, and full system integration to sustain the model.
* '''Reinvestment (Innovation Fund):''' The revenue generated from selling support, training, and managed access (Comfac's service margin) is systematically reinvested into the ecosystem:
** Accelerating the development of advanced open-source migration and automation tools (e.g., AI chatbots, data cleaning applications) for community benefit.
** Developing advanced features and seamless integration for services like BIR Accreditation (Section 4).
** Creating comprehensive documentation, training curricula, and mentoring layers to grow the certified implementer base.

'''Key Message:''' Comfac is positioned as the definitive source for professional support and advanced tools built on top of the free, community-driven Philippine Localization.

== 3. The Comfac Ecosystem Flywheel ==

The core of the strategy is an accelerating flywheel that links software improvement, education, implementation, and adoption into a self-reinforcing loop.

=== 3.1 Flywheel Mechanics ===

# '''Improve the Open-Source Philippine Localization (PL):''' Continuous development of better tax compliance templates, BIR forms, journal entry standards, filing automation, and AI-assisted data tools. '''Result:''' Every improvement increases the utility and adoption rate of the PL.
# '''Train Students (Finance + IT + OJT Interns):''' Establishing a pipeline to teach ERPNext, Philippine tax laws, data migration workflows, and the use of proprietary Comfac tools. '''Result:''' Graduates become a supply of low-cost, specialized ERP implementers.
# '''Students Earn by Migrating Businesses:''' Implementers offer competitive, low-cost migration services, leveraging Comfac's templates and tools. This activity grows the user base and provides career opportunities for students. '''Result:''' Growth becomes a socially-driven, grassroots phenomenon.
# '''More SMEs Adopt "Comfac ERPNext":''' Adoption is driven by accessible implementers, the PL's solution to Philippine-specific pain points, reduced migration time via proprietary tools, and the trust provided by accreditation and legal services. '''Result:''' Real-world usage and transactional volume increase significantly.
# '''Usage Feedback → Improves PL + Tools + Devices:''' Every new project generates critical feedback on tax edge cases, migration difficulties, missing forms, and device integration requirements. '''Result:''' The entire ecosystem (Software, Training, and Hardware) gets stronger with each completed cycle.
# '''Flywheel Accelerates:''' The interconnected loops—more schools → more students → more SMEs → more tools → more adoption → better PL—lead to exponential growth and competitive dominance.

== 4. Accreditation-as-a-Service ==

This element serves as a powerful differentiator and barrier to entry, combining governmental and legal compliance support.

=== 4.1 BIR Accreditation and Compliance Services ===

The Comfac ecosystem is engineered for compliance. We work with '''multiple tax specialists''' to ensure clients receive the necessary compliance, and we work '''closely with the Bureau of Internal Revenue (BIR)''' to provide tools that make taxation as '''frictionless and transparent''' as possible. Our services include:

* BIR-accredited invoicing and official receipt formats.
* BIR-compliant books of accounts.
* Integrated compliance workflows within ERPNext.

This service is supported by strategic partnerships with '''law firms, tax specialists, and Certified Public Accountants (CPAs)''', ensuring that all PL forms are legally correct and that client ERPNext setups withstand BIR audits. This is a critical competitive moat that most providers cannot replicate.

=== 4.2 ERPNext Configuration and Legal/Tax Support ===

Beyond accreditation, Comfac provides advisory services that include:

* Guidance on complex tax mappings (VAT, EWT, 2316, 2307).
* Expert advice on optimal accounting and operational workflows.
* Preparation for BIR audits and assisted submission processes.

'''Result:''' Clients gain confidence and feel secure in adopting the ERP, mitigating regulatory risk.

== 5. Turnkey Hardware and Cloud Ecosystem ==

Comfac transitions from a pure software implementer to a complete '''turnkey solution provider''' by integrating ERPNext with a curated open-source hardware, cloud, and '''AI/ML edge compute platforms'''.

=== 5.1 TrueNAS (Backup & Storage) ===

Provides secure, on-premise storage solutions for confidential data and ERPNext backups, featuring robust replication and snapshot capabilities.

=== 5.2 Nextcloud Office Suite ===

Offers an integrated, open-source alternative to proprietary collaboration suites like Google Workspace. This includes document, spreadsheet, and collaboration tools linked directly into ERP workflows, reducing recurring subscription fees for clients.

=== 5.3 Netgate pfSense Appliances ===

Delivers enterprise-grade network security, segmentation, Virtual Private Networks (VPN), and Intrusion Detection/Prevention Systems (IDS/IPS), catering especially to clients with multiple branches, plants, or warehouses.

=== 5.4 Mini-ITX Linux Devices ===

Cost-efficient, local server options designed to run the ERPNext instance, handle backups, and manage small-to-medium business (SMB) services, offering an economical alternative to traditional enterprise-grade hardware. These devices also serve as the host for the local AI/ML stack.

=== 5.5 AI/ML Edge Compute Layer ===

Integrating open-source Large Language Model (LLM) platforms to provide localized, confidential, and cost-effective artificial intelligence capabilities directly on the client's network. This enhances data processing and interaction while maintaining data sovereignty.

* '''Model Platforms (LM Studio, Ollama, Llama.cpp):''' Tools used for deploying and running state-of-the-art open-source LLMs locally on Comfac's specialized Mini-ITX Linux Devices (5.4). This enables data analysis, chatbot functionality, and report generation without reliance on external cloud APIs.
* '''OpenWebUI:''' Provides a user-friendly, browser-based interface for employees to interact securely with the locally-hosted LLMs, facilitating internal knowledge retrieval and operational assistance integrated with ERP data.

'''Result:''' Clients get a fully integrated, open-source-first stack with secure data storage, networking, and '''on-premise artificial intelligence capabilities'''. Comfac becomes a holistic technology partner, not just a software installer.

== 6. Strategic Advantage of the Full Ecosystem ==

The synergy of all components—PL, Innovation Fund, Accreditation, Student Implementers, Turnkey Hardware, BIR Compliance, AI Tools, and the Open-Core Model—positions Comfac to become the '''default ERPNext ecosystem''' provider for a broad range of Philippine organizations, including:

* Micro, Small, and Medium Enterprises (MSMEs)
* Non-Governmental Organizations (NGOs) and Foundations
* Educational Institutions
* Multi-branch and Manufacturing Companies

This integrated approach creates a competitive advantage that is difficult for single-focus competitors to replicate.

== 7. Operational Challenges (Realistic) ==

The Comfac strategy operates on a '''slow payoff model''', requiring significant long-term commitment to achieve critical mass. The buildup, focused on embedding open-source ERPNext toolsets into school curricula and demonstrating their value to students and educators, is projected to take '''approximately four years'''. The operational challenges below are critical for navigating this initial period, during which sustained, high-impact '''marketing and engagement''' focused on educating the public about the value of free and open-source tools is mandatory.

=== 7.1 Students vs. Clients ===

Maintaining professional standards requires addressing the maturity gap between supervised students and professional client expectations.

* '''Solution:''' Strict quality control (QC) procedures, tiered mentorship layers, standardized project scopes, and templates must be rigorously applied to all student-led deliverables.

=== 7.2 School Partnerships ===

The process of securing Memorandums of Agreement (MOA) with educational institutions is lengthy. Furthermore, client data must be strictly protected while simultaneously ensuring continuous curriculum updates and the provision of anonymized, realistic sample datasets for training.

* '''Solution:''' Develop a standardized MOA, continuously refresh the curriculum, and establish clear ethical guidelines and data obfuscation practices.

=== 7.3 Support Channels ===

Managing the volume of queries from hundreds of students and providing reliable post-go-live support for SMEs creates significant demand.

* '''Solution:''' Implement a multi-layer support structure (community-driven forums → L1 basic support → L2 advanced technical support → L3 tax/legal specialist support) and continuously train the internal knowledge base and AI chatbots.

=== 7.4 Balancing Tool Development vs. Marketing vs. Delivery ===

Allocating resources effectively among continuous tool improvement, necessary marketing efforts, project delivery workload, and student training is complex.

* '''Solution:''' Adopt a principle of integration: every problem solved in delivery should be immediately converted into improved documentation, a tool enhancement, a training lesson, and a public marketing success story.

=== 7.5 Strategic Risk: The Reciprocity Bet (Delayed Gratification) ===

The open-source, CLG-driven strategy inherently involves a high risk of '''delayed gratification''' and potential non-reciprocity. Comfac invests heavily in creating free, high-value assets (PL, tools, training) and sharing power with the community (students, educators).

* '''The Risk:''' Individuals, once trained, may choose to use the free tools and expertise to pursue independent opportunities or directly compete with Comfac without reciprocation ("betrayal"). This is a fundamental risk of building an open ecosystem.
* '''Comfac's Mitigation:''' The strategy accounts for this risk by operating on a large-scale, statistical model. Comfac rolls the die many times, betting that the sheer volume of new users and partners who '''do''' appreciate and '''do''' require professional, integrated, or accredited services will be sufficient to maintain and grow the business, offsetting the inevitable non-reciprocating individuals.
* '''The Challenge:''' Maintaining internal motivation and external engagement during the initial years where income and opportunity growth are deliberately slow.

== 8. Long-Term Outcome ==

If the strategy is executed and sustained, the ecosystem is projected to achieve the following:

* Establishment of a national ERPNext implementer network.
* Thousands of highly-trained, certified students entering the Philippine workforce.
* Widespread use of '''Comfac-developed open-source tools'''.
* Convenient and Transparent integration of BIR, legal, and tax compliance.
* Client operations running on a complete, robust open-source technology stack.
* Continuous reinforcement driven by the ecosystem flywheel.

The ultimate goal is for Comfac to become the '''Red Hat of ERPNext Philippines''', defining the standard for enterprise open-source solutions in the country.

[[Category:ERPNext]]
[[Category:Strategy]]
[[Category:Comfac]]

OpenWebUI - 251128-justin

2026-02-25T07:19:22Z

CITEditor: Created page with "= OpenWebUI Docker Compose Configuration = '''Reference ID:''' 251128-justin '''Author:''' Justin This page contains the <code>docker-compose.yml</code> configuration for Open WebUI, designed to run in front of a local or remote LLM backend (Ollama, llama.cpp, LM Studio, etc.). == Notes == * Typically placed behind an NGINX reverse proxy on a separate "edge" host that terminates HTTPS for your personal domain using Let's Encrypt and forwards traffic to this servi..."

= OpenWebUI Docker Compose Configuration =

'''Reference ID:''' 251128-justin 
'''Author:''' Justin

This page contains the <code>docker-compose.yml</code> configuration for Open WebUI, designed to run in front of a local or remote LLM backend (Ollama, llama.cpp, LM Studio, etc.).

== Notes ==

* Typically placed behind an NGINX reverse proxy on a separate "edge" host that terminates HTTPS for your personal domain using Let's Encrypt and forwards traffic to this service on port 3000.
* The named volume <code>open-webui-data</code> is bind-mounted to a specific host path on a backup-managed storage pool (TrueNAS/Synology).
* Application data (users, chat history, uploads, settings, etc.) is expected to grow over time — easily 2–3 GB per year, especially if used for contract and document analysis.

