package ist402termproject2.controller;

import ist402termproject2.DomainHistogram;
import ist402termproject2.Model.CSVSorter;
import ist402termproject2.Model.CompanyModel;
import ist402termproject2.Model.Printer;
import ist402termproject2.View.GUIForm;
import ist402termproject2.View.GUIView;
import java.awt.Color;
import java.awt.Component;
import java.awt.event.ActionEvent;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Scanner;
import javax.swing.JFileChooser;
import javax.swing.JPanel;

/* loaded from: input_file:ist402termproject2/controller/GUIController.class */
public class GUIController extends GUIForm {
    private final GUIView guiview;
    private final CompanyModel companymodel;
    Printer printer = new Printer();
    CSVSorter sorter = new CSVSorter();
    String inputFile = "C:\\Users\\jonat\\Documents\\NetBeansProjects\\IST402TermProject2\\QuestionCSV.csv";
    ArrayList<String> automotiveResults = new ArrayList<>();
    ArrayList<String> bankingAndFinanceResults = new ArrayList<>();
    ArrayList<String> lifeSciencesResults = new ArrayList<>();
    ArrayList<String> patentsAndLegalResults = new ArrayList<>();
    ArrayList<String> retailAndECommerceResults = new ArrayList<>();
    ArrayList<String> automotiveResultsInfo = new ArrayList<>();
    ArrayList<String> bankingAndFinanceResultsInfo = new ArrayList<>();
    ArrayList<String> lifeSciencesResultsInfo = new ArrayList<>();
    ArrayList<String> patentsAndLegalResultsInfo = new ArrayList<>();
    ArrayList<String> retailAndECommerceResultsInfo = new ArrayList<>();
    ArrayList<JPanel> automotiveQuestionsPanel = new ArrayList<>();
    ArrayList<JPanel> bankingAndFinanceQuestionsPanel = new ArrayList<>();
    ArrayList<JPanel> lifeSciencesQuestionsPanel = new ArrayList<>();
    ArrayList<JPanel> patentsAndLegalQuestionsPanel = new ArrayList<>();
    ArrayList<JPanel> retailAndECommerceQuestionsPanel = new ArrayList<>();
    ArrayList<JPanel> domainTab = new ArrayList<>();
    ArrayList<String> companyInput = new ArrayList<>();
    ArrayList<String> allAnswers = new ArrayList<>();
    ArrayList<String> domainCountry = new ArrayList<>();
    ArrayList<String> allAnswersDB2 = new ArrayList<>();
    ArrayList<String> allAnswersDB3 = new ArrayList<>();
    int currentIndex = 0;
    private int automotiveQuestionsIndex = 0;
    private int bankingAndFinanceQuestionsIndex = 0;
    private int lifeSciencesQuestionsIndex = 0;
    private int patentsAndLegalQuestionsIndex = 0;
    private int retailAndECommerceQuestionsIndex = 0;

    public GUIController(GUIView gUIView, CompanyModel companyModel) {
        this.guiview = gUIView;
        this.companymodel = companyModel;
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ1());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ2());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ3());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ4());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ5());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ6());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ7());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ8());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ9());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveQ10());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveResults());
        this.automotiveQuestionsPanel.add(gUIView.guiForm().getAutomotiveGraph());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ1());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ2());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ3());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ4());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ5());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ6());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ7());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ8());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ9());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceQ10());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceResults());
        this.bankingAndFinanceQuestionsPanel.add(gUIView.guiForm().getBankingAndFinanceGraph());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ1());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ2());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ3());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ4());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ5());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ6());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ7());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ8());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ9());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesQ10());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesResults());
        this.lifeSciencesQuestionsPanel.add(gUIView.guiForm().getLifeSciencesGraph());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ1());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ2());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ3());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ4());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ5());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ6());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ7());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ8());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ9());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalQ10());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalResults());
        this.patentsAndLegalQuestionsPanel.add(gUIView.guiForm().getPatentsAndLegalGraph());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ1());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ2());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ3());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ4());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ5());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ6());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ7());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ8());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ9());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceQ10());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceResults());
        this.retailAndECommerceQuestionsPanel.add(gUIView.guiForm().getRetailAndECommerceGraph());
        this.domainTab.add(gUIView.guiForm().getAutomotiveTab());
        this.domainTab.add(gUIView.guiForm().getBankingAndFinanceTab());
        this.domainTab.add(gUIView.guiForm().getLifeSciencesTab());
        this.domainTab.add(gUIView.guiForm().getPatentsAndLegalTab());
        this.domainTab.add(gUIView.guiForm().getRetailAndECommerceTab());
        gUIView.guiForm().getAutomotiveTab().setVisible(false);
        gUIView.guiForm().getBankingAndFinanceTab().setVisible(false);
        gUIView.guiForm().getLifeSciencesTab().setVisible(false);
        gUIView.guiForm().getPatentsAndLegalTab().setVisible(false);
        gUIView.guiForm().getRetailAndECommerceTab().setVisible(false);
        new Scanner(System.in);
        JFileChooser jFileChooser = new JFileChooser();
        gUIView.guiForm().getChooseFile().addActionListener(actionEvent -> {
            jFileChooser.showSaveDialog((Component) null);
            System.out.println("select file");
            System.out.println(jFileChooser.getSelectedFile().getName());
        });
        gUIView.guiForm().getCompanyInfoSubmit().addActionListener(actionEvent2 -> {
            gUIView.guiForm().getCompanyNameError().setText("");
            gUIView.guiForm().getCompanyNumberError().setText("");
            gUIView.guiForm().getCompanyStreetAddressError().setText("");
            gUIView.guiForm().getCompanyCityError().setText("");
            gUIView.guiForm().getCompanyStateError().setText("");
            gUIView.guiForm().getCompanyCountryError().setText("");
            gUIView.guiForm().getCompanyZipCodeError().setText("");
            gUIView.guiForm().getCompanyDomainError().setText("");
            String text = gUIView.guiForm().getCompanyZipCode().getText();
            if (gUIView.guiForm().getCompanyName().getText().isBlank()) {
                gUIView.guiForm().getCompanyNameError().setText("(required)");
                gUIView.guiForm().getCompanyNameError().setForeground(Color.RED);
            }
            if (gUIView.guiForm().getCompanyNumber().getText().isBlank()) {
                gUIView.guiForm().getCompanyNumberError().setText("(required)");
                gUIView.guiForm().getCompanyNumberError().setForeground(Color.RED);
            }
            if (gUIView.guiForm().getCompanyStreetAddress().getText().isBlank()) {
                gUIView.guiForm().getCompanyStreetAddressError().setText("(required)");
                gUIView.guiForm().getCompanyStreetAddressError().setForeground(Color.RED);
            }
            if (gUIView.guiForm().getCompanyCity().getText().isBlank()) {
                gUIView.guiForm().getCompanyCityError().setText("(required)");
                gUIView.guiForm().getCompanyCityError().setForeground(Color.RED);
            }
            if (gUIView.guiForm().getCompanyState().getText().isBlank()) {
                gUIView.guiForm().getCompanyStateError().setText("(required)");
                gUIView.guiForm().getCompanyStateError().setForeground(Color.RED);
            }
            if (gUIView.guiForm().getCompanyCountry().getSelectedIndex() == 0) {
                gUIView.guiForm().getCompanyCountryError().setText("(required)");
                gUIView.guiForm().getCompanyCountryError().setForeground(Color.RED);
            }
            if (blankOrNotInt(text)) {
                gUIView.guiForm().getCompanyZipCodeError().setText("(required)");
                gUIView.guiForm().getCompanyZipCodeError().setForeground(Color.RED);
            }
            if (gUIView.guiForm().getCompanyDomain().getSelectedIndex() == 0) {
                gUIView.guiForm().getCompanyDomainError().setText("(required)");
                gUIView.guiForm().getCompanyDomainError().setForeground(Color.RED);
            }
            if (gUIView.guiForm().getCompanyName().getText().isBlank() || gUIView.guiForm().getCompanyNumber().getText().isBlank() || gUIView.guiForm().getCompanyStreetAddress().getText().isBlank() || gUIView.guiForm().getCompanyCity().getText().isBlank() || gUIView.guiForm().getCompanyState().getText().isBlank() || gUIView.guiForm().getCompanyCountry().getSelectedIndex() <= 0 || !isNotBlankAndIsInt(text) || gUIView.guiForm().getCompanyDomain().getSelectedIndex() <= 0) {
                return;
            }
            switch (gUIView.guiForm().getCompanyDomain().getSelectedIndex()) {
                case 1:
                    String str = (String) gUIView.guiForm().getCompanyCountry().getSelectedItem();
                    String str2 = (String) gUIView.guiForm().getCompanyDomain().getSelectedItem();
                    this.companyInput.add(gUIView.guiForm().getCompanyName().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyNumber().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyStreetAddress().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyAptOptional().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyCity().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyState().getText());
                    this.companyInput.add(str);
                    this.companyInput.add(gUIView.guiForm().getCompanyZipCode().getText());
                    this.companyInput.add(str2);
                    this.allAnswers.addAll(this.companyInput);
                    this.domainCountry.add(str2);
                    this.domainCountry.add(str);
                    this.allAnswersDB2.addAll(this.domainCountry);
                    this.allAnswersDB3.add(str2);
                    gUIView.guiForm().getCompanyInfoTab().setVisible(false);
                    gUIView.guiForm().getAutomotiveTab().setVisible(true);
                    gUIView.guiForm().getBankingAndFinanceTab().setVisible(false);
                    gUIView.guiForm().getLifeSciencesTab().setVisible(false);
                    gUIView.guiForm().getPatentsAndLegalTab().setVisible(false);
                    gUIView.guiForm().getRetailAndECommerceTab().setVisible(false);
                    return;
                case 2:
                    String str3 = (String) gUIView.guiForm().getCompanyCountry().getSelectedItem();
                    String str4 = (String) gUIView.guiForm().getCompanyDomain().getSelectedItem();
                    this.companyInput.add(gUIView.guiForm().getCompanyName().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyNumber().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyStreetAddress().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyAptOptional().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyCity().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyState().getText());
                    this.companyInput.add(str3);
                    this.companyInput.add(gUIView.guiForm().getCompanyZipCode().getText());
                    this.companyInput.add(str4);
                    this.allAnswers.addAll(this.companyInput);
                    this.domainCountry.add(str4);
                    this.domainCountry.add(str3);
                    this.allAnswersDB2.addAll(this.domainCountry);
                    this.allAnswersDB3.add(str4);
                    gUIView.guiForm().getCompanyInfoTab().setVisible(false);
                    gUIView.guiForm().getAutomotiveTab().setVisible(false);
                    gUIView.guiForm().getBankingAndFinanceTab().setVisible(true);
                    gUIView.guiForm().getLifeSciencesTab().setVisible(false);
                    gUIView.guiForm().getPatentsAndLegalTab().setVisible(false);
                    gUIView.guiForm().getRetailAndECommerceTab().setVisible(false);
                    return;
                case 3:
                    String str5 = (String) gUIView.guiForm().getCompanyCountry().getSelectedItem();
                    String str6 = (String) gUIView.guiForm().getCompanyDomain().getSelectedItem();
                    this.companyInput.add(gUIView.guiForm().getCompanyName().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyNumber().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyStreetAddress().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyAptOptional().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyCity().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyState().getText());
                    this.companyInput.add(str5);
                    this.companyInput.add(gUIView.guiForm().getCompanyZipCode().getText());
                    this.companyInput.add(str6);
                    this.allAnswers.addAll(this.companyInput);
                    this.domainCountry.add(str6);
                    this.domainCountry.add(str5);
                    this.allAnswersDB2.addAll(this.domainCountry);
                    this.allAnswersDB3.add(str6);
                    gUIView.guiForm().getCompanyInfoTab().setVisible(false);
                    gUIView.guiForm().getAutomotiveTab().setVisible(false);
                    gUIView.guiForm().getBankingAndFinanceTab().setVisible(false);
                    gUIView.guiForm().getLifeSciencesTab().setVisible(true);
                    gUIView.guiForm().getPatentsAndLegalTab().setVisible(false);
                    gUIView.guiForm().getRetailAndECommerceTab().setVisible(false);
                    return;
                case 4:
                    String str7 = (String) gUIView.guiForm().getCompanyCountry().getSelectedItem();
                    String str8 = (String) gUIView.guiForm().getCompanyDomain().getSelectedItem();
                    this.companyInput.add(gUIView.guiForm().getCompanyName().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyNumber().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyStreetAddress().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyAptOptional().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyCity().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyState().getText());
                    this.companyInput.add(str7);
                    this.companyInput.add(gUIView.guiForm().getCompanyZipCode().getText());
                    this.companyInput.add(str8);
                    this.allAnswers.addAll(this.companyInput);
                    this.domainCountry.add(str8);
                    this.domainCountry.add(str7);
                    this.allAnswersDB2.addAll(this.domainCountry);
                    this.allAnswersDB3.add(str8);
                    gUIView.guiForm().getCompanyInfoTab().setVisible(false);
                    gUIView.guiForm().getAutomotiveTab().setVisible(false);
                    gUIView.guiForm().getBankingAndFinanceTab().setVisible(false);
                    gUIView.guiForm().getLifeSciencesTab().setVisible(false);
                    gUIView.guiForm().getPatentsAndLegalTab().setVisible(true);
                    gUIView.guiForm().getRetailAndECommerceTab().setVisible(false);
                    return;
                case 5:
                    String str9 = (String) gUIView.guiForm().getCompanyCountry().getSelectedItem();
                    String str10 = (String) gUIView.guiForm().getCompanyDomain().getSelectedItem();
                    this.companyInput.add(gUIView.guiForm().getCompanyName().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyNumber().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyStreetAddress().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyAptOptional().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyCity().getText());
                    this.companyInput.add(gUIView.guiForm().getCompanyState().getText());
                    this.companyInput.add(str9);
                    this.companyInput.add(gUIView.guiForm().getCompanyZipCode().getText());
                    this.companyInput.add(str10);
                    this.allAnswers.addAll(this.companyInput);
                    this.domainCountry.add(str10);
                    this.domainCountry.add(str9);
                    this.allAnswersDB2.addAll(this.domainCountry);
                    this.allAnswersDB3.add(str10);
                    gUIView.guiForm().getCompanyInfoTab().setVisible(false);
                    gUIView.guiForm().getAutomotiveTab().setVisible(false);
                    gUIView.guiForm().getBankingAndFinanceTab().setVisible(false);
                    gUIView.guiForm().getLifeSciencesTab().setVisible(false);
                    gUIView.guiForm().getPatentsAndLegalTab().setVisible(false);
                    gUIView.guiForm().getRetailAndECommerceTab().setVisible(true);
                    return;
                default:
                    return;
            }
        });
        gUIView.guiForm().getAutomotiveSubmitButton().addActionListener(actionEvent3 -> {
            gUIView.guiForm().getAutomotiveResultsOutput().setText("");
            boolean isSelected = gUIView.guiForm().getAutomotiveQ1Y().isSelected();
            boolean isSelected2 = gUIView.guiForm().getAutomotiveQ1N().isSelected();
            boolean isSelected3 = gUIView.guiForm().getAutomotiveQ2Y().isSelected();
            boolean isSelected4 = gUIView.guiForm().getAutomotiveQ2N().isSelected();
            boolean isSelected5 = gUIView.guiForm().getAutomotiveQ3Y().isSelected();
            boolean isSelected6 = gUIView.guiForm().getAutomotiveQ3N().isSelected();
            boolean isSelected7 = gUIView.guiForm().getAutomotiveQ4Y().isSelected();
            boolean isSelected8 = gUIView.guiForm().getAutomotiveQ4N().isSelected();
            boolean isSelected9 = gUIView.guiForm().getAutomotiveQ5Y().isSelected();
            boolean isSelected10 = gUIView.guiForm().getAutomotiveQ5N().isSelected();
            boolean isSelected11 = gUIView.guiForm().getAutomotiveQ6Y().isSelected();
            boolean isSelected12 = gUIView.guiForm().getAutomotiveQ6N().isSelected();
            boolean isSelected13 = gUIView.guiForm().getAutomotiveQ7Y().isSelected();
            boolean isSelected14 = gUIView.guiForm().getAutomotiveQ7N().isSelected();
            boolean isSelected15 = gUIView.guiForm().getAutomotiveQ8Y().isSelected();
            boolean isSelected16 = gUIView.guiForm().getAutomotiveQ8N().isSelected();
            boolean isSelected17 = gUIView.guiForm().getAutomotiveQ9Y().isSelected();
            boolean isSelected18 = gUIView.guiForm().getAutomotiveQ9N().isSelected();
            boolean isSelected19 = gUIView.guiForm().getAutomotiveQ10Y().isSelected();
            boolean isSelected20 = gUIView.guiForm().getAutomotiveQ10N().isSelected();
            this.automotiveResults.clear();
            this.automotiveResultsInfo.clear();
            if (isSelected) {
                this.automotiveResultsInfo.add("Yes");
                this.automotiveResults.add("Question 1: Yes\n\nCompliance: 4 General Cybersecurity Best Practices G.1\n\nLevel of Importance: Most Critical\n\nReasoning: Adherence to NIST's Cybersecurity Framework (2.0) can provide a very comprehensive approach\nto cybersecurity management.  The more closely it is followed, the greater chances of success for an\nautomotive organization's cybersecurity goals.  This is a way to develop layed cybersecurity protections\nfor vehicles that are aligned with best industry practices with standards that are recognized internationally.\n\nCybersecurity Framework (2.0):\n\nhttps://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf\n\nDescription:\nThe automotive industry should follow the National Institute of Standards and Technology’s (NIST’s)\ndocumented Cybersecurity Framework, which is structured around the five principal functions, “Identify,\nProtect, Detect, Respond, and Recover,” to build a comprehensive and systematic approach to developing\nlayered cybersecurity protections for vehicles.\n\n(OPTIONAL)\nHow to Further Comply:\nFollow NIST's Cybersecurity Framework when developing layered cybersecurity protections for vehicles.\n\nAdditional Concerns (PLEASE READ):\nCybersecurity Framework (2.0): https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-20/ipd\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
            } else if (isSelected2) {
                this.automotiveResults.add("Question 1: No\n\nCompliance: 4 General Cybersecurity Best Practices G.1\n\nLevel of Importance: Most Critical\n\nReasoning: Adherence to NIST's Cybersecurity Framework (2.0) can provide a very comprehensive approach\nto cybersecurity management.  The more closely it is followed, the greater chances of success for an\nautomotive organization's cybersecurity goals.  This is a way to develop layed cybersecurity protections\nfor vehicles that are aligned with best industry practices with standards that are recognized internationally.\n\nDescription:\nThe automotive industry should follow the National Institute of Standards and Technology’s (NIST’s)\ndocumented Cybersecurity Framework, which is structured around the five principal functions, “Identify,\nProtect, Detect, Respond, and Recover,” to build a comprehensive and systematic approach to developing\nlayered cybersecurity protections for vehicles.\n\n(REQUIRED)\nHow to Further Comply:\nFollow NIST's Cybersecurity Framework when developing layered cybersecurity protections for vehicles.\n\nAdditional Concerns (PLEASE READ):\nCybersecurity Framework (2.0): https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-20/ipd\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if (isSelected3) {
                this.automotiveResults.add("Question 2: Yes\n\nCompliance: 4.1 Leadership Priority on Product Cybersecurity G.2\n\nLevel of Importance: Most Critical.\n\nReasoning: The NIST Cybersecurity Framework is arguably the most all-encompassing NIST document relating\nto cybersecurity and features a comprehensive list of controls organizations can utilize to increase\ncybersecurity.  The five main components of the NIST Cybersecurity Framework are: Identify, Protect,\nDetect, Respond, Recover.\n\nInability to allocate resources that are focused on research, investigation, implementation, testing,\nand validation means that an organization cannot even begin to effectively manage cyber threats and\nincidents, let alone prepare for them.  Allocating these resources falls under the category of \"Identify\"\nand \"Protect\".\n\nhttps://www.nist.gov/cyberframework\n\nDescription:\nAllocating dedicated resources within the organization focused on researching, investigating, implementing,\ntesting, and validating product cybersecurity measures and vulnerabilities\n\n(OPTIONAL)\nHow to Further Comply:\nAssign roles to different individuals to research, investigate, implement, test, and validate.\n\nAdditional Concerns (PLEASE READ):\n\"NIST SP 800-160 Vol. 2 Rev. 1\nDeveloping Cyber-Resilient Systems: A Systems Security Engineering Approach:\nhttps://csrc.nist.gov/pubs/sp/800/160/v2/r1/final\n\nISO/SAE 21424 - Road Vehicles & Cybersecurity Engineering:\nhttps://www.iso.org/standard/70918.html \"\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("Yes");
            } else if (isSelected4) {
                this.automotiveResults.add("Question 2: No\n\nCompliance: 4.1 Leadership Priority on Product Cybersecurity G.2\n\nLevel of Importance: Most Critical.\n\nReasoning: The NIST Cybersecurity Framework is arguably the most all-encompassing NIST document relating\nto cybersecurity and features a comprehensive list of controls organizations can utilize to increase\ncybersecurity.  The five main components of the NIST Cybersecurity Framework are: Identify, Protect,\nDetect, Respond, Recover.\n\nInability to allocate resources that are focused on research, investigation, implementation, testing,\nand validation means that an organization cannot even begin to effectively manage cyber threats and\nincidents, let alone prepare for them.  Allocating these resources falls under the category of \"Identify\"\nand \"Protect\".\n\nhttps://www.nist.gov/cyberframework\n\nDescription:\nAllocating dedicated resources within the organization focused on researching, investigating, implementing,\ntesting, and validating product cybersecurity measures and vulnerabilities\n\n(REQUIRED)\nHow to Further Comply:\nAssign roles to different individuals to research, investigate, implement, test, and validate.\n\nAdditional Concerns (PLEASE READ):\n\"NIST SP 800-160 Vol. 2 Rev. 1\nDeveloping Cyber-Resilient Systems: A Systems Security Engineering Approach:\nhttps://csrc.nist.gov/pubs/sp/800/160/v2/r1/final\n\nISO/SAE 21424 - Road Vehicles & Cybersecurity Engineering:\nhttps://www.iso.org/standard/70918.html \"\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if (isSelected5) {
                this.automotiveResults.add("Question 3: Yes\n\nCompliance: 4.1 Leadership Priority on Product Cybersecurity G.2\n\nLevel of Importance:Least Critical\n\nReasoning: While facilitating seamless and direct communication channels through organizational ranks related to product\ncybersecurity matters is an important concept, it is ranked lower on the list because there are issues that can be raisaed\nwith separation of duties, protecting information that is controlled or new information that should be controlled, and the\nconcept of the security of communication.  It can be argued that certain organizational ranks need to know different amounts\nof information in order to do their jobs effectively.\n\nNIST SP 800-171 Rev. 2\nProtecting Controlled Unclassified Information in Nonfederal Systems & Orgs.\nhttps://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final\n\nNIST SP 800-53B:\nControl Baselines for Information Systems & Organizations\nhttps://csrc.nist.gov/pubs/sp/800/53/b/upd1/final\n\nDescription:\nFacilitating seamless and direct communication channels through organizational ranks related to product cybersecurity matters\n\n(OPTIONAL)\nHow to Further Comply:\nDevelop a clear IT chain-of-command, organized by rank or responsibilities.\n\nAdditional Concerns (PLEASE READ):\n\"NIST SP 800-161 Rev. 1\nCybersecurity Supply Chain Risk Management Practices for Systems and Organizations:\nhttps://csrc.nist.gov/pubs/sp/800/161/r1/final\"\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("Yes");
            } else if (isSelected6) {
                this.automotiveResults.add("Question 3: No\n\nCompliance: 4.1 Leadership Priority on Product Cybersecurity G.2\n\nReasoning: While facilitating seamless and direct communication channels through organizational ranks related to product\ncybersecurity matters is an important concept, it is ranked lower on the list because there are issues that can be raisaed\nwith separation of duties, protecting information that is controlled or new information that should be controlled, and the\nconcept of the security of communication.  It can be argued that certain organizational ranks need to know different amounts\nof information in order to do their jobs effectively.\n\nNIST SP 800-171 Rev. 2\nProtecting Controlled Unclassified Information in Nonfederal Systems & Orgs.\nhttps://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final\n\nNIST SP 800-53B:\nControl Baselines for Information Systems & Organizations\nhttps://csrc.nist.gov/pubs/sp/800/53/b/upd1/final\n\nDescription:\nFacilitating seamless and direct communication channels through organizational ranks related to product cybersecurity matters\n\n(REQUIRED)\nHow to Further Comply:\nDevelop a clear IT chain-of-command, organized by rank or responsibilities.\n\nAdditional Concerns (PLEASE READ):\n\"NIST SP 800-161 Rev. 1\nCybersecurity Supply Chain Risk Management Practices for Systems and Organizations:\nhttps://csrc.nist.gov/pubs/sp/800/161/r1/final\"\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if (isSelected7) {
                this.automotiveResults.add("Question 4: Yes\n\nCompliance: 4.1 Leadership Priority on Product Cybersecurity G.2\n\nLevel of Importance: Least Critical.\n\nReasoning: While the enabling of an independent voice for vehicle cybersecurity-related considerations is important,\nthis is listed last because it is very specific and supplementary compared to other risk management practices\nthat are mentioned in the other regulations.  While independent voices are generally good measures of due\ndilligence, a successful cybersecurity-minded design process can be successfully achieved with a voice that\nis not independent, with the right amount of skill and expertise.\n\nISO/SAE 21424: Road Vehicles\nhttps://www.iso.org/standard/70918.html\n\nNIST SP 800-160 Vol. 2 Rev. 1\nhttps://csrc.nist.gov/pubs/sp/800/160/v2/r1/final\n\nDescription:\nEnabling an independent voice for vehicle cybersecurity-related considerations within the vehicle safety design process.\n\n(OPTIONAL)\nHow to Further Comply:\nEstablish a strong and profesional cybersecurity team with cross-functional collaboration,\nconduct independent cybersecurity reviews, establish reporting channels, and document cybersecurity considerations.\n\nAdditional Concerns (PLEASE READ):\n\"NIST SP 800-82 Rev. 3\nGuide to Operational Technology (OT) Security:\nhttps://csrc.nist.gov/pubs/sp/800/82/r3/final\"\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("Yes");
            } else if (isSelected8) {
                this.automotiveResults.add("Question 4: No\n\nCompliance: 4.1 Leadership Priority on Product Cybersecurity G.2\n\nLevel of Importance: Least Critical.\n\nWhile the enabling of an independent voice for vehicle cybersecurity-related considerations is important,\nthis is listed last because it is very specific and supplementary compared to other risk management practices\nthat are mentioned in the other regulations.  While independent voices are generally good measures of due\ndilligence, a successful cybersecurity-minded design process can be successfully achieved with a voice that\nis not independent, with the right amount of skill and expertise.\n\nISO/SAE 21424: Road Vehicles\nhttps://www.iso.org/standard/70918.html\n\nNIST SP 800-160 Vol. 2 Rev. 1\nhttps://csrc.nist.gov/pubs/sp/800/160/v2/r1/final\n\nDescription:\nEnabling an independent voice for vehicle cybersecurity-related considerations within the vehicle safety design process.\n\n(REQUIRED)\nHow to Further Comply:\nEstablish a strong and profesional cybersecurity team with cross-functional collaboration,\nconduct independent cybersecurity reviews, establish reporting channels, and document cybersecurity considerations.\n\nAdditional Concerns (PLEASE READ):\n\"NIST SP 800-82 Rev. 3\nGuide to Operational Technology (OT) Security:\nhttps://csrc.nist.gov/pubs/sp/800/82/r3/final\"\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if (isSelected9) {
                this.automotiveResults.add("Question 5: Yes\n\nCompliance: 4.2.1 Process G.3\n\nLevel of Importance: Highly Critical.\n\nReasoning: Following a robust product development process, that is based on a systems-engineering approach, must have the\ngoal of designing systems free of unreasonable safety.\n\nDescription:\nThe automotive industry should follow a robust product development process based on a systems-engineering approach with\nthe goal of designing systems free of unreasonable safety risks, including those from potential cybersecurity threats and vulnerabilities.\n\n(OPTIONAL)\nHow to Further Comply:\nAdopting a risk management framework with SDLs and threat modeling, performing security testing and validation, with\nproper cybersecurity training and awareness followed by independent security reviews.  Following cybersecurity frameworks\nwith strong employee awareness\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-82 Rev. 3\nGuide to Operational Technology (OT) Security:\nhttps://csrc.nist.gov/pubs/sp/800/82/r3/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("Yes");
            } else if (isSelected10) {
                this.automotiveResults.add("Question 5: No\n\nCompliance: 4.2.1 Process G.3\n\nLevel of Importance: Highly Critical.\n\nReasoning: Following a robust product development process, that is based on a systems-engineering approach, must have the\ngoal of designing systems free of unreasonable safety.\n\nDescription:\nThe automotive industry should follow a robust product development process based on a systems-engineering approach with\nthe goal of designing systems free of unreasonable safety risks, including those from potential cybersecurity threats\nand vulnerabilities.\n\n(REQUIRED)\nHow to Further Comply:\nAdopting a risk management framework with SDLs and threat modeling, performing security testing and validation, with\nproper cybersecurity training and awareness followed by independent security reviews.  Following cybersecurity frameworks\nwith strong employee awareness\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-82 Rev. 3\nGuide to Operational Technology (OT) Security:\nhttps://csrc.nist.gov/pubs/sp/800/82/r3/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if (isSelected11) {
                this.automotiveResults.add("Question 6: Yes\n\nCompliance: 4.2.2 Risk Assessment G.4\n\nLevel of Importance: Moderately Critical.\n\nReasoning: Processes that should include a cybersecurity risk assessment step that is appropriate and reflects mitigation of\nrisk is important and is the cornerstone from which other regulations in this category are built.  While having the resources\nto ensure occupant safety and risks to safety are more important than a cybersecurity risk assessment, this regulation is\nstill critical because complying with other regulations aren't possible without first being compliant in this.\nNIST's SP 800-53 details risk assessments and their importance. Specifically, controls such as RA-3 (Risk Assessment),\nRA-4 (Risk Assessment Update), and RA-5 (Vulnerability Scanning) emphasize the importance of continuous risk assessment\nthroughout the system development lifecycle.  DHS's \"Best Cybersecurity Pratices\" provides othe recommendations to enhance\ncybersecurity in vehicles.\n\nNIST SP 800-53: Security & Privacy Controls for Information Systems & Organizations\nhttps://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\n\nDHS Automotive Cybersecurity Best Practices:\nhttps://www.federalregister.gov/documents/2022/09/09/2022-19507/cybersecurity-best-practices-for-the-safety-of-modern-vehicles\n\nDescription:\nThis process should include a cybersecurity risk assessment step that is appropriate and reflects mitigation of risk for\nthe full lifecycle of the vehicle.\n\n(OPTIONAL)\nHow to Further Comply:\nAdopting a comprehensive risk assessment process that identifies threats and vulnerabilities, prioritizes and mitigates risk,\nand includes incident response and recovery plans.  Take considerations on establishing requirements for partners, suppliers,\nand organizational synergies for cybersecurity\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-34 Rev. 1\nContingency Planning Guide for Federal Information Systems:\nhttps://csrc.nist.gov/pubs/sp/800/34/r1/upd1/final\n\nNIST SP 800-37 Rev. 2\nRisk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy:\nhttps://csrc.nist.gov/pubs/sp/800/37/r2/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("Yes");
            } else if (isSelected12) {
                this.automotiveResults.add("Question 6: No\n\nCompliance: 4.2.2 Risk Assessment G.4\n\nLevel of Importance: Moderately Critical.\n\nReasoning: Processes that should include a cybersecurity risk assessment step that is appropriate and reflects mitigation of\nrisk is important and is the cornerstone from which other regulations in this category are built.  While having the resources\nto ensure occupant safety and risks to safety are more important than a cybersecurity risk assessment, this regulation is\nstill critical because complying with other regulations aren't possible without first being compliant in this.\nNIST's SP 800-53 details risk assessments and their importance. Specifically, controls such as RA-3 (Risk Assessment),\nRA-4 (Risk Assessment Update), and RA-5 (Vulnerability Scanning) emphasize the importance of continuous risk assessment\nthroughout the system development lifecycle.  DHS's \"Best Cybersecurity Pratices\" provides othe recommendations to enhance\ncybersecurity in vehicles.\n\nNIST SP 800-53: Security & Privacy Controls for Information Systems & Organizations\nhttps://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\n\nDHS Automotive Cybersecurity Best Practices:\nhttps://www.federalregister.gov/documents/2022/09/09/2022-19507/cybersecurity-best-practices-for-the-safety-of-modern-vehicles\n\n(REQUIRED)\nHow to Further Comply:\nAdopting a comprehensive risk assessment process that identifies threats and vulnerabilities, prioritizes and mitigates risk,\nand includes incident response and recovery plans.  Take considerations on establishing requirements for partners, suppliers,\nand organizational synergies for cybersecurity\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-34 Rev. 1\nContingency Planning Guide for Federal Information Systems:\nhttps://csrc.nist.gov/pubs/sp/800/34/r1/upd1/final\n\nNIST SP 800-37 Rev. 2\nRisk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy:\nhttps://csrc.nist.gov/pubs/sp/800/37/r2/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if (isSelected13) {