== docker-compose.yml ==

<syntaxhighlight lang="yaml">
# docker-compose.yml for Open WebUI in front of a local/remote LLM backend
# - Designed to work with Ollama, llama.cpp servers, LM Studio, etc. via HTTP API
# - Typically placed behind an NGINX reverse proxy on a separate "edge" host
# that terminates HTTPS for your personal domain using Let's Encrypt and
# forwards traffic to this service on port 3000.

services:
open-webui:
image: ghcr.io/open-webui/open-webui:${WEBUI_DOCKER_TAG-main} # Use WEBUI_DOCKER_TAG env var; defaults to 'main' if not set
container_name: open-webui
ports:
- "3000:8080" # Expose container port 8080 on host port 3000; NGINX reverse proxy points here

environment:
# URL of your LLM backend:
# - For Ollama: use the HTTP endpoint reachable from this container.
# If Ollama is running as a Docker service on the same Docker network,
# you can reference it by service name, e.g. http://ollama:11434
# - For llama.cpp / LM Studio / other backends: point to their HTTP API
# URL (for example, http://llama-server:8080) as long as this
# container can reach it.
- OLLAMA_BASE_URL=http://ollama:11434

# Optional secret key for Open WebUI.
# - If **unset/empty**, Open WebUI will auto-generate a key on first start.
# - If **set**, all session cookies and tokens are signed with this value.
# Recommended for multi-user and production deployments.
# Best practice: set WEBUI_SECRET_KEY via your .env file or environment,
# not hard-coded here, e.g. WEBUI_SECRET_KEY=$(openssl rand -hex 32)
- WEBUI_SECRET_KEY=${WEBUI_SECRET_KEY:-}

volumes:
# Application data (users, chat history, uploads, settings, etc.).
# Expect this to grow over time, especially if used for contract and
# document analysis (easily 2-3 GB per year).
#
# We attach a *named* volume here, but map that named volume to a
# specific host path on a backup-managed storage pool (TrueNAS/Synology).
# See the `volumes:` section below for the bind configuration.
- open-webui-data:/app/backend/data

extra_hosts:
- host.docker.internal:host-gateway # Lets the container reach services on the Docker host

restart: unless-stopped # Auto-restart on crash or host reboot

volumes:
open-webui-data:
driver: local
driver_opts:
# Bind-mount this named volume to a specific host directory instead of
# using Docker's default volume location. This directory should live on
# storage that is:
# - regularly backed up (e.g., TrueNAS/Synology dataset or share)
# - easy to grow/migrate as data usage increases.
#
# Example: /mnt/truenas/open-webui-data is a ZFS dataset exported to the
# Docker host, or a mounted NFS/SMB share from a NAS.
type: none
o: bind
device: /mnt/truenas/open-webui-data
# To move or expand storage later:
# 1. Stop the stack: docker compose down
# 2. Copy data to a new path on your NAS/TrueNAS/Synology
# 3. Update `device:` to point to the new path
# 4. Start the stack again: docker compose up -d
</syntaxhighlight>

[[Category:Infrastructure]]
[[Category:Docker]]
[[Category:AI/ML]]
[[Category:Comfac]]

Standard Operating Procedure: Distributed Minute Taking & Task Ownership 251208

2026-02-25T07:18:47Z

CITEditor: Created page with "= Standard Operating Procedure: Distributed Minute Taking & Task Ownership = '''Effective Date:''' Immediate '''Scope:''' All Project Teams and Task Owners == 1. Problem Statement & Objective == Currently, minute-taking is centralized (e.g., performed solely by the Lead/Justin), creating a single point of failure and a bottleneck. Furthermore, this centralization prevents the wider team from developing essential organizational and detailed reporting skills require..."

= Standard Operating Procedure: Distributed Minute Taking & Task Ownership =

'''Effective Date:''' Immediate 
'''Scope:''' All Project Teams and Task Owners

== 1. Problem Statement & Objective ==

Currently, minute-taking is centralized (e.g., performed solely by the Lead/Justin), creating a single point of failure and a bottleneck. Furthermore, this centralization prevents the wider team from developing essential organizational and detailed reporting skills required for seniority.

'''The Objective of this SOP is to:'''

# '''Decentralize Documentation:''' Shift responsibility to Task Owners.
# '''Build Skill:''' Train staff in organizational discipline, problem-solving, and leadership.
# '''Ensure Integrity:''' Align with ISO 9001 principles where documentation is the core of organization, verification, and knowledge retention.

== 2. Core Principles ==

* '''Documentation is Core Organization:''' Minutes are not just a memory aid; they are the starting point for checking actions, goals, and objectives. They are the official record of facts, hypotheses, actions, and results.
* '''"Document As We Go":''' There will be '''no''' rewriting of minutes after the meeting. What is written and agreed upon during the session stands as the record.
* '''Immutable Entries:''' Do not edit another person's entry. Differences in opinion or corrections must be added as a new entry.
* '''Problems Trigger Actions:''' Every problem identified must have an associated action (to isolate, replicate, or find the root cause).

== 3. Roles and Responsibilities ==

=== 3.1 Task Owner (The Scribe for their Topic) ===

* '''Coordination:''' The Task Owner coordinates the discussion regarding their specific responsibilities.
* '''Live Documentation:''' The Task Owner is responsible for typing the minutes, actions, and timelines ''during'' the discussion.
* '''Personal Logs:''' Task Owners may use their own personal project logs as the minutes, provided they are accessible (copy-pasteable) to the team.

=== 3.2 Management / Leadership ===

* '''Conflict Resolution:''' Management is responsible for resolving conflicts regarding resources and priorities.
* '''Blocker Removal:''' If a Task Owner flags a resource shortage, Management decides priority.

=== 3.3 All Attendees ===

* '''Immediate Verification:''' Everyone must read the minutes ''live'' on the screen.
* '''Instant Correction:''' Factual errors must be corrected immediately during the meeting.
* '''Disagreement Handling:''' If a team member disagrees with a record, they do not delete it. They add a new problem statement or conflicting view record.

== 4. The Process ==

=== 4.1 During the Meeting ===

# '''Live Capture:''' The meeting is projected or shared on screen. The document is edited in real-time.
# '''Formatting Entries:''' To ensure accountability, every entry must follow the Log Format:
#* '''Syntax:''' <code>YYMMDD Name: [Content]</code>
#* ''Example:'' <code>231205 Sarah: Reported API latency issue. Hypothesizing database lock.</code>
# '''Handling Delays:'''
#* If a task is delayed, the Task Owner must document the '''Cause'''.
#* If the cause is a competing priority, it must be noted explicitly (e.g., "Delayed due to urgent client request X, authorized by [Manager]").
# '''Handling Problems:'''
#* A problem statement is written.
#* An '''Immediate Action''' is assigned (e.g., "Investigate root cause," "Replicate error").
#* ''Note:'' We do not just admire the problem; we schedule the action to solve it.

=== 4.2 Post-Meeting ===

* No summaries are sent.
* The document generated during the meeting is the final artifact.
* Staff review their assigned actions immediately.

== 5. Skill Development & Career Growth ==

Adhering to this process is a requirement for career advancement.

* '''Junior Staff:''' Must learn to document facts accurately to build organizational habits.
* '''Senior Staff:''' Must demonstrate the ability to document complex problem-solving workflows (Problem → Hypothesis → Action → Result) to set an example for their subordinates.

== 6. Appendix: The Log Protocol (How to Write) ==

'''The Golden Rule:''' Never delete or change history. Append new information.

* '''Correct:'''
** <code>231001 Justin: Client requested Blue Button.</code>
** <code>231002 Mark: Client called to change request to Red Button.</code>
* '''Incorrect:'''
** ''(Deleting Justin's entry and just writing "Client wants Red Button")'' - This destroys the history of the change.

'''The "Conflict" Protocol:''' If you disagree with a statement in the minutes:

# Do not argue indefinitely.
# Write it down as a Problem Statement.
#* <code>231005 Team: Disagreement on marketing strategy.</code>
#* <code>ACTION: Run A/B test to determine best path.</code>

[[Category:SOP]]
[[Category:Documentation]]
[[Category:Project Management]]
[[Category:Comfac]]

Home

2026-02-25T07:18:13Z

CITEditor: Created page with "= Welcome to the Homepage of Your Wiki! = https://comfac.s.frappe.cloud/wiki/home == If the Category Groups are not appearing == # Go to https://erp.comfac-it.com/app/wiki-space/1ogobaciov # Add a row but remove it, save. # Go back to https://erp.comfac-it.com/wiki/home == Quick Links == * [https://wiki.futo.org/index.php/Introduction_to_a_Self_Managed_Life:_a_13_hour_%26_28_minute_presentation_by_FUTO_software Self Managed Life - Open Source Everything] * [https://..."

= Welcome to the Homepage of Your Wiki! =

https://comfac.s.frappe.cloud/wiki/home

== If the Category Groups are not appearing ==

# Go to https://erp.comfac-it.com/app/wiki-space/1ogobaciov
# Add a row but remove it, save.
# Go back to https://erp.comfac-it.com/wiki/home

== Quick Links ==

* [https://wiki.futo.org/index.php/Introduction_to_a_Self_Managed_Life:_a_13_hour_%26_28_minute_presentation_by_FUTO_software Self Managed Life - Open Source Everything]
* [https://erp1.cornersteelsystems.com/app/task/view/report/ITR-report-done-251115 ITR DONE - check everyday]
* [https://erp1.cornersteelsystems.com/app/task/view/report/ITR-report-done-251115-01 ITR NOT YET DONE]

[[Category:Home]]
[[Category:Navigation]]

Power Distribution Tree 251213

2026-02-25T07:17:40Z

CITEditor: Created page with "= Power Distribution & IoT Strategy: The Tree of Power = '''Document ID:''' 251213-PDT '''Last Updated:''' December 13, 2025 '''Category:''' Facility Infrastructure & IoT Strategy == Power Distribution Overview == <pre> Utility Grid / Service Entrance │ ├── Step-Down Transformer (e.g., 13.8kV → 480V) │ ├── Main Switchgear / Main Distribution Panel (MDP) │ │ │ ├── ATS (for generat..."

= Power Distribution & IoT Strategy: The Tree of Power =

'''Document ID:''' 251213-PDT 
'''Last Updated:''' December 13, 2025 
'''Category:''' Facility Infrastructure & IoT Strategy

== Power Distribution Overview ==

<pre>
Utility Grid / Service Entrance
│
├── Step-Down Transformer (e.g., 13.8kV → 480V)
│
├── Main Switchgear / Main Distribution Panel (MDP)
│ │
│ ├── ATS (for generator backup)
│ └── Busbars
│
├── Sub-Distribution Panels (SDPs) / Switchboards
│ │
│ ├── Motor Control Centers (MCC)
│ │
│ ├── Distribution Boards (DBs)
│ │
│ └── Local Panels
│
└── Loads (Lighting, HVAC, Motors, Servers, Sockets, Specialty)
</pre>

== 1. Overview: The Tree Analogy ==

To understand our facility's power infrastructure and where our analysis products fit, we use the '''"Tree of Power"''' analogy. Electricity flows from the "Roots" (Utility) up through the "Trunk" (Main Panels) and out to the "Leaves" (Individual Machines).

Effective energy management requires monitoring at different levels of this tree. While traditional BMS (Building Management Systems) focus on the Trunk and Branches, our '''QMT Edge Devices''' focus on the Twigs and Leaves, where granular operational data lives.

== 2. Facility Structure & Hardware ==

=== Level 1: The Roots (Utility Connection) ===

* '''What it is:''' The point where raw power enters our facility from the grid (e.g., Meralco) or onsite generators.
* '''Facility Equipment:'''
** '''HV Switchgear:''' High voltage protection.
** '''Step-Down Transformer:''' Converts 13.8kV/34.5kV → 400V/230V.
* '''Function:''' Provides the raw energy flow for the entire site.

=== Level 2: The Trunk (Main Distribution) ===

* '''What it is:''' The central artery of power distribution.
* '''Facility Equipment:'''
** '''MDP (Main Distribution Panel):''' The massive main breaker cabinet (2000A - 4000A capacity).
** '''Automatic Transfer Switch (ATS):''' Switches between Grid and Generator.
* '''Function:''' Protects the main facility feeder. A failure here causes a total site blackout.

=== Level 3: The Big Branches (Zonal Distribution) ===

* '''What it is:''' The division of power into major zones (e.g., "West Wing," "Production Line A," "Chiller Plant").
* '''Facility Equipment:'''
** '''SDP (Sub-Distribution Panel):''' Feeds a specific floor or department.
** '''MCC (Motor Control Center):''' A specialized row of cabinets dedicated entirely to controlling heavy industrial motors (pumps, fans, conveyors).
* '''Function:''' Distributes power to specific physical areas or high-load groups.

=== Level 4: The Twigs (Final Circuits) ===

* '''What it is:''' The final "last mile" wiring before the machine.
* '''Facility Equipment:'''
** '''DB (Distribution Board / Load Center):''' The wall-mounted breaker box containing 15A-60A breakers.
** '''Local Control Panel:''' The small box right next to a machine containing relays and start/stop buttons.
* '''Function:''' Protects the specific wire going to a specific machine.
* '''Strategic Importance:''' This is the ideal installation point for '''Edge Analytics'''.

=== Level 5: The Leaves (The Loads) ===

* '''What it is:''' The actual equipment performing work.
* '''Facility Equipment:'''
** '''Inductive Loads:''' Motors, Compressors, Pumps.
** '''Resistive Loads:''' Heaters, Ovens.
** '''IT Loads:''' Server racks, Workstations.

== 3. Monitoring & BMS Ecosystem ==

The "Gap" in the market is at Levels 4 and 5. Traditional systems monitor the ''quantity'' of power at the top, but our devices monitor the ''quality and health'' of the machine at the bottom.

=== A. Central Management (Levels 1 & 2) ===

At the Trunk, we use '''Power Quality Analyzers (PQAs)'''.

* '''Device Type:''' Class A Meter (e.g., Schneider PM8000).
* '''Data:''' Total kWh, Power Factor, Harmonics (THD), Voltage Sags/Swells.
* '''Goal:''' Billing verification and total plant efficiency.

=== B. Automation Level (Level 3) ===

At the MCC/SDP, we use '''PLCs and Digital Meters'''.

* '''Device Type:''' Industrial PLC (Siemens/Allen-Bradley) or Mid-range Meters.
* '''Data:''' On/Off status, Amps per phase.
* '''Goal:''' Process automation (turning things on/off) and departmental costing.

=== C. Edge Analysis Level (Level 4 & 5 - Our Layer) ===

This is where our '''Custom ESP32 Controller''' sits.

* '''Device Type:''' '''Smart DIN Rail Relay + Edge Analyzer'''.
* '''Location:''' Inside the DB or Local Control Panel (The "Twig").
* '''Unique Capabilities:'''
** '''High-Frequency Sampling:''' Unlike a standard meter that reports 1 data point per second, our device samples current at 10kHz+.
** '''FFT Analysis:''' Performs Fourier Transform on-chip to detect "Motor Signature" anomalies (bearing faults, rotor bar issues) before the machine fails.
** '''Action:''' Can physically cut power (Relay) if a safety threshold is breached.

== Device Integration Diagram ==

<pre>
[A] ROOT: UTILITY SERVICE (Meralco)
│
│ Warning: No physical connection allowed to utility meter/cables.
│ Demarcation Point: The Service Entrance / Main Breaker Line Side.
│
├── [A1] Meralco Meter (Revenue Meter)
│ └── Non-Intrusive Monitoring (Optical/Pulse)
│
▼
[B] TRUNK: MAIN DISTRIBUTION
│
├── [B1] Main Switchgear / MDP (Main Distribution Panel)
│ │
│ ├── Main Breaker (ACB/MCCB)
│ ├── [B2] Power Quality Analyzer (PQA)
│ └── [B3] IoT Gateway / Edge Controller
│
├── [B4] Automatic Transfer Switch (ATS)
│ └── Generator / Backup Feed
│
▼
[C] BRANCHES: SUB-DISTRIBUTION
│
├── [C1] Sub-Distribution Panels (SDP)
│ │
│ ├── [C2] Branch Circuit Monitoring System (BCMS)
│ └── [C3] Smart Breakers
│
├── [C4] Motor Control Center (MCC)
│ └── [C5] Variable Frequency Drives (VFDs)
│
▼
[D] LEAVES: DEVICES & LOADS
│
├── [D1] Smart Power Supply Units (PSUs)
│ └── 24V DC Systems (PLC, Controls, LED Strips)
│
├── [D2] Lighting Loads
│ └── DALI / Smart Drivers
│
└── [D3] Plug Loads & Appliances
└── Smart Sockets / Inline Modules
</pre>

=== Device Specification Tables ===

==== [A] ROOT: Utility (Meralco Meter) ====

''Constraint: No physical contact allowed.''

{| class="wikitable"
! ID !! Device Type !! Specific Tech / Protocol !! Description
|-
| '''[A1]''' || '''Optical Probe''' || IEC 62056-21 Probe || Magnetic "eye" that attaches to the meter's optical port to read digital data.
|-
| '''[A1]''' || '''Pulse Counter''' || Photodiode Sensor || Sensor taped over the flashing LED (imp/kWh) to count usage pulses.
|}

==== [B] TRUNK: Main Distribution (MDP) ====

''Goal: High-accuracy monitoring and Power Quality.''

{| class="wikitable"
! ID !! Device Type !! Recommended Spec !! Functions
|-
| '''[B2]''' || '''Power Meter''' || Schneider PM8000 / Janitza UMG || Class 0.2S Accuracy. Measures Harmonics (THD), Sags, Swells.
|-
| '''[B3]''' || '''IoT Gateway''' || Ind. Raspberry Pi / Teltonika || Aggregates Modbus/TCP data and sends to Cloud/Local Dashboard.
|}

==== [C] BRANCHES: Sub-Distribution ====

''Goal: Granular breakdown (Departmental metering).''

{| class="wikitable"
! ID !! Device Type !! Recommended Spec !! Functions
|-
| '''[C2]''' || '''BCMS Strip''' || Solid-Core CT Strip || Monitors 12-42 breaker poles simultaneously via one module.
|-
| '''[C5]''' || '''VFD / VSD''' || Danfoss / Yaskawa || Connected via Modbus/RS485 to report RPM, Torque, and Energy.
|}

==== [D] LEAVES: Special Focus on PSUs & ESP32 ====

''Goal: Monitoring low-voltage DC loads and individual appliances.''

{| class="wikitable"
! ID !! Device Category !! Implementation Solution
|-
| '''[D1]''' || '''Smart PSU''' || '''Add-on Module:''' Use standard Mean Well PSU + '''INA226''' sensor module + '''ESP32-C3''' on DIN rail.
|-
| '''[D3]''' || '''Smart Plug''' || '''Shelly Plus Plug S''' (ESP32-based) for socket loads.
|-
| '''[D3]''' || '''Inline Module''' || '''Sonoff POW Elite''' (ESP32-based) for installation inside junction boxes.
|}

== 4. Summary Table: The Tree of Power ==

{| class="wikitable"
! Tree Level !! Facility Infrastructure !! Primary Voltage/Current !! Monitoring System (Standard) !! Our Solution (QMT Edge)
|-
| '''1. Roots''' || Transformer / HV Switchgear || 13.8kV+ || Utility Metering (Billing) || ''N/A (Too high voltage)''
|-
| '''2. Trunk''' || '''MDP''' (Main Dist. Panel) || 400V / 2000A+ || '''SCADA / PQA''' (Total Plant Power Quality) || ''N/A''
|-
| '''3. Branches''' || '''MCC''' (Motor Control Center) / '''SDP''' (Sub-Panel) || 400V / 200A - 800A || '''BMS / PLC''' (Status: On/Off, Amps) || ''N/A''
|-
| '''4. Twigs''' || '''DB''' (Distribution Board) / '''Local Control Panel''' || 230V / 10A - 60A || '''Dumb Breakers''' (No data, just protection) || '''TARGET ZONE''' — Integrated Relay + Current Analysis
|-
| '''5. Leaves''' || '''The Load''' (Motors, Pumps, Heaters) || Utilization Voltage || '''Physical Sensors''' (Vibration, Temp probes) || '''Virtual Sensors''' (Motor Health inferred from Current)
|}

[[Category:STEWARD]]
[[Category:IoT]]
[[Category:Infrastructure]]
[[Category:Comfac]]

Controller Systems 251213-01

2026-02-25T07:17:12Z

CITEditor: Created page with "= STEWARD Controller Systems: Industrial IoT Architecture = '''Document ID:''' 251213-01 '''Title:''' STEWARD Controller Systems & Industrial IoT Architecture '''Author:''' Comfac Corporation '''Date:''' December 13, 2025 '''Status:''' Internal Strategy / Pre-Release (Open Source Target: Q1 2026) == 1. Executive Summary: The STEWARD Concept == The '''STEWARD System''' is Comfac Corporation's facility management platform. While inspired by the modularit..."

= STEWARD Controller Systems: Industrial IoT Architecture =

'''Document ID:''' 251213-01 
'''Title:''' STEWARD Controller Systems & Industrial IoT Architecture 
'''Author:''' Comfac Corporation 
'''Date:''' December 13, 2025 
'''Status:''' Internal Strategy / Pre-Release (Open Source Target: Q1 2026)

== 1. Executive Summary: The STEWARD Concept ==

The '''STEWARD System''' is Comfac Corporation's facility management platform. While inspired by the modularity of ''Home Assistant'', STEWARD diverges significantly to address the rigorous demands of '''Data Centers, Command Centers, and Industrial Resource Management'''.

Unlike consumer-grade smart home systems, STEWARD adopts the "Control Center" approach: centralized visibility, ruggedized edge hardware, and mission-critical reliability. It relies on a robust stack of '''MQTT''' for real-time messaging, '''PostgreSQL''' for historical data warehousing, and '''Laravel''' for complex business logic and user interface.

'''Open Source Roadmap:'''
Currently under active internal development, Comfac aims to release the core STEWARD software stack as Open Source on GitHub in Q1 2026. The project will be licensed under GPLv3 to encourage community contribution while ensuring that improvements remain free for the industrial ecosystem.

== 2. Network Architecture & Connectivity ==

The STEWARD network is designed for security and range, utilizing a hybrid of standard IP networking and Long-Range Radio (LoRa).

=== 2.1 The Backbone: MQTT & VPN-Bridge ===

'''MQTT (Message Queuing Telemetry Transport)''' is the central nervous system of STEWARD. Every sensor, relay, and controller publishes and subscribes to topics here.