                this.automotiveResults.add("Question 7: Yes\n\nCompliance: 4.2.2 Risk Assessment G.5\n\nLevel of Importance: Highly Critical.\n\nReasoning: Safety of vehicle occupants and road users are of critical importance in every sense of the word.\nPutting everything aside about motorized transportation, vehicle occupants need to be able to travel from\none point to another safely.  When conducting risk assessments, this needs to always remain the number 1\npriority.  For this reason, it is placed quite high on the list.\n\nFMVSS No. 208: Occupant Crash Protection\nhttps://www.ecfr.gov/current/title-49/subtitle-B/chapter-V/part-571/subpart-B/section-571.208\n\nDescription:\nSafety of vehicle occupants and other road users should be of primary consideration when assessing risks\n\n(OPTIONAL)\nHow to Further Comply:\nEnsure risk assessments are safety-centric first and foremost, make secure safety requirements have strong\ntraceability with user-centric design principles.  Organization should develop a strong culture of safety,\ntraining, and transparency that contiunuously improves.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-30 Rev. 1\nGuide for Conducting Risk Assessments:\nhttps://csrc.nist.gov/pubs/sp/800/30/r1/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("Yes");
            } else if (isSelected14) {
                this.automotiveResults.add("Question 7: No\n\nCompliance: 4.2.2 Risk Assessment G.5\n\nLevel of Importance: Highly Critical.\n\nReasoning: Safety of vehicle occupants and road users are of critical importance in every sense of the word.\nPutting everything aside about motorized transportation, vehicle occupants need to be able to travel from\none point to another safely.  When conducting risk assessments, this needs to always remain the number 1\npriority.  For this reason, it is placed quite high on the list.\n\nFMVSS No. 208: Occupant Crash Protection\nhttps://www.ecfr.gov/current/title-49/subtitle-B/chapter-V/part-571/subpart-B/section-571.208\n\n(REQUIRED)\nHow to Further Comply:\nEnsure risk assessments are safety-centric first and foremost, make secure safety requirements have strong\ntraceability with user-centric design principles.  Organization should develop a strong culture of safety,\ntraining, and transparency that contiunuously improves.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-30 Rev. 1\nGuide for Conducting Risk Assessments:\nhttps://csrc.nist.gov/pubs/sp/800/30/r1/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if (isSelected15) {
                this.automotiveResults.add("Question 8: Yes\n\nCompliance: 4.2.3 Sensor Vulnerability Risks G.6\n\nLevel of Importance: Moderately Critical.\n\nReasoning: The risks associated with sensor vulnerabilities and sensor signal manipulation are of\nmentionable importance.  While less important than overall safety and cybersecurity, risks to sensor\nmanipulations are present in society today.  The European Union's General Data Protection Regulations\noutline in Recital 49 the need for data controllers to implement appropriate technical and\norganizational measures to ensure a level of security appropriate to the risk while maintaining\nappropriate confidentiality, availability, and integrity.\n\nGDPR Recital 49:\nhttps://gdpr-info.eu/recitals/no-49/\n\nDescription:\nManufacturers should consider the risks associated with sensor vulnerabilities and potential sensor\nsignal manipulation efforts such as GPS spoofing, road sign modification, Lidar/Radar jamming and spoofing,\ncamera blinding, and excitation of machine learning false positives.\n\n(OPTIONAL)\nHow to Further Comply:\nStrong security requirement specifications and secure sensor designs and detection systems that revolve\naround threat modeling, integrated redundancy and diversity, and regular auditing and testing with\nincident response and recovery plans.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-53 Rev. 5\nSecurity and Privacy Controls for Information Systems and Organizations: https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\n\nSAE J3061: Cyber-Physical Vehicle Sytems:\nhttps://www.sae.org/standards/content/j3061_201601/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("Yes");
            } else if (isSelected16) {
                this.automotiveResults.add("Question 8: No\n\nCompliance: 4.2.3 Sensor Vulnerability Risks G.6\n\nLevel of Importance: Moderately Critical.\n\nReasoning: The risks associated with sensor vulnerabilities and sensor signal manipulation are of\nmentionable importance.  While less important than overall safety and cybersecurity, risks to sensor\nmanipulations are present in society today.  The European Union's General Data Protection Regulations\noutline in Recital 49 the need for data controllers to implement appropriate technical and\norganizational measures to ensure a level of security appropriate to the risk while maintaining\nappropriate confidentiality, availability, and integrity.\n\nGDPR Recital 49:\nhttps://gdpr-info.eu/recitals/no-49/\n\nDescription:\nManufacturers should consider the risks associated with sensor vulnerabilities and potential sensor\nsignal manipulation efforts such as GPS spoofing, road sign modification, Lidar/Radar jamming and spoofing,\ncamera blinding, and excitation of machine learning false positives.\n\n(REQUIRED)\nHow to Further Comply:\nStrong security requirement specifications and secure sensor designs and detection systems that revolve\naround threat modeling, integrated redundancy and diversity, and regular auditing and testing with\nincident response and recovery plans.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-53 Rev. 5\nSecurity and Privacy Controls for Information Systems and Organizations: https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\n\nSAE J3061: Cyber-Physical Vehicle Sytems:\nhttps://www.sae.org/standards/content/j3061_201601/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if (isSelected17) {
                this.automotiveResults.add("Question 9: Yes\n\nCompliance: 4.2.4 Removal or Mitigation of Safety-Critical Risks G.7\n\nLevel of Importance: Moderately-low criticality.\n\nReasoning: While all unecessary risks need not be completely removed, it is possible for some risks to be mitigated\nor satisfied in the design process.  FMVSS No. 208 details requirements for airbags and seatbelts, as well as FMVSS\nNo. 126 for vehicle skidding and loss of control.  Compliance with these regulations help to mitigate risk in these\nareas.  While it may be difficult to completely eliminate them entirely, they can be improved upon in the design\nprocess so that the risk that they present are minimalized.\n\nFMVSS No. 208: Occupant Crash Protection\nhttps://www.ecfr.gov/current/title-49/subtitle-B/chapter-V/part-571/subpart-B/section-571.208\n\nFMVSS No. 126: Electronic Stability Control Systems\nhttps://www.nhtsa.gov/sites/nhtsa.gov/files/fmvss/ESC_FRIA_%252003_2007_0.pdf\n\nDescription:\nAny unreasonable risk to safety-critical systems should be removed or mitigated to acceptable levels\nthrough design, and any functionality that presents an unavoidable and unnecessary risk should be eliminated where possible.\n\n(OPTIONAL)\nHow to Further Comply:\nImplement a Failure Mode and Effects Analysis, include safety impact assessments, conduct design reviews,\nstrong specifications on safety requirements, and consider implementing a robust change management process\nto control design changes and updates\n\nAdditional Concerns (PLEASE READ):\nISO 2626201 - Road Vehicles & Functional Safety:\nhttps://www.iso.org/standard/68383.html\n\nFMVSS No. 208 -  Occupant Crash Protection Guidelines:\nhttps://www.federalregister.gov/documents/2012/05/17/2012-11945/federal-motor-vehicle-safety-standards-occupant-crash-protection\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("Yes");
            } else if (isSelected18) {
                this.automotiveResults.add("Question 9: No\n\nCompliance: 4.2.4 Removal or Mitigation of Safety-Critical Risks G.7\n\nLevel of Importance: Moderately-low criticality.\n\nReasoning: While all unecessary risks need not be completely removed, it is possible for some risks to be mitigated\nor satisfied in the design process.  FMVSS No. 208 details requirements for airbags and seatbelts, as well as FMVSS\nNo. 126 for vehicle skidding and loss of control.  Compliance with these regulations help to mitigate risk in these\nareas.  While it may be difficult to completely eliminate them entirely, they can be improved upon in the design\nprocess so that the risk that they present are minimalized.\n\nFMVSS No. 208: Occupant Crash Protection\nhttps://www.ecfr.gov/current/title-49/subtitle-B/chapter-V/part-571/subpart-B/section-571.208\n\nFMVSS No. 126: Electronic Stability Control Systems\nhttps://www.nhtsa.gov/sites/nhtsa.gov/files/fmvss/ESC_FRIA_%252003_2007_0.pdf\n\nDescription:\nAny unreasonable risk to safety-critical systems should be removed or mitigated to acceptable levels\nthrough design, and any functionality that presents an unavoidable and unnecessary risk should be eliminated where possible.\n\n(REQUIRED)\nHow to Further Comply:\nImplement a Failure Mode and Effects Analysis, include safety impact assessments, conduct design reviews,\nstrong specifications on safety requirements, and consider implementing a robust change management process\nto control design changes and updates\n\nAdditional Concerns (PLEASE READ):\nISO 2626201 - Road Vehicles & Functional Safety:\nhttps://www.iso.org/standard/68383.html\n\nFMVSS No. 208 -  Occupant Crash Protection Guidelines:\nhttps://www.federalregister.gov/documents/2012/05/17/2012-11945/federal-motor-vehicle-safety-standards-occupant-crash-protection\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if (isSelected19) {
                this.automotiveResults.add("Question 10: Yes\n\nCompliance: 4.2.5 Protections G.8\n\nLevel of Importance: Moderately-low Criticality.\n\nReasoning: Layered protections are crucial for cybersecurity and to mitigate risks appropriately.\nCISA has released a document, \"Improving Industrial Control System Cybersecurity with Defense-in-Depth\nStrategies\", which aims to provide layered cybersecurity solutions to risks and issues, as part of a\njoint program with DHS.  While layered protections are not exactly necessary for a cybersecurity program,\nthey are inherent to a robust and conclusive assessment for security controls.\n\nCISA: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies:\nhttps://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf\n\nDescription:\nFor remaining functionality and underlying risks, layers of protection that are appropriate for the assessed\nrisks should be designed and implemented.\n\n(OPTIONAL)\nHow to Further Comply:\nDevelop a risk-based defense-in-depth strategy, security controls selections, strong security architecture design,\nutilize access controls and data encryption and segement networks where necessary.  Monitor and log.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-82 Rev. 3\nGuide to Operational Technology (OT) Security:\nhttps://csrc.nist.gov/pubs/sp/800/82/r3/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("Yes");
            } else if (isSelected20) {
                this.automotiveResults.add("Question 10: No\n\nCompliance: 4.2.5 Protections G.8\n\nLevel of Importance: Moderately-low Criticality.\n\nReasoning: Layered protections are crucial for cybersecurity and to mitigate risks appropriately.\nCISA has released a document, \"Improving Industrial Control System Cybersecurity with Defense-in-Depth\nStrategies\", which aims to provide layered cybersecurity solutions to risks and issues, as part of a\njoint program with DHS.  While layered protections are not exactly necessary for a cybersecurity program,\nthey are inherent to a robust and conclusive assessment for security controls.\n\nCISA: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies:\nhttps://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf\n\nDescription:\nFor remaining functionality and underlying risks, layers of protection that are appropriate for the assessed\nrisks should be designed and implemented.\n\n(REQUIRED)\nHow to Further Comply:\nDevelop a risk-based defense-in-depth strategy, security controls selections, strong security architecture design,\nutilize access controls and data encryption and segement networks where necessary.  Monitor and log.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-82 Rev. 3\nGuide to Operational Technology (OT) Security:\nhttps://csrc.nist.gov/pubs/sp/800/82/r3/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.automotiveResultsInfo.add("No");
            }
            if ((gUIView.guiForm().getAutomotiveQ1Y().isSelected() || gUIView.guiForm().getAutomotiveQ1N().isSelected()) && ((gUIView.guiForm().getAutomotiveQ2Y().isSelected() || gUIView.guiForm().getAutomotiveQ2N().isSelected()) && ((gUIView.guiForm().getAutomotiveQ3Y().isSelected() || gUIView.guiForm().getAutomotiveQ3N().isSelected()) && ((gUIView.guiForm().getAutomotiveQ4Y().isSelected() || gUIView.guiForm().getAutomotiveQ4N().isSelected()) && ((gUIView.guiForm().getAutomotiveQ5Y().isSelected() || gUIView.guiForm().getAutomotiveQ5N().isSelected()) && ((gUIView.guiForm().getAutomotiveQ6Y().isSelected() || gUIView.guiForm().getAutomotiveQ6N().isSelected()) && ((gUIView.guiForm().getAutomotiveQ7Y().isSelected() || gUIView.guiForm().getAutomotiveQ7N().isSelected()) && ((gUIView.guiForm().getAutomotiveQ8Y().isSelected() || gUIView.guiForm().getAutomotiveQ8N().isSelected()) && ((gUIView.guiForm().getAutomotiveQ9Y().isSelected() || gUIView.guiForm().getAutomotiveQ9N().isSelected()) && (gUIView.guiForm().getAutomotiveQ10Y().isSelected() || gUIView.guiForm().getAutomotiveQ10N().isSelected())))))))))) {
                Iterator<String> it = this.automotiveResults.iterator();
                while (it.hasNext()) {
                    gUIView.guiForm().getAutomotiveResultsOutput().append(it.next());
                }
                this.allAnswers.addAll(this.automotiveResultsInfo);
                this.allAnswersDB3.addAll(this.automotiveResultsInfo);
                gUIView.guiForm().getAutomotiveSubmitButton().setEnabled(false);
            } else {
                gUIView.guiForm().getAutomotiveResultsOutput().append("Please Answer ALL Questions Before Submitting");
            }
            double frequency = 100.0d * (Collections.frequency(this.automotiveResultsInfo, "Yes") / this.automotiveResultsInfo.size());
            String valueOf = String.valueOf(frequency);
            this.allAnswers.add(valueOf);
            this.allAnswersDB2.add(valueOf);
            this.allAnswersDB3.add(valueOf);
            getAllStuffWritten();
            getAllStuffWrittenDB2();
            getAllStuffWrittenDB3();
            sort(this.inputFile);
            gUIView.guiForm().getAutomotiveGraph().repaint();
            DomainHistogram.createHistogram(gUIView, gUIView.guiForm().getAutomotiveGraph(), "Automotive");
            gUIView.guiForm().getAutomotiveGraph().repaint();
            if (frequency >= 0.0d && frequency < 60.0d) {
                gUIView.guiForm().getAutomotiveScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getAutomotiveScore().setForeground(Color.RED);
            } else if (frequency >= 60.0d && frequency <= 80.0d) {
                gUIView.guiForm().getAutomotiveScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getAutomotiveScore().setForeground(Color.ORANGE);
            } else {
                if (frequency <= 80.0d || frequency > 100.0d) {
                    return;
                }
                gUIView.guiForm().getAutomotiveScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getAutomotiveScore().setForeground(Color.GREEN);
            }
        });
        gUIView.guiForm().getAutomotiveNextResults().addActionListener(this::aNextResult);
        gUIView.guiForm().getAutomotivePreviousResults().addActionListener(this::aPreviousResult);
        gUIView.guiForm().getBankingAndFinanceSubmitButton().addActionListener(actionEvent4 -> {
            gUIView.guiForm().getBankingAndFinanceResultsOutput().setText("");
            boolean isSelected = gUIView.guiForm().getBankingAndFinanceQ1Y().isSelected();
            boolean isSelected2 = gUIView.guiForm().getBankingAndFinanceQ1N().isSelected();
            boolean isSelected3 = gUIView.guiForm().getBankingAndFinanceQ2Y().isSelected();
            boolean isSelected4 = gUIView.guiForm().getBankingAndFinanceQ2N().isSelected();
            boolean isSelected5 = gUIView.guiForm().getBankingAndFinanceQ3Y().isSelected();
            boolean isSelected6 = gUIView.guiForm().getBankingAndFinanceQ3N().isSelected();
            boolean isSelected7 = gUIView.guiForm().getBankingAndFinanceQ4Y().isSelected();
            boolean isSelected8 = gUIView.guiForm().getBankingAndFinanceQ4N().isSelected();
            boolean isSelected9 = gUIView.guiForm().getBankingAndFinanceQ5Y().isSelected();
            boolean isSelected10 = gUIView.guiForm().getBankingAndFinanceQ5N().isSelected();
            boolean isSelected11 = gUIView.guiForm().getBankingAndFinanceQ6Y().isSelected();
            boolean isSelected12 = gUIView.guiForm().getBankingAndFinanceQ6N().isSelected();
            boolean isSelected13 = gUIView.guiForm().getBankingAndFinanceQ7Y().isSelected();
            boolean isSelected14 = gUIView.guiForm().getBankingAndFinanceQ7N().isSelected();
            boolean isSelected15 = gUIView.guiForm().getBankingAndFinanceQ8Y().isSelected();
            boolean isSelected16 = gUIView.guiForm().getBankingAndFinanceQ8N().isSelected();
            boolean isSelected17 = gUIView.guiForm().getBankingAndFinanceQ9Y().isSelected();
            boolean isSelected18 = gUIView.guiForm().getBankingAndFinanceQ9N().isSelected();
            boolean isSelected19 = gUIView.guiForm().getBankingAndFinanceQ10Y().isSelected();
            boolean isSelected20 = gUIView.guiForm().getBankingAndFinanceQ10N().isSelected();
            this.bankingAndFinanceResults.clear();
            this.bankingAndFinanceResultsInfo.clear();
            if (isSelected) {
                this.bankingAndFinanceResults.add("Question 1: Yes\n\nCompliance: Americans with Disabilities Act\n\nLevel of Importance: Most Critical\n\nReasoning: Ensures a nondiscriminatory workplace. Stiff monetary punishment and damaging\ncivil cases will be inflicted if a violation is reported.\n\n\nDescription: Disability rights are civil rights. From voting to parking, the ADA is a law\nthat protects people with disabilities in many areas of public life.\n\n(OPTIONAL)\nHow to Further Comply:\nAccessible Facilities: Ensure that physical facilities, such as buildings, offices,\nrestrooms, and parking areas, are accessible to individuals with disabilities.\nThis may involve installing ramps, handrails, accessible parking spaces, elevators,\nand other accommodations to facilitate mobility.\n\nReasonable Accommodations: Provide reasonable accommodations to employees with disabilities\nto enable them to perform their job duties effectively. This may include modifying workstations,\nproviding assistive technologies, adjusting work schedules, or allowing telecommuting where feasible.\n\nAccessible Communication: Ensure that communication with individuals with disabilities is accessible.\nThis may involve providing alternative formats for written materials, such as Braille, large print,\nor electronic formats compatible with screen readers. Additionally, ensure that websites,\ndigital documents, and online content are accessible to individuals with disabilities.\n\nTraining and Awareness: Train employees on ADA requirements and best practices for interacting with\nindividuals with disabilities. This includes educating staff on providing accommodations, communicating\neffectively, and fostering an inclusive workplace culture.\n\nAccessible Hiring Practices: Implement hiring practices that promote equal employment opportunities\nfor individuals with disabilities. This may involve removing barriers in the recruitment process,\nproviding accessible job application platforms, and making reasonable adjustments during interviews\n and assessments.\n\nNon-Discrimination Policies: Adopt and enforce non-discrimination policies that prohibit\ndiscrimination on the basis of disability. Ensure that all employment decisions, including\nhiring, promotion, and termination, are made based on qualifications and job performance\nrather than disability status.\n\nAdditional Concerns (PLEASE READ):\nThe Department of Homeland Security (DHS) may have initiatives or guidelines related to\naccessibility in emergency preparedness for individuals with disabilities.\n\nSome International Organization for Standardization (ISO) standards may include considerations\nfor accessibility, especially in areas like information technology, usability, and design.\n\nhttps://blog.rsisecurity.com/what-are-the-ada-compliance-rules/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected2) {
                this.bankingAndFinanceResults.add("Question 1: No\n\nCompliance: Americans with Disabilities Act\n\nLevel of Importance: Most Critical\n\nReasoning: Ensures a nondiscriminatory workplace. Stiff monetary punishment and damaging\ncivil cases will be inflicted if a violation is reported.\n\nDescription: Disability rights are civil rights. From voting to parking, the ADA is a law\nthat protects people with disabilities in many areas of public life.\n\n(REQUIRED)\nHow to Further Comply:\nAccessible Facilities: Ensure that physical facilities, such as buildings, offices,\nrestrooms, and parking areas, are accessible to individuals with disabilities.\nThis may involve installing ramps, handrails, accessible parking spaces, elevators,\nand other accommodations to facilitate mobility.\n\nReasonable Accommodations: Provide reasonable accommodations to employees with disabilities\nto enable them to perform their job duties effectively. This may include modifying workstations,\nproviding assistive technologies, adjusting work schedules, or allowing telecommuting where feasible.\n\nAccessible Communication: Ensure that communication with individuals with disabilities is accessible.\nThis may involve providing alternative formats for written materials, such as Braille, large print,\nor electronic formats compatible with screen readers. Additionally, ensure that websites,\ndigital documents, and online content are accessible to individuals with disabilities.\n\nTraining and Awareness: Train employees on ADA requirements and best practices for interacting with\nindividuals with disabilities. This includes educating staff on providing accommodations, communicating\neffectively, and fostering an inclusive workplace culture.\n\nAccessible Hiring Practices: Implement hiring practices that promote equal employment opportunities\nfor individuals with disabilities. This may involve removing barriers in the recruitment process,\nproviding accessible job application platforms, and making reasonable adjustments during interviews\nand assessments.\n\nNon-Discrimination Policies: Adopt and enforce non-discrimination policies that prohibit\ndiscrimination on the basis of disability. Ensure that all employment decisions, including\nhiring, promotion, and termination, are made based on qualifications and job performance\nrather than disability status.\n\nAdditional Concerns (PLEASE READ):\nThe Department of Homeland Security (DHS) may have initiatives or guidelines related to\naccessibility in emergency preparedness for individuals with disabilities.\n\nSome International Organization for Standardization (ISO) standards may include considerations\nfor accessibility, especially in areas like information technology, usability, and design.\n\nhttps://blog.rsisecurity.com/what-are-the-ada-compliance-rules/\n\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if (isSelected3) {
                this.bankingAndFinanceResults.add("Question 2: Yes\n\nCompliance: Bank Secrecy Act\n\nLevel of Importance: Most Critical\n\nReasoning: Willful violation can lead to criminal fines of up to $250,000 and possible jail time.\n\nDescription: U.S. law requiring financial institutions in the United States to assist U.S.\ngovernment agencies in detecting and preventing money laundering.\n\n(OPTIONAL)\nHow to Further Comply:\nCustomer Identification Program (CIP): Implementing a robust CIP is essential for verifying\nthe identity of customers opening accounts. This involves collecting and verifying certain\ncustomer information, such as name, address, date of birth, and identification numbers like\nSocial Security numbers or government-issued IDs.\n\nTransaction Monitoring and Reporting: Establishing systems to monitor transactions for\nsuspicious activity and reporting such activity through Suspicious Activity Reports (SARs)\nto the Financial Crimes Enforcement Network (FinCEN). This includes monitoring for unusual\npatterns of activity, large or frequent transactions, or transactions involving high-risk\ncountries or individuals.\n\nCurrency Transaction Reporting (CTR): Ensuring compliance with CTR requirements by reporting\ncash transactions over a certain threshold (currently $10,000) to FinCEN. Companies need to\nmaintain accurate records of cash transactions and file CTRs in a timely manner.\n\nRecordkeeping: Maintaining comprehensive records of customer transactions, including account\nopenings, deposits, withdrawals, and wire transfers. This includes keeping records of CTRs,\nSARs, and any other documentation required by the BSA for a specified period (usually five years).\n\nInternal Controls and Training: Implementing effective internal controls to ensure BSA compliance\nthroughout the organization. This includes conducting regular training for employees to raise\nawareness of BSA requirements, identify red flags for suspicious activity, and ensure consistent\ncompliance practices.\n\nIndependent Audits and Reviews: Conducting periodic independent audits and reviews of the\ncompany's BSA compliance program to assess its effectiveness, identify weaknesses or areas for\nimprovement, and ensure adherence to regulatory requirements. This may involve hiring external\nauditors or compliance consultants with expertise in BSA regulations.\n\n\nAdditional Concerns (PLEASE READ):\nThe International Organization for Standardization (ISO) develops and publishes international\nstandards covering various aspects of business, including information security (e.g., ISO/IEC 27001)\nand risk management (e.g., ISO 31000). Compliance with ISO standards can help organizations establish\nframeworks for managing risks associated with financial transactions and data security, which can\nsupport BSA compliance efforts.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.itgovernance.eu/en-ie/iso31000-ie\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected4) {
                this.bankingAndFinanceResults.add("Question 2: No\n\nCompliance: Bank Secrecy Act\n\nLevel of Importance: Most Critical\n\nReasoning: Willful violation can lead to criminal fines of up to $250,000 and possible jail time.\n\nDescription: U.S. law requiring financial institutions in the United States to assist U.S.\ngovernment agencies in detecting and preventing money laundering.\n\n(REQUIRED)\nHow to Further Comply:\nCustomer Identification Program (CIP): Implementing a robust CIP is essential for verifying\nthe identity of customers opening accounts. This involves collecting and verifying certain\ncustomer information, such as name, address, date of birth, and identification numbers like\nSocial Security numbers or government-issued IDs.\n\nTransaction Monitoring and Reporting: Establishing systems to monitor transactions for\nsuspicious activity and reporting such activity through Suspicious Activity Reports (SARs)\nto the Financial Crimes Enforcement Network (FinCEN). This includes monitoring for unusual\npatterns of activity, large or frequent transactions, or transactions involving high-risk\ncountries or individuals.\n\nCurrency Transaction Reporting (CTR): Ensuring compliance with CTR requirements by reporting\ncash transactions over a certain threshold (currently $10,000) to FinCEN. Companies need to\nmaintain accurate records of cash transactions and file CTRs in a timely manner.\n\nRecordkeeping: Maintaining comprehensive records of customer transactions, including account\nopenings, deposits, withdrawals, and wire transfers. This includes keeping records of CTRs,\nSARs, and any other documentation required by the BSA for a specified period (usually five years).\n\nInternal Controls and Training: Implementing effective internal controls to ensure BSA compliance\nthroughout the organization. This includes conducting regular training for employees to raise\nawareness of BSA requirements, identify red flags for suspicious activity, and ensure consistent\ncompliance practices.\n\nIndependent Audits and Reviews: Conducting periodic independent audits and reviews of the\ncompany's BSA compliance program to assess its effectiveness, identify weaknesses or areas for\nimprovement, and ensure adherence to regulatory requirements. This may involve hiring external\nauditors or compliance consultants with expertise in BSA regulations.\n\nAdditional Concerns (PLEASE READ):\nThe International Organization for Standardization (ISO) develops and publishes international\nstandards covering various aspects of business, including information security (e.g., ISO/IEC 27001)\nand risk management (e.g., ISO 31000). Compliance with ISO standards can help organizations establish\nframeworks for managing risks associated with financial transactions and data security, which can\nsupport BSA compliance efforts.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.itgovernance.eu/en-ie/iso31000-ie\n\nAdditional Concerns (PLEASE READ):\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if (isSelected5) {
                this.bankingAndFinanceResults.add("Question 3: Yes\n\nCompliance: Bank Service Company Act\n\nLevel of Importance: Highly Critical\n\nReasoning: Failure to implement controls related to the Bank Service Company Act could lead to security\nand opperation concerns for a company.\n\nDescription: The Bank Secrecy Act requires financial institutions to assist U.S. government agencies in\ndetecting and preventing money laundering. This compliance is enforced by the Financial Crimes Enforcement\nNetwork (FinCEN), under Title 31 of the United States Code (31 U.S.C. §§ 5311-5314).\n\n(OPTIONAL)\nHow to Further Comply:\nUnderstand Applicability: Ensure that the company understands whether it falls under the purview of the BSCA.\nThe Act applies to entities that provide certain services to banks or other financial institutions, including\ndata processing, transaction processing, loan servicing, and more.\n\nRegistration: If the company is deemed to be a bank service company as per the BSCA, it must register with\nappropriate regulatory authorities. Typically, this involves filing appropriate forms and disclosures with\nthe Federal Reserve Board or other relevant agencies.\n\nCompliance Program: Develop and implement a compliance program that ensures adherence to BSCA requirements.\nThis program should include policies, procedures, and controls to mitigate risks associated with providing\nservices to banks, including data security, confidentiality, and operational risks.\n\nContractual Agreements: Establish contractual agreements with banks that clearly outline the rights,\nresponsibilities, and obligations of both parties. These agreements should address compliance with the BSCA,\nincluding provisions for audits, access to records, and notification requirements.\n\nRisk Management: Implement robust risk management practices to identify, assess, and mitigate risks associated\nwith providing services to banks. This includes conducting due diligence on prospective bank clients, assessing\nthe impact of service disruptions, and implementing contingency plans.\n\nOngoing Monitoring and Reporting: Continuously monitor compliance with the BSCA and report any material changes\nor incidents to regulatory authorities as required. This includes maintaining records of activities, audits, and\nany remedial actions taken to address compliance deficiencies.\n\nAdditional Concerns (PLEASE READ):\nWhile the BSCA focuses more on financial regulations, financial institutions operating internationally or handling\npersonal data of EU residents may need to comply with General Data Protection Regulation (GDPR) alongside BSCA\nrequirements.\n\nInternational Organization for Standardization (ISO) standards, particularly those related to information security\n(e.g., ISO/IEC 27001), can provide a framework for establishing and maintaining effective security controls within\nfinancial institutions and their service providers. Compliance with ISO standards can support efforts to meet the\nsecurity expectations outlined in the BSCA.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.federalregister.gov/documents/2021/11/23/2021-25510/computer-security-incident-notification-requirements-for-banking-organizations-and-their-bank\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected6) {
                this.bankingAndFinanceResults.add("  Question 3: No\n\n  Compliance: Bank Service Company Act\n\n  Level of Importance: Highly Critical\n\n  Reasoning: Failure to implement controls related to the Bank Service Company Act could lead to security\n  and opperation concerns for a company.\n\n  Description: The Bank Secrecy Act requires financial institutions to assist U.S. government agencies in\n  detecting and preventing money laundering. This compliance is enforced by the Financial Crimes Enforcement\n  Network (FinCEN), under Title 31 of the United States Code (31 U.S.C. §§ 5311-5314).\n\n  (REQUIRED)\n  How to Further Comply:\n  Understand Applicability: Ensure that the company understands whether it falls under the purview of the BSCA.\n  The Act applies to entities that provide certain services to banks or other financial institutions, including\n  data processing, transaction processing, loan servicing, and more.\n\n  Registration: If the company is deemed to be a bank service company as per the BSCA, it must register with\n  appropriate regulatory authorities. Typically, this involves filing appropriate forms and disclosures with\n  the Federal Reserve Board or other relevant agencies.\n\n  Compliance Program: Develop and implement a compliance program that ensures adherence to BSCA requirements.\n  This program should include policies, procedures, and controls to mitigate risks associated with providing\n  services to banks, including data security, confidentiality, and operational risks.\n\n  Contractual Agreements: Establish contractual agreements with banks that clearly outline the rights,\n  responsibilities, and obligations of both parties. These agreements should address compliance with the BSCA,\n  including provisions for audits, access to records, and notification requirements.\n\n  Risk Management: Implement robust risk management practices to identify, assess, and mitigate risks associated\n  with providing services to banks. This includes conducting due diligence on prospective bank clients, assessing\n  the impact of service disruptions, and implementing contingency plans.\n\n  Ongoing Monitoring and Reporting: Continuously monitor compliance with the BSCA and report any material changes\n  or incidents to regulatory authorities as required. This includes maintaining records of activities, audits, and\n  any remedial actions taken to address compliance deficiencies.\n\n  Additional Concerns (PLEASE READ):\n  While the BSCA focuses more on financial regulations, financial institutions operating internationally or handling\n  personal data of EU residents may need to comply with General Data Protection Regulation (GDPR) alongside BSCA\n  requirements.\n\n  International Organization for Standardization (ISO) standards, particularly those related to information security\n  (e.g., ISO/IEC 27001), can provide a framework for establishing and maintaining effective security controls within\n  financial institutions and their service providers. Compliance with ISO standards can support efforts to meet the\n  security expectations outlined in the BSCA.\n\n  https://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\n  https://www.federalregister.gov/documents/2021/11/23/2021-25510/computer-security-incident-notification-requirements-for-banking-organizations-and-their-bank\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if (isSelected7) {
                this.bankingAndFinanceResults.add("Question 4: Yes\n\nCompliance: Payment Card Industry Data Security Standard (PCI DSS)\n\nLevel of Importance: Highly Critical\n\nReasoning: Ensures safe transactions. Failure to comply could lead to compromised business\nreputation as well as monthly fines totaling up to $100,000 per month. Only applicable to\ncompanies that handle credit card information.\n\nDescription: PCI DSS is a set of security standards designed to ensure the safe handling of credit\ncard information by merchants and financial institutions. While not a law itself, compliance with\nPCI DSS is often required by credit card companies and enforced through contractual agreements.\n\n(OPTIONAL)\nHow to Further Comply:\nSecure Network Infrastructure: Implement and maintain a secure network by installing and regularly\nupdating firewall configurations to protect cardholder data. This includes using strong encryption\nprotocols for transmitting cardholder data over public networks.\n\nProtect Cardholder Data: Encrypt cardholder data when it's being transmitted across open, public\nnetworks and when stored. This can involve using encryption algorithms such as AES (Advanced Encryption\nStandard) to safeguard sensitive information.\n\nMaintain Vulnerability Management Program: Develop and maintain secure systems and applications by\nregularly updating anti-virus software, applying security patches, and conducting regular security\nscans and penetration testing to identify vulnerabilities.\n\nImplement Strong Access Control Measures: Restrict access to cardholder data by assigning unique IDs\nto each person with computer access, implementing two-factor authentication, and limiting physical\naccess to sensitive data.\n\nRegularly Monitor and Test Networks: Track and monitor all access to network resources and cardholder\ndata. This includes implementing logging mechanisms and conducting regular security testing, including\nintrusion detection and prevention systems.\n\nMaintain Information Security Policy: Develop and maintain a security policy that addresses information\nsecurity for all personnel. This should include training employees on security procedures, creating an\nincident response plan, and regularly reviewing and updating security policies and procedures to adapt\nto evolving threats.\n\nAdditional Concerns (PLEASE READ):\nNational Institute of Standards and Technology (NIST) provides guidelines and frameworks for\ncybersecurity, including recommendations that align with PCI DSS requirements. While NIST itself\ndoesn't specifically regulate PCI DSS, organizations handling payment card data often refer to NIST\nframeworks, such as the Cybersecurity Framework (CSF), to enhance their security posture in alignment\nwith PCI DSS requirements.\n\nhttps://www.itgovernance.asia/what-is-the-pci-dss#:~:text=If%20you%20are%20a%20service,being%20processed%2C%20transmitted%20or%20stored.\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected8) {