To secure these devices:

* '''VLAN Isolation:''' All IoT devices (Espressif controllers, cameras, sensors) reside on a dedicated '''IoT VLAN''' that has no direct access to the internet.
* '''VPN-Bridge:''' A secure '''VPN Bridge''' allows the STEWARD Server (and authorized remote engineers) to tunnel into this VLAN safely. This eliminates the need to expose insecure IoT ports to the web.

=== 2.2 Extending the Reach: Meshtastic & LoRa ===

In large facilities (e.g., agricultural zones, sprawling campuses), running fiber or point-to-point WiFi for a simple temperature sensor is cost-prohibitive.

* '''Solution:''' We utilize '''Meshtastic (LoRa)''' networks.
* '''Function:''' Remote sensors transmit log data (short bits of text/JSON) over kilometers using low-frequency radio (433MHz/868MHz/915MHz) to a central Gateway Node.
* '''Power Autonomy:''' These remote nodes are designed as self-contained, off-grid units. They rely on '''LiFePO4 battery banks''' harvested via integrated '''Solar Panels''' or '''Micro-Wind Turbines''', ensuring continuous operation even in areas without utility power.
* '''Benefit:''' Connects sensors kilometers away without expensive Ubiquiti airFiber links or trenching for cables.

== 3. Hardware Philosophy: The Comfac Standard ==

=== 3.1 The "Torture Tested" Design ===

Industrial centralization requires reducing the points of failure. Comfac designs are '''"Torture Tested"''':

* '''Thermal Management:''' Our enclosures feature oversized heat sinks and active cooling fans, designed specifically for the Philippine tropical climate.
* '''Rugged Housing:''' We utilize larger, robust enclosures rather than sleek, compact consumer plastics. We prioritize airflow and durability over aesthetics.
* '''Manual Override:''' A non-negotiable Comfac standard. All automated relays include physical manual switches. While this increases upfront manufacturing costs, it lowers Total Cost of Ownership (TCO) by ensuring operations can continue manually during digital failures, preventing costly downtime.

=== 3.2 The Shift: From Arduino to Espressif ===

''Note: Following the market shifts regarding Qualcomm's acquisition strategies and the changing landscape of the Arduino ecosystem, Comfac has migrated its core development away from standard Arduino hardware.''

* '''Current Standard:''' We focus on '''Espressif (ESP32/S3/C3)''' chips and '''Adafruit''' ecosystems.
* '''Why Espressif?''' It represents the pinnacle of "Chinese Open Source" hardware—high performance, integrated WiFi/Bluetooth, dual-core processing, and massive community support at a price point that makes widespread industrial deployment feasible.

=== 3.3 Sustainability & Right-to-Repair ===

We leverage the Philippines' specialization in semiconductors and electronics assembly.

* '''Local Sourcing:''' By manufacturing and sourcing parts locally, we drastically reduce our GHG footprint compared to importing finished goods.
* '''Open Source Ecology:''' Our designs utilize off-the-shelf components. We adhere to '''Right-to-Repair''' principles. A remote facility manager can replace a standard relay or fan in our unit without waiting for a proprietary part to ship from overseas.
* '''No Logistical Friction:''' Comfac integrates these disparate open-source solutions into a consolidated ecosystem, providing the support layer that open-source projects typically lack.

== 4. The Controller & Sensor Portfolio ==

=== 4.1 Industrial Controllers ===

Built on the ESP32 platform, these DIN-rail mountable units serve as the "Twigs" of the system (see ''Document 251213-PDT''). They handle local logic, ensuring that if the Server goes down, the local machine safety protocols remain active.

=== 4.2 Environmental Sensors ===

* '''Airflow:''' Validated via '''FreeCAD CFD (Computational Fluid Dynamics)''' analysis to ensure optimal placement and reading accuracy within ducts and server racks.
* '''Air Quality:''' MQTT-native sensors for '''CO2''' and '''Smoke''' detection, critical for early fire warning in data centers.
* '''Temp/Humidity:''' High-precision DHT/SHT sensors for HVAC optimization.

=== 4.3 Water Quality (PBR Systems) ===

Designed specifically for Photobioreactor (PBR) and aquaculture management:

* '''Parameters:''' Dissolved CO2, Water Temperature, and Pump Current monitoring.
* '''Integration:''' These feed directly into the automation logic to adjust aeration and nutrient dosing.

=== 4.4 Advanced Vision & Depth ===

* '''CCTV:''' We utilize standard IP Cameras feeding into '''Open Source NVRs''' (Network Video Recorders).
* '''Lidar:''' Used for privacy-preserving object detection and depth monitoring (e.g., volume of biomass in a tank, or people-counting in a secure zone without facial recognition).

== 5. Infrastructure: The TrueNAS Backbone ==

The physical brain of the STEWARD system runs on '''TrueNAS Scale'''.

* '''Hardware:''' Ranges from low-powered SoCs (for edge nodes) to beefy Rackmount Servers (for central command).
* '''Virtualization:''' TrueNAS hosts the Virtual Machines (VMs) and Docker Containers for:
** The Laravel/Postgres Web Server.
** The MQTT Broker (Mosquitto/EMQX).
** The NVR Software (Frigate/ZoneMinder).
** Network Management tools.
* '''Reliability:''' ZFS file system ensures data integrity and easy snapshots/backups for disaster recovery.

== 6. System Architecture Diagram ==

''(See attached diagram image in the original document.)''

[[Category:STEWARD]]
[[Category:IoT]]
[[Category:Comfac]]
[[Category:Infrastructure]]

ERPNext HR Module Outline

2026-02-25T07:16:45Z

CITEditor: Created page with "= ERPNext HR Module Outline = == 1. Recruitment == === 1.1 Your Shortcuts === * Job Opening * Job Applicant * Job Offer * Dashboard * Interviews (This Week) === 1.2 Masters & Reports === ==== 1.2.1 Jobs ==== ===== Staffing Plan ===== '''Purpose''' * Defines the required headcount per department/role for the year. Ensures hiring aligns with company budget and manpower planning. '''How to Use (with prerequisites/requirements)''' ''Prerequisites'' * Approved annual..."

= ERPNext HR Module Outline =

== 1. Recruitment ==

=== 1.1 Your Shortcuts ===

* Job Opening
* Job Applicant
* Job Offer
* Dashboard
* Interviews (This Week)

=== 1.2 Masters & Reports ===

==== 1.2.1 Jobs ====

===== Staffing Plan =====

'''Purpose'''
* Defines the required headcount per department/role for the year. Ensures hiring aligns with company budget and manpower planning.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Approved annual manpower budget
* Departmental hiring projections

''Steps''
# Go to Staffing Plan → New
# Select Department, Fiscal Year, and Cost Center
# Add positions and required counts
# Submit the document

'''Next Step'''
* Create '''Job Requisition''' based on approved staffing needs.

-----

===== Job Requisition =====

'''Purpose'''
* Internal request created by department heads when manpower is needed.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Staffing Plan or justified unplanned request
* Department Head approval

''Steps''
# Go to Job Requisition → New
# Select Department, Designation, Reason for Hiring
# Enter required number of positions
# Assign hiring priority and target date
# Submit for approval

'''Next Step'''
* Once approved → HR creates '''Job Opening'''.

-----

===== Job Opening =====

'''Purpose'''
* Used to formally list a vacancy in the organization.
* Defines required skills, qualifications, responsibilities, and hiring timeline.
* Aligns hiring with budget, staffing plan, and department requirements.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Approved Staffing Plan or Job Requisition.
* Confirmed role requirements from Department Head.
* Salary grade or hiring budget approved by HR & Finance.

''Steps''
# Create new Job Opening.
# Encode Job Title, Department, Branch, Reports To, Employment Type.
# Add Required Skills & Minimum Qualifications.
# Set Target Date & Number of Positions.
# Attach Job Description template.
# Set Status to "Open".
# Publish online or internal hiring portals.

'''Next Step'''
* Start collecting Job Applicants.
* Conduct screening and interviews.
* Proceed to Job Offer once candidate is selected.
* Close the Job Opening when filled.

-----

===== Job Applicant =====

'''Purpose'''
* Used to record candidate information for a specific Job Opening.
* Centralizes resumes, contact details, skills, experience, and application status.
* Serves as the main tracking record throughout the recruitment lifecycle (screening → interview → offer → hire/reject).

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Active '''Job Opening'''.
* Applicant resume/CV.
* Basic screening criteria from HR or Department Head.

''Steps''
# Go to '''HR''' → '''Recruitment''' → '''Job Applicant''' → '''New'''.
# Select the linked Job Opening.
# Enter applicant details: Full Name, Email, Contact Number, Source.
# Upload Resume/CV and relevant documents.
# Encode experience, education, skills, and expected salary.
# Set Applicant Status (Open, Shortlisted, Interview Scheduled, Rejected, Selected).
# Save and submit the record.

'''Next Step'''
* Schedule interviews using the '''Interview''' module.
* Collect '''Interview Feedback'''.
* If approved → proceed to '''Job Offer'''.
* If failed screening/interview → mark as '''Rejected'''.

-----

===== Job Offer =====

'''Purpose'''
* Used to formally present an employment offer to a selected Job Applicant.
* Defines salary, benefits, designation, and employment terms.
* Acts as the approval document before onboarding the employee.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Applicant must be marked as Selected.
* Approved salary budget from HR and Finance.
* Authorized signatory for offer approval.

''Steps''
# Go to '''HR''' → '''Recruitment''' → '''Job Offer''' → '''New'''.
# Select the linked '''Job Applicant'''.
# System auto-fetches applicant details and job position.
# Enter compensation details: Basic Salary, Allowances, Benefits.
# Set the proposed '''Joining Date'''.
# Add offer terms and conditions.
# Submit for approval.
# Send Job Offer to the candidate (email or printed copy).

'''Next Step'''
* If '''Accepted''' → proceed to '''Appointment Letter'''.
* If '''Declined''' → return to Job Applicant pool or reopen Job Opening.
* Once appointment is issued → proceed to '''Employee Onboarding'''.

==== 1.2.2 Interviews ====

===== Interview Type =====

'''Purpose'''
* Used to define the different kinds of interviews conducted during recruitment.
* Standardizes interview classifications across departments.
* Helps in reporting and tracking interview effectiveness.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Defined recruitment process.
* Approved interview stages from HR and Department Heads.

''Steps''
# Go to '''HR''' → '''Recruitment''' → '''Interview Type''' → '''New'''.
# Enter Interview Type Name (e.g., HR Interview, Technical Interview, Panel Interview).
# Add description if needed.
# Save the record.

'''Next Step'''
* Assign this Interview Type to '''Interview Rounds''' and '''Interview schedules'''.

-----

===== Interview Round =====

'''Purpose'''
* Used to define the sequence or stage of interviews.
* Helps structure multi-stage recruitment (e.g., Initial Screening → Technical → Final Interview).
* Ensures consistent hiring workflows.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Interview Types already created.
* Approved recruitment flow.

''Steps''
# Go to '''HR''' → '''Recruitment''' → '''Interview Round''' → '''New'''.
# Enter Round Name (e.g., First Interview, Second Interview, Final Interview).
# Select the related '''Interview Type'''.
# Assign sequence/order number.
# Save the record.

'''Next Step'''
* Use this Interview Round when scheduling '''Interviews''' for applicants.