                this.bankingAndFinanceResults.add("Question 4: No\n\nCompliance: Payment Card Industry Data Security Standard (PCI DSS)\n\nLevel of Importance: Highly Critical\n\nReasoning: Ensures safe transactions. Failure to comply could lead to compromised business\nreputation as well as monthly fines totaling up to $100,000 per month. Only applicable to\ncompanies that handle credit card information.\n\nDescription: PCI DSS is a set of security standards designed to ensure the safe handling of credit\ncard information by merchants and financial institutions. While not a law itself, compliance with\nPCI DSS is often required by credit card companies and enforced through contractual agreements.\n\n(REQUIRED)\nHow to Further Comply:\nSecure Network Infrastructure: Implement and maintain a secure network by installing and regularly\nupdating firewall configurations to protect cardholder data. This includes using strong encryption\nprotocols for transmitting cardholder data over public networks.\n\nProtect Cardholder Data: Encrypt cardholder data when it's being transmitted across open, public\nnetworks and when stored. This can involve using encryption algorithms such as AES (Advanced Encryption\nStandard) to safeguard sensitive information.\n\nMaintain Vulnerability Management Program: Develop and maintain secure systems and applications by\nregularly updating anti-virus software, applying security patches, and conducting regular security\nscans and penetration testing to identify vulnerabilities.\n\nImplement Strong Access Control Measures: Restrict access to cardholder data by assigning unique IDs\nto each person with computer access, implementing two-factor authentication, and limiting physical\naccess to sensitive data.\n\nRegularly Monitor and Test Networks: Track and monitor all access to network resources and cardholder\ndata. This includes implementing logging mechanisms and conducting regular security testing, including\nintrusion detection and prevention systems.\n\nMaintain Information Security Policy: Develop and maintain a security policy that addresses information\nsecurity for all personnel. This should include training employees on security procedures, creating an\nincident response plan, and regularly reviewing and updating security policies and procedures to adapt\nto evolving threats.\n\nAdditional Concerns (PLEASE READ):\nNational Institute of Standards and Technology (NIST) provides guidelines and frameworks for\ncybersecurity, including recommendations that align with PCI DSS requirements. While NIST itself\ndoesn't specifically regulate PCI DSS, organizations handling payment card data often refer to NIST\nframeworks, such as the Cybersecurity Framework (CSF), to enhance their security posture in alignment\nwith PCI DSS requirements.\n\nhttps://www.itgovernance.asia/what-is-the-pci-dss#:~:text=If%20you%20are%20a%20service,being%20processed%2C%20transmitted%20or%20stored.\n\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if (isSelected9) {
                this.bankingAndFinanceResults.add("Question 5: Yes\n\nCompliance: Federal Financial Management Improvement Act of 1996\n\nLevel of Importance: Least Critical\n\nReasoning:\nHighly beneficial to companies that follow it's guidelines.\nViolations do not tend to carry legal repercussions.\n\nDescription:\nFFMIA is intended to ensure Federal financial systems provide reliable, consistent and uniform\ndisclosure of financial data using accounting standards.\n\n(OPTIONAL)\nHow to Further Comply:\nImplement Financial Systems: Develop and implement financial systems that comply with federal\nfinancial management requirements. These systems should support accurate, reliable, and timely\nfinancial reporting.\n\nMaintain Adequate Controls: Establish internal controls to ensure the integrity, accuracy, and\nreliability of financial data. This includes processes for authorization, recording, processing,\nand reporting financial transactions.\n\nEnsure Data Integrity and Accuracy: Regularly verify the accuracy and completeness of financial\ndata entered into the systems. Conduct reconciliations and validations to ensure data integrity\nand identify any discrepancies.\n\nProvide Training and Education: Train employees on federal financial management requirements,\npolicies, and procedures. Ensure that staff members responsible for financial activities have\nthe necessary skills and knowledge to perform their duties effectively.\n\nConduct Regular Assessments and Audits: Conduct periodic assessments and audits of financial\nmanagement processes, systems, and controls. Identify any deficiencies or areas for improvement\nand take corrective actions promptly.\n\nAdhere to Reporting Requirements: Comply with federal reporting requirements, including the\nsubmission of timely and accurate financial reports. Ensure that financial reports adhere to\nprescribed formats and standards set forth by regulatory authorities.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) standards cover a wide range of areas\nincluding information security (e.g., ISO/IEC 27001), quality management, and more. While\ncompliance with ISO standards is not mandated by FFMIA, federal agencies may choose to adopt\nISO standards as best practices for managing their financial systems and related processes.\n\nGeneral Data Protection Regulation (GDPR) is a European Union regulation governing the\nprotection of personal data of EU citizens. While FFMIA primarily focuses on financial\nmanagement within the U.S. federal government, federal agencies handling personal data of\nEU citizens would need to ensure compliance with GDPR if applicable. However, GDPR compliance\nis not directly tied to FFMIA.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected10) {
                this.bankingAndFinanceResults.add("Question 5: No\n\nCompliance: Federal Financial Management Improvement Act of 1996\n\nLevel of Importance: Least Critical\n\nReasoning:\nHighly beneficial to companies that follow it's guidelines.\nViolations do not tend to carry legal repercussions.\n\nDescription:\nFFMIA is intended to ensure Federal financial systems provide reliable, consistent and uniform\ndisclosure of financial data using accounting standards.\n\n(REQUIRED)\nHow to Further Comply:\nImplement Financial Systems: Develop and implement financial systems that comply with federal\nfinancial management requirements. These systems should support accurate, reliable, and timely\nfinancial reporting.\n\nMaintain Adequate Controls: Establish internal controls to ensure the integrity, accuracy, and\nreliability of financial data. This includes processes for authorization, recording, processing,\nand reporting financial transactions.\n\nEnsure Data Integrity and Accuracy: Regularly verify the accuracy and completeness of financial\ndata entered into the systems. Conduct reconciliations and validations to ensure data integrity\nand identify any discrepancies.\n\nProvide Training and Education: Train employees on federal financial management requirements,\npolicies, and procedures. Ensure that staff members responsible for financial activities have\nthe necessary skills and knowledge to perform their duties effectively.\n\nConduct Regular Assessments and Audits: Conduct periodic assessments and audits of financial\nmanagement processes, systems, and controls. Identify any deficiencies or areas for improvement\nand take corrective actions promptly.\n\nAdhere to Reporting Requirements: Comply with federal reporting requirements, including the\nsubmission of timely and accurate financial reports. Ensure that financial reports adhere to\nprescribed formats and standards set forth by regulatory authorities.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) standards cover a wide range of areas\nincluding information security (e.g., ISO/IEC 27001), quality management, and more. While\ncompliance with ISO standards is not mandated by FFMIA, federal agencies may choose to adopt\nISO standards as best practices for managing their financial systems and related processes.\n\nGeneral Data Protection Regulation (GDPR) is a European Union regulation governing the\nprotection of personal data of EU citizens. While FFMIA primarily focuses on financial\nmanagement within the U.S. federal government, federal agencies handling personal data of\nEU citizens would need to ensure compliance with GDPR if applicable. However, GDPR compliance\nis not directly tied to FFMIA.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if (isSelected11) {
                this.bankingAndFinanceResults.add("Question 6: Yes\n\nCompliance: Enhanced MFA (EMFA)\n\nLevel of Importance: Most Critical\n\nReasoning:\nFailure to comply can lead to a damaged company reputation, legal action,\nstiff penalties, as well as business license suspension or revocation.\n\nDescription:\nDigital Insight enhanced multi factor authentication solution conforms with the\nlatest FFIEC authentication guidelines.\n\n(OPTIONAL)\nHow to Further Comply:\nBiometric Authentication: Implement biometric authentication methods such as fingerprint\nscanning, facial recognition, or iris scanning. Biometric data adds an extra layer of\nsecurity because it's unique to each individual.\n\nHardware Tokens: Provide employees with hardware tokens, such as USB security keys or smart\ncards. These tokens generate one-time passcodes or provide cryptographic keys for\nauthentication, adding an additional layer of security beyond passwords.\n\nPush Notifications: Utilize mobile authentication apps that send push notifications to users'\nsmartphones when they attempt to log in. Users can approve or deny the login attempt directly\nfrom their mobile devices, enhancing security and user convenience.\n\nTime-Based One-Time Passwords (TOTP): Implement TOTP algorithms that generate temporary codes\nvalid for a short period, typically 30 or 60 seconds. Users can retrieve these codes from\nauthentication apps like Google Authenticator or Authy, adding an extra layer of security\nto the login process.\n\nGeolocation Verification: Incorporate geolocation verification into the authentication process,\nensuring that login attempts are originating from authorized locations. If a login attempt is\ndetected from an unfamiliar location, additional verification steps can be triggered to\nconfirm the user's identity.\n\nRisk-Based Authentication: Implement risk-based authentication mechanisms that analyze various\nfactors such as device fingerprinting, user behavior, and contextual information to assess the\nrisk level associated with each login attempt. Based on the risk assessment, the system can\ndynamically adjust the authentication requirements, requesting additional verification only\nfor high-risk activities.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) 27001 is a widely recognized international\nstandard for information security management systems (ISMS). While it doesn't explicitly mention\nEnhanced MFA, it does require organizations to implement controls to ensure the security of\ninformation assets. Multi-factor authentication is often considered a best practice in this context.\n\nGeneral Data Protection Regulation (GDPR) mandates organizations to implement appropriate technical\nand organizational measures to ensure the security of personal data. Enhanced MFA can be considered\nas one such measure to enhance the security of personal data by adding an extra layer of protection\nagainst unauthorized access.\n\nPayment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to\nensure that all companies that accept, process, store, or transmit credit card information maintain\na secure environment. While PCI DSS doesn't directly address Enhanced MFA, it mandates the use of\nmulti-factor authentication (Requirement 8.3) for accessing cardholder data in a network.\n\nNational Institute of Standards and Technology (NIST) provides guidelines and recommendations for\nsecure authentication practices. Specifically, NIST Special Publication 800-63 provides guidance on\ndigital identity and authentication, including multi-factor authentication (MFA). While it doesn't\nexplicitly mention \"Enhanced MFA,\" its principles can apply to any advanced form of MFA.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.nist.gov/special-publication-800-63#:~:text=The%20Special%20Publication%20(SP)%20800,process%20to%20select%20assurance%20levels.\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected12) {
                this.bankingAndFinanceResults.add("Question 6: No\n\nCompliance: Enhanced MFA (EMFA)\n\nLevel of Importance: Most Critical\n\nReasoning:\nFailure to comply can lead to a damaged company reputation, legal action,\nstiff penalties, as well as business license suspension or revocation.\n\nDescription:\nDigital Insight enhanced multi factor authentication solution conforms with the\nlatest FFIEC authentication guidelines.\n\n(REQUIRED)\nHow to Further Comply:\nBiometric Authentication: Implement biometric authentication methods such as fingerprint\nscanning, facial recognition, or iris scanning. Biometric data adds an extra layer of\nsecurity because it's unique to each individual.\n\nHardware Tokens: Provide employees with hardware tokens, such as USB security keys or smart\ncards. These tokens generate one-time passcodes or provide cryptographic keys for\nauthentication, adding an additional layer of security beyond passwords.\n\nPush Notifications: Utilize mobile authentication apps that send push notifications to users'\nsmartphones when they attempt to log in. Users can approve or deny the login attempt directly\nfrom their mobile devices, enhancing security and user convenience.\n\nTime-Based One-Time Passwords (TOTP): Implement TOTP algorithms that generate temporary codes\nvalid for a short period, typically 30 or 60 seconds. Users can retrieve these codes from\nauthentication apps like Google Authenticator or Authy, adding an extra layer of security\nto the login process.\n\nGeolocation Verification: Incorporate geolocation verification into the authentication process,\nensuring that login attempts are originating from authorized locations. If a login attempt is\ndetected from an unfamiliar location, additional verification steps can be triggered to\nconfirm the user's identity.\n\nRisk-Based Authentication: Implement risk-based authentication mechanisms that analyze various\nfactors such as device fingerprinting, user behavior, and contextual information to assess the\nrisk level associated with each login attempt. Based on the risk assessment, the system can\ndynamically adjust the authentication requirements, requesting additional verification only\nfor high-risk activities.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) 27001 is a widely recognized international\nstandard for information security management systems (ISMS). While it doesn't explicitly mention\nEnhanced MFA, it does require organizations to implement controls to ensure the security of\ninformation assets. Multi-factor authentication is often considered a best practice in this context.\n\nGeneral Data Protection Regulation (GDPR) mandates organizations to implement appropriate technical\nand organizational measures to ensure the security of personal data. Enhanced MFA can be considered\nas one such measure to enhance the security of personal data by adding an extra layer of protection\nagainst unauthorized access.\n\nPayment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to\nensure that all companies that accept, process, store, or transmit credit card information maintain\na secure environment. While PCI DSS doesn't directly address Enhanced MFA, it mandates the use of\nmulti-factor authentication (Requirement 8.3) for accessing cardholder data in a network.\n\nNational Institute of Standards and Technology (NIST) provides guidelines and recommendations for\nsecure authentication practices. Specifically, NIST Special Publication 800-63 provides guidance on\ndigital identity and authentication, including multi-factor authentication (MFA). While it doesn't\nexplicitly mention \"Enhanced MFA,\" its principles can apply to any advanced form of MFA.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.nist.gov/special-publication-800-63#:~:text=The%20Special%20Publication%20(SP)%20800,process%20to%20select%20assurance%20levels.\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if (isSelected13) {
                this.bankingAndFinanceResults.add("Question 7: Yes\n\nCompliance: Electronic Fund Transfer Act of 1978\n\nLevel of Importance: Least Critical\n\nReasoning:\nBest implemented for company success and customer peace of mind. Violations can carry\nrelatively minor civil penalties and injunctions.\n\nDescription:\nThe EFTA is designed to protect individual consumers who engange in any form of\nelectronic transfer, however primarily focused on over the phone and electronic payments\n\n(OPTIONAL)\nHow to Further Comply:\nProvide Disclosures: Companies must provide clear and understandable disclosures to consumers\nbefore they use electronic fund transfer services. These disclosures should include information\nabout fees, terms, and conditions associated with the electronic transactions.\n\nProtect Consumer Information: Companies must implement adequate security measures to protect\nconsumers' sensitive financial information. This includes safeguarding personal identification\nnumbers (PINs), account numbers, and other confidential data from unauthorized access or disclosure.\n\nError Resolution Procedures: Companies must establish and maintain procedures for resolving\nerrors in electronic fund transfers promptly. These procedures should allow consumers to dispute\nunauthorized transactions, errors in account balances, or other discrepancies.\n\nLimitation on Liability: Companies must limit consumers' liability for unauthorized electronic\nfund transfers. Generally, consumers are only responsible for a certain amount of unauthorized\ntransactions if they report them within a specified time frame.\n\nConsumer Consent: Companies must obtain consumers' consent before initiating electronic fund\ntransfers from their accounts. Consent may be obtained through various means, such as written\nagreements or electronic authorizations.\n\nCompliance with Regulation E: Regulation E, which implements the EFTA, outlines specific\nrequirements that companies must follow to ensure compliance. This includes providing periodic\nstatements for electronic fund transfer accounts, notifying consumers of changes in terms, and\nadhering to other provisions outlined in the regulation.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) develops international standards for various\nindustries, including information security (e.g., ISO/IEC 27001) and quality management (e.g., ISO 9001).\nWhile ISO standards themselves do not regulate financial transactions, organizations may adopt ISO\nstandards to establish frameworks for managing security, quality, and risk, which could support\ncompliance efforts related to EFTA Payment Card Industry Data Security Standard (PCI DSS) focuses on\ncardholder data security, compliance with these standards can also contribute to overall data security\nfor electronic fund transfers, potentially aligning with EFTA requirements.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.itgovernance.co.uk/iso9001-quality-management-standards\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected14) {
                this.bankingAndFinanceResults.add("Question 7: No\n\nCompliance: Electronic Fund Transfer Act of 1978\n\nLevel of Importance: Least Critical\n\nReasoning:\nBest implemented for company success and customer peace of mind. Violations can carry\nrelatively minor civil penalties and injunctions.\n\nDescription:\nThe EFTA is designed to protect individual consumers who engange in any form of\nelectronic transfer, however primarily focused on over the phone and electronic payments\n\n(REQUIRED)\nHow to Further Comply:\nProvide Disclosures: Companies must provide clear and understandable disclosures to consumers\nbefore they use electronic fund transfer services. These disclosures should include information\nabout fees, terms, and conditions associated with the electronic transactions.\n\nProtect Consumer Information: Companies must implement adequate security measures to protect\nconsumers' sensitive financial information. This includes safeguarding personal identification\nnumbers (PINs), account numbers, and other confidential data from unauthorized access or disclosure.\n\nError Resolution Procedures: Companies must establish and maintain procedures for resolving\nerrors in electronic fund transfers promptly. These procedures should allow consumers to dispute\nunauthorized transactions, errors in account balances, or other discrepancies.\n\nLimitation on Liability: Companies must limit consumers' liability for unauthorized electronic\nfund transfers. Generally, consumers are only responsible for a certain amount of unauthorized\ntransactions if they report them within a specified time frame.\n\nConsumer Consent: Companies must obtain consumers' consent before initiating electronic fund\ntransfers from their accounts. Consent may be obtained through various means, such as written\nagreements or electronic authorizations.\n\nCompliance with Regulation E: Regulation E, which implements the EFTA, outlines specific\nrequirements that companies must follow to ensure compliance. This includes providing periodic\nstatements for electronic fund transfer accounts, notifying consumers of changes in terms, and\nadhering to other provisions outlined in the regulation.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) develops international standards for various\nindustries, including information security (e.g., ISO/IEC 27001) and quality management (e.g., ISO 9001).\nWhile ISO standards themselves do not regulate financial transactions, organizations may adopt ISO\nstandards to establish frameworks for managing security, quality, and risk, which could support\ncompliance efforts related to EFTA Payment Card Industry Data Security Standard (PCI DSS) focuses on\ncardholder data security, compliance with these standards can also contribute to overall data security\nfor electronic fund transfers, potentially aligning with EFTA requirements.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.itgovernance.co.uk/iso9001-quality-management-standards\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if (isSelected15) {
                this.bankingAndFinanceResults.add("Question 8: Yes\n\nCompliance: Consumer Financial Protection Bureau (CFPB) Regulations\n\nLevel of Importance: Most Critical\n\nReasoning:\nEnforces multiple federal financial policies. Failure to comply can carry severe legal\nreprecussions including contract rescission, cease-and-desist orders, and monetary penalties.\n\nDescription:\nThe CFPB oversees consumer financial products and services, ensuring fair treatment for consumers\nand promoting transparency in financial transactions. The Dodd-Frank Wall Street Reform and Consumer\nProtection Act (Dodd-Frank Act) established the CFPB.\n\n(OPTIONAL)\nHow to Further Comply:\nStay Informed: Keep abreast of the latest CFPB regulations and updates. The CFPB regularly issues\nguidance and updates on regulations pertaining to various aspects of consumer financial products\nand services. Establishing a system to monitor and understand these changes is essential.\n\nImplement Compliance Management Systems (CMS): Develop and maintain a robust compliance management\nsystem tailored to the company's operations and regulatory requirements. This includes establishing\npolicies, procedures, and controls to ensure adherence to CFPB regulations, as well as regularly\nreviewing and updating these systems.\n\nTraining and Education: Provide comprehensive training programs for employees to ensure they understand\ntheir responsibilities under CFPB regulations. This includes training on relevant laws, regulations,\ninternal policies, and procedures. Regular training sessions should be conducted to keep employees\ninformed of any updates or changes in regulations.\n\nConsumer Complaint Handling: Establish procedures for effectively handling consumer complaints in accordance\nwith CFPB guidelines. This includes promptly acknowledging and investigating complaints, providing timely\nresponses to consumers, and taking appropriate corrective actions as needed.\n\nTransparent and Fair Practices: Ensure transparency and fairness in all consumer interactions and transactions.\nThis includes providing clear and accurate information to consumers about financial products and services,\ndisclosing terms and conditions in a comprehensible manner, and avoiding deceptive or unfair practices.\n\nRegular Compliance Audits and Monitoring: Conduct regular compliance audits and monitoring to assess the\neffectiveness of the company's compliance efforts and identify any areas of non-compliance or potential risks.\nThis includes reviewing internal controls, processes, and documentation to ensure alignment with CFPB regulations\nand addressing any deficiencies promptly.\n\nAdditional Concerns (PLEASE READ):\nGeneral Data Protection Regulation (GDPR) primarily applies to organizations that handle personal data of\nEU citizens. However, even if a U.S.-based organization is not directly subject to GDPR, they may still\nneed to consider its principles if they deal with data of EU citizens.\n\nInternational Organization for Standards (ISO) standards, particularly those related to information security\n(e.g., ISO/IEC 27001), can provide valuable frameworks for organizations subject to CFPB regulations to ensure\nthe security of their information assets.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected16) {
                this.bankingAndFinanceResults.add("Question 8: No\n\nCompliance: Consumer Financial Protection Bureau (CFPB) Regulations\n\nLevel of Importance: Most Critical\n\nReasoning:\nEnforces multiple federal financial policies. Failure to comply can carry severe legal\nreprecussions including contract rescission, cease-and-desist orders, and monetary penalties.\n\nDescription:\nThe CFPB oversees consumer financial products and services, ensuring fair treatment for consumers\nand promoting transparency in financial transactions. The Dodd-Frank Wall Street Reform and Consumer\nProtection Act (Dodd-Frank Act) established the CFPB.\n\n(REQUIRED)\nHow to Further Comply:\nStay Informed: Keep abreast of the latest CFPB regulations and updates. The CFPB regularly issues\nguidance and updates on regulations pertaining to various aspects of consumer financial products\nand services. Establishing a system to monitor and understand these changes is essential.\n\nImplement Compliance Management Systems (CMS): Develop and maintain a robust compliance management\nsystem tailored to the company's operations and regulatory requirements. This includes establishing\npolicies, procedures, and controls to ensure adherence to CFPB regulations, as well as regularly\nreviewing and updating these systems.\n\nTraining and Education: Provide comprehensive training programs for employees to ensure they understand\ntheir responsibilities under CFPB regulations. This includes training on relevant laws, regulations,\ninternal policies, and procedures. Regular training sessions should be conducted to keep employees\ninformed of any updates or changes in regulations.\n\nConsumer Complaint Handling: Establish procedures for effectively handling consumer complaints in accordance\nwith CFPB guidelines. This includes promptly acknowledging and investigating complaints, providing timely\nresponses to consumers, and taking appropriate corrective actions as needed.\n\nTransparent and Fair Practices: Ensure transparency and fairness in all consumer interactions and transactions.\nThis includes providing clear and accurate information to consumers about financial products and services,\ndisclosing terms and conditions in a comprehensible manner, and avoiding deceptive or unfair practices.\n\nRegular Compliance Audits and Monitoring: Conduct regular compliance audits and monitoring to assess the\neffectiveness of the company's compliance efforts and identify any areas of non-compliance or potential risks.\nThis includes reviewing internal controls, processes, and documentation to ensure alignment with CFPB regulations\nand addressing any deficiencies promptly.\n\nAdditional Concerns (PLEASE READ):\nGeneral Data Protection Regulation (GDPR) primarily applies to organizations that handle personal data of\nEU citizens. However, even if a U.S.-based organization is not directly subject to GDPR, they may still\nneed to consider its principles if they deal with data of EU citizens.\n\nInternational Organization for Standards (ISO) standards, particularly those related to information security\n(e.g., ISO/IEC 27001), can provide valuable frameworks for organizations subject to CFPB regulations to ensure\nthe security of their information assets.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if (isSelected17) {
                this.bankingAndFinanceResults.add("Question 9: Yes\n\nCompliance: Title 12 Banks and Banking\n\nLevel of Importance: Most Critical\n\nReasoning:\nEnforces a plethora of laws and regulations that govern the banking industry. Violations can result in\nstiff monetary punishment, injunctions, and even criminal charges.\n\nDescription:\nTitle 12 relates to the overall banking and finace sector in federal regulations.\nThere are many sub components of this section to comply with.\n\n(OPTIONAL)\nHow to Further Comply:\nEstablish Compliance Management Systems (CMS): Implement robust compliance management systems tailored\nto the requirements outlined in Title 12. This involves appointing compliance officers, developing policies\nand procedures, conducting regular risk assessments, and providing ongoing training to staff to ensure\nadherence to regulatory standards.\n\nAdhere to Prudential Regulations: Title 12 includes prudential regulations designed to promote the safety\nand soundness of financial institutions. Companies must comply with these regulations concerning capital\nadequacy, asset quality, management quality, earnings, liquidity, and sensitivity to market risk.\n\nMaintain Compliance with Consumer Protection Laws: Title 12 encompasses various consumer protection laws,\nsuch as the Truth in Lending Act (TILA), the Fair Credit Reporting Act (FCRA), and the Equal Credit Opportunity\nAct (ECOA). Companies must ensure compliance with these laws to protect consumers' rights and prevent\ndiscriminatory practices.\n\nImplement Anti-Money Laundering (AML) Measures: Title 12 mandates financial institutions to implement robust\nanti-money laundering measures to prevent the illicit flow of funds through their systems. This involves\nconducting customer due diligence, monitoring transactions for suspicious activities, and reporting any\nsuspicious transactions to the appropriate authorities as per the Bank Secrecy Act (BSA) and related regulations.\n\nEnsure Data Security and Privacy: Title 12 regulations often intersect with data security and privacy\nrequirements. Financial institutions must safeguard sensitive customer information, comply with data protection\nlaws such as the Gramm-Leach-Bliley Act (GLBA), and adhere to cybersecurity standards to prevent data breaches\nand unauthorized access to customer data.\n\nStay Informed and Engage in Regulatory Compliance Updates: Given the evolving nature of banking regulations,\ncompanies must stay informed about changes in Title 12 requirements and engage in ongoing monitoring of\nregulatory updates. This involves actively participating in industry associations, attending training sessions,\nand maintaining open communication channels with regulatory agencies to ensure timely compliance with new\nregulations and guidelines.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) develops international standards for various industries,\nincluding information security (e.g., ISO/IEC 27001) and quality management (e.g., ISO 9001). While ISO standards\nthemselves do not regulate financial transactions, organizations may adopt ISO standards to establish frameworks\nfor managing security, quality, and risk, which could support compliance efforts related to EFTA.\n\nPayment Card Industry Data Security Standard (PCI DSS) focuses on cardholder data security, compliance with these\nstandards can also contribute to overall data security for electronic fund transfers, potentially aligning with\nEFTA requirements.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.itgovernance.co.uk/iso9001-quality-management-standards\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected18) {
                this.bankingAndFinanceResults.add("Question 9: No\n\nCompliance: Title 12 Banks and Banking\n\nLevel of Importance: Most Critical\n\nReasoning:\nEnforces a plethora of laws and regulations that govern the banking industry. Violations can result in\nstiff monetary punishment, injunctions, and even criminal charges.\n\nDescription:\nTitle 12 relates to the overall banking and finace sector in federal regulations.\nThere are many sub components of this section to comply with.\n\n(REQUIRED)\nHow to Further Comply:\nEstablish Compliance Management Systems (CMS): Implement robust compliance management systems tailored\nto the requirements outlined in Title 12. This involves appointing compliance officers, developing policies\nand procedures, conducting regular risk assessments, and providing ongoing training to staff to ensure\nadherence to regulatory standards.\n\nAdhere to Prudential Regulations: Title 12 includes prudential regulations designed to promote the safety\nand soundness of financial institutions. Companies must comply with these regulations concerning capital\nadequacy, asset quality, management quality, earnings, liquidity, and sensitivity to market risk.\n\nMaintain Compliance with Consumer Protection Laws: Title 12 encompasses various consumer protection laws,\nsuch as the Truth in Lending Act (TILA), the Fair Credit Reporting Act (FCRA), and the Equal Credit Opportunity\nAct (ECOA). Companies must ensure compliance with these laws to protect consumers' rights and prevent\ndiscriminatory practices.\n\nImplement Anti-Money Laundering (AML) Measures: Title 12 mandates financial institutions to implement robust\nanti-money laundering measures to prevent the illicit flow of funds through their systems. This involves\nconducting customer due diligence, monitoring transactions for suspicious activities, and reporting any\nsuspicious transactions to the appropriate authorities as per the Bank Secrecy Act (BSA) and related regulations.\n\nEnsure Data Security and Privacy: Title 12 regulations often intersect with data security and privacy\nrequirements. Financial institutions must safeguard sensitive customer information, comply with data protection\nlaws such as the Gramm-Leach-Bliley Act (GLBA), and adhere to cybersecurity standards to prevent data breaches\nand unauthorized access to customer data.\n\nStay Informed and Engage in Regulatory Compliance Updates: Given the evolving nature of banking regulations,\ncompanies must stay informed about changes in Title 12 requirements and engage in ongoing monitoring of\nregulatory updates. This involves actively participating in industry associations, attending training sessions,\nand maintaining open communication channels with regulatory agencies to ensure timely compliance with new\nregulations and guidelines.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) develops international standards for various industries,\nincluding information security (e.g., ISO/IEC 27001) and quality management (e.g., ISO 9001). While ISO standards\nthemselves do not regulate financial transactions, organizations may adopt ISO standards to establish frameworks\nfor managing security, quality, and risk, which could support compliance efforts related to EFTA.\n\nPayment Card Industry Data Security Standard (PCI DSS) focuses on cardholder data security, compliance with these\nstandards can also contribute to overall data security for electronic fund transfers, potentially aligning with\nEFTA requirements.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.itgovernance.co.uk/iso9001-quality-management-standards\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if (isSelected19) {
                this.bankingAndFinanceResults.add("Question 10: Yes\n\nCompliance: Know Your Customer (KYC) Compliance\n\nLevel of Importance: Moderately Critical\n\nReasoning:\nViolations can carry monetary penalties and legal actions. Level of enforcement varies by state,\nconsider checking your state's specific KYC requirements.\n\nDescription:\nKYC regulations require banks to verify the identity of their customers to mitigate risks associated\nwith financial crimes such as identity theft and fraud. KYC requirements are outlined in various laws\nand regulations, including the Bank Secrecy Act and its implementing regulations.\n\n(OPTIONAL)\nHow to Further Comply:\nCustomer Identification Procedures: Implement robust procedures to verify the identity of customers at\nthe time of onboarding. Collect necessary documentation such as government-issued IDs, passports, or\ndriver's licenses. Utilize electronic identity verification (eIDV) services to authenticate customer identities.\n\nEnhanced Due Diligence (EDD): Implement enhanced due diligence procedures for higher-risk customers,\nsuch as politically exposed persons (PEPs) or those from high-risk jurisdictions. Conduct thorough\nbackground checks and ongoing monitoring of these customers' activities.\n\nRisk-Based Approach: Adopt a risk-based approach to KYC compliance, tailoring procedures and due diligence\nmeasures based on the assessed risk level of customers. Assign risk ratings to customers and adjust\ncompliance measures accordingly.\n\nTransaction Monitoring: Implement systems for real-time monitoring of transactions for suspicious activities.\nSet up alerts and triggers to identify unusual or potentially fraudulent transactions. Conduct periodic\nreviews of transaction data to detect patterns of suspicious behavior.\n\nCompliance Training and Awareness: Provide comprehensive training programs for employees to understand KYC\nregulations and compliance procedures. Regularly update staff on changes in regulations and best practices\nto ensure adherence to KYC requirements.\n\nRecord Keeping and Reporting: Maintain accurate records of customer identification information and transaction\ndata. Retain records for the prescribed period as per regulatory requirements. Report suspicious activities to\nthe relevant authorities in compliance with anti-money laundering (AML) regulations.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) develops international standards for various industries,\nincluding information security (e.g., ISO/IEC 27001) and quality management (e.g., ISO 9001). While ISO\nstandards themselves do not regulate financial transactions, organizations may adopt ISO standards to establish\nframeworks for managing security, quality, and risk, which could support compliance efforts related to EFTA.\n\nPayment Card Industry Data Security Standard (PCI DSS) focuses on cardholder data security, compliance with\nthese standards can also contribute to overall data security for electronic fund transfers, potentially aligning\nwith EFTA requirements.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.itgovernance.co.uk/iso9001-quality-management-standards\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("Yes");
            } else if (isSelected20) {
                this.bankingAndFinanceResults.add("Question 10: No\n\nCompliance: Know Your Customer (KYC) Compliance\n\nLevel of Importance: Moderately Critical\n\nReasoning:\nViolations can carry monetary penalties and legal actions. Level of enforcement varies by state,\nconsider checking your state's specific KYC requirements.\n\nDescription:\nKYC regulations require banks to verify the identity of their customers to mitigate risks associated\nwith financial crimes such as identity theft and fraud. KYC requirements are outlined in various laws\nand regulations, including the Bank Secrecy Act and its implementing regulations.\n\n(REQUIRED)\nHow to Further Comply:\nCustomer Identification Procedures: Implement robust procedures to verify the identity of customers at\nthe time of onboarding. Collect necessary documentation such as government-issued IDs, passports, or\ndriver's licenses. Utilize electronic identity verification (eIDV) services to authenticate customer identities.\n\nEnhanced Due Diligence (EDD): Implement enhanced due diligence procedures for higher-risk customers,\nsuch as politically exposed persons (PEPs) or those from high-risk jurisdictions. Conduct thorough\nbackground checks and ongoing monitoring of these customers' activities.\n\nRisk-Based Approach: Adopt a risk-based approach to KYC compliance, tailoring procedures and due diligence\nmeasures based on the assessed risk level of customers. Assign risk ratings to customers and adjust\ncompliance measures accordingly.\n\nTransaction Monitoring: Implement systems for real-time monitoring of transactions for suspicious activities.\nSet up alerts and triggers to identify unusual or potentially fraudulent transactions. Conduct periodic\nreviews of transaction data to detect patterns of suspicious behavior.\n\nCompliance Training and Awareness: Provide comprehensive training programs for employees to understand KYC\nregulations and compliance procedures. Regularly update staff on changes in regulations and best practices\nto ensure adherence to KYC requirements.\n\nRecord Keeping and Reporting: Maintain accurate records of customer identification information and transaction\ndata. Retain records for the prescribed period as per regulatory requirements. Report suspicious activities to\nthe relevant authorities in compliance with anti-money laundering (AML) regulations.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standardization (ISO) develops international standards for various industries,\nincluding information security (e.g., ISO/IEC 27001) and quality management (e.g., ISO 9001). While ISO\nstandards themselves do not regulate financial transactions, organizations may adopt ISO standards to establish\nframeworks for managing security, quality, and risk, which could support compliance efforts related to EFTA.\n\nPayment Card Industry Data Security Standard (PCI DSS) focuses on cardholder data security, compliance with\nthese standards can also contribute to overall data security for electronic fund transfers, potentially aligning\nwith EFTA requirements.\n\nhttps://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,addressing%20people%2C%20processes%20and%20technology.\n\nhttps://www.itgovernance.co.uk/iso9001-quality-management-standards\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.bankingAndFinanceResultsInfo.add("No");
            }
            if ((gUIView.guiForm().getBankingAndFinanceQ1Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ1N().isSelected()) && ((gUIView.guiForm().getBankingAndFinanceQ2Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ2N().isSelected()) && ((gUIView.guiForm().getBankingAndFinanceQ3Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ3N().isSelected()) && ((gUIView.guiForm().getBankingAndFinanceQ4Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ4N().isSelected()) && ((gUIView.guiForm().getBankingAndFinanceQ5Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ5N().isSelected()) && ((gUIView.guiForm().getBankingAndFinanceQ6Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ6N().isSelected()) && ((gUIView.guiForm().getBankingAndFinanceQ7Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ7N().isSelected()) && ((gUIView.guiForm().getBankingAndFinanceQ8Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ8N().isSelected()) && ((gUIView.guiForm().getBankingAndFinanceQ9Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ9N().isSelected()) && (gUIView.guiForm().getBankingAndFinanceQ10Y().isSelected() || gUIView.guiForm().getBankingAndFinanceQ10N().isSelected())))))))))) {
                Iterator<String> it = this.bankingAndFinanceResults.iterator();
                while (it.hasNext()) {
                    gUIView.guiForm().getBankingAndFinanceResultsOutput().append(it.next());
                }
                this.allAnswers.addAll(this.bankingAndFinanceResultsInfo);
                this.allAnswersDB3.addAll(this.bankingAndFinanceResultsInfo);
                gUIView.guiForm().getBankingAndFinanceSubmitButton().setEnabled(false);
            } else {
                gUIView.guiForm().getBankingAndFinanceResultsOutput().append("Please Answer ALL Questions Before Submitting");
            }
            double frequency = 100.0d * (Collections.frequency(this.bankingAndFinanceResultsInfo, "Yes") / this.bankingAndFinanceResultsInfo.size());
            String valueOf = String.valueOf(frequency);
            this.allAnswers.add(valueOf);
            this.allAnswersDB2.add(valueOf);
            this.allAnswersDB3.add(valueOf);
            getAllStuffWritten();
            getAllStuffWrittenDB2();
            getAllStuffWrittenDB3();
            sort(this.inputFile);
            gUIView.guiForm().getBankingAndFinanceGraph().repaint();
            DomainHistogram.createHistogram(gUIView, gUIView.guiForm().getBankingAndFinanceGraph(), "Banking And Finance");
            gUIView.guiForm().getBankingAndFinanceGraph().repaint();
            if (frequency >= 0.0d && frequency < 60.0d) {
                gUIView.guiForm().getBankingAndFinanceScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getBankingAndFinanceScore().setForeground(Color.RED);
            } else if (frequency >= 60.0d && frequency <= 80.0d) {
                gUIView.guiForm().getBankingAndFinanceScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getBankingAndFinanceScore().setForeground(Color.ORANGE);
            } else {
                if (frequency <= 80.0d || frequency > 100.0d) {
                    return;
                }
                gUIView.guiForm().getBankingAndFinanceScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getBankingAndFinanceScore().setForeground(Color.GREEN);
            }
        });
        gUIView.guiForm().getBankingAndFinanceNextResults().addActionListener(this::bfNextResult);
        gUIView.guiForm().getBankingAndFinancePreviousResults().addActionListener(this::bfPreviousResult);
        gUIView.guiForm().getLifeSciencesSubmitButton().addActionListener(actionEvent5 -> {
            gUIView.guiForm().getLifeSciencesResultsOutput().setText("");
            boolean isSelected = gUIView.guiForm().getLifeSciencesQ1Y().isSelected();
            boolean isSelected2 = gUIView.guiForm().getLifeSciencesQ1N().isSelected();
            boolean isSelected3 = gUIView.guiForm().getLifeSciencesQ2Y().isSelected();
            boolean isSelected4 = gUIView.guiForm().getLifeSciencesQ2N().isSelected();
            boolean isSelected5 = gUIView.guiForm().getLifeSciencesQ3Y().isSelected();
            boolean isSelected6 = gUIView.guiForm().getLifeSciencesQ3N().isSelected();
            boolean isSelected7 = gUIView.guiForm().getLifeSciencesQ4Y().isSelected();
            boolean isSelected8 = gUIView.guiForm().getLifeSciencesQ4N().isSelected();
            boolean isSelected9 = gUIView.guiForm().getLifeSciencesQ5Y().isSelected();
            boolean isSelected10 = gUIView.guiForm().getLifeSciencesQ5N().isSelected();
            boolean isSelected11 = gUIView.guiForm().getLifeSciencesQ6Y().isSelected();
            boolean isSelected12 = gUIView.guiForm().getLifeSciencesQ6N().isSelected();
            boolean isSelected13 = gUIView.guiForm().getLifeSciencesQ7Y().isSelected();
            boolean isSelected14 = gUIView.guiForm().getLifeSciencesQ7N().isSelected();
            boolean isSelected15 = gUIView.guiForm().getLifeSciencesQ8Y().isSelected();
            boolean isSelected16 = gUIView.guiForm().getLifeSciencesQ8N().isSelected();
            boolean isSelected17 = gUIView.guiForm().getLifeSciencesQ9Y().isSelected();
            boolean isSelected18 = gUIView.guiForm().getLifeSciencesQ9N().isSelected();
            boolean isSelected19 = gUIView.guiForm().getLifeSciencesQ10Y().isSelected();
            boolean isSelected20 = gUIView.guiForm().getLifeSciencesQ10N().isSelected();
            this.lifeSciencesResults.clear();
            this.lifeSciencesResultsInfo.clear();
            if (isSelected) {
                this.lifeSciencesResults.add("Question 1: Yes\n\nCompliance: 21 CFR Part 11 (11.200a)\n\nLevel of Importance: Moderately-low criticality.\n\nReasoning: While there are other methods to permit attempted use of an electronic signature by an individual\nwho is not the genuine owner, collaboration of two or more individuals has been deemed an appropriate control.\nWhile this assessment points to things like RBAC, MFA, having strong procedures as compliance controls, having\nmultiple individuals who are willing and able to collaborate makes for a safer experience in terms of best practices.\n\nNIST SP 800-63-3\nDigital Identity Guidelines: https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nDescription:\nBe administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other\nthan its genuine owner requires collaboration of two or more individuals\n\n(OPTIONAL)\nHow to Further Comply:\nImplement Multi-Factor Authentication (MFA): Integrate MFA mechanisms for electronic signatures,\nrequiring not only the electronic signature but also additional factors such as a password,\nbiometric verification, or a one-time code sent to a registered device. This ensures that unauthorized\naccess to electronic signatures is significantly more difficult.\n\nRole-Based Access Control (RBAC): Implement RBAC systems to control access to electronic signature\nfunctionalities. Only authorized personnel with specific roles should have access to electronically\nsign documents, and their actions should be audited and tracked.\n\nDigital Signature Policies and Procedures: Develop and enforce clear policies and procedures outlining\nthe proper use and protection of electronic signatures. Ensure all employees are trained on these policies\nand understand the importance of collaboration and the consequences of unauthorized use.\n\nTwo-Party Verification Requirement: Require that any attempt to use an individual's electronic signature\ninvolves verification by at least two authorized individuals. This could involve a supervisor reviewing\nand approving the signature before it becomes valid, adding an extra layer of security and accountability.\n\nElectronic Signature Audit Trails: Implement systems that maintain detailed audit trails for electronic\nsignatures, documenting all actions related to the creation, modification, and authentication of\nelectronic signatures. This ensures transparency and accountability, allowing for thorough review and\ninvestigation if needed.\n\nRegular Security Assessments and Reviews: Conduct regular security assessments and reviews of electronic\nsignature systems to identify and address any vulnerabilities or weaknesses. This includes penetration\ntesting, vulnerability scans, and audits to ensure compliance with regulatory requirements and best\npractices in information security.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected2) {
                this.lifeSciencesResults.add("Question 1: No\n\nCompliance: 21 CFR Part 11 (11.200a)\n\nLevel of Importance: Moderately-low criticality.\n\nReasoning: While there are other methods to permit attempted use of an electronic signature by an individual\nwho is not the genuine owner, collaboration of two or more individuals has been deemed an appropriate control.\nWhile this assessment points to things like RBAC, MFA, having strong procedures as compliance controls, having\nmultiple individuals who are willing and able to collaborate makes for a safer experience in terms of best practices.\n\nNIST SP 800-63-3\nDigital Identity Guidelines: https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nDescription:\nBe administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other\nthan its genuine owner requires collaboration of two or more individuals\n\n(REQUIRED)\nHow to Further Comply:\nImplement Multi-Factor Authentication (MFA): Integrate MFA mechanisms for electronic signatures,\nrequiring not only the electronic signature but also additional factors such as a password,\nbiometric verification, or a one-time code sent to a registered device. This ensures that unauthorized\naccess to electronic signatures is significantly more difficult.\n\nRole-Based Access Control (RBAC): Implement RBAC systems to control access to electronic signature\nfunctionalities. Only authorized personnel with specific roles should have access to electronically\nsign documents, and their actions should be audited and tracked.\n\nDigital Signature Policies and Procedures: Develop and enforce clear policies and procedures outlining\nthe proper use and protection of electronic signatures. Ensure all employees are trained on these policies\nand understand the importance of collaboration and the consequences of unauthorized use.\n\nTwo-Party Verification Requirement: Require that any attempt to use an individual's electronic signature\ninvolves verification by at least two authorized individuals. This could involve a supervisor reviewing\nand approving the signature before it becomes valid, adding an extra layer of security and accountability.\n\nElectronic Signature Audit Trails: Implement systems that maintain detailed audit trails for electronic\nsignatures, documenting all actions related to the creation, modification, and authentication of\nelectronic signatures. This ensures transparency and accountability, allowing for thorough review and\ninvestigation if needed.\n\nRegular Security Assessments and Reviews: Conduct regular security assessments and reviews of electronic\nsignature systems to identify and address any vulnerabilities or weaknesses. This includes penetration\ntesting, vulnerability scans, and audits to ensure compliance with regulatory requirements and best\npractices in information security.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if (isSelected3) {
                this.lifeSciencesResults.add("Question 2: Yes\n\nCompliance: 21 CFR Part 11 (11.200a)\n\nLevel of Importance: Least Critical.\n\nReasoning: While biometric authenication can enhance security in some cases, it may not be\nconsidered universally applicable or necessary for all systems in the life sciences industry.\nOther regulations in this document may be considered more important.  However, the use of\nbiometrics when applied to digital signatures can raise few concerns.\n\nEU Regulation No. 910/2014 (eIDAS):\nhttps://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910&from=EN\n\nDescription:\nSystem ensures the items apply to electronic signatures that are not based upon biometrics.\n\n(OPTIONAL)\nHow to Further Comply:\nUse of Token-Based Authentication: Implement token-based authentication systems where electronic\nsignatures are generated using cryptographic tokens instead of biometric data. This ensures that\nsignatures are not reliant on biometric identifiers such as fingerprints or facial recognition.\n\nPassword-Based Electronic Signatures: Employ password-based electronic signature mechanisms where\nusers authenticate themselves using a unique password or passphrase. This method does not rely on\nbiometric data and provides a straightforward means of authentication.\n\nDigital Certificates: Utilize digital certificates issued by trusted certificate authorities for\nelectronic signatures. Digital certificates authenticate the identity of the signer without relying\non biometric information, enhancing security and compliance with regulations.\n\nKnowledge-Based Authentication: Implement knowledge-based authentication methods where users verify\ntheir identity by answering security questions or providing specific pieces of information known only\nto them. This approach does not involve biometric data and can be effective for electronic signature\nverification.\n\nSmart Card Authentication: Employ smart card authentication systems where electronic signatures are\ngenerated using cryptographic keys stored on smart cards. This method eliminates the need for\nbiometric data and provides a secure means of authentication.\n\nRandomized PIN Generation: Implement randomized PIN generation for electronic signatures, where\nusers are required to enter a randomly generated PIN to authenticate themselves. This method does\nnot rely on biometric information and enhances security by adding an additional layer of authentication.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\neIDAS 910/2014:\nhttps://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected4) {
                this.lifeSciencesResults.add("Question 2: No\n\nCompliance: 21 CFR Part 11 (11.200a)\n\nLevel of Importance: Least Critical.\n\nReasoning: While biometric authenication can enhance security in some cases, it may not be\nconsidered universally applicable or necessary for all systems in the life sciences industry.\nOther regulations in this document may be considered more important.  However, the use of\nbiometrics when applied to digital signatures can raise few concerns.\n\nEU Regulation No. 910/2014 (eIDAS):\nhttps://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910&from=EN\n\nDescription:\nSystem ensures the items apply to electronic signatures that are not based upon biometrics.\n\n(REQUIRED)\nHow to Further Comply:\nUse of Token-Based Authentication: Implement token-based authentication systems where electronic\nsignatures are generated using cryptographic tokens instead of biometric data. This ensures that\nsignatures are not reliant on biometric identifiers such as fingerprints or facial recognition.\n\nPassword-Based Electronic Signatures: Employ password-based electronic signature mechanisms where\nusers authenticate themselves using a unique password or passphrase. This method does not rely on\nbiometric data and provides a straightforward means of authentication.\n\nDigital Certificates: Utilize digital certificates issued by trusted certificate authorities for\nelectronic signatures. Digital certificates authenticate the identity of the signer without relying\non biometric information, enhancing security and compliance with regulations.\n\nKnowledge-Based Authentication: Implement knowledge-based authentication methods where users verify\ntheir identity by answering security questions or providing specific pieces of information known only\nto them. This approach does not involve biometric data and can be effective for electronic signature\nverification.\n\nSmart Card Authentication: Employ smart card authentication systems where electronic signatures are\ngenerated using cryptographic keys stored on smart cards. This method eliminates the need for biometric\ndata and provides a secure means of authentication.\n\nRandomized PIN Generation: Implement randomized PIN generation for electronic signatures, where users\nare required to enter a randomly generated PIN to authenticate themselves. This method does not rely\non biometric information and enhances security by adding an additional layer of authentication.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\neIDAS 910/2014:\nhttps://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if (isSelected5) {
                this.lifeSciencesResults.add("Question 3: Yes\n\nCompliance: 21 CFR Part 11 (11.200a)\n\nLevel of Importance: Highly Critical.\n\nReasoning: Maintaining strong passwords that meet password recommendation guidelines is crucial to\na strong and secure network.  When paired with another distinct identification method, organizations\ncan seek even stronger experiences of security.\n\nNIST SP 1800-17\nMultifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations\nfor Purchasers: https://csrc.nist.gov/pubs/sp/1800/17/final\n\nCISA Password Recommendations:\nhttps://www.cisa.gov/secure-our-world/require-strong-passwords\n\nDescription:\nSystem ensures the items apply to electronic signatures that are not based upon biometrics.\n\n(OPTIONAL)\nHow to Further Comply:\nTwo-Factor Authentication (2FA): Implement two-factor authentication systems where users are required\nto provide two distinct identification components to access electronic signature functionalities. This\ncould involve combining something the user knows (e.g., password or PIN) with something they possess\n(e.g., a physical token or mobile device).\n\nBiometric + Password Authentication: Utilize a combination of biometric authentication (such as fingerprint\nor facial recognition) along with a password or PIN. This dual-factor authentication method ensures that\naccess to electronic signature capabilities requires both biometric verification and knowledge-based authentication.\n\nSmart Card + Password Authentication: Implement authentication systems that utilize a smart card or token\nalong with a password. Users would be required to insert their smart card or token into a reader and enter\na password or PIN to access electronic signature functionalities, providing two distinct identification components.\n\nOne-Time Passcode (OTP) + Password Authentication: Employ OTP systems where users receive a temporary\npasscode via SMS, email, or a dedicated authentication app. Users must then enter this OTP along with\ntheir password to access electronic signature capabilities, providing two-factor authentication.\n\nSecurity Questions + Password Authentication: Incorporate security questions as a second identification\ncomponent alongside passwords. After entering their password, users would be prompted to answer predefined\nsecurity questions, adding an extra layer of authentication before accessing electronic signature features.\n\nPhysical Token + Biometric Authentication: Deploy physical tokens (e.g., USB keys or smart cards) along\nwith biometric authentication methods. Users would be required to present the physical token and undergo\nbiometric verification (e.g., fingerprint scan) to access electronic signature functionalities, ensuring\ntwo distinct identification components are used.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 1800-17\nMultifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers:\nhttps://csrc.nist.gov/pubs/sp/1800/17/final\n\nCISA Password Recommendations:\nhttps://www.cisa.gov/secure-our-world/require-strong-passwords\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected6) {
                this.lifeSciencesResults.add("Question 3: No\n\nCompliance: 21 CFR Part 11 (11.200a)\n\nLevel of Importance: Highly Critical.\n\nReasoning: Maintaining strong passwords that meet password recommendation guidelines is crucial to\na strong and secure network.  When paired with another distinct identification method, organizations\ncan seek even stronger experiences of security.\n\nNIST SP 1800-17\nMultifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations\nfor Purchasers: https://csrc.nist.gov/pubs/sp/1800/17/final\n\nCISA Password Recommendations:\nhttps://www.cisa.gov/secure-our-world/require-strong-passwords\n\nDescription:\nSystem ensures the items apply to electronic signatures that are not based upon biometrics.\n\n(REQUIRED)\nHow to Further Comply:\nTwo-Factor Authentication (2FA): Implement two-factor authentication systems where users are required\nto provide two distinct identification components to access electronic signature functionalities. This\ncould involve combining something the user knows (e.g., password or PIN) with something they possess\n(e.g., a physical token or mobile device).\n\nBiometric + Password Authentication: Utilize a combination of biometric authentication (such as fingerprint\nor facial recognition) along with a password or PIN. This dual-factor authentication method ensures that\naccess to electronic signature capabilities requires both biometric verification and knowledge-based authentication.\n\nSmart Card + Password Authentication: Implement authentication systems that utilize a smart card or token\nalong with a password. Users would be required to insert their smart card or token into a reader and enter\na password or PIN to access electronic signature functionalities, providing two distinct identification components.\n\nOne-Time Passcode (OTP) + Password Authentication: Employ OTP systems where users receive a temporary\npasscode via SMS, email, or a dedicated authentication app. Users must then enter this OTP along with\ntheir password to access electronic signature capabilities, providing two-factor authentication.\n\nSecurity Questions + Password Authentication: Incorporate security questions as a second identification\ncomponent alongside passwords. After entering their password, users would be prompted to answer predefined\nsecurity questions, adding an extra layer of authentication before accessing electronic signature features.\n\nPhysical Token + Biometric Authentication: Deploy physical tokens (e.g., USB keys or smart cards) along\nwith biometric authentication methods. Users would be required to present the physical token and undergo\nbiometric verification (e.g., fingerprint scan) to access electronic signature functionalities, ensuring\ntwo distinct identification components are used.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 1800-17\nMultifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers:\nhttps://csrc.nist.gov/pubs/sp/1800/17/final\n\nCISA Password Recommendations:\nhttps://www.cisa.gov/secure-our-world/require-strong-passwords\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if (isSelected7) {
                this.lifeSciencesResults.add("Question 4: Yes\n\nCompliance: 21 CFR Part 11 (11.200a)\n\nLevel of Importance: Moderately Critical.\n\nReasoning: The concept of systems only being used by their genuine owners is one of the most important in\nthis assessment.  While there are many times that systems may be used by multiple users, to establish a\ngenuine owner is very important.  When correctly applying access control and other preventatives in other\nregulations deemed more important, these risks may be mitigated when a genuine owner is not present simply\nby design of controls.\n\nNIST Special Publication 800-63B\nDigital Identity Guidelines : https://pages.nist.gov/800-63-3/sp800-63b.html\n\nDHS Cybersecurity Framework:\nhttps://csrc.nist.gov/presentations/2019/dhs-cisa-cybersecurity-framework-overview\n\nDescription:\nThe system can only be used by their genuine owners.\n\n(OPTIONAL)\nHow to Further Comply:\nBiometric Authentication: Implement biometric authentication methods such as fingerprint or facial recognition\nto ensure that only authorized individuals can access the system. Biometric data is unique to each individual,\nmaking it difficult for unauthorized users to gain access.\n\nMulti-Factor Authentication (MFA): Require multi-factor authentication for system access, combining multiple\nauthentication factors such as passwords, one-time passcodes, smart cards, or biometrics. This adds an extra\nlayer of security, ensuring that only genuine owners can access the system.\n\nUser Access Controls: Implement robust user access controls, such as role-based access control (RBAC), to\nrestrict access to authorized personnel only. Each user should only have access to the specific functionalities\nand data necessary for their role within the organization.\n\nDevice Authentication: Utilize device authentication mechanisms to ensure that only authorized devices can\naccess the system. This can include device registration, encryption keys, or certificates to verify the\nauthenticity of the device.\n\nBehavioral Analysis: Implement behavioral analysis techniques to monitor user behavior and detect anomalies\nindicative of unauthorized access. This can include analyzing user activity patterns, login times, and\nlocations to identify suspicious behavior.\n\nRegular Security Audits and Reviews: Conduct regular security audits and reviews of the system to identify\nand address potential vulnerabilities or unauthorized access points. This includes penetration testing,\nvulnerability scanning, and code reviews to ensure that security measures are effective in preventing\nunauthorized access.\n\nAdditional Concerns (PLEASE READ):\nNIST Special Publication 800-63B\nDigital Identity Guidelines:\nhttps://pages.nist.gov/800-63-3/sp800-63b.html\n\nDHS Cybersecurity Framework:\nhttps://csrc.nist.gov/presentations/2019/dhs-cisa-cybersecurity-framework-overview\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected8) {
                this.lifeSciencesResults.add("Question 4: No\n\nCompliance: 21 CFR Part 11 (11.200a)\n\nLevel of Importance: Moderately Critical.\n\nReasoning: The concept of systems only being used by their genuine owners is one of the most important in\nthis assessment.  While there are many times that systems may be used by multiple users, to establish a\ngenuine owner is very important.  When correctly applying access control and other preventatives in other\nregulations deemed more important, these risks may be mitigated when a genuine owner is not present simply\nby design of controls.\n\nNIST Special Publication 800-63B\nDigital Identity Guidelines : https://pages.nist.gov/800-63-3/sp800-63b.html\n\nDHS Cybersecurity Framework:\nhttps://csrc.nist.gov/presentations/2019/dhs-cisa-cybersecurity-framework-overview\n\nDescription:\nThe system can only be used by their genuine owners.\n\n(REQUIRED)\nHow to Further Comply:\nBiometric Authentication: Implement biometric authentication methods such as fingerprint or facial recognition\nto ensure that only authorized individuals can access the system. Biometric data is unique to each individual,\nmaking it difficult for unauthorized users to gain access.\n\nMulti-Factor Authentication (MFA): Require multi-factor authentication for system access, combining multiple\nauthentication factors such as passwords, one-time passcodes, smart cards, or biometrics. This adds an extra\nlayer of security, ensuring that only genuine owners can access the system.\n\nUser Access Controls: Implement robust user access controls, such as role-based access control (RBAC), to\nrestrict access to authorized personnel only. Each user should only have access to the specific functionalities\nand data necessary for their role within the organization.\n\nDevice Authentication: Utilize device authentication mechanisms to ensure that only authorized devices can\naccess the system. This can include device registration, encryption keys, or certificates to verify the\nauthenticity of the device.\n\nBehavioral Analysis: Implement behavioral analysis techniques to monitor user behavior and detect anomalies\nindicative of unauthorized access. This can include analyzing user activity patterns, login times, and\nlocations to identify suspicious behavior.\n\nRegular Security Audits and Reviews: Conduct regular security audits and reviews of the system to identify\nand address potential vulnerabilities or unauthorized access points. This includes penetration testing,\nvulnerability scanning, and code reviews to ensure that security measures are effective in preventing\nunauthorized access.\n\nAdditional Concerns (PLEASE READ):\nNIST Special Publication 800-63B\nDigital Identity Guidelines:\nhttps://pages.nist.gov/800-63-3/sp800-63b.html\n\nDHS Cybersecurity Framework:\nhttps://csrc.nist.gov/presentations/2019/dhs-cisa-cybersecurity-framework-overview\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if (isSelected9) {
                this.lifeSciencesResults.add("Question 5: Yes\n\nCompliance: 21 CFR Part 11 (11.30a)\n\nLevel of Importance: Most Critical.\n\nReasoning: The use of digital signatures to ensure authenticity and integrity is mandated by 21 CFR Part 11.\nIn terms of these regulations, this is most important because it is the cornerstone from which all other\nregulations in this assessment are derived from.  Other regulations cannot be followed without employing\nuse of digital signatures.\n\n21 CFR Part 11: Electronic Records; Electronic Signatures\nhttps://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11\n\nDescription:\nCompany must employ use of digital signatures for record authenticity and integrity.\n\n(OPTIONAL)\nHow to Further Comply:\nDigital Signature Certificates (DSC): Obtain digital signature certificates from authorized certification\nauthorities to sign electronic documents and records. DSCs provide cryptographic validation of the signer's\nidentity and ensure the authenticity and integrity of the signed data.\n\nBlockchain Technology: Utilize blockchain technology to create immutable records of digital signatures.\nBlockchain platforms offer decentralized and tamper-resistant ledger systems, ensuring the integrity and\nauthenticity of digital signatures by recording them in a transparent and secure manner.\n\nTimestamping Services: Implement timestamping services to record the exact time when a digital signature\nis applied to a document. Timestamps provide additional evidence of the authenticity and integrity of\nelectronic records by establishing a chronological order of events.\n\nEncryption and Hashing: Employ encryption and hashing algorithms to secure digital signatures and prevent\ntampering. Encrypting digital signatures and hashing the signed data ensures that any unauthorized\nmodifications to the document will be detectable, preserving its integrity.\n\nAudit Trails: Maintain comprehensive audit trails of digital signature activities, including the identity\nof the signer, timestamp of the signature, and details of the signed document. Audit trails provide\ntransparency and accountability, facilitating the verification of authenticity and integrity.\n\nIntegration with Document Management Systems: Integrate digital signature capabilities with document\nmanagement systems to streamline the signing process and ensure the integrity of electronic records.\nBy embedding digital signatures directly into document workflows, organizations can enforce authentication\nand maintain the integrity of signed documents.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\neSIGN Act (2000):\nhttps://ncua.gov/regulation-supervision/manuals-guides/federal-consumer-financial-protection-guide/compliance-management/deposit-regulations/electronic-signatures-global-and-national-commerce-act-e-sign-act\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected10) {
                this.lifeSciencesResults.add("Question 5: No\n\nCompliance: 21 CFR Part 11 (11.30a)\n\nLevel of Importance: Most Critical.\n\nReasoning: The use of digital signatures to ensure authenticity and integrity is mandated by 21 CFR Part 11.\nIn terms of these regulations, this is most important because it is the cornerstone from which all other\nregulations in this assessment are derived from.  Other regulations cannot be followed without employing\nuse of digital signatures.\n\n21 CFR Part 11: Electronic Records; Electronic Signatures\nhttps://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11\n\nDescription:\nCompany must employ use of digital signatures for record authenticity and integrity.\n\n(REQUIRED)\nHow to Further Comply:\nDigital Signature Certificates (DSC): Obtain digital signature certificates from authorized certification\nauthorities to sign electronic documents and records. DSCs provide cryptographic validation of the signer's\nidentity and ensure the authenticity and integrity of the signed data.\n\nBlockchain Technology: Utilize blockchain technology to create immutable records of digital signatures.\nBlockchain platforms offer decentralized and tamper-resistant ledger systems, ensuring the integrity and\nauthenticity of digital signatures by recording them in a transparent and secure manner.\n\nTimestamping Services: Implement timestamping services to record the exact time when a digital signature\nis applied to a document. Timestamps provide additional evidence of the authenticity and integrity of\nelectronic records by establishing a chronological order of events.\n\nEncryption and Hashing: Employ encryption and hashing algorithms to secure digital signatures and prevent\ntampering. Encrypting digital signatures and hashing the signed data ensures that any unauthorized\nmodifications to the document will be detectable, preserving its integrity.\n\nAudit Trails: Maintain comprehensive audit trails of digital signature activities, including the identity\nof the signer, timestamp of the signature, and details of the signed document. Audit trails provide\ntransparency and accountability, facilitating the verification of authenticity and integrity.\n\nIntegration with Document Management Systems: Integrate digital signature capabilities with document\nmanagement systems to streamline the signing process and ensure the integrity of electronic records.\nBy embedding digital signatures directly into document workflows, organizations can enforce authentication\nand maintain the integrity of signed documents.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\neSIGN Act (2000):\nhttps://ncua.gov/regulation-supervision/manuals-guides/federal-consumer-financial-protection-guide/compliance-management/deposit-regulations/electronic-signatures-global-and-national-commerce-act-e-sign-act\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if (isSelected11) {