-----

===== Interview =====

'''Purpose'''
* Used to schedule and manage interviews for Job Applicants.
* Links applicants, interviewers, interview type, and interview round.
* Tracks interview date, time, and status.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Active '''Job Applicant'''.
* Defined '''Interview Type''' and '''Interview Round'''.
* Available interviewers.

''Steps''
# Go to HR → Recruitment → Interview → New.
# Select the Job Applicant.
# Choose Interview Type and Interview Round.
# Set Interview Date and Time.
# Assign one or more Interviewers.
# Set Interview Status (Scheduled).
# Save and submit.
# Notify interviewers and applicant.

'''Next Step'''
* Collect '''Interview Feedback''' after the interview.
* Based on results, move the applicant to:
** Next Interview Round
** Job Offer
** Rejected status

-----

===== Interview Feedback =====

'''Purpose'''
* Used to document interview evaluation results.
* Standardizes scoring and decision-making.
* Provides basis for selection, rejection, or further interviews.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Completed Interview.
* Assigned interviewers.
* Defined evaluation criteria.

''Steps''
# Open the related '''Interview'''.
# Click '''Create Interview Feedback'''.
# Rate the applicant based on:
#* Technical Skills
#* Communication
#* Attitude
#* Experience
#* Culture Fit
# Add final comments and recommendation (Pass/Fail).
# Submit the feedback.

'''Next Step'''
* If '''Passed''' → proceed to:
** Next Interview Round, or
** Job Offer
* If '''Failed''' → mark applicant as Rejected.

==== 1.2.3 Appointment ====

===== Appointment Letter Template =====

'''Purpose'''
* Serves as the master format for all Appointment Letters issued to new hires.
* Ensures consistent wording, structure, and legal compliance.
* Allows HR to define variables (salary, position, start date, etc.) that auto-fill when generating appointment letters.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Standardized company template approved by HR and Legal.
* Defined merge fields (e.g., employee name, designation, salary).

''Steps''
# Go to '''HR''' → '''Recruitment''' → '''Appointment Letter Template''' → '''New'''.
# Enter Template Title (e.g., Regular Employee, Probationary Employee).
# Add the body content of the letter.
# Insert dynamic fields (e.g., <code>{{ employee_name }}</code>, <code>{{ designation }}</code>, <code>{{ date_of_joining }}</code>).
# Format sections as needed.
# Save the template.

'''Next Step'''
* Use this template when generating an actual '''Appointment Letter''' from an approved Job Offer.

-----

===== Appointment Letter =====

'''Purpose'''
* Official document issued after the candidate accepts the Job Offer.
* Confirms employment, salary package, designation, and joining date.
* Serves as the basis for employee profile creation and onboarding.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Approved and accepted '''Job Offer'''.
* Appointment Letter Template ready.
* Finalized start date and compensation details.

''Steps''
# Go to '''HR''' → '''Recruitment''' → '''Appointment Letter''' → '''New'''.
# Choose the '''Job Applicant''' (system auto-fetches Job Offer details).
# Select the '''Appointment Letter Template'''.
# Review auto-filled fields such as:
#* Name
#* Designation
#* Salary details
#* Date of Joining
#* Employment Type
# Edit any required fields or remarks.
# Submit the document.
# Print or email the Appointment Letter to the candidate.

'''Next Step'''
* Candidate submits signed acceptance.
* HR proceeds to '''Employee Onboarding'''.
* Create Employee profile once onboarding begins.

----

== 2. Employee Lifecycle ==

=== 2.1 Your Shortcuts ===

==== Employee Onboarding ====

'''Purpose'''
* A reusable checklist template for onboarding new employees.
* Ensures all departments follow the same onboarding process.
* Standardizes tasks such as documentation, equipment issuance, system access, and orientation.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Defined onboarding workflow from HR, IT, Admin, and Department Heads.
* List of required tasks per role (e.g., office staff vs. field staff).

''Steps''
# Go to '''HR''' → '''Employee Lifecycle''' → '''Employee Onboarding Template''' → '''New'''.
# Enter Template Name (e.g., Office Employee Onboarding, Field Technician Onboarding).
# Add onboarding tasks under various categories:
#* HR Requirements
#* IT System Access
#* Equipment / Tools Issuance
#* Training Requirements
#* Orientation Sessions
# Assign each task to a responsible role or department.
# Save the template.

'''Next Step'''
* Use this template when creating an actual Employee Onboarding record for a new hire.

-----

==== Employee Separation ====

'''Purpose'''
* Used to manage and track the complete offboarding process when an employee resigns, retires, or is terminated.
* Ensures clearance procedures, return of assets, final pay, and exit documentation are completed accurately.
* Provides a standardized, auditable offboarding workflow across HR, IT, Admin, and Finance.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Received resignation letter or HR-approved separation decision.
* Confirmed last working day.
* Final clearance policies defined (IT, Admin, Finance).

''Steps''
# Go to HR → Employee Lifecycle → Employee Separation → New.
# Select the Employee and indicate Separation Type (Resignation, End of Contract, Termination, Retirement).
# Enter key details:
#* Date of Resignation / Notice Date
#* Last Working Day
#* Reason for Separation
#* Required Clearance Tasks
# Assign each clearance task to the responsible department:
#* HR – Exit Interview, Final Documents
#* IT – Deactivation of Access, Return of Devices
#* Admin – Office Equipment Return, ID Surrender
#* Finance – Final Pay, Loan Balances, Advances
# Save and track status of each clearance component.

'''Next Step'''
* Conduct Exit Interview.
* Process Final Pay computation.
* Mark as "Completed" once all departments finish clearance.
* Archive or deactivate employee record if required.

-----

==== Employee Grievance ====

'''Purpose'''
* Used by employees to formally report workplace concerns, issues, or complaints.
* Helps HR track, investigate, and resolve grievances in a transparent and documented manner.
* Promotes fair and consistent handling of employee issues.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Defined grievance types (e.g., Workplace Conflict, Harassment, Payroll Issue, Safety Concern).
* HR policy for grievance handling in place.

''Steps''
# Go to HR → Employee Lifecycle → Employee Grievance → New.
# Select the Employee filing the grievance.
# Choose the Grievance Type.
# Enter details:
#* Description of the issue
#* Incident date
#* People involved (if applicable)
# Assign the grievance to an HR Officer or Investigator.
# Update grievance status as the investigation progresses:
#* Open
#* Under Review
#* Resolved
#* Escalated
# Add resolution notes and attach any supporting evidence.

'''Next Step'''
* Close the grievance after resolution.
* Escalate to management if unresolved.
* Use data for HR analytics and preventive action planning.

-----

==== Dashboard ====

'''Purpose'''
* Provides a consolidated view of all key HR metrics related to employee lifecycle.
* Displays real-time data such as onboarding progress, separations, training schedules, and monthly hiring trends.
* Helps HR quickly monitor tasks pending for onboarding, resignation, and training.

'''How to Use'''
* Access via HR → Employee Lifecycle → Dashboard.
* Review widgets such as:
** New Hires
** Exits
** Pending Onboardings
** Ongoing Trainings
* Click any section to drill down into the detailed list.

'''Next Step'''
* Use insights to prioritize pending onboarding tasks, separation clearances, or training activities.

-----

==== New Hires (This Month) ====

'''Purpose'''
* Displays all employees who joined within the current month.
* Helps HR track onboarding volume, joining trends, and pending requirements for new hires.
* Useful for monthly HR reporting and management updates.

'''How to Use'''
* Click the New Hires (This Month) shortcut on the Employee Lifecycle dashboard.
* Review details such as:
** Employee Name
** Department
** Designation
** Joining Date
** Onboarding Status
* Filter or export the data if needed.

'''Next Step'''
* Ensure each new hire has an active onboarding record.
* Coordinate with IT, Admin, and Department Heads for pending onboarding tasks.

-----

==== Exits (This Month) ====

'''Purpose'''
* Shows all employees who resigned, retired, or were separated during the current month.
* Helps HR track separation trends and manage clearance processes.
* Supports monthly reporting on attrition and offboarding activities.

'''How to Use'''
* Click Exits (This Month) from the dashboard.
* See the list of employees with:
** Separation Date
** Separation Type
** Clearance Status
** Final Pay Status
* Drill down to review individual separation forms.

'''Next Step'''
* Follow up with departments on pending clearance tasks.
* Ensure final pay is processed before the scheduled release date.

-----

==== Trainings (This Week) ====

'''Purpose'''
* Displays training programs and training events scheduled for the current week.
* Helps HR monitor training attendance, preparation, and facilitator assignments.
* Ensures employees and supervisors are informed about ongoing training activities.

'''How to Use'''
* Click Trainings (This Week) on the dashboard.
* View upcoming training sessions with:
** Training Title
** Date and Time
** Trainer / Facilitator
** Participants
** Venue or Online Link
* Confirm if prerequisites (materials, attendance lists, rooms) are ready.

'''Next Step'''
* Send reminders to participants.
* Track attendance and later encode Training Feedback and Training Result.

=== 2.2 Masters & Reports ===

==== 2.2.1 Onboarding ====

===== Employee Onboarding Template =====

'''Purpose'''
* Serves as a reusable checklist template for onboarding new employees.
* Ensures consistency in onboarding tasks across all departments.
* Standardizes requirements such as documentation, system access, equipment issuance, and orientation.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Approved onboarding workflow from HR, IT, Admin, and Department Heads.
* Defined task list per employee category or role.

''Steps''
# Go to '''HR''' → '''Employee Lifecycle''' → '''Employee Onboarding Template''' → '''New'''.
# Enter a clear '''Template Name''' (e.g., Office Staff Onboarding, Project-Based Employee Onboarding).
# Add tasks under relevant categories:
#* HR Documentation
#* IT Access & Credentials
#* Asset & Equipment Issuance
#* Orientation & Training
#* Policy Acknowledgements
# Assign each task to a responsible department or user.
# Save the template.

'''Next Step'''
* Use this template when creating an '''Employee Onboarding''' record.

-----

===== Employee Onboarding =====

'''Purpose'''
* Tracks the onboarding progress of each new employee.
* Ensures all assigned departments complete onboarding tasks on time.
* Provides visibility into onboarding status for HR and management.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Accepted Appointment Letter.
* Selected Employee Onboarding Template.
* Confirmed joining date.

''Steps''
# Go to '''HR''' → '''Employee Lifecycle''' → '''Employee Onboarding''' → '''New'''.
# Select the '''Employee''' (or Job Applicant if employee record is not yet created).
# Choose the '''Employee Onboarding Template'''.
# System auto-populates onboarding tasks.
# Assign owners and due dates for each task.
# Update task statuses as they are completed.
# Save and submit the onboarding record.

'''Next Step'''
* Mark onboarding as '''Completed''' once all tasks are done.
* Proceed with regular employee lifecycle processes (attendance, payroll, training).

-----

===== Employee Skill Map =====

'''Purpose'''
* Captures and maintains employee skills and proficiency levels.
* Helps identify skill gaps and training needs.
* Supports appraisal, promotion, and workforce planning.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Active employee record.
* Basic job role and competency requirements defined.

''Steps''
# Go to HR → Employee Lifecycle → Employee Skill Map → New.
# Select the Employee.
# Add skills with:
#* Skill Name
#* Skill Category
#* Proficiency Level
#* Years of Experience
# Save the record.