                this.lifeSciencesResults.add("Question 6: Yes\n\nCompliance: 21 CFR Part 11 (11.10b)\n\nLevel of Importance: Moderately-Low Criticality.\n\nReasoning: While the general confidentiality, integrity, and availability of personal data relating\nto digital signatures in the life science field are of utmost importance, it is also very important\nto generate copies of records that are suitable for inspection and review.  This will help to comply\nwith other regulations and make for an easier process for self-auditing.\n\nNIST SP 800-63-3\nDigital Identity Guidelines: https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nGDPR (Article 5) Process of Personal Data:\nhttps://gdpr-info.eu/art-5-gdpr/\n\nDescription:\nCompany must generate accurate & complete copies of records in both human readable & electronic form\nsuitable for inspection, review, and copying.\n\n(OPTIONAL)\nHow to Further Comply:\nDocument Management Systems (DMS): Implement robust document management systems that facilitate the\ncreation, storage, and retrieval of records in both human-readable and electronic formats.\nDMS platforms should support version control, metadata tagging, and search functionalities to ensure\nthe accuracy and completeness of records.\n\nStandardized Documentation Procedures: Establish standardized documentation procedures outlining the\nformat and structure of records to ensure consistency and completeness. This includes defining data\nfields, naming conventions, and file formats for both human-readable and electronic records.\n\nQuality Control Checks: Implement quality control checks at various stages of record generation to\nverify accuracy and completeness. This can include automated validation checks, peer review processes,\nand quality assurance audits to ensure that records meet regulatory requirements and internal standards.\n\nElectronic Signatures and Timestamps: Utilize electronic signatures and timestamps to authenticate\nrecords and establish their integrity. Electronic signatures provide assurance of authenticity, while\ntimestamps indicate the exact time when records were created or modified, enhancing their reliability\nfor inspection and review.\n\nBackup and Disaster Recovery: Implement robust backup and disaster recovery mechanisms to ensure the\navailability and integrity of records in electronic form. Regular backups should be performed to prevent\ndata loss, and disaster recovery plans should be in place to mitigate the impact of potential disruptions.\n\nUser Training and Documentation: Provide comprehensive training to employees on record generation\nprocedures and the use of document management systems. Clear documentation should be available to guide\nusers on how to accurately create and maintain records in both human-readable and electronic formats.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nGDPR (Article 5) Process of Personal Data:\nhttps://gdpr-info.eu/art-5-gdpr/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected12) {
                this.lifeSciencesResults.add("Question 6: No\n\nCompliance: 21 CFR Part 11 (11.10b)\n\nLevel of Importance: Moderately-Low Criticality.\n\nReasoning: While the general confidentiality, integrity, and availability of personal data relating\nto digital signatures in the life science field are of utmost importance, it is also very important\nto generate copies of records that are suitable for inspection and review.  This will help to comply\nwith other regulations and make for an easier process for self-auditing.\n\nNIST SP 800-63-3\nDigital Identity Guidelines: https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nGDPR (Article 5) Process of Personal Data:\nhttps://gdpr-info.eu/art-5-gdpr/\n\nDescription:\nCompany must generate accurate & complete copies of records in both human readable & electronic form\nsuitable for inspection, review, and copying.\n\n(REQUIRED)\nHow to Further Comply:\nDocument Management Systems (DMS): Implement robust document management systems that facilitate the\ncreation, storage, and retrieval of records in both human-readable and electronic formats.\nDMS platforms should support version control, metadata tagging, and search functionalities to ensure\nthe accuracy and completeness of records.\n\nStandardized Documentation Procedures: Establish standardized documentation procedures outlining the\nformat and structure of records to ensure consistency and completeness. This includes defining data\nfields, naming conventions, and file formats for both human-readable and electronic records.\n\nQuality Control Checks: Implement quality control checks at various stages of record generation to\nverify accuracy and completeness. This can include automated validation checks, peer review processes,\nand quality assurance audits to ensure that records meet regulatory requirements and internal standards.\n\nElectronic Signatures and Timestamps: Utilize electronic signatures and timestamps to authenticate\nrecords and establish their integrity. Electronic signatures provide assurance of authenticity, while\ntimestamps indicate the exact time when records were created or modified, enhancing their reliability\nfor inspection and review.\n\nBackup and Disaster Recovery: Implement robust backup and disaster recovery mechanisms to ensure the\navailability and integrity of records in electronic form. Regular backups should be performed to prevent\ndata loss, and disaster recovery plans should be in place to mitigate the impact of potential disruptions.\n\nUser Training and Documentation: Provide comprehensive training to employees on record generation\nprocedures and the use of document management systems. Clear documentation should be available to guide\nusers on how to accurately create and maintain records in both human-readable and electronic formats.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nGDPR (Article 5) Process of Personal Data:\nhttps://gdpr-info.eu/art-5-gdpr/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if (isSelected13) {
                this.lifeSciencesResults.add("Question 7: Yes\n\nCompliance: 21 CFR Part 11 (11.100b)\n\nLevel of Importance: Most Critical.\n\nReasoning: The verification of a person's identity prior to obtaining a signature is of paramount\nimportance.  Aside from actual employment of digital signature use, successful verification is the\nmost important aspect of these technologies.  GDPR Article 32 specifically outlines the security of\nprocessing electronic records, including verifications.  Commiting to compliance with this regulation\nis absolutely crucial.\n\nGDPR - Article 32: Security of Processing\nhttps://gdpr-info.eu/art-32-gdpr/\n\nDescription:\nCompany must ensure that individual identity will be verified before a signature.\n\n(OPTIONAL)\nHow to Further Comply:\nIdentity Verification Protocols: Establish robust identity verification protocols to ensure that the\nidentity of individuals signing documents is verified before allowing them to apply their signature.\nThis could involve verifying government-issued identification documents or using biometric\nauthentication methods.\n\nMulti-Factor Authentication (MFA): Implement multi-factor authentication mechanisms that require\nindividuals to provide multiple forms of identification before accessing electronic signature\ncapabilities. This could include a combination of passwords, biometrics, smart cards, or one-time\npasscodes.\n\nUser Authentication Processes: Develop comprehensive user authentication processes that require\nindividuals to undergo identity verification before gaining access to electronic signature\nfunctionalities. This may involve user registration, validation of credentials, and periodic\nre-authentication.\n\nDigital Certificates and Public Key Infrastructure (PKI): Utilize digital certificates and PKI\ninfrastructure to verify the identity of individuals applying electronic signatures. Digital\ncertificates issued by trusted certificate authorities provide cryptographic validation of the\nsigner's identity, ensuring the integrity of the signature.\n\nRole-Based Access Controls (RBAC): Implement RBAC systems to control access to electronic signature\ncapabilities based on the roles and responsibilities of individuals within the organization. Only\nauthorized personnel with the appropriate permissions should be allowed to apply signatures after\nidentity verification.\n\nAudit Trails and Logging: Maintain detailed audit trails and logging mechanisms that record the\nidentity verification process for each electronic signature. This provides transparency and\naccountability, allowing organizations to track when and how individual identities were verified\nbefore signatures were applied.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\neIDAS 910/2014:\nhttps://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected14) {
                this.lifeSciencesResults.add("Question 7: No\n\nCompliance: 21 CFR Part 11 (11.100b)\n\nLevel of Importance: Most Critical.\n\nReasoning: The verification of a person's identity prior to obtaining a signature is of paramount\nimportance.  Aside from actual employment of digital signature use, successful verification is the\nmost important aspect of these technologies.  GDPR Article 32 specifically outlines the security of\nprocessing electronic records, including verifications.  Commiting to compliance with this regulation\nis absolutely crucial.\n\nGDPR - Article 32: Security of Processing\nhttps://gdpr-info.eu/art-32-gdpr/\n\nDescription:\nCompany must ensure that individual identity will be verified before a signature.\n\n(REQUIRED)\nHow to Further Comply:\nIdentity Verification Protocols: Establish robust identity verification protocols to ensure that the\nidentity of individuals signing documents is verified before allowing them to apply their signature.\nThis could involve verifying government-issued identification documents or using biometric\nauthentication methods.\n\nMulti-Factor Authentication (MFA): Implement multi-factor authentication mechanisms that require\nindividuals to provide multiple forms of identification before accessing electronic signature\ncapabilities. This could include a combination of passwords, biometrics, smart cards, or one-time\npasscodes.\n\nUser Authentication Processes: Develop comprehensive user authentication processes that require\nindividuals to undergo identity verification before gaining access to electronic signature\nfunctionalities. This may involve user registration, validation of credentials, and periodic\nre-authentication.\n\nDigital Certificates and Public Key Infrastructure (PKI): Utilize digital certificates and PKI\ninfrastructure to verify the identity of individuals applying electronic signatures. Digital\ncertificates issued by trusted certificate authorities provide cryptographic validation of the\nsigner's identity, ensuring the integrity of the signature.\n\nRole-Based Access Controls (RBAC): Implement RBAC systems to control access to electronic signature\ncapabilities based on the roles and responsibilities of individuals within the organization. Only\nauthorized personnel with the appropriate permissions should be allowed to apply signatures after\nidentity verification.\n\nAudit Trails and Logging: Maintain detailed audit trails and logging mechanisms that record the\nidentity verification process for each electronic signature. This provides transparency and\naccountability, allowing organizations to track when and how individual identities were verified\nbefore signatures were applied.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\neIDAS 910/2014:\nhttps://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if (isSelected15) {
                this.lifeSciencesResults.add("Question 8: Yes\n\nCompliance: 21 CFR Part 11 (11.10d)\n\nLevel of Importance: Highly Critical.\n\nReasoning: Limiting system access to only authorized individuals is a concept of great importance,\nsecond only to individual identity verification and actually employing correct use of digital\nsignatures.  NIST's SP 800-53/63-3 help to organize security and privacy controls,\nincluding access control.\n\nNIST SP 800-63-3\nDigital Identity Guidelines: https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nNIST SP 800-53 Rev. 5\nSecurity and Privacy Controls for Information Systems and Organizations:\nhttps://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\n\nDescription:\nThe system must be able to limit system access to authorized individuals.\n\n(OPTIONAL)\nHow to Further Comply:\nRole-Based Access Control (RBAC): Implement RBAC, which assigns permissions to users based on their\nroles within the organization. This ensures that individuals only have access to the resources and\nfunctionalities necessary for their job responsibilities.\n\nUser Authentication: Require users to authenticate themselves using unique identifiers such as\nusernames and passwords before accessing the system. This ensures that only authorized individuals\ncan gain entry.\n\nMulti-Factor Authentication (MFA): Employ MFA, which requires users to provide multiple forms of\nverification, such as passwords, biometric data, or security tokens. This adds an extra layer of\nsecurity to prevent unauthorized access.\n\nAccess Control Lists (ACL): Use ACLs to specify which users or groups have access to specific\nresources or files within the system. This allows administrators to finely control access\npermissions based on user identity.\n\nSession Management: Implement session management techniques to monitor and control user sessions\nwithin the system. This includes enforcing session timeouts, limiting the number of concurrent\nsessions per user, and logging out inactive users automatically.\n\nAuditing and Monitoring: Maintain comprehensive audit logs and monitoring systems to track user\nactivities and detect unauthorized access attempts. Regularly review these logs to identify any\nsuspicious behavior and take appropriate action.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nNIST SP 800-53 Rev. 5\nSecurity and Privacy Controls for Information Systems and Organizations:\nhttps://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected16) {
                this.lifeSciencesResults.add("Question 8: No\n\nCompliance: 21 CFR Part 11 (11.10d)\n\nLevel of Importance: Highly Critical.\n\nReasoning: Limiting system access to only authorized individuals is a concept of great importance,\nsecond only to individual identity verification and actually employing correct use of digital\nsignatures.  NIST's SP 800-53/63-3 help to organize security and privacy controls,\nincluding access control.\n\nNIST SP 800-63-3\nDigital Identity Guidelines: https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nNIST SP 800-53 Rev. 5\nSecurity and Privacy Controls for Information Systems and Organizations:\nhttps://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\n\nDescription:\nThe system must be able to limit system access to authorized individuals.\n\n(REQUIRED)\nHow to Further Comply:\nRole-Based Access Control (RBAC): Implement RBAC, which assigns permissions to users based on their\nroles within the organization. This ensures that individuals only have access to the resources and\nfunctionalities necessary for their job responsibilities.\n\nUser Authentication: Require users to authenticate themselves using unique identifiers such as\nusernames and passwords before accessing the system. This ensures that only authorized individuals\ncan gain entry.\n\nMulti-Factor Authentication (MFA): Employ MFA, which requires users to provide multiple forms of\nverification, such as passwords, biometric data, or security tokens. This adds an extra layer of\nsecurity to prevent unauthorized access.\n\nAccess Control Lists (ACL): Use ACLs to specify which users or groups have access to specific\nresources or files within the system. This allows administrators to finely control access\npermissions based on user identity.\n\nSession Management: Implement session management techniques to monitor and control user sessions\nwithin the system. This includes enforcing session timeouts, limiting the number of concurrent\nsessions per user, and logging out inactive users automatically.\n\nAuditing and Monitoring: Maintain comprehensive audit logs and monitoring systems to track user\nactivities and detect unauthorized access attempts. Regularly review these logs to identify any\nsuspicious behavior and take appropriate action.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nNIST SP 800-53 Rev. 5\nSecurity and Privacy Controls for Information Systems and Organizations:\nhttps://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if (isSelected17) {
                this.lifeSciencesResults.add("Question 9: Yes\n\nCompliance: 21 CFR Part 11 (11.10e)\n\nLevel of Importance: Least Critical.\n\nReasoning: The need to update and change records are present in multiple industries, including life science.\nWhile refraining from obscuring past data is a good practice when possible, there are little risks that an\norganization would experience due to losing old data that had already been updated.\nNot all records need to be kept.\n\nEMA's Good Clinical Practices Guidelines:\nhttps://www.ema.europa.eu/en/human-regulatory-overview/research-development/compliance-research-development/good-clinical-practice\n\nUS FDA's Good Clinical Practices:\nhttps://www.fda.gov/about-fda/center-drug-evaluation-and-research-cder/good-clinical-practice\n\nDescription:\nEnsure that record changes do not obscure previously recorded information.\n\n(OPTIONAL)\nHow to Further Comply:\nVersion Control Systems: Implement version control systems that track changes made to records over time.\nThis ensures that previous versions of records are preserved and accessible, even after subsequent edits\nor updates have been made.\n\nAudit Trails: Maintain detailed audit trails that log all changes made to records, including the date,\ntime, and user responsible for each modification. Audit trails provide transparency and accountability,\nallowing organizations to track and review changes made to records.\n\nDigital Signatures: Require digital signatures for record modifications, particularly for critical or\nsensitive information. Digital signatures provide cryptographic validation of the authenticity and\nintegrity of record changes, ensuring that previously recorded information remains unchanged.\n\nData Validation Checks: Implement data validation checks to ensure that record changes do not\ninadvertently overwrite or obscure previously recorded information. This includes validating data formats,\nranges, and dependencies to prevent unintentional data loss or corruption.\n\nUser Permissions and Access Controls: Enforce user permissions and access controls to restrict the ability\nto modify records to authorized individuals only. By limiting access to record editing functionalities\nbased on user roles and responsibilities, organizations can reduce the risk of unauthorized changes that\ncould obscure previously recorded information.\n\nAutomated Alerts and Notifications: Set up automated alerts and notifications to notify relevant\nstakeholders whenever changes are made to records. This allows for real-time monitoring of record\nmodifications and enables prompt action to review and validate changes to ensure that previously\nrecorded information remains intact.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nISO 16175-1:\nhttps://www.iso.org/standard/74294.html\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected18) {
                this.lifeSciencesResults.add("Question 9: No\n\nCompliance: 21 CFR Part 11 (11.10e)\n\nLevel of Importance: Least Critical.\n\nReasoning: The need to update and change records are present in multiple industries, including life science.\nWhile refraining from obscuring past data is a good practice when possible, there are little risks that an\norganization would experience due to losing old data that had already been updated.\nNot all records need to be kept.\n\nEMA's Good Clinical Practices Guidelines:\nhttps://www.ema.europa.eu/en/human-regulatory-overview/research-development/compliance-research-development/good-clinical-practice\n\nUS FDA's Good Clinical Practices:\nhttps://www.fda.gov/about-fda/center-drug-evaluation-and-research-cder/good-clinical-practice\n\nDescription:\nEnsure that record changes do not obscure previously recorded information.\n\n(REQUIRED)\nHow to Further Comply:\nVersion Control Systems: Implement version control systems that track changes made to records over time.\nThis ensures that previous versions of records are preserved and accessible, even after subsequent edits\nor updates have been made.\n\nAudit Trails: Maintain detailed audit trails that log all changes made to records, including the date,\ntime, and user responsible for each modification. Audit trails provide transparency and accountability,\nallowing organizations to track and review changes made to records.\n\nDigital Signatures: Require digital signatures for record modifications, particularly for critical or\nsensitive information. Digital signatures provide cryptographic validation of the authenticity and\nintegrity of record changes, ensuring that previously recorded information remains unchanged.\n\nData Validation Checks: Implement data validation checks to ensure that record changes do not\ninadvertently overwrite or obscure previously recorded information. This includes validating data formats,\nranges, and dependencies to prevent unintentional data loss or corruption.\n\nUser Permissions and Access Controls: Enforce user permissions and access controls to restrict the ability\nto modify records to authorized individuals only. By limiting access to record editing functionalities\nbased on user roles and responsibilities, organizations can reduce the risk of unauthorized changes that\ncould obscure previously recorded information.\n\nAutomated Alerts and Notifications: Set up automated alerts and notifications to notify relevant\nstakeholders whenever changes are made to records. This allows for real-time monitoring of record\nmodifications and enables prompt action to review and validate changes to ensure that previously\nrecorded information remains intact.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nISO 16175-1:\nhttps://www.iso.org/standard/74294.html\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if (isSelected19) {
                this.lifeSciencesResults.add("Question 10: Yes\n\nCompliance: 21 CFR Part 11 (11.10g)\n\nLevel of Importance: Moderately Critical.\n\nReasoning: While there are other ways to ensure that only authorized individauls are using a given system,\nauthority checks are one of them.  Therefore, the idea to include them as an extra security measure would\nserve as a benefit to any organization.\n\nNIST SP 800-63-3\nDigital Identity Guidelines: https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nDescription:\nThe system must employ the use of authority checks to ensure that only authorized individuals use the system.\n\n(OPTIONAL)\nHow to Further Comply:\nRole-Based Access Control (RBAC): Implement RBAC mechanisms to assign specific roles to users and grant them\naccess permissions based on their job responsibilities and organizational hierarchy. This ensures that individuals\ncan only access functionalities and data relevant to their roles.\n\nUser Authentication and Authorization: Require users to authenticate themselves using unique identifiers such\nas usernames and passwords before gaining access to the system. Additionally, enforce authorization checks to\nverify that authenticated users have the necessary permissions to perform specific actions within the system.\n\nTwo-Factor Authentication (2FA): Enhance security by implementing 2FA, which requires users to provide two forms\nof authentication, such as a password and a one-time code sent to their mobile device. This adds an extra layer\nof protection against unauthorized access attempts.\n\nSession Management and Timeout Policies: Implement session management controls to monitor and manage user sessions\nwithin the system. Set session timeout policies to automatically log out inactive users after a predefined period\nof inactivity, reducing the risk of unauthorized access from unattended sessions.\n\nAccess Reviews and Audits: Conduct regular access reviews and audits to evaluate user permissions and identify any\ndiscrepancies or anomalies. This involves reviewing user accounts, permissions, and activity logs to ensure that\nonly authorized individuals are using the system and that access privileges are appropriate and up-to-date.\n\nUser Training and Awareness Programs: Provide comprehensive training and awareness programs to educate users about\nthe importance of security practices and the risks associated with unauthorized access. Empower users to recognize\nand report suspicious activities, phishing attempts, or unauthorized access attempts to the appropriate authorities.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("Yes");
            } else if (isSelected20) {
                this.lifeSciencesResults.add("Question 10: No\n\nCompliance: 21 CFR Part 11 (11.10g)\n\nLevel of Importance: Moderately Critical.\n\nReasoning: While there are other ways to ensure that only authorized individauls are using a given system,\nauthority checks are one of them.  Therefore, the idea to include them as an extra security measure would\nserve as a benefit to any organization.\n\nNIST SP 800-63-3\nDigital Identity Guidelines: https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\nDescription:\nThe system must employ the use of authority checks to ensure that only authorized individuals use the system.\n\n(REQUIRED)\nHow to Further Comply:\nRole-Based Access Control (RBAC): Implement RBAC mechanisms to assign specific roles to users and grant them\naccess permissions based on their job responsibilities and organizational hierarchy. This ensures that individuals\ncan only access functionalities and data relevant to their roles.\n\nUser Authentication and Authorization: Require users to authenticate themselves using unique identifiers such\nas usernames and passwords before gaining access to the system. Additionally, enforce authorization checks to\nverify that authenticated users have the necessary permissions to perform specific actions within the system.\n\nTwo-Factor Authentication (2FA): Enhance security by implementing 2FA, which requires users to provide two forms\nof authentication, such as a password and a one-time code sent to their mobile device. This adds an extra layer\nof protection against unauthorized access attempts.\n\nSession Management and Timeout Policies: Implement session management controls to monitor and manage user sessions\nwithin the system. Set session timeout policies to automatically log out inactive users after a predefined period\nof inactivity, reducing the risk of unauthorized access from unattended sessions.\n\nAccess Reviews and Audits: Conduct regular access reviews and audits to evaluate user permissions and identify any\ndiscrepancies or anomalies. This involves reviewing user accounts, permissions, and activity logs to ensure that\nonly authorized individuals are using the system and that access privileges are appropriate and up-to-date.\n\nUser Training and Awareness Programs: Provide comprehensive training and awareness programs to educate users about\nthe importance of security practices and the risks associated with unauthorized access. Empower users to recognize\nand report suspicious activities, phishing attempts, or unauthorized access attempts to the appropriate authorities.\n\nAdditional Concerns (PLEASE READ):\nNIST SP 800-63-3\nDigital Identity Guidelines:\nhttps://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.lifeSciencesResultsInfo.add("No");
            }
            if ((gUIView.guiForm().getLifeSciencesQ1Y().isSelected() || gUIView.guiForm().getLifeSciencesQ1N().isSelected()) && ((gUIView.guiForm().getLifeSciencesQ2Y().isSelected() || gUIView.guiForm().getLifeSciencesQ2N().isSelected()) && ((gUIView.guiForm().getLifeSciencesQ3Y().isSelected() || gUIView.guiForm().getLifeSciencesQ3N().isSelected()) && ((gUIView.guiForm().getLifeSciencesQ4Y().isSelected() || gUIView.guiForm().getLifeSciencesQ4N().isSelected()) && ((gUIView.guiForm().getLifeSciencesQ5Y().isSelected() || gUIView.guiForm().getLifeSciencesQ5N().isSelected()) && ((gUIView.guiForm().getLifeSciencesQ6Y().isSelected() || gUIView.guiForm().getLifeSciencesQ6N().isSelected()) && ((gUIView.guiForm().getLifeSciencesQ7Y().isSelected() || gUIView.guiForm().getLifeSciencesQ7N().isSelected()) && ((gUIView.guiForm().getLifeSciencesQ8Y().isSelected() || gUIView.guiForm().getLifeSciencesQ8N().isSelected()) && ((gUIView.guiForm().getLifeSciencesQ9Y().isSelected() || gUIView.guiForm().getLifeSciencesQ9N().isSelected()) && (gUIView.guiForm().getLifeSciencesQ10Y().isSelected() || gUIView.guiForm().getLifeSciencesQ10N().isSelected())))))))))) {
                Iterator<String> it = this.lifeSciencesResults.iterator();
                while (it.hasNext()) {
                    gUIView.guiForm().getLifeSciencesResultsOutput().append(it.next());
                }
                this.allAnswers.addAll(this.lifeSciencesResultsInfo);
                this.allAnswersDB3.addAll(this.lifeSciencesResultsInfo);
                gUIView.guiForm().getLifeSciencesSubmitButton().setEnabled(false);
            } else {
                gUIView.guiForm().getLifeSciencesResultsOutput().append("Please Answer ALL Questions Before Submitting");
            }
            double frequency = 100.0d * (Collections.frequency(this.lifeSciencesResultsInfo, "Yes") / this.lifeSciencesResultsInfo.size());
            String valueOf = String.valueOf(frequency);
            this.allAnswers.add(valueOf);
            this.allAnswersDB2.add(valueOf);
            this.allAnswersDB3.add(valueOf);
            getAllStuffWritten();
            getAllStuffWrittenDB2();
            getAllStuffWrittenDB3();
            sort(this.inputFile);
            gUIView.guiForm().getLifeSciencesGraph().repaint();
            DomainHistogram.createHistogram(gUIView, gUIView.guiForm().getLifeSciencesGraph(), "Life Sciences");
            gUIView.guiForm().getLifeSciencesGraph().repaint();
            if (frequency >= 0.0d && frequency < 60.0d) {
                gUIView.guiForm().getLifeSciencesScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getLifeSciencesScore().setForeground(Color.RED);
            } else if (frequency >= 60.0d && frequency <= 80.0d) {
                gUIView.guiForm().getLifeSciencesScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getLifeSciencesScore().setForeground(Color.ORANGE);
            } else {
                if (frequency <= 80.0d || frequency > 100.0d) {
                    return;
                }
                gUIView.guiForm().getLifeSciencesScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getLifeSciencesScore().setForeground(Color.GREEN);
            }
        });
        gUIView.guiForm().getLifeSciencesNextResults().addActionListener(this::lsNextResult);
        gUIView.guiForm().getLifeSciencesPreviousResults().addActionListener(this::lsPreviousResult);
        gUIView.guiForm().getPatentsAndLegalSubmitButton().addActionListener(actionEvent6 -> {
            gUIView.guiForm().getPatentsAndLegalResultsOutput().setText("");
            boolean isSelected = gUIView.guiForm().getPatentsAndLegalQ1Y().isSelected();
            boolean isSelected2 = gUIView.guiForm().getPatentsAndLegalQ1N().isSelected();
            boolean isSelected3 = gUIView.guiForm().getPatentsAndLegalQ2Y().isSelected();
            boolean isSelected4 = gUIView.guiForm().getPatentsAndLegalQ2N().isSelected();
            boolean isSelected5 = gUIView.guiForm().getPatentsAndLegalQ3Y().isSelected();
            boolean isSelected6 = gUIView.guiForm().getPatentsAndLegalQ3N().isSelected();
            boolean isSelected7 = gUIView.guiForm().getPatentsAndLegalQ4Y().isSelected();
            boolean isSelected8 = gUIView.guiForm().getPatentsAndLegalQ4N().isSelected();
            boolean isSelected9 = gUIView.guiForm().getPatentsAndLegalQ5Y().isSelected();
            boolean isSelected10 = gUIView.guiForm().getPatentsAndLegalQ5N().isSelected();
            boolean isSelected11 = gUIView.guiForm().getPatentsAndLegalQ6Y().isSelected();
            boolean isSelected12 = gUIView.guiForm().getPatentsAndLegalQ6N().isSelected();
            boolean isSelected13 = gUIView.guiForm().getPatentsAndLegalQ7Y().isSelected();
            boolean isSelected14 = gUIView.guiForm().getPatentsAndLegalQ7N().isSelected();
            boolean isSelected15 = gUIView.guiForm().getPatentsAndLegalQ8Y().isSelected();
            boolean isSelected16 = gUIView.guiForm().getPatentsAndLegalQ8N().isSelected();
            boolean isSelected17 = gUIView.guiForm().getPatentsAndLegalQ9Y().isSelected();
            boolean isSelected18 = gUIView.guiForm().getPatentsAndLegalQ9N().isSelected();
            boolean isSelected19 = gUIView.guiForm().getPatentsAndLegalQ10Y().isSelected();
            boolean isSelected20 = gUIView.guiForm().getPatentsAndLegalQ10N().isSelected();
            this.patentsAndLegalResults.clear();
            this.patentsAndLegalResultsInfo.clear();
            if (isSelected) {
                this.patentsAndLegalResults.add("Question 1: Yes\n\nCompliance: U.S.C. Title 35 Section 101\n\nLevel of Importance: Highly Critical.\n\nReasoning: The first step in establishing a patent. Only highly critical because this is not applicable to every company.\n\nDescription:\nThe statute defines patentable subject matter as any new and useful process, machine, manufacture, or composition\nof matter, or any new and useful improvement thereof.\n\n(OPTIONAL)\nHow to Further Comply:\nEnsure Patentable Subject Matter: Ensure that the invention falls within one of the statutory categories of patentable\nsubject matter: processes, machines, manufactures, or compositions of matter. These categories encompass a wide range\nof inventions, including methods, devices, products, and compositions.\n\nAvoid Abstract Ideas: Ensure that the invention is not merely an abstract idea, natural phenomenon, or law of nature,\nwhich are excluded from patent eligibility under Section 101. Focus on inventions that involve practical applications\nor technological innovations rather than purely theoretical concepts.\n\nDemonstrate Utility: Demonstrate that the invention has utility or practical use, as required by Section 101. Provide\nevidence or explanations of how the invention solves a specific problem, improves a process, or achieves a tangible\nresult that is beneficial or valuable to society.\n\nShow Inventive Step: Show that the invention involves an inventive step or non-obviousness, which is a requirement\nfor patentability under Section 101. Demonstrate that the invention represents a significant departure from existing\ntechnologies or methods and involves creative or innovative elements that would not have been obvious to a person\nskilled in the relevant field.\n\nAvoid Laws of Nature or Abstract Concepts: Avoid claiming inventions that are directed solely to laws of nature,\nnatural phenomena, or abstract concepts, as these are not considered patent eligible subject matter under Section\n101. Instead, focus on inventions that involve practical applications or technological solutions to real-world problems.\n\nDraft Claims Clearly and Specifically: Draft patent claims clearly and specifically to define the scope of the\ninvention and establish its eligibility for patent protection under Section 101. Use language that describes the\ninvention in concrete terms and avoids overly broad or ambiguous language that could raise questions about its\npatentability.\n\nAdditional Concerns (PLEASE READ):\nData Protection and Privacy (GDPR): While GDPR primarily addresses data protection and privacy, it indirectly\nimpacts trademarks by regulating the processing of personal data, including data related to brand names, logos,\ntrademarks, and patents. Organizations must ensure compliance with GDPR's data protection principles when collecting,\nprocessing, or transferring personal data that may include trademark-related information.\n\nCybersecurity (NIST, DHS): NIST and DHS provide cybersecurity frameworks and guidelines aimed at protecting against\ncyber threats and data breaches. While these frameworks do not specifically address trademarks and patents, maintaining\nrobust cybersecurity measures is essential for protecting intellectual property, including trademarks, from unauthorized\naccess, misuse, or infringement.\n\nPayment Card Security (PCI DSS): PCI DSS compliance focuses on securing payment card data, but it indirectly impacts\ntrademarks and patents in the context of brand reputation and trust. Compliance with PCI DSS requirements can help\nprotect the reputation of brands associated with payment card transactions by ensuring the security and integrity of\npayment card data.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected2) {
                this.patentsAndLegalResults.add("Question 1: No\n\nCompliance: U.S.C. Title 35 Section 101\n\nLevel of Importance: Highly Critical\n\nReasoning: The first step in establishing a patent. Only highly critical because this is not applicable to every company.\n\nDescription:\nThe statute defines patentable subject matter as any new and useful process, machine, manufacture, or composition\nof matter, or any new and useful improvement thereof.\n\n(REQUIRED)\nHow to Further Comply:\nEnsure Patentable Subject Matter: Ensure that the invention falls within one of the statutory categories of patentable\nsubject matter: processes, machines, manufactures, or compositions of matter. These categories encompass a wide range\nof inventions, including methods, devices, products, and compositions.\n\nAvoid Abstract Ideas: Ensure that the invention is not merely an abstract idea, natural phenomenon, or law of nature,\nwhich are excluded from patent eligibility under Section 101. Focus on inventions that involve practical applications\nor technological innovations rather than purely theoretical concepts.\n\nDemonstrate Utility: Demonstrate that the invention has utility or practical use, as required by Section 101. Provide\nevidence or explanations of how the invention solves a specific problem, improves a process, or achieves a tangible\nresult that is beneficial or valuable to society.\n\nShow Inventive Step: Show that the invention involves an inventive step or non-obviousness, which is a requirement\nfor patentability under Section 101. Demonstrate that the invention represents a significant departure from existing\ntechnologies or methods and involves creative or innovative elements that would not have been obvious to a person\nskilled in the relevant field.\n\nAvoid Laws of Nature or Abstract Concepts: Avoid claiming inventions that are directed solely to laws of nature,\nnatural phenomena, or abstract concepts, as these are not considered patent eligible subject matter under Section\n101. Instead, focus on inventions that involve practical applications or technological solutions to real-world problems.\n\nDraft Claims Clearly and Specifically: Draft patent claims clearly and specifically to define the scope of the\ninvention and establish its eligibility for patent protection under Section 101. Use language that describes the\ninvention in concrete terms and avoids overly broad or ambiguous language that could raise questions about its\npatentability.\n\nAdditional Concerns (PLEASE READ):\nData Protection and Privacy (GDPR): While GDPR primarily addresses data protection and privacy, it indirectly\nimpacts trademarks by regulating the processing of personal data, including data related to brand names, logos,\ntrademarks, and patents. Organizations must ensure compliance with GDPR's data protection principles when collecting,\nprocessing, or transferring personal data that may include trademark-related information.\n\nCybersecurity (NIST, DHS): NIST and DHS provide cybersecurity frameworks and guidelines aimed at protecting against\ncyber threats and data breaches. While these frameworks do not specifically address trademarks and patents, maintaining\nrobust cybersecurity measures is essential for protecting intellectual property, including trademarks, from unauthorized\naccess, misuse, or infringement.\n\nPayment Card Security (PCI DSS): PCI DSS compliance focuses on securing payment card data, but it indirectly impacts\ntrademarks and patents in the context of brand reputation and trust. Compliance with PCI DSS requirements can help\nprotect the reputation of brands associated with payment card transactions by ensuring the security and integrity of\npayment card data.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if (isSelected3) {