'''Next Step'''
* Use Skill Map data during:
** Performance Appraisal
** Training Planning
** Promotions and Role Assignments

==== 2.2.2 Grievance ====

===== Grievance Type =====

'''Purpose'''
* Defines the categories of employee grievances.
* Standardizes classification for reporting and analysis.
* Helps HR route grievances to the correct handler.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Approved HR grievance policy.
* Common grievance categories identified.

''Steps''
# Go to '''HR''' → '''Employee Lifecycle''' → '''Grievance Type''' → '''New'''.
# Enter '''Grievance Type Name''' (e.g., Payroll Issue, Workplace Conflict, Harassment, Safety Concern).
# Add description or guidelines if needed.
# Save the record.

'''Next Step'''
* Use Grievance Types when creating '''Employee Grievance''' records.

-----

===== Employee Grievance =====

'''Purpose'''
* Allows employees to formally raise workplace concerns.
* Enables HR to investigate, track, and resolve issues systematically.
* Ensures transparency, documentation, and accountability.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Defined Grievance Types.
* Assigned HR officers or grievance handlers.

''Steps''
# Go to '''HR''' → '''Employee Lifecycle''' → '''Employee Grievance''' → '''New'''.
# Select the '''Employee''' filing the grievance.
# Choose the '''Grievance Type'''.
# Enter grievance details:
#* Description
#* Date of Incident
#* Persons Involved (if applicable)
# Attach supporting documents if any.
# Assign the grievance to an HR handler.
# Update status as the case progresses:
#* Open
#* Under Review
#* Resolved
#* Escalated
# Record investigation findings and resolution notes.
# Save and close the grievance.

'''Next Step'''
* Communicate resolution to the employee.
* Escalate unresolved cases to management or legal if needed.
* Use grievance data for HR reporting and policy improvement.

==== 2.2.3 Training ====

===== Training Program =====

'''Purpose'''
* Defines structured learning programs within the organization.
* Groups related training sessions under a single program.
* Supports employee development, compliance, and skill enhancement.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Identified training needs from HR, appraisals, or skill gap analysis.
* Approved training objectives and budget.

''Steps''
# Go to '''HR''' → '''Employee Lifecycle''' → '''Training Program''' → '''New'''.
# Enter '''Program Name''' and description.
# Define training objectives and target audience.
# Assign program owner or coordinator.
# Save the record.

'''Next Step'''
* Create '''Training Events''' under this program.

-----

===== Training Event =====

'''Purpose'''
* Represents a specific training session conducted on a scheduled date.
* Tracks participants, trainers, venue, and attendance.
* Links actual training execution to the training program.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Existing Training Program.
* Confirmed trainer, schedule, and participants.

''Steps''
# Go to '''HR''' → '''Employee Lifecycle''' → '''Training Event''' → '''New'''.
# Select the '''Training Program'''.
# Enter event details:
#* Date and Time
#* Trainer / Facilitator
#* Venue or Online Link
#* Maximum Participants
# Add participating employees.
# Save and publish the event.

'''Next Step'''
* Conduct the training.
* Collect '''Training Feedback''' from participants.

-----

===== Training Feedback =====

'''Purpose'''
* Collects participant feedback after training completion.
* Measures training effectiveness and trainer performance.
* Supports continuous improvement of training programs.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Completed Training Event.
* Defined feedback criteria or questionnaire.

''Steps''
# Open the completed '''Training Event'''.
# Click Create '''Training Feedback'''.
# Participants rate:
#* Training Content
#* Trainer Effectiveness
#* Relevance to Job
#* Overall Satisfaction
# Add comments or suggestions.
# Submit feedback.

'''Next Step'''
* Review feedback results.
* Identify improvement areas for future trainings.

-----

===== Training Result =====

'''Purpose'''
* Records the outcome of training participation per employee.
* Tracks completion status, scores, and certifications earned.
* Supports compliance and performance tracking.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Completed Training Event.
* Attendance and evaluation results available.

''Steps''
# Go to HR → Employee Lifecycle → Training Result → New.
# Select the Training Event.
# Record results for each participant:
#* Completion Status
#* Score or Assessment Result
#* Certification (if applicable)
# Save the record.

'''Next Step'''
* Update employee Skill Map if new skills were gained.
* Use results in Appraisal and Performance Review.

==== 2.2.4 Daily Work Summary ====

===== Daily Work Summary =====

'''Purpose'''
* Allows employees to submit a summary of daily tasks and accomplishments.
* Helps supervisors monitor work progress and productivity.
* Provides transparency and accountability for daily activities.

'''How to Use (with prerequisites/requirements)'''

''Prerequisites''
* Active employee record.
* Defined reporting structure (employee → supervisor).

''Steps''
# Go to '''HR''' → '''Employee Lifecycle''' → '''Daily Work Summary''' → '''New'''.
# Select the '''Employee'''.
# Enter work details:
#* Completed tasks
#* Ongoing tasks
#* Issues or blockers
# Save and submit the summary.

'''Next Step'''
* Supervisor reviews submitted summaries.
* Use summaries for performance tracking and follow-ups.

* Daily Work Summary Group
* Daily Work Summary Replies

==== 2.2.5 Reports ====

* Employee Exits
* Employee Information
* Employee Birthday
* Employee Analytics

----

== 3. Performance ==

=== 3.1 Your Shortcuts ===

* Appraisal
* Employee Performance Feedback
* Goal

=== 3.2 Masters & Transactions ===

==== 3.2.1 Masters ====

* Appraisal Template
* KRA
* Employee Feedback Criteria

==== 3.2.2 Appraisal ====

* Appraisal
* Appraisal Cycle
* Employee Performance Feedback
* Goal

==== 3.2.3 Promotion ====

* Employee Promotion

==== 3.2.4 Energy Points ====

* Energy Point Rule
* Energy Point Settings
* Energy Point Log

==== 3.2.5 Reports ====

* Appraisal Overview

----

== 4. Shift & Attendance ==

=== 4.1 Your Shortcuts ===

* Employee Checkin
* Attendance
* Shift Request
* Dashboard
* Roster

=== 4.2 Masters & Reports ===

==== 4.2.1 Shifts ====

* Shift Type
* Shift Assignment
* Shift Schedule
* Shift Schedule Assignment
* Shift Request
* Shift Assignment Tool

==== 4.2.2 Attendance ====

* Attendance
* Attendance Request
* Employee Checkin
* Employee Attendance Tool
* Upload Attendance

==== 4.2.3 Time ====

* Timesheet
* Activity Type

==== 4.2.4 Reports ====

* Monthly Attendance Sheet
* Shift Attendance
* Employee Hours Utilization Based on Timesheets

----

== 5. Expense Claims ==

=== 5.1 Your Shortcuts ===

* Expense Claim
* Employee Advance
* Dashboard

=== 5.2 Masters & Reports ===

==== 5.2.1 Claims ====

* Expense Claim
* Expense Claim Type

==== 5.2.2 Advances ====

* Employee Advance
* Payment Entry
* Journal Entry
* Additional Salary

==== 5.2.3 Fleet Management ====

* Vehicle
* Driver
* Vehicle Service Item
* Vehicle Log
* Vehicle Expenses

==== 5.2.4 Travel ====

* Travel Request
* Purpose of Travel

==== 5.2.5 Reports ====

* Employee Advance Summary
* Unpaid Expense Claim
* Vehicle Expenses

==== 5.2.6 Accounting Reports ====

* Accounts Receivable
* Accounts Payable
* General Ledger

----

== 6. Leaves ==

=== 6.1 Your Shortcuts ===

* Leave Application
* Leave Allocation

=== 6.2 Masters & Reports ===

==== 6.2.1 Setup ====

* Holiday List
* Leave Type
* Leave Period
* Leave Policy
* Leave Block List

==== 6.2.2 Allocation ====

* Leave Allocation
* Leave Policy Assignment
* Leave Control Panel
* Leave Encashment

==== 6.2.3 Application ====

* Leave Application
* Compensatory Leave Request

==== 6.2.4 Reports ====

* Employee Leave Balance
* Employee Leave Balance Summary
* Employees Working on a Holiday

[[Category:ERPNext]]
[[Category:HR Module]]
[[Category:Human Resources]]
[[Category:Comfac]]

260108 CGG- GitHub Administration Guide

2026-02-25T07:16:11Z

CITEditor: Created page with "= Comfac Global Group - GitHub Administration Guide = '''Last Updated:''' January 2026 '''Admin:''' Justin Aquino (justinaquinoCSC) '''Key Contact:''' Christopher Gacad (topepe) - All-Repository Admin == 1. Access & Login Procedure == ''Step-by-step entry into the administrative dashboard.'' # '''Log In:''' Navigate to your profile: https://github.com/justinaquinoCSC # '''Authentication:''' Complete the '''2FA''' (Two-Factor Authentication) check. # '''Dashbo..."

= Comfac Global Group - GitHub Administration Guide =

'''Last Updated:''' January 2026 
'''Admin:''' Justin Aquino (justinaquinoCSC) 
'''Key Contact:''' Christopher Gacad (topepe) - All-Repository Admin

== 1. Access & Login Procedure ==

''Step-by-step entry into the administrative dashboard.''

# '''Log In:''' Navigate to your profile: https://github.com/justinaquinoCSC
# '''Authentication:''' Complete the '''2FA''' (Two-Factor Authentication) check.
# '''Dashboard:''' You will land on the Home feed: https://github.com/dashboard
# '''Find the Organization:'''
#* Click your '''Profile Picture''' (top right corner).
#* Select '''Your organizations'''.
#* ''Shortcut:'' https://github.com/settings/organizations

== 2. Organization Settings (The Command Center) ==

''This is the hub for Billing, Access, and Privileges.''

* '''Organization Home:''' https://github.com/Comfac-Global-Group
* '''Settings Page (KEY LINK):''' https://github.com/organizations/Comfac-Global-Group/settings/profile
** ''Use this link to access Member Privileges, Billing, and Licensing.''

== 3. Member Management (People) ==

''How to add team members and assign roles.''

* '''Management Page:''' https://github.com/orgs/Comfac-Global-Group/people

=== How to Add a New Member ===

# Click the green '''Invite member''' button.
# Enter the person's '''email address''' or GitHub username.
# '''CRITICAL STEP:''' After typing the email, you must '''click the email address again''' in the dropdown list to select it before the "Invite" button becomes active.
# Select their role (Member or Owner).

== 4. GitHub Copilot Management ==

''Funded by: Facilities Management Project (Approx. $95/month)''

=== A. Seat Management (Who has access) ===

* '''Link:''' https://github.com/organizations/Comfac-Global-Group/settings/copilot/seat_management
* '''Current Team (5 Seats):'''
*# Tope (Christopher)
*# Clyde
*# Roy
*# Pines
*# Ezekiel
* '''Pending/Future:''' Rafael (upon SECADA project migration).

=== B. Policies (Features & Settings) ===

* '''Link:''' https://github.com/organizations/Comfac-Global-Group/settings/copilot/policies
* ''Action Item:'' Use this page to '''Enable/Allow Copilot Chat''' if users report it is blocked.

== 5. Strategic Workflows & Roles ==

=== Administrative Roles ===

* '''Justin Aquino:''' Organization Owner / Billing.
* '''Topepe (Christopher Gacad):''' All-Repository Admin. Handles day-to-day repository maintenance.