                this.patentsAndLegalResults.add("Question 2: Yes\n\nCompliance: U.S.C. Title 35 Section 102\n\nLevel of Importance: Most Critical.\n\nReasoning: This is the main reaspn for establishing a patent. This is something that should be thouroughly\n considered by every company.\n\nDescription:\nThis outlines conditions for novelty, stating that an invention must be new or novel.\n\n(OPTIONAL)\nHow to Further Comply:\nConduct Prior Art Searches: Before filing a patent application, conduct thorough searches to identify existing\nprior art relevant to the proposed invention. This includes patents, publications, and other publicly available\ninformation that may impact the novelty of the invention.\n\nDocument Invention Dates: Keep detailed records of the invention process, including dates of conception and\nreduction to practice. Documentation should be clear, dated, and signed by the inventors to establish priority\nand support claims of novelty.\n\nFile Patent Applications Promptly: File patent applications promptly after the invention has been conceived and\nreduced to practice to preserve novelty. Delay in filing can result in the invention being disclosed to the public,\npotentially compromising its novelty.\n\nAvoid Public Disclosures: Refrain from publicly disclosing or offering for sale the invention before filing a\npatent application. Public disclosures, such as presentations, publications, or product demonstrations, can\ntrigger statutory bars under Section 102, barring patent protection.\n\nUse Confidentiality Agreements: Use confidentiality agreements or non-disclosure agreements (NDAs) when disclosing\nthe invention to third parties, such as investors, collaborators, or manufacturers. These agreements help protect\nthe confidentiality of the invention and preserve its novelty.\n\nMaintain Confidentiality Within the Company: Maintain confidentiality within the company by restricting access to\nsensitive information about the invention. Implement policies and procedures to safeguard trade secrets and\nproprietary information from unauthorized disclosure or use.\n\nAdditional Concerns (PLEASE READ):\nSecurity and Privacy by Design: Both NIST guidelines and GDPR promote the concept of \"security and privacy by design,\nwhich emphasizes integrating security and privacy features into the design and development of new systems, products,\nor services. When creating new machines, organizations may need to consider security and privacy implications and\nincorporate appropriate safeguards and controls from the outset.\n\nCompliance Obligations: PCI DSS compliance may be relevant for organizations creating new machines that process or\nhandle payment card data. While PCI DSS primarily focuses on payment card security, organizations involved in the\ndevelopment of machines used for payment processing may need to consider PCI DSS requirements for securing cardholder\ndata and payment transactions.\n\nData Protection and Privacy: GDPR imposes requirements for the protection of personal data, including data collected\nor processed by machines. Organizations creating new machines that collect, store, or process personal data must ensure\ncompliance with GDPR's data protection principles, including lawful processing, data minimization, and data security\nrequirements.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected4) {
                this.patentsAndLegalResults.add("Question 2: No\n\nCompliance: U.S.C. Title 35 Section 102\n\nLevel of Importance: Most Critical.\n\nReasoning: This is the main reaspn for establishing a patent. This is something that should be thouroughly\nconsidered by every company.\n\nDescription:\nThis outlines conditions for novelty, stating that an invention must be new or novel.\n\n(REQUIRED)\nHow to Further Comply:\nConduct Prior Art Searches: Before filing a patent application, conduct thorough searches to identify existing\nprior art relevant to the proposed invention. This includes patents, publications, and other publicly available\ninformation that may impact the novelty of the invention.\n\nDocument Invention Dates: Keep detailed records of the invention process, including dates of conception and\nreduction to practice. Documentation should be clear, dated, and signed by the inventors to establish priority\nand support claims of novelty.\n\nFile Patent Applications Promptly: File patent applications promptly after the invention has been conceived and\nreduced to practice to preserve novelty. Delay in filing can result in the invention being disclosed to the public,\npotentially compromising its novelty.\n\nAvoid Public Disclosures: Refrain from publicly disclosing or offering for sale the invention before filing a\npatent application. Public disclosures, such as presentations, publications, or product demonstrations, can\ntrigger statutory bars under Section 102, barring patent protection.\n\nUse Confidentiality Agreements: Use confidentiality agreements or non-disclosure agreements (NDAs) when disclosing\nthe invention to third parties, such as investors, collaborators, or manufacturers. These agreements help protect\nthe confidentiality of the invention and preserve its novelty.\n\nMaintain Confidentiality Within the Company: Maintain confidentiality within the company by restricting access to\nsensitive information about the invention. Implement policies and procedures to safeguard trade secrets and\nproprietary information from unauthorized disclosure or use.\n\nAdditional Concerns (PLEASE READ):\nSecurity and Privacy by Design: Both NIST guidelines and GDPR promote the concept of \"security and privacy by design,\nwhich emphasizes integrating security and privacy features into the design and development of new systems, products,\nor services. When creating new machines, organizations may need to consider security and privacy implications and\nincorporate appropriate safeguards and controls from the outset.\n\nCompliance Obligations: PCI DSS compliance may be relevant for organizations creating new machines that process or\nhandle payment card data. While PCI DSS primarily focuses on payment card security, organizations involved in the\ndevelopment of machines used for payment processing may need to consider PCI DSS requirements for securing cardholder\ndata and payment transactions.\n\nData Protection and Privacy: GDPR imposes requirements for the protection of personal data, including data collected\nor processed by machines. Organizations creating new machines that collect, store, or process personal data must ensure\ncompliance with GDPR's data protection principles, including lawful processing, data minimization, and data security\nrequirements.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if (isSelected5) {
                this.patentsAndLegalResults.add("Question 3: Yes\n\nCompliance: U.S.C. Title 35 Section 103\n\nLevel of Importance: Most Critical.\n\nReasoning: This is the main reaspn for establishing a patent. This is something that should be thouroughly considered by every company.\n\nDescription:\nAddresses non-obviousness, requiring that an invention must not be obvious to a person with ordinary skill in the relevant field.\n\n(OPTIONAL)\nHow to Further Comply:\nConduct Prior Art Searches: Before filing a patent application, conduct thorough searches to identify existing prior art relevant\nto the proposed invention. This includes patents, publications, and other publicly available information that may impact the\npatentability of the invention.\n\nEvaluate Inventive Step: Assess the inventive step or non-obviousness of the proposed invention in light of the prior art.\nDetermine whether the invention would have been obvious to a person having ordinary skill in the relevant field at the time\nthe invention was made, considering factors such as the level of ordinary skill, the differences between the invention and the\nprior art, and any unexpected results or advantages of the invention.\n\nDocument Inventive Concept: Document the inventive concept or innovation that distinguishes the proposed invention from the\nprior art. Clearly articulate the problem solved by the invention, the inventive solution, and any technical or practical\nadvantages over existing technologies or methods.\n\nProvide Supporting Evidence: Provide supporting evidence or rationale to demonstrate the non-obviousness of the invention.\nThis may include technical data, experimental results, expert opinions, or other objective evidence that illustrates the\ninventive step or unexpected aspects of the invention.\n\nDraft Claims Strategically: Draft patent claims that define the scope of the invention in a way that captures the novel and\nnon-obvious aspects of the invention while distinguishing it from the prior art. Tailor the language of the claims to emphasize\nthe inventive features and avoid language that could be construed as obvious in view of the prior art.\n\nAnticipate Examiner Objections: Anticipate potential objections from patent examiners regarding obviousness based on the prior art.\nAddress any potential weaknesses or challenges upfront in the patent application by providing thorough explanations, arguments,\nand evidence to support the non-obviousness of the invention.\n\nAdditional Concerns (PLEASE READ):\nSecurity and Privacy by Design: Both NIST guidelines and GDPR promote the concept of \"security and privacy by design,\" which\nemphasizes integrating security and privacy features into the design and development of new systems, products, or services.\nWhen creating new machines, organizations may need to consider security and privacy implications and incorporate appropriate\nsafeguards and controls from the outset.\n\nCompliance Obligations: PCI DSS compliance may be relevant for organizations creating new machines that process or handle\npayment card data. While PCI DSS primarily focuses on payment card security, organizations involved in the development of\nmachines used for payment processing may need to consider PCI DSS requirements for securing cardholder data and payment transactions.\n\nData Protection and Privacy: GDPR imposes requirements for the protection of personal data, including data collected or processed\nby machines. Organizations creating new machines that collect, store, or process personal data must ensure compliance with GDPR's\ndata protection principles, including lawful processing, data minimization, and data security requirements.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected6) {
                this.patentsAndLegalResults.add("Question 3: No\n\nCompliance: U.S.C. Title 35 Section 103\n\nLevel of Importance: Most Critical.\n\nReasoning: This is the main reaspn for establishing a patent. This is something that should be thouroughly considered by every company.\n\nDescription:\nAddresses non-obviousness, requiring that an invention must not be obvious to a person with ordinary skill in the relevant field.\n\n(REQUIRED)\nHow to Further Comply:\nConduct Prior Art Searches: Before filing a patent application, conduct thorough searches to identify existing prior art relevant\nto the proposed invention. This includes patents, publications, and other publicly available information that may impact the\npatentability of the invention.\n\nEvaluate Inventive Step: Assess the inventive step or non-obviousness of the proposed invention in light of the prior art.\nDetermine whether the invention would have been obvious to a person having ordinary skill in the relevant field at the time\nthe invention was made, considering factors such as the level of ordinary skill, the differences between the invention and the\nprior art, and any unexpected results or advantages of the invention.\n\nDocument Inventive Concept: Document the inventive concept or innovation that distinguishes the proposed invention from the\nprior art. Clearly articulate the problem solved by the invention, the inventive solution, and any technical or practical\nadvantages over existing technologies or methods.\n\nProvide Supporting Evidence: Provide supporting evidence or rationale to demonstrate the non-obviousness of the invention.\nThis may include technical data, experimental results, expert opinions, or other objective evidence that illustrates the\ninventive step or unexpected aspects of the invention.\n\nDraft Claims Strategically: Draft patent claims that define the scope of the invention in a way that captures the novel and\nnon-obvious aspects of the invention while distinguishing it from the prior art. Tailor the language of the claims to emphasize\nthe inventive features and avoid language that could be construed as obvious in view of the prior art.\n\nAnticipate Examiner Objections: Anticipate potential objections from patent examiners regarding obviousness based on the prior art.\nAddress any potential weaknesses or challenges upfront in the patent application by providing thorough explanations, arguments,\nand evidence to support the non-obviousness of the invention.\n\nAdditional Concerns (PLEASE READ):\nSecurity and Privacy by Design: Both NIST guidelines and GDPR promote the concept of \"security and privacy by design,\" which\nemphasizes integrating security and privacy features into the design and development of new systems, products, or services.\nWhen creating new machines, organizations may need to consider security and privacy implications and incorporate appropriate\nsafeguards and controls from the outset.\n\nCompliance Obligations: PCI DSS compliance may be relevant for organizations creating new machines that process or handle\npayment card data. While PCI DSS primarily focuses on payment card security, organizations involved in the development of\nmachines used for payment processing may need to consider PCI DSS requirements for securing cardholder data and payment transactions.\n\nData Protection and Privacy: GDPR imposes requirements for the protection of personal data, including data collected or processed\nby machines. Organizations creating new machines that collect, store, or process personal data must ensure compliance with GDPR's\ndata protection principles, including lawful processing, data minimization, and data security requirements.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if (isSelected7) {
                this.patentsAndLegalResults.add("Question 4: Yes\n\nCompliance: U.S.C. Title 35 Section 112 and 113\n\nLevel of Importance: Highly Critical.\n\nReasoning: Will not apply to every company, but should be thoroughly considered in order to protect any orignal\nproducts or processes.\n\nDescription:\nDetails the specification and drawing requirements of the patent application.\n\n(OPTIONAL)\nHow to Further Comply:\nProvide Sufficient Description (35 U.S.C. § 112(a)): Ensure that patent applications include a written description that\nenables a person skilled in the relevant field to make and use the invention without undue experimentation. Provide clear,\ndetailed, and comprehensive explanations of the invention's structure, function, and operation.\n\nEnablement Requirement (35 U.S.C. § 112(a)): Ensure that patent applications enable others to practice the invention based\non the information disclosed in the specification. Provide enough detail and guidance so that someone skilled in the field\ncan replicate the invention without requiring additional undisclosed information or experimentation.\n\nBest Mode Requirement (35 U.S.C. § 112(a)): Disclose the best mode known by the inventor for carrying out the invention at\nthe time of filing the patent application. Provide information about the preferred embodiments, materials, methods,\nor techniques that optimize the invention's performance or utility.\n\nClear and Definite Claims (35 U.S.C. § 112(b)): Draft patent claims that are clear, definite, and supported by the written\ndescription in the specification. Ensure that the claims define the scope of the invention precisely and distinctly,\nwithout ambiguity or uncertainty.\n\nAccurate and Informative Drawings (35 U.S.C. § 113): Include accurate and informative drawings in patent applications to\nillustrate the invention's structure, features, and operation. Ensure that the drawings comply with the USPTO's requirements\nfor clarity, completeness, and consistency.\n\nConsistency Between Specification and Drawings: Ensure consistency between the written description in the specification and\nthe drawings accompanying the patent application. The drawings should accurately depict the invention as described in the\nspecification, providing additional clarity and understanding for patent examiners and other stakeholders.\n\nAdditional Concerns (PLEASE READ):\nSecurity and Privacy by Design: Both NIST guidelines and GDPR promote the concept of \"security and privacy by design,\" which\nemphasizes integrating security and privacy features into the design and development of new systems, products, or services.\nWhen creating new machines, organizations may need to consider security and privacy implications and incorporate appropriate\nsafeguards and controls from the outset.\n\nCompliance Obligations: PCI DSS compliance may be relevant for organizations creating new machines that process or handle\npayment card data. While PCI DSS primarily focuses on payment card security, organizations involved in the development of\nmachines used for payment processing may need to consider PCI DSS requirements for securing cardholder data and payment transactions.\n\nData Protection and Privacy: GDPR imposes requirements for the protection of personal data, including data collected or\nprocessed by machines. Organizations creating new machines that collect, store, or process personal data must ensure compliance\nwith GDPR's data protection principles, including lawful processing, data minimization, and data security requirements.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected8) {
                this.patentsAndLegalResults.add("Question 4: No\n\nCompliance: U.S.C. Title 35 Section 112 and 113\n\nLevel of Importance: Highly Critical.\n\nReasoning: Will not apply to every company, but should be thoroughly considered in order to protect any orignal\nproducts or processes.\n\nDescription:\nDetails the specification and drawing requirements of the patent application.\n\n(REQUIRED)\nHow to Further Comply:\nProvide Sufficient Description (35 U.S.C. § 112(a)): Ensure that patent applications include a written description that\nenables a person skilled in the relevant field to make and use the invention without undue experimentation. Provide clear,\ndetailed, and comprehensive explanations of the invention's structure, function, and operation.\n\nEnablement Requirement (35 U.S.C. § 112(a)): Ensure that patent applications enable others to practice the invention based\non the information disclosed in the specification. Provide enough detail and guidance so that someone skilled in the field\ncan replicate the invention without requiring additional undisclosed information or experimentation.\n\nBest Mode Requirement (35 U.S.C. § 112(a)): Disclose the best mode known by the inventor for carrying out the invention at\nthe time of filing the patent application. Provide information about the preferred embodiments, materials, methods,\nor techniques that optimize the invention's performance or utility.\n\nClear and Definite Claims (35 U.S.C. § 112(b)): Draft patent claims that are clear, definite, and supported by the written\ndescription in the specification. Ensure that the claims define the scope of the invention precisely and distinctly,\nwithout ambiguity or uncertainty.\n\nAccurate and Informative Drawings (35 U.S.C. § 113): Include accurate and informative drawings in patent applications to\nillustrate the invention's structure, features, and operation. Ensure that the drawings comply with the USPTO's requirements\nfor clarity, completeness, and consistency.\n\nConsistency Between Specification and Drawings: Ensure consistency between the written description in the specification and\nthe drawings accompanying the patent application. The drawings should accurately depict the invention as described in the\nspecification, providing additional clarity and understanding for patent examiners and other stakeholders.\n\nAdditional Concerns (PLEASE READ):\nSecurity and Privacy by Design: Both NIST guidelines and GDPR promote the concept of \"security and privacy by design,\" which\nemphasizes integrating security and privacy features into the design and development of new systems, products, or services.\nWhen creating new machines, organizations may need to consider security and privacy implications and incorporate appropriate\nsafeguards and controls from the outset.\n\nCompliance Obligations: PCI DSS compliance may be relevant for organizations creating new machines that process or handle\npayment card data. While PCI DSS primarily focuses on payment card security, organizations involved in the development of\nmachines used for payment processing may need to consider PCI DSS requirements for securing cardholder data and payment transactions.\n\nData Protection and Privacy: GDPR imposes requirements for the protection of personal data, including data collected or\nprocessed by machines. Organizations creating new machines that collect, store, or process personal data must ensure compliance\nwith GDPR's data protection principles, including lawful processing, data minimization, and data security requirements.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if (isSelected9) {
                this.patentsAndLegalResults.add("Question 5: Yes\n\nCompliance: The Lanham Act, 15 U.S.C. §§ 1051 et seq\n\nLevel of Importance: Most Critical.\n\nReasoning: A requirement for creating and establishing your company's logo.\n\nDescription:\nThe Act provides for a national system of trademark registration and protects the owner of a federally registered mark\nagainst the use of similar marks if such use is likely to result in consumer confusion, or if the dilution of a famous\nmark is likely to occur.\n\n(OPTIONAL)\nHow to Further Comply:\nConduct Trademark Searches: Before adopting a new trademark, conduct thorough searches to ensure that it does not\ninfringe on existing trademarks. Verify that the proposed trademark is distinct and not confusingly similar to trademarks\nalready in use.\n\nRegister Trademarks: Register trademarks with the United States Patent and Trademark Office (USPTO) to obtain legal\nprotection and exclusive rights to use the marks in connection with specific goods or services. Proper registration\nhelps establish ownership and provides a basis for legal action against infringement.\n\nUse Trademarks Properly: Properly use trademarks to maintain their distinctiveness and protect against genericide.\nUse trademarks consistently and prominently in connection with the associated goods or services, and avoid using\nthem in a descriptive or generic manner that could weaken their legal protection.\n\nMonitor and Enforce Trademark Rights: Regularly monitor the marketplace for unauthorized use of trademarks or similar\nmarks by competitors or third parties. Take prompt action to enforce trademark rights against infringement, counterfeiting,\ndilution, or false advertising through cease-and-desist letters, litigation, or other legal remedies.\n\nAvoid False or Misleading Advertising: Ensure that advertising and marketing materials do not contain false, deceptive,\nor misleading statements that could deceive consumers or create confusion about the source or quality of goods or services.\nComply with advertising regulations and guidelines to maintain transparency and integrity in marketing practices.\n\nMaintain Trademark Registrations: Renew trademark registrations as required by law to maintain legal protection and prevent\nabandonment of trademark rights. File renewal applications with the USPTO and pay necessary fees to keep trademarks in force\nfor their designated terms.\n\nAdditional Concerns (PLEASE READ):\nData Protection and Privacy (GDPR): While GDPR primarily addresses data protection and privacy, it indirectly impacts\ntrademarks by regulating the processing of personal data, including data related to brand names, logos, and trademarks.\nOrganizations must ensure compliance with GDPR's data protection principles when collecting, processing, or transferring\npersonal data that may include trademark-related information.\n\nCybersecurity (NIST, DHS): NIST and DHS provide cybersecurity frameworks and guidelines aimed at protecting against cyber\nthreats and data breaches. While these frameworks do not specifically address trademarks, maintaining robust cybersecurity\nmeasures is essential for protecting intellectual property, including trademarks, from unauthorized access, misuse, or infringement.\n\nPayment Card Security (PCI DSS): PCI DSS compliance focuses on securing payment card data, but it indirectly impacts\ntrademarks in the context of brand reputation and trust. Compliance with PCI DSS requirements can help protect the reputation\nof brands associated with payment card transactions by ensuring the security and integrity of payment card data.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected10) {
                this.patentsAndLegalResults.add("Question 5: No\n\nCompliance: The Lanham Act, 15 U.S.C. §§ 1051 et seq\n\nLevel of Importance: Most Critical.\n\nReasoning: A requirement for creating and establishing your company's logo.\n\nDescription:\nThe Act provides for a national system of trademark registration and protects the owner of a federally registered mark\nagainst the use of similar marks if such use is likely to result in consumer confusion, or if the dilution of a famous\nmark is likely to occur.\n\n(REQUIRED)\nHow to Further Comply:\nConduct Trademark Searches: Before adopting a new trademark, conduct thorough searches to ensure that it does not\ninfringe on existing trademarks. Verify that the proposed trademark is distinct and not confusingly similar to trademarks\nalready in use.\n\nRegister Trademarks: Register trademarks with the United States Patent and Trademark Office (USPTO) to obtain legal\nprotection and exclusive rights to use the marks in connection with specific goods or services. Proper registration\nhelps establish ownership and provides a basis for legal action against infringement.\n\nUse Trademarks Properly: Properly use trademarks to maintain their distinctiveness and protect against genericide.\nUse trademarks consistently and prominently in connection with the associated goods or services, and avoid using\nthem in a descriptive or generic manner that could weaken their legal protection.\n\nMonitor and Enforce Trademark Rights: Regularly monitor the marketplace for unauthorized use of trademarks or similar\nmarks by competitors or third parties. Take prompt action to enforce trademark rights against infringement, counterfeiting,\ndilution, or false advertising through cease-and-desist letters, litigation, or other legal remedies.\n\nAvoid False or Misleading Advertising: Ensure that advertising and marketing materials do not contain false, deceptive,\nor misleading statements that could deceive consumers or create confusion about the source or quality of goods or services.\nComply with advertising regulations and guidelines to maintain transparency and integrity in marketing practices.\n\nMaintain Trademark Registrations: Renew trademark registrations as required by law to maintain legal protection and prevent\nabandonment of trademark rights. File renewal applications with the USPTO and pay necessary fees to keep trademarks in force\nfor their designated terms.\n\nAdditional Concerns (PLEASE READ):\nData Protection and Privacy (GDPR): While GDPR primarily addresses data protection and privacy, it indirectly impacts\ntrademarks by regulating the processing of personal data, including data related to brand names, logos, and trademarks.\nOrganizations must ensure compliance with GDPR's data protection principles when collecting, processing, or transferring\npersonal data that may include trademark-related information.\n\nCybersecurity (NIST, DHS): NIST and DHS provide cybersecurity frameworks and guidelines aimed at protecting against cyber\nthreats and data breaches. While these frameworks do not specifically address trademarks, maintaining robust cybersecurity\nmeasures is essential for protecting intellectual property, including trademarks, from unauthorized access, misuse, or infringement.\n\nPayment Card Security (PCI DSS): PCI DSS compliance focuses on securing payment card data, but it indirectly impacts\ntrademarks in the context of brand reputation and trust. Compliance with PCI DSS requirements can help protect the reputation\nof brands associated with payment card transactions by ensuring the security and integrity of payment card data.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if (isSelected11) {
                this.patentsAndLegalResults.add("Question 6: Yes\n\nCompliance: Restatement (Second) Of Torts §§ 652C\n\nLevel of Importance: Most Critical.\n\nReasoning: Ensures that your company logo will be usable.\n\nDescription:\nAvoiding appropriation of names or likeness.\n\n(OPTIONAL)\nHow to Further Comply:\nObtain Consent: Ensure that you have explicit consent from individuals before using their name, likeness, or identity\nfor commercial purposes. This consent should be informed and voluntary, and it should clearly specify the intended use\nof their personal information.\n\nUse Clear Terms in Contracts: When entering into agreements with individuals, include clear and specific terms regarding\nthe use of their name or likeness. Contracts should outline the scope of usage, duration, compensation (if any), and any\nother relevant details related to the appropriation of their identity.\n\nRespect Privacy Settings: Respect individuals' privacy settings and preferences on social media platforms and other\nonline channels. If individuals have chosen to keep their personal information private or restricted, refrain from using\ntheir name or likeness in a manner that violates their preferences.\n\nAvoid Impersonation: Refrain from impersonating individuals or creating false personas for commercial purposes. Use of\nsomeone else's name or likeness without their consent can lead to legal consequences and damage to reputation.\n\nProvide Opt-Out Options: Offer individuals the option to opt out of having their name or likeness used for commercial\npurposes. Provide clear instructions on how they can exercise this option and ensure that their preferences are respected\nin future marketing campaigns or activities.\n\nMonitor Third-Party Use: Monitor the use of individuals' names or likenesses by third parties, such as advertising agencies,\npartners, or affiliates. Ensure that these parties also comply with applicable laws and regulations regarding the use of\npersonal information and obtain necessary permissions before using individuals' identities in promotional materials or advertisements.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation): GDPR imposes strict requirements on the processing of personal data, including rules\nrelated to consent, transparency, and data subject rights. Under GDPR, individuals have rights over their personal data, which may\ninclude their names and likenesses. Organizations must obtain explicit consent for processing personal data, including the use of\nindividuals' names or likenesses in marketing, advertising, or other commercial activities.\n\nNIST (National Institute of Standards and Technology): NIST provides cybersecurity and privacy guidelines that organizations can use\nto protect personal information from unauthorized access or use. While NIST does not specifically address the appropriation of names\nor likenesses, its privacy and security recommendations can help organizations safeguard personal data, including information related\nto individuals' identities and characteristics.\n\nDepartment of Homeland Security (DHS): DHS focuses on cybersecurity and critical infrastructure protection. While DHS does not have\nspecific policies related to the appropriation of names or likenesses, its cybersecurity initiatives aim to protect sensitive information,\nincluding personal data, from unauthorized access or misuse.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/f\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected12) {
                this.patentsAndLegalResults.add("Question 6: No\n\nCompliance: Restatement (Second) Of Torts §§ 652C\n\nLevel of Importance: Most Critical.\n\nReasoning: Ensures that your company logo will be usable.\n\nDescription:\nAvoiding appropriation of names or likeness.\n\n(REQUIRED)\nHow to Further Comply:\nObtain Consent: Ensure that you have explicit consent from individuals before using their name, likeness, or identity\nfor commercial purposes. This consent should be informed and voluntary, and it should clearly specify the intended use\nof their personal information.\n\nUse Clear Terms in Contracts: When entering into agreements with individuals, include clear and specific terms regarding\nthe use of their name or likeness. Contracts should outline the scope of usage, duration, compensation (if any), and any\nother relevant details related to the appropriation of their identity.\n\nRespect Privacy Settings: Respect individuals' privacy settings and preferences on social media platforms and other\nonline channels. If individuals have chosen to keep their personal information private or restricted, refrain from using\ntheir name or likeness in a manner that violates their preferences.\n\nAvoid Impersonation: Refrain from impersonating individuals or creating false personas for commercial purposes. Use of\nsomeone else's name or likeness without their consent can lead to legal consequences and damage to reputation.\n\nProvide Opt-Out Options: Offer individuals the option to opt out of having their name or likeness used for commercial\npurposes. Provide clear instructions on how they can exercise this option and ensure that their preferences are respected\nin future marketing campaigns or activities.\n\nMonitor Third-Party Use: Monitor the use of individuals' names or likenesses by third parties, such as advertising agencies,\npartners, or affiliates. Ensure that these parties also comply with applicable laws and regulations regarding the use of\npersonal information and obtain necessary permissions before using individuals' identities in promotional materials or advertisements.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation): GDPR imposes strict requirements on the processing of personal data, including rules\nrelated to consent, transparency, and data subject rights. Under GDPR, individuals have rights over their personal data, which may\ninclude their names and likenesses. Organizations must obtain explicit consent for processing personal data, including the use of\nindividuals' names or likenesses in marketing, advertising, or other commercial activities.\n\nNIST (National Institute of Standards and Technology): NIST provides cybersecurity and privacy guidelines that organizations can use\nto protect personal information from unauthorized access or use. While NIST does not specifically address the appropriation of names\nor likenesses, its privacy and security recommendations can help organizations safeguard personal data, including information related\nto individuals' identities and characteristics.\n\nDepartment of Homeland Security (DHS): DHS focuses on cybersecurity and critical infrastructure protection. While DHS does not have\nspecific policies related to the appropriation of names or likenesses, its cybersecurity initiatives aim to protect sensitive information,\nincluding personal data, from unauthorized access or misuse.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/f\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if (isSelected13) {
                this.patentsAndLegalResults.add("Question 7: Yes\n\nCompliance: Restatement (Second) Of Torts §§ 652B\n\nLevel of Importance: Most Critical\n\nReasoning: Violation can lead to fines of up to $20,000 amongst other lawsuits.\n\nDescription:\nAvoiding intrusion upon seclusion.\n\n(OPTIONAL)\nHow to Further Comply:\nEstablish Clear Policies: Develop and implement clear policies regarding the use of surveillance and monitoring in the workplace.\nClearly communicate these policies to employees to ensure they understand the boundaries and expectations regarding privacy.\n\nLimit Surveillance to Necessary Areas: Limit surveillance and monitoring activities to areas where there is a legitimate business\nneed, such as security-sensitive locations or areas where sensitive information is stored. Avoid unnecessary monitoring in private\nspaces like restrooms or break rooms.\n\nObtain Consent: Obtain informed consent from employees before implementing surveillance or monitoring measures that may intrude\nupon their privacy. Inform employees about the purpose, scope, and duration of surveillance activities and allow them to opt-out\nif possible.\n\nUse Least Intrusive Methods: Use the least intrusive methods of surveillance or monitoring that achieve the desired objectives.\nConsider alternative solutions that minimize the impact on employees' privacy while still addressing security or operational concerns.\n\nProtect Confidential Information: Ensure that any information collected through surveillance or monitoring is handled and stored\nsecurely to prevent unauthorized access or disclosure. Implement encryption, access controls, and other security measures to\nsafeguard sensitive data.\n\nRegularly Review and Update Policies: Regularly review and update surveillance and monitoring policies to reflect changes in technology,\nregulations, or organizational needs. Solicit feedback from employees and stakeholders to ensure that policies strike an appropriate\nbalance between privacy and security.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation): GDPR is a comprehensive privacy regulation that governs the processing of personal data and\nprotects individuals' privacy rights within the European Union (EU). GDPR includes principles related to data protection by design and\ndefault, transparency, and accountability, which aim to prevent unauthorized access, surveillance, and intrusion upon individuals' privacy.\nGDPR imposes strict requirements for obtaining consent, notifying individuals of data processing activities, and implementing security\nmeasures to protect personal data from intrusion and unauthorized disclosure.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected14) {
                this.patentsAndLegalResults.add("Question 7: No\n\nCompliance: Restatement (Second) Of Torts §§ 652B\n\nLevel of Importance: Most Critical\n\nReasoning: Violation can lead to fines of up to $20,000 amongst other lawsuits.\n\nDescription:\nAvoiding intrusion upon seclusion.\n\n(REQUIRED)\nHow to Further Comply:\nEstablish Clear Policies: Develop and implement clear policies regarding the use of surveillance and monitoring in the workplace.\nClearly communicate these policies to employees to ensure they understand the boundaries and expectations regarding privacy.\n\nLimit Surveillance to Necessary Areas: Limit surveillance and monitoring activities to areas where there is a legitimate business\nneed, such as security-sensitive locations or areas where sensitive information is stored. Avoid unnecessary monitoring in private\nspaces like restrooms or break rooms.\n\nObtain Consent: Obtain informed consent from employees before implementing surveillance or monitoring measures that may intrude\nupon their privacy. Inform employees about the purpose, scope, and duration of surveillance activities and allow them to opt-out\nif possible.\n\nUse Least Intrusive Methods: Use the least intrusive methods of surveillance or monitoring that achieve the desired objectives.\nConsider alternative solutions that minimize the impact on employees' privacy while still addressing security or operational concerns.\n\nProtect Confidential Information: Ensure that any information collected through surveillance or monitoring is handled and stored\nsecurely to prevent unauthorized access or disclosure. Implement encryption, access controls, and other security measures to\nsafeguard sensitive data.\n\nRegularly Review and Update Policies: Regularly review and update surveillance and monitoring policies to reflect changes in technology,\nregulations, or organizational needs. Solicit feedback from employees and stakeholders to ensure that policies strike an appropriate\nbalance between privacy and security.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation): GDPR is a comprehensive privacy regulation that governs the processing of personal data and\nprotects individuals' privacy rights within the European Union (EU). GDPR includes principles related to data protection by design and\ndefault, transparency, and accountability, which aim to prevent unauthorized access, surveillance, and intrusion upon individuals' privacy.\nGDPR imposes strict requirements for obtaining consent, notifying individuals of data processing activities, and implementing security\nmeasures to protect personal data from intrusion and unauthorized disclosure.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if (isSelected15) {
                this.patentsAndLegalResults.add("Question 8: Yes\n\nCompliance: Restatement (Second) Of Torts §§ 652F\n\nLevel of Importance: Most Critical\n\nReasoning: Can lead to fines, lawsuits, and unusable company logos or branding.\n\nDescription:\navoiding commercial exploration of personal life.\n\n(OPTIONAL)\nHow to Further Comply:\nObtain Informed Consent: Obtain explicit and informed consent from individuals before using their personal life for commercial purposes.\nEnsure that individuals understand how their personal information or experiences will be used and have the opportunity to consent or\ndecline participation.\n\nRespect Privacy Boundaries: Respect individuals' privacy boundaries and refrain from exploiting sensitive or private aspects of their\npersonal lives for commercial gain without their consent. Avoid using personal information or experiences that individuals may\nreasonably expect to remain private.\n\nProvide Transparency: Provide transparency about how personal information or experiences will be used for commercial purposes.\nClearly disclose any intended use of individuals' personal life in marketing materials, advertisements, or endorsements, and ensure\nthat individuals understand the implications of their participation.\n\nOffer Opt-Out Options: Offer individuals the option to opt out of having their personal life used for commercial purposes. Respect\nindividuals' choices and preferences regarding the use of their personal information or experiences, and provide clear instructions\non how they can exercise their opt-out rights.\n\nAvoid Exploitative Practices: Avoid exploitative or sensationalized representations of individuals' personal lives for commercial gain.\nEnsure that marketing materials, advertisements, or endorsements are respectful, accurate, and aligned with individuals' values and\npreferences.\n\nMaintain Integrity and Authenticity: Maintain integrity and authenticity in commercial activities that involve individuals'\npersonal lives. Avoid misrepresenting or manipulating personal information or experiences for marketing purposes, and ensure that any\ncommercial content is truthful, relevant, and respectful of individuals' rights and dignity.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation) imposes strict requirements for the lawful processing of personal data, including\nlimitations on the purposes for which personal data can be processed. Organizations must ensure that personal data is collected\nand used fairly, transparently, and for legitimate purposes only.\n\nGDPR also grants individuals certain rights, including the right to be informed about how their personal data is processed, the\nright to access their personal data, and the right to object to the processing of their personal data for certain purposes,\nincluding direct marketing.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected16) {
                this.patentsAndLegalResults.add("Question 8: No\n\nCompliance: Restatement (Second) Of Torts §§ 652F\n\nLevel of Importance: Most Critical\n\nReasoning: Can lead to fines, lawsuits, and unusable company logos or branding.\n\nDescription:\nAvoiding commercial exploration of personal life.\n\n(REQUIRED)\nHow to Further Comply:\nObtain Informed Consent: Obtain explicit and informed consent from individuals before using their personal life for commercial purposes.\nEnsure that individuals understand how their personal information or experiences will be used and have the opportunity to consent or\ndecline participation.\n\nRespect Privacy Boundaries: Respect individuals' privacy boundaries and refrain from exploiting sensitive or private aspects of their\npersonal lives for commercial gain without their consent. Avoid using personal information or experiences that individuals may\nreasonably expect to remain private.\n\nProvide Transparency: Provide transparency about how personal information or experiences will be used for commercial purposes.\nClearly disclose any intended use of individuals' personal life in marketing materials, advertisements, or endorsements, and ensure\nthat individuals understand the implications of their participation.\n\nOffer Opt-Out Options: Offer individuals the option to opt out of having their personal life used for commercial purposes. Respect\nindividuals' choices and preferences regarding the use of their personal information or experiences, and provide clear instructions\non how they can exercise their opt-out rights.\n\nAvoid Exploitative Practices: Avoid exploitative or sensationalized representations of individuals' personal lives for commercial gain.\nEnsure that marketing materials, advertisements, or endorsements are respectful, accurate, and aligned with individuals' values and\npreferences.\n\nMaintain Integrity and Authenticity: Maintain integrity and authenticity in commercial activities that involve individuals'\npersonal lives. Avoid misrepresenting or manipulating personal information or experiences for marketing purposes, and ensure that any\ncommercial content is truthful, relevant, and respectful of individuals' rights and dignity.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation) imposes strict requirements for the lawful processing of personal data, including\nlimitations on the purposes for which personal data can be processed. Organizations must ensure that personal data is collected\nand used fairly, transparently, and for legitimate purposes only.\n\nGDPR also grants individuals certain rights, including the right to be informed about how their personal data is processed, the\nright to access their personal data, and the right to object to the processing of their personal data for certain purposes,\nincluding direct marketing.\n\nhttps://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/january-february/practical-tips-gdpr-intellectual-property-attorneys/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if (isSelected17) {
                this.patentsAndLegalResults.add("Question 9: Yes\n\nCompliance: Restatement (Second) Of Torts §§ 652I\n\nLevel of Importance: Highly Critical\n\nReasoning: Should be considered for the safety of the compnay and employees. Lawsuits for failure to comply\ncould be a possibility but are not as likely.\n\nDescription:\nProviding adequate security measures for personal data and information.\n\n(OPTIONAL)\nHow to Further Comply:\nConduct Risk Assessments: Regularly assess potential risks to the security of personal information and sensitive data within\nthe organization. Identify vulnerabilities, threats, and potential security breaches to develop effective security strategies.\n\nImplement Access Controls: Implement access controls to restrict access to sensitive information only to authorized individuals.\nUse techniques such as user authentication, role-based access control, and least privilege principles to limit access to data on\na need-to-know basis.\n\nEncrypt Sensitive Data: Encrypt sensitive data both in transit and at rest to protect it from unauthorized access or interception.\nUse encryption algorithms and protocols to secure data transmissions and storage, ensuring that only authorized users can decrypt\nand access the information.\n\nRegularly Update Software and Systems: Keep software applications, operating systems, and security systems up-to-date with the\nlatest patches, updates, and security fixes. Regularly apply security updates and patches to address known vulnerabilities and\nmitigate potential security risks.\n\nTrain Employees: Provide comprehensive training and awareness programs to educate employees about security best practices,\ndata protection policies, and their roles and responsibilities in safeguarding sensitive information. Promote a culture of\nsecurity awareness and vigilance among employees to mitigate insider threats.\n\nMonitor and Audit Systems: Implement monitoring and auditing mechanisms to track and analyze user activities, system logs,\nand security events in real-time. Monitor network traffic, user access patterns, and system behavior for signs of unauthorized\naccess, data breaches, or security incidents. Conduct regular security audits and assessments to evaluate the effectiveness of\nsecurity measures and identify areas for improvement.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) recommends several best practices for providing adequate security measures\nfor personal data and information. These recommendations are outlined in various NIST publications, including:\n\nRisk Assessment and Management: Conduct regular risk assessments to identify threats, vulnerabilities, and potential impacts to\npersonal data and information. Use risk management frameworks, such as those outlined in NIST Special Publication 800-37, to\nprioritize risks and implement appropriate security controls.\n\nData Classification and Encryption: Classify personal data based on sensitivity and apply appropriate encryption mechanisms to\nprotect data both at rest and in transit. Use strong encryption algorithms and key management practices to ensure the confidentiality\nand integrity of personal information.\n\nAccess Control: Implement robust access control mechanisms to limit access to personal data to authorized users only. Use\ntechniques such as role-based access control (RBAC), least privilege, and multi-factor authentication to prevent unauthorized\naccess and privilege escalation.\n\nData Minimization and Retention: Minimize the collection, storage, and retention of personal data to reduce the risk of unauthorized\naccess and data breaches. Establish data retention policies and procedures to ensure that personal information is retained only for\nas long as necessary and securely disposed of when no longer needed.\n\nSecurity Awareness and Training: Provide security awareness and training programs to employees and users to educate them about\nsecurity risks, best practices, and their responsibilities for protecting personal data. Promote a culture of security awareness\nand vigilance throughout the organization.\n\nIncident Response and Recovery: Develop and implement incident response and recovery plans to effectively respond to and recover\nfrom security incidents involving personal data. Establish procedures for detecting, reporting, and responding to incidents, as\nwell as for notifying affected individuals and regulatory authorities as required by law.\n\nContinuous Monitoring and Auditing: Implement continuous monitoring and auditing processes to detect security vulnerabilities,\nanomalies, and unauthorized access to personal data. Regularly review and audit security controls, configurations, and user\nactivities to ensure compliance with security policies and standards.\n\n https://csrc.nist.gov/pubs/sp/800/37/r2/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected18) {
                this.patentsAndLegalResults.add("Question 9: No\n\nCompliance: Restatement (Second) Of Torts §§ 652I\n\nLevel of Importance: Highly Critical\n\nReasoning: Should be considered for the safety of the compnay and employees. Lawsuits for failure to comply\ncould be a possibility but are not as likely.\n\nDescription:\nProviding adequate security measures for personal data and information.\n\n(REQUIRED)\nHow to Further Comply:\nConduct Risk Assessments: Regularly assess potential risks to the security of personal information and sensitive data within\nthe organization. Identify vulnerabilities, threats, and potential security breaches to develop effective security strategies.\n\nImplement Access Controls: Implement access controls to restrict access to sensitive information only to authorized individuals.\nUse techniques such as user authentication, role-based access control, and least privilege principles to limit access to data on\na need-to-know basis.\n\nEncrypt Sensitive Data: Encrypt sensitive data both in transit and at rest to protect it from unauthorized access or interception.\nUse encryption algorithms and protocols to secure data transmissions and storage, ensuring that only authorized users can decrypt\nand access the information.\n\nRegularly Update Software and Systems: Keep software applications, operating systems, and security systems up-to-date with the\nlatest patches, updates, and security fixes. Regularly apply security updates and patches to address known vulnerabilities and\nmitigate potential security risks.\n\nTrain Employees: Provide comprehensive training and awareness programs to educate employees about security best practices,\ndata protection policies, and their roles and responsibilities in safeguarding sensitive information. Promote a culture of\nsecurity awareness and vigilance among employees to mitigate insider threats.\n\nMonitor and Audit Systems: Implement monitoring and auditing mechanisms to track and analyze user activities, system logs,\nand security events in real-time. Monitor network traffic, user access patterns, and system behavior for signs of unauthorized\naccess, data breaches, or security incidents. Conduct regular security audits and assessments to evaluate the effectiveness of\nsecurity measures and identify areas for improvement.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) recommends several best practices for providing adequate security measures\nfor personal data and information. These recommendations are outlined in various NIST publications, including:\n\nRisk Assessment and Management: Conduct regular risk assessments to identify threats, vulnerabilities, and potential impacts to\npersonal data and information. Use risk management frameworks, such as those outlined in NIST Special Publication 800-37, to\nprioritize risks and implement appropriate security controls.\n\nData Classification and Encryption: Classify personal data based on sensitivity and apply appropriate encryption mechanisms to\nprotect data both at rest and in transit. Use strong encryption algorithms and key management practices to ensure the confidentiality\nand integrity of personal information.\n\nAccess Control: Implement robust access control mechanisms to limit access to personal data to authorized users only. Use\ntechniques such as role-based access control (RBAC), least privilege, and multi-factor authentication to prevent unauthorized\naccess and privilege escalation.\n\nData Minimization and Retention: Minimize the collection, storage, and retention of personal data to reduce the risk of unauthorized\naccess and data breaches. Establish data retention policies and procedures to ensure that personal information is retained only for\nas long as necessary and securely disposed of when no longer needed.\n\nSecurity Awareness and Training: Provide security awareness and training programs to employees and users to educate them about\nsecurity risks, best practices, and their responsibilities for protecting personal data. Promote a culture of security awareness\nand vigilance throughout the organization.\n\nIncident Response and Recovery: Develop and implement incident response and recovery plans to effectively respond to and recover\nfrom security incidents involving personal data. Establish procedures for detecting, reporting, and responding to incidents, as\nwell as for notifying affected individuals and regulatory authorities as required by law.\n\nContinuous Monitoring and Auditing: Implement continuous monitoring and auditing processes to detect security vulnerabilities,\nanomalies, and unauthorized access to personal data. Regularly review and audit security controls, configurations, and user\nactivities to ensure compliance with security policies and standards.\n\nhttps://csrc.nist.gov/pubs/sp/800/37/r2/final\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if (isSelected19) {
                this.patentsAndLegalResults.add("Question 10: Yes\n\nCompliance: 48 CFR § 52.212-4 - Contract Terms and Conditions\n\nLevel of Importance: Moderate Criticality\n\nReasoning: Can lead to a termination of a contract but rarley carries a legal penaly.\n\nDescription:\nInspection/Acceptance, Assignment, Changes, Disputes\n\n(OPTIONAL)\nHow to Further Comply:\nAdhere to Contractual Obligations: Ensure compliance with all terms and conditions specified in the contract, including\nthose outlined in 48 CFR § 52.212-4. Review the contract thoroughly to understand the company's obligations regarding\ndelivery, performance, warranties, and other contractual requirements.\n\nProvide Deliverables as Specified: Deliver goods or services in accordance with the specifications, quantities, and\ndelivery schedules outlined in the contract. Meet all performance requirements and quality standards specified in the\ncontract to satisfy customer expectations and contractual obligations.\n\nMaintain Records and Documentation: Maintain accurate and complete records and documentation related to contract\nperformance, including invoices, receipts, delivery documentation, and other relevant records. Ensure that documentation\nis organized and readily accessible for audit purposes and compliance verification.\n\nComply with Applicable Laws and Regulations: Ensure compliance with all applicable laws, regulations, and industry\nstandards governing the provision of goods or services covered by the contract. Stay informed about regulatory changes\nand updates that may impact contract performance and adjust practices accordingly.\n\nProvide Notice of Changes or Delays: Notify the contracting officer promptly of any changes, delays, or issues that may\naffect contract performance or delivery schedules. Communicate effectively with the contracting officer and other relevant\nparties to address concerns and resolve issues in a timely manner.\n\nMaintain Open Communication: Foster open and transparent communication with the contracting officer and other stakeholders\nthroughout the contract performance period. Respond promptly to inquiries, requests for information, or clarification\nregarding contract terms, performance, or compliance matters.\n\nAdditional Concerns (PLEASE READ):\nLiability, Indemnification, and Compliance Obligations: Contracts may include clauses related to liability, indemnification,\nand compliance with applicable laws and regulations, including cybersecurity, data protection, and privacy requirements.\nContract writers should ensure that contracts clearly specify each party's responsibilities, obligations, and potential\nliabilities related to compliance with NIST, DHS, PCI DSS, GDPR, and other relevant regulations.\n\nhttps://pro.bloomberglaw.com/insights/privacy/checklist-managing-privacy-and-cybersecurity-law-risks-in-vendor-contracts/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("Yes");
            } else if (isSelected20) {
                this.patentsAndLegalResults.add("Question 10: No\n\nCompliance: 48 CFR § 52.212-4 - Contract Terms and Conditions\n\nLevel of Importance: Moderate Criticality\n\nReasoning: Can lead to a termination of a contract but rarley carries a legal penaly.\n\nDescription:\nInspection/Acceptance, Assignment, Changes, Disputes.\n\n(REQUIRED)\nHow to Further Comply:\nAdhere to Contractual Obligations: Ensure compliance with all terms and conditions specified in the contract, including\nthose outlined in 48 CFR § 52.212-4. Review the contract thoroughly to understand the company's obligations regarding\ndelivery, performance, warranties, and other contractual requirements.\n\nProvide Deliverables as Specified: Deliver goods or services in accordance with the specifications, quantities, and\ndelivery schedules outlined in the contract. Meet all performance requirements and quality standards specified in the\ncontract to satisfy customer expectations and contractual obligations.\n\nMaintain Records and Documentation: Maintain accurate and complete records and documentation related to contract\nperformance, including invoices, receipts, delivery documentation, and other relevant records. Ensure that documentation\nis organized and readily accessible for audit purposes and compliance verification.\n\nComply with Applicable Laws and Regulations: Ensure compliance with all applicable laws, regulations, and industry\nstandards governing the provision of goods or services covered by the contract. Stay informed about regulatory changes\nand updates that may impact contract performance and adjust practices accordingly.\n\nProvide Notice of Changes or Delays: Notify the contracting officer promptly of any changes, delays, or issues that may\naffect contract performance or delivery schedules. Communicate effectively with the contracting officer and other relevant\nparties to address concerns and resolve issues in a timely manner.\n\nMaintain Open Communication: Foster open and transparent communication with the contracting officer and other stakeholders\nthroughout the contract performance period. Respond promptly to inquiries, requests for information, or clarification\nregarding contract terms, performance, or compliance matters.\n\nAdditional Concerns (PLEASE READ):\nLiability, Indemnification, and Compliance Obligations: Contracts may include clauses related to liability, indemnification,\nand compliance with applicable laws and regulations, including cybersecurity, data protection, and privacy requirements.\nContract writers should ensure that contracts clearly specify each party's responsibilities, obligations, and potential\nliabilities related to compliance with NIST, DHS, PCI DSS, GDPR, and other relevant regulations.\n\nhttps://pro.bloomberglaw.com/insights/privacy/checklist-managing-privacy-and-cybersecurity-law-risks-in-vendor-contracts/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.patentsAndLegalResultsInfo.add("No");
            }
            if ((gUIView.guiForm().getPatentsAndLegalQ1Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ1N().isSelected()) && ((gUIView.guiForm().getPatentsAndLegalQ2Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ2N().isSelected()) && ((gUIView.guiForm().getPatentsAndLegalQ3Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ3N().isSelected()) && ((gUIView.guiForm().getPatentsAndLegalQ4Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ4N().isSelected()) && ((gUIView.guiForm().getPatentsAndLegalQ5Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ5N().isSelected()) && ((gUIView.guiForm().getPatentsAndLegalQ6Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ6N().isSelected()) && ((gUIView.guiForm().getPatentsAndLegalQ7Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ7N().isSelected()) && ((gUIView.guiForm().getPatentsAndLegalQ8Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ8N().isSelected()) && ((gUIView.guiForm().getPatentsAndLegalQ9Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ9N().isSelected()) && (gUIView.guiForm().getPatentsAndLegalQ10Y().isSelected() || gUIView.guiForm().getPatentsAndLegalQ10N().isSelected())))))))))) {
                Iterator<String> it = this.patentsAndLegalResults.iterator();
                while (it.hasNext()) {
                    gUIView.guiForm().getPatentsAndLegalResultsOutput().append(it.next());
                }
                this.allAnswers.addAll(this.patentsAndLegalResultsInfo);
                this.allAnswersDB3.addAll(this.patentsAndLegalResultsInfo);
                gUIView.guiForm().getPatentsAndLegalSubmitButton().setEnabled(false);
            } else {
                gUIView.guiForm().getPatentsAndLegalResultsOutput().append("Please Answer ALL Questions Before Submitting");
            }
            double frequency = 100.0d * (Collections.frequency(this.patentsAndLegalResultsInfo, "Yes") / this.patentsAndLegalResultsInfo.size());
            String valueOf = String.valueOf(frequency);
            this.allAnswers.add(valueOf);
            this.allAnswersDB2.add(valueOf);
            this.allAnswersDB3.add(valueOf);
            getAllStuffWritten();
            getAllStuffWrittenDB2();
            getAllStuffWrittenDB3();
            sort(this.inputFile);
            gUIView.guiForm().getPatentsAndLegalGraph().repaint();
            DomainHistogram.createHistogram(gUIView, gUIView.guiForm().getPatentsAndLegalGraph(), "Patents And Legal");
            gUIView.guiForm().getPatentsAndLegalGraph().repaint();
            if (frequency >= 0.0d && frequency < 60.0d) {
                gUIView.guiForm().getPatentsAndLegalScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getPatentsAndLegalScore().setForeground(Color.RED);
            } else if (frequency >= 60.0d && frequency <= 80.0d) {
                gUIView.guiForm().getPatentsAndLegalScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getPatentsAndLegalScore().setForeground(Color.ORANGE);
            } else {
                if (frequency <= 80.0d || frequency > 100.0d) {
                    return;
                }
                gUIView.guiForm().getPatentsAndLegalScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getPatentsAndLegalScore().setForeground(Color.GREEN);
            }
        });
        gUIView.guiForm().getPatentsAndLegalNextResults().addActionListener(this::plNextResult);
        gUIView.guiForm().getPatentsAndLegalPreviousResults().addActionListener(this::plPreviousResult);
        gUIView.guiForm().getRetailAndECommerceSubmitButton().addActionListener(actionEvent7 -> {
            gUIView.guiForm().getRetailAndECommerceResultsOutput().setText("");
            boolean isSelected = gUIView.guiForm().getRetailAndECommerceQ1Y().isSelected();
            boolean isSelected2 = gUIView.guiForm().getRetailAndECommerceQ1N().isSelected();
            boolean isSelected3 = gUIView.guiForm().getRetailAndECommerceQ2Y().isSelected();
            boolean isSelected4 = gUIView.guiForm().getRetailAndECommerceQ2N().isSelected();
            boolean isSelected5 = gUIView.guiForm().getRetailAndECommerceQ3Y().isSelected();
            boolean isSelected6 = gUIView.guiForm().getRetailAndECommerceQ3N().isSelected();
            boolean isSelected7 = gUIView.guiForm().getRetailAndECommerceQ4Y().isSelected();
            boolean isSelected8 = gUIView.guiForm().getRetailAndECommerceQ4N().isSelected();
            boolean isSelected9 = gUIView.guiForm().getRetailAndECommerceQ5Y().isSelected();
            boolean isSelected10 = gUIView.guiForm().getRetailAndECommerceQ5N().isSelected();
            boolean isSelected11 = gUIView.guiForm().getRetailAndECommerceQ6Y().isSelected();
            boolean isSelected12 = gUIView.guiForm().getRetailAndECommerceQ6N().isSelected();
            boolean isSelected13 = gUIView.guiForm().getRetailAndECommerceQ7Y().isSelected();
            boolean isSelected14 = gUIView.guiForm().getRetailAndECommerceQ7N().isSelected();
            boolean isSelected15 = gUIView.guiForm().getRetailAndECommerceQ8Y().isSelected();
            boolean isSelected16 = gUIView.guiForm().getRetailAndECommerceQ8N().isSelected();
            boolean isSelected17 = gUIView.guiForm().getRetailAndECommerceQ9Y().isSelected();
            boolean isSelected18 = gUIView.guiForm().getRetailAndECommerceQ9N().isSelected();
            boolean isSelected19 = gUIView.guiForm().getRetailAndECommerceQ10Y().isSelected();
            boolean isSelected20 = gUIView.guiForm().getRetailAndECommerceQ10N().isSelected();
            this.retailAndECommerceResults.clear();
            this.retailAndECommerceResultsInfo.clear();
            if (isSelected) {
                this.retailAndECommerceResults.add("Question 1: Yes\n\nCompliance: ESIGN Act\n\nLevel of Importance: Most Critical\n\nReasoning:\nViolation of E-Sign regulations can lead to stiff legal punishment including fines and even imprisonment.\n\nDescription:\nThe ESIGN Act ensures the legal validity and enforceability of electronic signatures and contracts in interstate and foreign commerce. It establishes that electronic signatures are equivalent to handwritten signatures, and electronic records are equivalent to paper records, if certain requirements are met.\n\n(OPTIONAL)\nHow to Further Comply:\nImplement electronic signature software that complies with the ESign Act requirements. This software should ensure the security and integrity of electronic signatures and records.\n\nDisclosure and Consent: Provide customers with clear disclosure about their rights, obligations, and the use of electronic signatures. Obtain their consent to conduct transactions electronically.\n\nAuthentication: Implement measures to authenticate the identity of individuals signing electronic documents. This may include password protection, multi-factor authentication, or biometric verification.\n\nRecord Retention: Maintain electronic records of transactions and electronic signatures in a format that is accessible and retains integrity over time. Ensure that these records can be reproduced accurately when needed.\n\nAudit Trails: Maintain audit trails that track the creation, modification, and transmission of electronic records and signatures. This helps to ensure the integrity and authenticity of electronic transactions.\n\nCompliance Policies: Develop and implement internal policies and procedures to ensure ongoing compliance with the ESign Act. Train employees on these policies and regularly review and update them as needed.\n\nAdditional Concerns (PLEASE READ):\nThe International Organization for Standardization (ISO) develops and publishes international standards across various industries, including information security and electronic data interchange. While ISO standards may provide guidance on secure electronic transactions, they don't regulate the ESIGN Act.\n\nhttps://www.iso.org/news/2013/02/Ref1706.html\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected2) {
                this.retailAndECommerceResults.add("Question 1: No\n\nCompliance: ESIGN Act\n\nLevel of Importance: Most Critical\n\nReasoning:\nViolation of E-Sign regulations can lead to stiff legal punishment including fines and even imprisonment.\n\nDescription:\nThe ESIGN Act ensures the legal validity and enforceability of electronic signatures and contracts in interstate and foreign commerce. It establishes that electronic signatures are equivalent to handwritten signatures, and electronic records are equivalent to paper records, if certain requirements are met.\n\n(REQUIRED)\nHow to Further Comply:\nImplement electronic signature software that complies with the ESign Act requirements. This software should ensure the security and integrity of electronic signatures and records.\n\nDisclosure and Consent: Provide customers with clear disclosure about their rights, obligations, and the use of electronic signatures. Obtain their consent to conduct transactions electronically.\n\nAuthentication: Implement measures to authenticate the identity of individuals signing electronic documents. This may include password protection, multi-factor authentication, or biometric verification.\n\nRecord Retention: Maintain electronic records of transactions and electronic signatures in a format that is accessible and retains integrity over time. Ensure that these records can be reproduced accurately when needed.\n\nAudit Trails: Maintain audit trails that track the creation, modification, and transmission of electronic records and signatures. This helps to ensure the integrity and authenticity of electronic transactions.\n\nCompliance Policies: Develop and implement internal policies and procedures to ensure ongoing compliance with the ESign Act. Train employees on these policies and regularly review and update them as needed.\n\nAdditional Concerns (PLEASE READ):\nThe International Organization for Standardization (ISO) develops and publishes international standards across various industries, including information security and electronic data interchange. While ISO standards may provide guidance on secure electronic transactions, they don't regulate the ESIGN Act.\n\nhttps://www.iso.org/news/2013/02/Ref1706.html\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if (isSelected3) {
                this.retailAndECommerceResults.add("Question 2: Yes\n\nCompliance: DMCA\n\nLevel of Importance: Most Critical\n\nReasoning:\nViolation of DMCA requirements can lead to severe legal penalties of up to $250,000.\n\nDescription:\nImplement a DMCA Policy: Develop and publish a DMCA policy on your website. This policy should outline procedures for addressing copyright infringement claims, including how to submit a DMCA takedown notice and how the company will respond to such notices.\n\nDesignate a DMCA Agent: Designate an agent to receive DMCA takedown notices. This agent's contact information should be provided in your DMCA policy and registered with the U.S. Copyright Office.\n\nRespond Promptly to Notices: Upon receiving a valid DMCA takedown notice alleging copyright infringement, promptly remove or disable access to the infringing content. Follow the procedures outlined in your DMCA policy for handling such notices.\n\nCounter-Notification Process: Provide a mechanism for individuals to submit counter-notifications if they believe their content was wrongfully removed due to a DMCA takedown notice. Follow the procedures outlined in the DMCA for handling counter-notifications.\n\nEducate Employees: Educate employees about copyright laws and the company's DMCA policy. Ensure they understand their responsibilities for handling copyrighted material and responding to DMCA notices.\n\nMonitor Content: Implement measures to monitor user-generated content on your website or platform for potential copyright infringement. This could include using automated content filtering tools or manual review processes.\n\n(OPTIONAL)\nHow to Further Comply:\nImplement a DMCA Policy: Develop and publish a DMCA policy on your website. This policy should outline procedures for addressing copyright infringement claims, including how to submit a DMCA takedown notice and how the company will respond to such notices.\n\nDesignate a DMCA Agent: Designate an agent to receive DMCA takedown notices. This agent's contact information should be provided in your DMCA policy and registered with the U.S. Copyright Office.\n\nRespond Promptly to Notices: Upon receiving a valid DMCA takedown notice alleging copyright infringement, promptly remove or disable access to the infringing content. Follow the procedures outlined in your DMCA policy for handling such notices.\n\nCounter-Notification Process: Provide a mechanism for individuals to submit counter-notifications if they believe their content was wrongfully removed due to a DMCA takedown notice. Follow the procedures outlined in the DMCA for handling counter-notifications.\n\nEducate Employees: Educate employees about copyright laws and the company's DMCA policy. Ensure they understand their responsibilities for handling copyrighted material and responding to DMCA notices.\n\nMonitor Content: Implement measures to monitor user-generated content on your website or platform for potential copyright infringement. This could include using automated content filtering tools or manual review processes.\n\nAdditional Concerns (PLEASE READ):\nInternational Organization for Standards (ISO) standards cover a wide range of areas including information security (e.g., ISO 27001), quality management (e.g., ISO 9001), and more. Compliance with relevant ISO standards can help organizations establish robust processes and controls that indirectly support compliance with DMCA regulations, particularly in managing digital assets securely.\n\nThe General Data Protection Regulation primarily concerns the protection of personal data and privacy rights of individuals within the European Union. While not directly related to DMCA, organizations handling copyrighted material often also deal with personal data, and thus must ensure compliance with both regulations where applicable.\n\nThe Department of Homeland Security (DHS) primarily deals with matters related to national security, cybersecurity, and emergency preparedness. Although DMCA isn't directly under its jurisdiction, issues related to copyright infringement might intersect with cybersecurity concerns, especially when it involves protecting digital assets from unauthorized access or misuse.\n\nThe Payment Card Industry Data Security Standard (PCI DSS) focuses on securing payment card data. While it doesn't directly relate to DMCA, organizations handling digital content as part of their services may need to ensure compliance with both sets of regulations.\n\nhttps://www.iso.org/copyright.html\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected4) {