=== Delegation Strategy (Students & Freelancers) ===

We do '''not''' give direct write access to the main repositories for temporary staff (Students/Freelancers).

# '''Method:''' '''Forking'''.
# '''Process:'''
#* The Student/Freelancer '''Forks''' the repository to their own account.
#* They work on their copy.
#* They submit a '''Pull Request (PR)''' to merge changes back to Comfac Global Group.
#* ''Why?'' This protects the core code from accidental deletion or errors.

== 6. Quick Reference Links ==

{| class="wikitable"
! Task !! Direct Link
|-
| '''Org Settings''' || [https://github.com/organizations/Comfac-Global-Group/settings/profile Settings Profile]
|-
| '''Manage People''' || [https://github.com/orgs/Comfac-Global-Group/people People Tab]
|-
| '''Copilot Seats''' || [https://github.com/organizations/Comfac-Global-Group/settings/copilot/seat_management Seat Management]
|-
| '''Copilot Policies''' || [https://github.com/organizations/Comfac-Global-Group/settings/copilot/policies Policy Settings]
|-
| '''Billing''' || Accessed via Settings sidebar under "Billing and Licensing"
|}

[[Category:Administration]]
[[Category:GitHub]]
[[Category:Comfac Global Group]]

ERpnext Asset Management Procedure 260113

2026-02-25T07:15:16Z

CITEditor: Created page with "= ERPNext Asset Management Procedure = '''Document Code:''' OP-IT-ASM-01 '''Title:''' IT Asset Management Procedure '''Effective Date:''' 2025-10-30 '''Revision:''' 03 '''Prepared by:''' IT Department '''Approved by:''' Management Representative == 1. Objective == This procedure establishes a standardized system for identifying, tracking, maintaining, and disposing of IT assets using ERPNext's '''Asset Management Module'''. It ensures efficient uti..."

= ERPNext Asset Management Procedure =

'''Document Code:''' OP-IT-ASM-01 
'''Title:''' IT Asset Management Procedure 
'''Effective Date:''' 2025-10-30 
'''Revision:''' 03 
'''Prepared by:''' IT Department 
'''Approved by:''' Management Representative

== 1. Objective ==

This procedure establishes a standardized system for identifying, tracking, maintaining, and disposing of IT assets using ERPNext's '''Asset Management Module'''. It ensures efficient utilization, lifecycle visibility, and compliance with accounting and data security requirements. The procedure incorporates custom fields and ERPNext module features to enhance traceability and decision-making.

== 2. Scope ==

This procedure applies to all IT hardware, software, and digital or consumable assets owned, leased, or managed by the Comfac Group of Companies. It covers the full lifecycle—from acquisition and deployment to maintenance, movement, depreciation, and disposal.

== 3. Definition ==

=== 3.1 ERPNext Asset Management Fields ===

The following are standard and custom fields used within the ERPNext Asset DocType:

* '''Item Code''' – Unique identifier linked to inventory records.
* '''Asset Name''' – Name following the CGG naming convention.
* '''Item Name''' – Model, brand, or specifications of the asset.
* '''Model Date''' ''(Custom Field)'' – Indicates the manufacturing or model year for lifecycle tracking.
* '''Details''' ''(Custom Field)'' – Describes bundled or composite assets consisting of multiple sub-items.
* '''Custodian''' – Assigned employee or department responsible for the asset.
* '''Department''' – Department under which the asset is charged.
* '''Location''' – Office or project site where the asset resides.
* '''Asset Category''' – Classification following ERPNext's hierarchy (e.g., Computers, Network Devices, Tools, etc.).
* '''Asset Maintenance Team''' – Group or personnel responsible for maintenance tasks.
* '''Asset Maintenance Log''' – Record of maintenance or repair actions performed.
* '''Asset Repair''' – Record of repairs initiated for defective or damaged assets.
* '''Asset Capitalization''' – Conversion of items into capitalized fixed assets.
* '''Asset Depreciation and Balances''' – Tracks financial depreciation over time.
* '''Asset Activity''' – Logs updates, movements, and other actions related to the asset.

Reference: [https://docs.frappe.io/erpnext/user/manual/en/asset-asset ERPNext Asset Module Documentation]

=== 3.2 Asset Naming Convention ===

To ensure uniform identification and traceability of assets across companies and departments, the following naming convention applies:

'''Format:'''
<pre>[Company Code]-[Department Code]-ast-[YYMMDD]-[####]</pre>

* '''Company Code''' – Refers to the legal entity (CSC, ESC, CF, CIT, etc.).
* '''Department Code''' – Refers to the department (e.g., MIS for IT, ENG for Engineering, HR, FIN, etc.).
* '''ast''' – Tag indicating that the record refers to an Asset (distinct from DocType series).
* '''YYMMDD''' – The asset creation or acquisition date.
* '''####''' – Four-digit serial number starting from 0001, reset daily or monthly per IT policy.

'''Examples:'''
* <code>CSC-MIS-ast-251030-0001</code> → 1st IT asset recorded on Oct 30, 2025, under Cornersteel Systems Corp.
* <code>CF-FIN-ast-250801-0042</code> → 42nd Finance asset for Comfac IT recorded on Aug 1, 2025.

==== Item Naming Format ====

For the '''Item Name''' field, the format provides descriptive identification of the asset type:

<pre>[ItemType]-[YYMMDD]-[####]</pre>

'''Examples:'''
* <code>desktop-251030-0005</code>
* <code>license-251030-0008</code>
* <code>router-251030-0002</code>

==== Digital Asset Naming ====

Digital or intangible assets such as software licenses or subscriptions follow:

<pre>[Company Code]-[Department Code]-dg-[YYMMDD]-[####]</pre>

'''Examples:'''
* <code>CSC-MIS-dg-251030-0003</code> → Microsoft 365 License assigned to MIS.

== 4. References ==

* IT Equipment Requisition Form
* IT Asset Monitoring Sheet
* ERPNext Asset Management Module
* ERPNext Asset Dashboard and Fixed Asset Register
* Accounting Policies on Depreciation and Capitalization

== 5. Responsibility ==

{| class="wikitable"
! Role !! Responsibilities
|-
| '''IT Department''' || Manages ERPNext Asset records, customizations, and lifecycle tracking; ensures data consistency.
|-
| '''End Users / Departments''' || Responsible for proper use and safekeeping of assigned assets. For individually issued items, the named '''Custodian''' is responsible. '''Important:''' If an asset is assigned to a Department or Section without a specific named individual in the employee field, accountability automatically '''defaults to the Department Head or Section Officer''' of that unit.
|-
| '''Requestor''' || Initiates IT Requests for new or replacement assets.
|-
| '''SPLD and Accounting''' || Collaborates on budgeting, procurement, depreciation, and disposal schedules.
|-
| '''HR Department''' || Notifies IT of employment changes affecting asset custody.
|}

== 6. Process ==

=== 6.1 Acquisition and Registration ===

# End user submits an '''IT Request (ITR)''' for new or replacement equipment.
# IT validates need, checks available inventory, and identifies custodian.
# A '''Material Request (Purchase)''' is created in ERPNext, specifying the department or project charge.
# Upon delivery, IT records the asset in ERPNext with complete details, including '''Model Date''' and '''Details''' fields.
# For purchased items, link the asset to the '''Purchase Invoice/Receipt''' for accurate valuation.
# For existing assets, check '''Is Existing Asset''' to register without new procurement.

=== 6.2 Movement and Custody Changes (Asset Movement) ===

All physical movements or changes in accountability must be recorded using the '''Asset Movement''' DocType in ERPNext. The specific '''Purpose''' selected determines the flow of the transaction:

==== A. Purpose: Issue ====

'''Definition:''' Assigning an asset that is currently in stock or unassigned to a specific employee (Custodian).

* '''When to use:''' When providing a standard peripheral (e.g., mouse, keyboard) from IT stock to an employee.
* '''Action:'''
** '''Source:''' Company Asset Stock (None).
** '''Target:''' Employee (Custodian).

==== B. Purpose: Receipt ====

'''Definition:''' The return of an asset from an employee (Custodian) back to the company/IT Department.

* '''When to use:''' Employee resignation, clearance processing, or when an item is surrendered for repair/replacement.
* '''Action:'''
** '''Source:''' Employee (Custodian).
** '''Target:''' Company Asset Stock (None/IT Warehouse).

==== C. Purpose: Transfer ====

'''Definition:''' Moving an asset from one physical location to another, or changing the Department assignment without issuing to a specific person.

* '''When to use:''' Moving a server from the HQ Server Room to the Branch Office Server Room, or moving shared office equipment (e.g., printer, projector) from one department to another.
* '''Action:'''
** '''Source:''' Current Location / Department (No "From Employee" required).
** '''Target:''' New Location / Department.

==== D. Purpose: Transfer and Issue (Standard Deployment) ====

'''Definition:''' Simultaneously moving an asset from a storage location (Warehouse) to a specific operational location and assigning it to a specific person.

* '''When to use:''' This is the '''most common workflow''' for deploying new hardware. For example, issuing a new laptop from the IT Storage Room directly to a Project Manager at a Client Site.
* '''Action:'''
** '''Source:''' IT Warehouse (Storage).
** '''Target Location:''' Production Floor / Project Site / User Office.
** '''Target Custodian:''' Specific Employee Name.

'''Important Notes:'''

* All '''issuances and receipts''' must have a '''printed receipt''' generated from ERPNext and signed by the custodian. This serves as the official proof of accountability.
* '''Department Accountability:''' When a movement targets a Department/Section (Transfer) but leaves the Employee/Custodian field blank, the '''Department Head or Section Officer''' is automatically considered the accountable person for that asset.

=== 6.3 Maintenance and Repairs ===

# Schedule preventive maintenance under '''Asset Maintenance'''.
# Assign maintenance tasks to the '''Asset Maintenance Team''' and record completion in the '''Asset Maintenance Log'''.
# For defective assets, log under '''Asset Repair''' and track progress until resolution.

=== 6.4 Depreciation and Capitalization ===

# Coordinate with Accounting to configure '''Depreciation Schedules'''.
# Periodically review '''Asset Depreciation and Balances'''.
# Use '''Asset Capitalization''' for conversion of inventory items to fixed assets.

=== 6.5 Disposal and Repurposing ===

# Identify end-of-life assets using '''Model Date''' and depreciation data.
# Securely erase data before repurposing or disposal.
# Update ERPNext and monitoring sheets with final status.

=== 6.6 Reporting and Monitoring ===

* Use '''Asset Dashboard''' and '''Fixed Asset Register''' for real-time asset visibility.
* Filter reports by '''Model Date''' to identify aging assets.
* In the '''Asset DocType''', filter by '''Custodian''' to quickly check if an employee has any assigned assets.
* Update the '''IT Asset Monitoring Sheet''' for audit traceability.

== 7. Documentation ==

* All asset-related transactions and movements must be logged in ERPNext.
* Custom fields ('''Model Date''' and '''Details''') must be included in all asset reports.
* Maintain digital copies of receipts, repair logs, and disposal forms under the Asset Document Attachments section.
* All revisions to ERPNext fields or workflows must be recorded in the '''IT Customization Log'''.

----
'''Version:''' 251030 
'''Maintained by:''' Comfac IT Department 
'''Next Review:''' October 2026

[[Category:ERPNext]]
[[Category:IT Procedures]]
[[Category:Asset Management]]
[[Category:Comfac]]

Manufacturing v16 260125

2026-02-25T07:13:10Z

CITEditor: Created page with "= ERPNext Manufacturing & v16 Features = This page summarizes the features and capabilities of '''ERPNext Version 16 (v16)''', with a focus on Manufacturing and Stock improvements, as presented by an ERPNext developer. '''Video Reference:''' [https://www.youtube.com/watch?v=yF3qjDPMvzQ Manufacturing in ERPNext & v16 Features (YouTube)] == 1. Core Concept and Philosophy == An ERP (Enterprise Resource Planning) system consolidates fragmented and disconnected business p..."

= ERPNext Manufacturing & v16 Features =

This page summarizes the features and capabilities of '''ERPNext Version 16 (v16)''', with a focus on Manufacturing and Stock improvements, as presented by an ERPNext developer.

'''Video Reference:''' [https://www.youtube.com/watch?v=yF3qjDPMvzQ Manufacturing in ERPNext & v16 Features (YouTube)]

== 1. Core Concept and Philosophy ==

An ERP (Enterprise Resource Planning) system consolidates fragmented and disconnected business processes into a single unified system.

* '''Automation:''' A single source of truth means one entry (e.g., a Purchase Invoice) automatically updates multiple ledgers — Suppliers and Stock — reducing manual effort and errors.
* '''Framework:''' ERPNext is built on the '''Frappe Framework''', enabling high customizability for diverse business implementations.

== 2. New Manufacturing & Stock Features (v16) ==

=== Material Requirements Planning (MRP) ===

A significant upgrade from the previous ''Production Plan'' module.

* '''Sales Forecasting:''' Users can forecast demand using the '''Holt-Winters method''', which accounts for market trends and seasonality.
* '''Master Production Schedule (MPS):''' A new document type that integrates sales forecasts, current sales orders, delivery schedules, and item reorder levels.
* '''Automated Planning:''' The system generates a final report identifying exactly when to manufacture finished goods, sub-assemblies, and raw materials to fulfill orders on time.

=== Serial Number & Batch Traceability ===

* '''End-to-End Tracking:''' Provides full genealogy of a product — track a specific serial number from the purchase receipt of raw materials, through manufacturing stock entries, to the final delivery note.

=== Stock Reservation ===

* '''Inventory Locking:''' Prevents stock-outs where items promised to one customer are accidentally sold to another.
* '''Expanded Scope:''' Stock can now be reserved within the '''Production Plan''', '''Subcontracting Order''', and '''Work Order'''. Once reserved, the system blocks that stock from being used elsewhere.

== 3. Subcontracting Inward ==

While ERPNext previously handled outward subcontracting (sending materials to a third party), v16 introduces '''Inward Subcontracting''' — where your business acts as the manufacturer for a customer.

* '''Subcontracted Sales Order:''' Allows businesses to specify services sold and the finished goods to be returned to the customer.
* '''Zero-Value Accounting:''' Since the customer owns the raw materials, the system tracks them for compliance (e.g., e-way bills) but records a '''zero-balance impact''' on the manufacturer's books.
* '''Hybrid Procurement:''' If the manufacturer supplies a few raw materials themselves (e.g., a resistor for a circuit board), the system automatically adds those items to the final Sales Invoice.

== 4. UI/UX and Frappe Framework Updates ==

The Frappe framework has been redesigned for a better user experience:

* '''Redesigned Dashboard & Workspaces:''' Cleaner layout with a new sidebar, updated charts, and app-specific branding and logos.
* '''Revamped List View:''' Rarely used fields (tags, "assigned to") have been de-prioritized to surface key data. The '''Awesome Bar''' (search) has been moved to the top left.
* '''Enhanced Grids (Child Tables):'''
** '''Scrollable Columns:''' Users can add unlimited columns to a row without opening a separate pop-up window.
** '''Sticky Columns:''' Specific columns (e.g., Item Name, Rate) can be pinned so they remain visible while scrolling horizontally.

== 5. Future Roadmap ==

The development team follows a "pick your own work" philosophy, prioritizing features based on community and customer demand.

* '''Under Evaluation:''' '''WMS (Warehouse Management Systems)''' and '''MES (Manufacturing Execution Systems)'''.
* '''Goal:''' To make ERPNext a true end-to-end solution for every business requirement.

== See Also ==

* [[ERPNext Webshop Setup Guide]]

[[Category:ERPNext]]
[[Category:Manufacturing]]
[[Category:Version 16]]
[[Category:Setup Guides]]

ERPNext Webshop Setup Guide

2026-02-25T07:12:11Z

CITEditor:

= ERPNext Webshop: Installation, Bulk Item Management & Setup Guide =

This guide outlines the end-to-end process for installing and populating the ERPNext Webshop, ensuring items are correctly categorized, imported, and visually optimized for both internal administration and the customer-facing storefront.

== Sources ==
* https://docs.frappe.io/erpnext/v13/user/manual/en/ecommerce/set-up-ecommerce
* https://github.com/frappe/webshop
* https://docs.frappe.io/erpnext/v13/user/manual/en/ecommerce/website-item
* https://docs.frappe.io/erpnext/v13/user/manual/en/ecommerce/ecommerce_settings

== Step 1: Install Webshop ==

You can install the Webshop module in two ways:

=== Option 1: Via Bench (Self-hosted) ===
<pre>
bench get-app https://github.com/frappe/webshop
bench --site [your-site-name] install-app webshop
bench restart
</pre>

=== Option 2: Via Frappe Cloud ===
# Go to the '''Frappe Cloud Dashboard'''.
# Choose '''Sites''' or '''Server → Application'''.
# Under '''Apps''', click '''Install App''' and select '''Webshop'''.

== Step 2: Set Up Item Groups ==

You can use the default Item Groups (e.g. ''Products'' or ''Services'') or create new ones.

# Go to '''Item Group List''' and create or edit an Item Group.
# '''Crucial:''' Check the "'''Show in Website'''" box so the group appears in shop navigation.
# Configure the Item Group's '''taxes, terms, and conditions''' for accurate pricing and compliance.

== Step 3: Configure Webshop Settings ==

Navigate to: '''Webshop Settings'''

=== Display Settings ===
* Products per Page: '''24''' (recommended)
* ☑ Enable Variant Selection
* ☑ Show Price
* ☑ Show Contact Us Button
* (Optional) Show Stock Availability
* (Optional) Show Apply Coupon Code
* (Optional) Allow items not in stock to be added to cart

=== Shopping Cart Settings ===
* '''Company:''' Comfac Corporation
* '''Default Customer Group:''' All Customer Groups
* '''Price List:''' Standard Selling
* '''Quotation Series:''' <code>SAL-QTN-YYYY.-</code>
* ☑ Enable Shopping Cart
* (Optional) Allow Non-Website Items in Cart Quotation

=== Checkout Settings ===
* ☑ Show Price in Quotation
* ☑ Save Quotations as Draft
* (Optional) Enable Checkout — activate when payment systems are ready

== Step 4: Bulk Item Creation (Core Item) ==

You must create the '''Item''' entry before the '''Website Item'''.

# Download the '''Item Import Template''' from the Data Import tool.
# Fill in the template using the critical fields below.

=== Critical Item Fields & Defaults ===

{| class="wikitable"
! Field !! Required Value / Default !! Note
|-
| '''Item Code''' || ''Unique SKU'' || Must be correct; this links all records.
|-
| '''Series''' || <code>STO-ITEM-.YYYY.-</code> || Standard naming series.
|-
| '''Item Name''' || ''Product Name'' || Display name for the product.
|-
| '''Item Group''' || ''Category Name'' || Must match a created Item Group.
|-
| '''Default Unit of Measure''' || Unit || Standard UOM.
|-
| '''Maintain Stock''' || 1 || Set to 1 for physical goods.
|-
| '''Standard Selling Rate''' || ''Price'' || The base price of the item.
|-
| '''Description''' || ''Details'' || Internal/Technical description.
|-
| '''Brand''' || ''Manufacturer'' || e.g., Dell, Netgate.
|-
| '''Default Material Request Type''' || Purchase || Standard procurement flow.
|-
| '''Published in Website''' || 1 || '''Mandatory''' for web visibility.
|-
| '''UOM (UOMs)''' || Unit || Child table UOM entry.
|-
| '''Conversion Factor (UOMs)''' || 1 || Relationship to base UOM.
|-
| '''Company (Item Defaults)''' || ''Your Company'' || e.g., Comfac Corporation.
|-
| '''Default Warehouse (Item Defaults)''' || ''Warehouse Name'' || e.g., Stores - CC.
|}

== Step 5: Attaching Item Pictures ==

After the bulk Item upload, attach image files to each record:

# Open the '''Item''' record.
# Use the '''"Attach File"''' button in the sidebar.
# Upload high-resolution product images.
# These attached images are what the Slideshow will eventually "Fetch."

== Step 6: Bulk Website Item Creation ==

The '''Website Item''' is the public face of your product. Use the '''Website Item Import Template'''.

=== Critical Website Item Fields ===

{| class="wikitable"
! Field !! Required Value / Default !! Note
|-
| '''Website Item Name''' || ''Marketing Name'' || The title shown on the webshop.
|-
| '''Item Code''' || ''Matching SKU'' || '''Must match exactly''' the code from Step 4.
|-
| '''Naming Series''' || <code>WEB-ITM-.####</code> || Standard website item series.
|-
| '''Has Variants''' || 0 || Set to 0 for standalone items.
|-
| '''Published''' || 1 || Set to 1 to make it live.
|-
| '''Item Name''' || ''Internal Name'' || Matches the Core Item name.
|-
| '''Item Group''' || ''Category'' || Website category for navigation.
|-
| '''Stock UOM''' || Unit || Must match the Core Item UOM.
|-
| '''Item Description''' || ''Full Details'' || Long-form text for the item page.
|-
| '''Brand''' || ''Manufacturer'' || Displayed for filtering.
|-
| '''Image Description''' || ''Alt Text'' || Used for SEO and accessibility.
|-
| '''Short Website Description''' || ''Teaser'' || Shown in the grid/list view.
|-
| '''Website Description''' || ''Rich Content'' || Detailed marketing description.
|}

== Step 7: Website Slideshows ==

To provide a premium feel, use the '''Website Slideshow''' feature.

# Navigate to '''Website Slideshow'''.
# '''Naming Convention:''' Use the '''Website Item Name''' or '''Item Code''' to name the entry.
# '''Fetch Images:''' Click '''"Fetch attached images from the document"''' — this pulls images attached to the Item record in Step 5.
# '''Link to Website Item:''' Go to the Website Item record → '''Display Images''' section → select your new Slideshow.
# The '''Main Picture''' on the shop page is pulled from the primary attached picture on the Website Item entry.

== Step 8: Bulk Editing & Fine-Tuning ==

Only perform bulk editing ''after'' the initial creation has been inspected and verified.

* Use the '''"Update Records"''' mode in the Data Import tool to adjust prices or descriptions.
* Verify that each item has a unique '''Route''' to avoid 404 errors.
* Once published, products will appear under <code>/all-products</code> by default.

[[Category:ERPNext]]
[[Category:Webshop]]
[[Category:Setup Guides]]