                this.retailAndECommerceResults.add(" Question 2: No\n\n Compliance: DMCA\n\n Level of Importance: Most Critical\n\n Reasoning:\n Violation of DMCA requirements can lead to severe legal penalties of up to $250,000.\n\n Description:\n Implement a DMCA Policy: Develop and publish a DMCA policy on your website. This policy should outline procedures for addressing copyright infringement claims, including how to submit a DMCA takedown notice and how the company will respond to such notices.\n\n Designate a DMCA Agent: Designate an agent to receive DMCA takedown notices. This agent's contact information should be provided in your DMCA policy and registered with the U.S. Copyright Office.\n\n Respond Promptly to Notices: Upon receiving a valid DMCA takedown notice alleging copyright infringement, promptly remove or disable access to the infringing content. Follow the procedures outlined in your DMCA policy for handling such notices.\n\n Counter-Notification Process: Provide a mechanism for individuals to submit counter-notifications if they believe their content was wrongfully removed due to a DMCA takedown notice. Follow the procedures outlined in the DMCA for handling counter-notifications.\n\n Educate Employees: Educate employees about copyright laws and the company's DMCA policy. Ensure they understand their responsibilities for handling copyrighted material and responding to DMCA notices.\n\n Monitor Content: Implement measures to monitor user-generated content on your website or platform for potential copyright infringement. This could include using automated content filtering tools or manual review processes.\n (REQUIRED)\n How to Further Comply:\nImplement a DMCA Policy: Develop and publish a DMCA policy on your website. This policy should outline procedures for addressing copyright infringement claims, including how to submit a DMCA takedown notice and how the company will respond to such notices.\n\n Designate a DMCA Agent: Designate an agent to receive DMCA takedown notices. This agent's contact information should be provided in your DMCA policy and registered with the U.S. Copyright Office.\n\n Respond Promptly to Notices: Upon receiving a valid DMCA takedown notice alleging copyright infringement, promptly remove or disable access to the infringing content. Follow the procedures outlined in your DMCA policy for handling such notices.\n\n Counter-Notification Process: Provide a mechanism for individuals to submit counter-notifications if they believe their content was wrongfully removed due to a DMCA takedown notice. Follow the procedures outlined in the DMCA for handling counter-notifications.\n\n Educate Employees: Educate employees about copyright laws and the company's DMCA policy. Ensure they understand their responsibilities for handling copyrighted material and responding to DMCA notices.\n\n Monitor Content: Implement measures to monitor user-generated content on your website or platform for potential copyright infringement. This could include using automated content filtering tools or manual review processes.\n\n Additional Concerns (PLEASE READ):\n International Organization for Standards (ISO) standards cover a wide range of areas including information security (e.g., ISO 27001), quality management (e.g., ISO 9001), and more. Compliance with relevant ISO standards can help organizations establish robust processes and controls that indirectly support compliance with DMCA regulations, particularly in managing digital assets securely.\n\n The General Data Protection Regulation primarily concerns the protection of personal data and privacy rights of individuals within the European Union. While not directly related to DMCA, organizations handling copyrighted material often also deal with personal data, and thus must ensure compliance with both regulations where applicable.\n\n The Department of Homeland Security (DHS) primarily deals with matters related to national security, cybersecurity, and emergency preparedness. Although DMCA isn't directly under its jurisdiction, issues related to copyright infringement might intersect with cybersecurity concerns, especially when it involves protecting digital assets from unauthorized access or misuse.\n\n The Payment Card Industry Data Security Standard (PCI DSS) focuses on securing payment card data. While it doesn't directly relate to DMCA, organizations handling digital content as part of their services may need to ensure compliance with both sets of regulations.\n\n https://www.iso.org/copyright.html\n\n ---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if (isSelected5) {
                this.retailAndECommerceResults.add("Question 3: Yes\n\nCompliance: UCC\n\nLevel of Importance: Moderately Critical\n\nReasoning: Penalties vary based on total damages.\n\nDescription:\nThe Uniform Commercial Code is a set of laws governing commercial transactions in the United states. The UCC governs over different aspects of commerical laws such as sales, leases, and secured transactions. Article 2 of the UCC establishes rules for the sales of goods . IT involves the promoting clarity and consistency in commercial dealing.\n\n(OPTIONAL)\nHow to Further Comply:\nComply with the rules of contract formation under the UCC. This includes ensuring that there is a valid offer, acceptance, consideration, and that the terms of the contract are clear and agreed upon by both parties.\n\nImplied Warranties: Adhere to implied warranties mandated by the UCC. These include the warranty of merchantability (goods are fit for ordinary purposes) and the warranty of fitness for a particular purpose (goods are fit for a specific purpose known to the seller).\n\nWritten Contracts: Ensure compliance with the UCC's requirements for written contracts where necessary. While the UCC generally allows oral contracts for the sale of goods, certain transactions may require written documentation, especially for high-value or specialized goods.\n\nDelivery and Acceptance: Comply with UCC provisions regarding delivery and acceptance of goods. This includes following the agreed-upon delivery terms, inspecting goods upon receipt, and notifying the seller of any defects or non-conformities.\n\nUnderstand Risk of Loss: Understand the UCC's rules for determining when the risk of loss passes from the seller to the buyer. This typically occurs upon delivery, but specific circumstances may alter this allocation of risk.\n\nPayment Terms: Ensure that payment terms are clear and comply with UCC requirements. This includes specifying the price, payment method, and any applicable terms regarding installment payments or financing arrangements.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) primarily provides standards and guidelines for information security, including cybersecurity. While NIST standards themselves may not directly apply to the UCC, they can be relevant if electronic transactions or communications are involved in UCC-related activities. For example, securing electronic records or communications in accordance with NIST guidelines could be important.\n\nPCI DSS (Payment Card Industry Data Security Standard) applies to organizations that handle credit card transactions. If a commercial transaction under the UCC involves payment by credit card, compliance with PCI DSS would be necessary to ensure the security of cardholder data during the transaction process.\n\nThe Department of Homeland Security (DHS) primarily focuses on matters related to national security, border security, and emergency preparedness. While it may not directly regulate commercial transactions governed by the UCC, aspects of DHS regulations related to cybersecurity or critical infrastructure protection could have implications for businesses engaging in such transactions.\n\nGDPR (General Data Protection Regulation) is a European Union regulation that governs the protection of personal data. If a commercial transaction under the UCC involves the transfer or processing of personal data of individuals in the European Union, GDPR compliance would be necessary to ensure the protection of that data.\n\nISO (International Organization for Standardization) standards themselves may not directly apply to the UCC, businesses engaging in commercial transactions covered by the UCC may choose to adhere to ISO standards related to quality management, information security, or other relevant areas to enhance their operations.\n\nhttps://www.ucc.ie/en/gdpr/dataprotectionpolicy/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected6) {
                this.retailAndECommerceResults.add("Question 3: No\n\nCompliance: UCC\n\nLevel of Importance: Moderately Critical\n\nReasoning: Penalties vary based on total damages.\n\nDescription:\nThe Uniform Commercial Code is a set of laws governing commercial transactions in the United states. The UCC governs over different aspects of commerical laws such as sales, leases, and secured transactions. Article 2 of the UCC establishes rules for the sales of goods . IT involves the promoting clarity and consistency in commercial dealing.\n\n(REQUIRED)\nHow to Further Comply:\nComply with the rules of contract formation under the UCC. This includes ensuring that there is a valid offer, acceptance, consideration, and that the terms of the contract are clear and agreed upon by both parties.\n\nImplied Warranties: Adhere to implied warranties mandated by the UCC. These include the warranty of merchantability (goods are fit for ordinary purposes) and the warranty of fitness for a particular purpose (goods are fit for a specific purpose known to the seller).\n\nWritten Contracts: Ensure compliance with the UCC's requirements for written contracts where necessary. While the UCC generally allows oral contracts for the sale of goods, certain transactions may require written documentation, especially for high-value or specialized goods.\n\nDelivery and Acceptance: Comply with UCC provisions regarding delivery and acceptance of goods. This includes following the agreed-upon delivery terms, inspecting goods upon receipt, and notifying the seller of any defects or non-conformities.\n\nUnderstand Risk of Loss: Understand the UCC's rules for determining when the risk of loss passes from the seller to the buyer. This typically occurs upon delivery, but specific circumstances may alter this allocation of risk.\n\nPayment Terms: Ensure that payment terms are clear and comply with UCC requirements. This includes specifying the price, payment method, and any applicable terms regarding installment payments or financing arrangements.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) primarily provides standards and guidelines for information security, including cybersecurity. While NIST standards themselves may not directly apply to the UCC, they can be relevant if electronic transactions or communications are involved in UCC-related activities. For example, securing electronic records or communications in accordance with NIST guidelines could be important.\n\nPCI DSS (Payment Card Industry Data Security Standard) applies to organizations that handle credit card transactions. If a commercial transaction under the UCC involves payment by credit card, compliance with PCI DSS would be necessary to ensure the security of cardholder data during the transaction process.\n\nThe Department of Homeland Security (DHS) primarily focuses on matters related to national security, border security, and emergency preparedness. While it may not directly regulate commercial transactions governed by the UCC, aspects of DHS regulations related to cybersecurity or critical infrastructure protection could have implications for businesses engaging in such transactions.\n\nGDPR (General Data Protection Regulation) is a European Union regulation that governs the protection of personal data. If a commercial transaction under the UCC involves the transfer or processing of personal data of individuals in the European Union, GDPR compliance would be necessary to ensure the protection of that data.\n\nISO (International Organization for Standardization) standards themselves may not directly apply to the UCC, businesses engaging in commercial transactions covered by the UCC may choose to adhere to ISO standards related to quality management, information security, or other relevant areas to enhance their operations.\n\nhttps://www.ucc.ie/en/gdpr/dataprotectionpolicy/\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if (isSelected7) {
                this.retailAndECommerceResults.add("Question 4: Yes\n\nCompliance: PCI DSS\n\nLevel of Importance: Most Critical\n\nReasoning:\nEnsures that transactions are carried out safley. Penalties are severe for violations.\n\nDescription:\nAll merchants who collect, store, process, or transmit credit card data are obligated to comply with the PCI Security Standards Council (SSC) requirements.\nThe SSC outlines the necessary compliance measures that e-commerce merchants must follow also provideguidelines and documentation for reporting purposes.\n\n(OPTIONAL)\nHow to Further Comply:\nFamiliarize yourself with the PCI DSS requirements. There are twelve high-level requirements encompassing various security measures, including network security, data protection, access control, and monitoring.\n\nSecure Network: Implement robust network security measures, such as firewalls, to protect cardholder data from unauthorized access. Segment your network to isolate payment systems from other less secure systems.\n\nProtect Cardholder Data: Encrypt cardholder data during transmission and storage. Use strong encryption protocols and ensure that sensitive data is securely stored and accessible only to authorized personnel.\n\nVulnerability Management: Implement processes for identifying and addressing security vulnerabilities in your systems. This includes regular vulnerability scans and penetration testing to identify weaknesses that could be exploited by attackers.\n\nAccess Control: Limit access to cardholder data to only those individuals who need it to perform their job duties. Use strong authentication measures, such as unique IDs and passwords, to control access to sensitive information.\n\nRegular Monitoring and Testing: Implement monitoring tools and processes to detect and respond to security incidents in a timely manner. Conduct regular security testing, including intrusion detection and prevention, to ensure ongoing compliance with PCI DSS requirements.\n\nInformation Security Policies: Develop and implement comprehensive information security policies and procedures that address all aspects of PCI DSS compliance. Ensure that employees are trained on these policies and understand their roles and responsibilities in maintaining a secure environment.\n\nAdditional Concerns (PLEASE READ):\nNational Institute of Standards and Technology (NIST) provides guidelines and frameworks for cybersecurity, including recommendations that align with PCI DSS requirements. While NIST itself doesn't specifically regulate PCI DSS, organizations handling payment card data often refer to NIST frameworks, such as the Cybersecurity Framework (CSF), to enhance their security posture in alignment with PCI DSS requirements.\n\nhttps://www.itgovernance.co.uk/pci_dss\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected8) {
                this.retailAndECommerceResults.add("Question 4: No\n\nCompliance: PCI DSS\n\nLevel of Importance: Most Critical\n\nReasoning:\nEnsures that transactions are carried out safley. Penalties are severe for violations.\n\nDescription:\nAll merchants who collect, store, process, or transmit credit card data are obligated to comply with the PCI Security Standards Council (SSC) requirements.\nThe SSC outlines the necessary compliance measures that e-commerce merchants must follow also provideguidelines and documentation for reporting purposes.commerce merchants must follow also provideguidelines and documentation for reporting purposes.\n\n(REQUIRED)\nHow to Further Comply:\nFamiliarize yourself with the PCI DSS requirements. There are twelve high-level requirements encompassing various security measures, including network security, data protection, access control, and monitoring.\n\nSecure Network: Implement robust network security measures, such as firewalls, to protect cardholder data from unauthorized access. Segment your network to isolate payment systems from other less secure systems.\n\nProtect Cardholder Data: Encrypt cardholder data during transmission and storage. Use strong encryption protocols and ensure that sensitive data is securely stored and accessible only to authorized personnel.\n\nVulnerability Management: Implement processes for identifying and addressing security vulnerabilities in your systems. This includes regular vulnerability scans and penetration testing to identify weaknesses that could be exploited by attackers.\n\nAccess Control: Limit access to cardholder data to only those individuals who need it to perform their job duties. Use strong authentication measures, such as unique IDs and passwords, to control access to sensitive information.\n\nRegular Monitoring and Testing: Implement monitoring tools and processes to detect and respond to security incidents in a timely manner. Conduct regular security testing, including intrusion detection and prevention, to ensure ongoing compliance with PCI DSS requirements.\n\nInformation Security Policies: Develop and implement comprehensive information security policies and procedures that address all aspects of PCI DSS compliance. Ensure that employees are trained on these policies and understand their roles and responsibilities in maintaining a secure environment.\n\nAdditional Concerns (PLEASE READ):\nNational Institute of Standards and Technology (NIST) provides guidelines and frameworks for cybersecurity, including recommendations that align with PCI DSS requirements. While NIST itself doesn't specifically regulate PCI DSS, organizations handling payment card data often refer to NIST frameworks, such as the Cybersecurity Framework (CSF), to enhance their security posture in alignment with PCI DSS requirements.\n\nhttps://www.itgovernance.co.uk/pci_dss\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if (isSelected9) {
                this.retailAndECommerceResults.add("Question 5: Yes\n\nCompliance: GDPR\n\nLevel of Importance: Moderately Critical\n\nReasoning:\nOnly applies to organizations that handles EU residents' personal information.\n\nDescription:\nGDPR's functionality within the retail industry is characterized by its emphasis on transparency, accountability, and consent in managing customer data. Retail businesses must adhere to specific requirements and principles outlined by GDPR, shaping their data processing practices and customer interactions.\n\n(OPTIONAL)\nHow to Further Comply:\nAwareness and Understanding: Ensure that key personnel within the organization understand the requirements of the GDPR, including how it defines personal data, data processing activities, and the rights of data subjects.\n\nData Inventory and Mapping: Conduct a comprehensive audit of personal data held by the company, including customer data, employee data, and any other data collected or processed. Map the flow of personal data throughout the organization to understand how it is collected, stored, and used.\n\nLawful Basis for Processing: Identify and document the lawful basis for processing personal data. This could include obtaining consent from individuals, fulfilling contractual obligations, complying with legal requirements, or pursuing legitimate interests.\n\nData Minimization: Minimize the collection and retention of personal data to what is necessary for the intended purpose. Avoid collecting excessive or irrelevant data and implement procedures for securely disposing of data when it is no longer needed.\n\nTransparency and Consent: Provide clear and transparent information to individuals about how their personal data is processed, including purposes, legal basis, and data retention periods. Obtain explicit consent from individuals before processing their personal data, where required.\n\nData Security Measures: Implement appropriate technical and organizational measures to ensure the security of personal data. This includes measures such as encryption, access controls, regular security assessments, and employee training on data security best practices.\n\nData Subject Rights: Establish procedures for responding to data subject rights requests, including requests for access, rectification, erasure, and data portability. Ensure that these requests are handled promptly and in accordance with GDPR requirements.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation) governs the processing of personal data of individuals within the EU, as well as the export of personal data outside the EU. Organizations that handle personal data of EU residents are subject to GDPR compliance requirements.\n\nISO (International Organization for Standardization) standards, such as ISO/IEC 27001 (Information Security Management System) and ISO/IEC 27701 (Privacy Information Management System), provide frameworks for implementing controls and practices related to information security and privacy management. While ISO standards do not directly address GDPR compliance, they can be used to establish an information security and privacy management framework that aligns with GDPR requirements.\n\nNIST (National Institute of Standards and Technology) primarily focuses on cybersecurity and risk management standards, its guidelines and frameworks, such as the NIST Cybersecurity Framework (CSF) and publications like NIST Special Publication 800-53, can be used alongside GDPR compliance efforts. These provide guidance on protecting sensitive data, managing risk, and implementing security controls.\n\nPCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. While PCI DSS and GDPR are distinct regulations, organizations processing payment card data in the European Union (EU) must comply with both GDPR and PCI DSS requirements.\n\nhttps://gdpr-info.eu/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected10) {
                this.retailAndECommerceResults.add("Question 5: No\n\nCompliance: GDPR\n\nLevel of Importance: Moderately Critical\n\nReasoning:\nOnly applies to organizations that handles EU residents' personal information.\n\nDescription:\nGDPR's functionality within the retail industry is characterized by its emphasis on transparency, accountability, and consent in managing customer data. Retail businesses must adhere to specific requirements and principles outlined by GDPR, shaping their data processing practices and customer interactions.\n\n\n(REQUIRED)\nHow to Further Comply:\nAwareness and Understanding: Ensure that key personnel within the organization understand the requirements of the GDPR, including how it defines personal data, data processing activities, and the rights of data subjects.\n\nData Inventory and Mapping: Conduct a comprehensive audit of personal data held by the company, including customer data, employee data, and any other data collected or processed. Map the flow of personal data throughout the organization to understand how it is collected, stored, and used.\n\nLawful Basis for Processing: Identify and document the lawful basis for processing personal data. This could include obtaining consent from individuals, fulfilling contractual obligations, complying with legal requirements, or pursuing legitimate interests.\n\nData Minimization: Minimize the collection and retention of personal data to what is necessary for the intended purpose. Avoid collecting excessive or irrelevant data and implement procedures for securely disposing of data when it is no longer needed.\n\nTransparency and Consent: Provide clear and transparent information to individuals about how their personal data is processed, including purposes, legal basis, and data retention periods. Obtain explicit consent from individuals before processing their personal data, where required.\n\nData Security Measures: Implement appropriate technical and organizational measures to ensure the security of personal data. This includes measures such as encryption, access controls, regular security assessments, and employee training on data security best practices.\n\nData Subject Rights: Establish procedures for responding to data subject rights requests, including requests for access, rectification, erasure, and data portability. Ensure that these requests are handled promptly and in accordance with GDPR requirements.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation) governs the processing of personal data of individuals within the EU, as well as the export of personal data outside the EU. Organizations that handle personal data of EU residents are subject to GDPR compliance requirements.\n\nISO (International Organization for Standardization) standards, such as ISO/IEC 27001 (Information Security Management System) and ISO/IEC 27701 (Privacy Information Management System), provide frameworks for implementing controls and practices related to information security and privacy management. While ISO standards do not directly address GDPR compliance, they can be used to establish an information security and privacy management framework that aligns with GDPR requirements.\n\nNIST (National Institute of Standards and Technology) primarily focuses on cybersecurity and risk management standards, its guidelines and frameworks, such as the NIST Cybersecurity Framework (CSF) and publications like NIST Special Publication 800-53, can be used alongside GDPR compliance efforts. These provide guidance on protecting sensitive data, managing risk, and implementing security controls.\n\nPCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. While PCI DSS and GDPR are distinct regulations, organizations processing payment card data in the European Union (EU) must comply with both GDPR and PCI DSS requirements.\n\nhttps://gdpr-info.eu/\n\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if (isSelected11) {
                this.retailAndECommerceResults.add("Question 6: Yes\n\nCompliance: OSHA\n\nLevel of Importance: Most Critical\n\nReasoning:\nEnsures the safety of the workplace and personnel. Violations carry stiff penalties.\n\nDescription:\nOSHA is part of the United States Department of Labor. The administrator for OSHA is the Assistant Secretary of Labor for Occupational Safety and Health.\nOSHA's administrator answers to the Secretary of Labor, who is a member of the cabinet of the President of the United States\n\n(OPTIONAL)\nHow to Further Comply:\nUnderstand OSHA Requirements: Familiarize yourself with OSHA regulations relevant to the retail industry. This includes standards related to workplace safety, hazardous materials handling, ergonomics, and other health and safety concerns.\n\nDevelop a Written Safety Program: Create a comprehensive written safety program that addresses specific hazards present in your retail environment. This program should include policies and procedures for hazard identification, training, emergency response, and accident investigation.\n\nProvide Employee Training: Train employees on safety protocols and procedures outlined in your written safety program. This training should cover topics such as proper lifting techniques, handling hazardous materials, emergency evacuation procedures, and the proper use of personal protective equipment (PPE).\n\nConduct Regular Inspections: Implement a regular inspection program to identify and address potential safety hazards in the workplace. This may include inspecting sales floors, storage areas, restrooms, and other areas frequented by employees and customers.\n\nMaintain Records: Keep detailed records of safety training, inspections, accidents, and near misses. These records can help demonstrate compliance with OSHA regulations and identify areas for improvement.\n\nProvide Personal Protective Equipment (PPE): Supply employees with appropriate PPE, such as gloves, safety goggles, and slip-resistant footwear, to protect them from workplace hazards. Ensure that employees are trained on the proper use and maintenance of PPE.\n\nAdditional Concerns (PLEASE READ):\nOrganizations may need to ensure compliance with both OSHA regulations and other standards depending on the nature of their business operations and the risks they face. For example, a manufacturing facility may need to comply with OSHA regulations to protect worker safety while also adhering to ISO standards for quality management and cybersecurity standards like those recommended by NIST to protect sensitive data and systems integrity.\n\nhttps://www.osha.gov/sites/default/files/publications/all_about_OSHA.pdf\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected12) {
                this.retailAndECommerceResults.add("Question 6: No\n\nCompliance: OSHA\n\nLevel of Importance: Most Critical\n\nReasoning:\nEnsures the safety of the workplace and personnel. Violations carry stiff penalties.\n\nDescription:\nOSHA is part of the United States Department of Labor. The administrator for OSHA is the Assistant Secretary of Labor for Occupational Safety and Health.\nOSHA's administrator answers to the Secretary of Labor, who is a member of the cabinet of the President of the United States\n\n(REQUIRED)\nHow to Further Comply:\nUnderstand OSHA Requirements: Familiarize yourself with OSHA regulations relevant to the retail industry. This includes standards related to workplace safety, hazardous materials handling, ergonomics, and other health and safety concerns.\n\nDevelop a Written Safety Program: Create a comprehensive written safety program that addresses specific hazards present in your retail environment. This program should include policies and procedures for hazard identification, training, emergency response, and accident investigation.\n\nProvide Employee Training: Train employees on safety protocols and procedures outlined in your written safety program. This training should cover topics such as proper lifting techniques, handling hazardous materials, emergency evacuation procedures, and the proper use of personal protective equipment (PPE).\n\nConduct Regular Inspections: Implement a regular inspection program to identify and address potential safety hazards in the workplace. This may include inspecting sales floors, storage areas, restrooms, and other areas frequented by employees and customers.\n\nMaintain Records: Keep detailed records of safety training, inspections, accidents, and near misses. These records can help demonstrate compliance with OSHA regulations and identify areas for improvement.\n\nProvide Personal Protective Equipment (PPE): Supply employees with appropriate PPE, such as gloves, safety goggles, and slip-resistant footwear, to protect them from workplace hazards. Ensure that employees are trained on the proper use and maintenance of PPE.\n\nAdditional Concerns (PLEASE READ):\nOrganizations may need to ensure compliance with both OSHA regulations and other standards depending on the nature of their business operations and the risks they face. For example, a manufacturing facility may need to comply with OSHA regulations to protect worker safety while also adhering to ISO standards for quality management and cybersecurity standards like those recommended by NIST to protect sensitive data and systems integrity.\n\nhttps://www.osha.gov/sites/default/files/publications/all_about_OSHA.pdf\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if (isSelected13) {
                this.retailAndECommerceResults.add("Question 7: Yes\n\nCompliance: FSLA\n\nLevel of Importance: Highly Critical\n\nReasoning:\nViolations carry fines per incident and a chance of imprisonment.\n\nDescription:\nThe Fair Labor Standards Act (FLSA) establishes minimum wage, overtime pay, recordkeeping, and youth employment standards affecting employees in the private sector and in Federal, State, and local governments. Covered nonexempt workers are entitled to a minimum wage of not less than $7.25 per hour effective July 24, 2009.\nOvertime pay at a rate not less than one and one-half times the regular rate of pay is required after 40 hours of work in a workweek.\n\n(OPTIONAL)\nHow to Further Comply:\nClassification of Employees: Ensure that all employees are properly classified as either exempt or non-exempt based on FLSA criteria. Exempt employees are not entitled to overtime pay, while non-exempt employees are eligible for overtime pay for hours worked beyond 40 in a workweek.\n\nPay at Least Minimum Wage: Pay non-exempt employees at least the federal minimum wage or the state minimum wage, whichever is higher. Currently, the federal minimum wage is $7.25 per hour, but some states and localities have higher minimum wage rates.\n\nOvertime Pay: Pay non-exempt employees overtime pay at a rate of at least one and a half times their regular rate of pay for hours worked over 40 in a workweek. Ensure accurate record-keeping of hours worked to calculate overtime pay correctly.\n\nUnderstand Child Labor Laws: Adhere to child labor laws outlined in the FLSA, which restrict the types of work and the hours minors can work in various industries, including retail. Obtain work permits and comply with any state-specific child labor regulations.\n\nRecord-Keeping: Maintain accurate records of employee hours worked, wages paid, and other relevant payroll information. This includes employee timecards, pay stubs, and payroll records, which should be retained for at least three years.\n\nEnsure Meal and Rest Breaks: Comply with any state-specific meal and rest break requirements. While the FLSA does not mandate meal or rest breaks, some states have their own regulations regarding these breaks for employees.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation) primarily deals with the protection of personal data of individuals within the European Union (EU). If an organization subject to GDPR collects or processes personal data of individuals subject to GDPR, it needs to comply with GDPR's requirements. This might indirectly relate to FLSA if personal data related to employees' work and employment are collected and processed, but the direct connection would be limited.\n\nISO (International Organization for Standardization) standards cover a wide range of areas, including information security (e.g., ISO 27001) and quality management (e.g., ISO 9001). While ISO standards might indirectly impact an organization's practices, they don't directly regulate labor standards like those addressed by FLSA.\n\nhttps://www.dol.gov/agencies/whd/compliance-assistance/handy-reference-guide-flsa\n\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected14) {
                this.retailAndECommerceResults.add("Question 7: No\n\nCompliance: FSLA\n\nLevel of Importance: Highly Critical\n\nReasoning:\nViolations carry fines per incident and a chance of imprisonment.\n\nDescription:\nThe Fair Labor Standards Act (FLSA) establishes minimum wage, overtime pay, recordkeeping, and youth employment standards affecting employees in the private sector and in Federal, State, and local governments. Covered nonexempt workers are entitled to a minimum wage of not less than $7.25 per hour effective July 24, 2009.\nOvertime pay at a rate not less than one and one-half times the regular rate of pay is required after 40 hours of work in a workweek.\n\n\n(REQUIRED)\nHow to Further Comply:\nClassification of Employees: Ensure that all employees are properly classified as either exempt or non-exempt based on FLSA criteria. Exempt employees are not entitled to overtime pay, while non-exempt employees are eligible for overtime pay for hours worked beyond 40 in a workweek.\n\nPay at Least Minimum Wage: Pay non-exempt employees at least the federal minimum wage or the state minimum wage, whichever is higher. Currently, the federal minimum wage is $7.25 per hour, but some states and localities have higher minimum wage rates.\n\nOvertime Pay: Pay non-exempt employees overtime pay at a rate of at least one and a half times their regular rate of pay for hours worked over 40 in a workweek. Ensure accurate record-keeping of hours worked to calculate overtime pay correctly.\n\nUnderstand Child Labor Laws: Adhere to child labor laws outlined in the FLSA, which restrict the types of work and the hours minors can work in various industries, including retail. Obtain work permits and comply with any state-specific child labor regulations.\n\nRecord-Keeping: Maintain accurate records of employee hours worked, wages paid, and other relevant payroll information. This includes employee timecards, pay stubs, and payroll records, which should be retained for at least three years.\n\nEnsure Meal and Rest Breaks: Comply with any state-specific meal and rest break requirements. While the FLSA does not mandate meal or rest breaks, some states have their own regulations regarding these breaks for employees.\n\nAdditional Concerns (PLEASE READ):\nGDPR (General Data Protection Regulation) primarily deals with the protection of personal data of individuals within the European Union (EU). If an organization subject to GDPR collects or processes personal data of individuals subject to GDPR, it needs to comply with GDPR's requirements. This might indirectly relate to FLSA if personal data related to employees' work and employment are collected and processed, but the direct connection would be limited.\n\nISO (International Organization for Standardization) standards cover a wide range of areas, including information security (e.g., ISO 27001) and quality management (e.g., ISO 9001). While ISO standards might indirectly impact an organization's practices, they don't directly regulate labor standards like those addressed by FLSA.\n\nhttps://www.dol.gov/agencies/whd/compliance-assistance/handy-reference-guide-flsa\n\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if (isSelected15) {
                this.retailAndECommerceResults.add("Question 8: Yes\n\nCompliance: FTC\n\nLevel of Importance: Highly Critical\n\nReasoning:\nViolations can carry minor to severe monetary punishments. FTC governs many aspects of business regulations\nwhich should always be followed.\n\nDescription:\nThe Federal Trade Commission (FTC) enforces a variety of laws and regulations pertaining to retail and consumer protection in the United States. While the FTC's jurisdiction covers a broad spectrum of issues, including antitrust enforcement and consumer privacy, several laws specifically address retail-related concerns\n\n(OPTIONAL)\nHow to Further Comply:\nAvoid Deceptive Advertising: Ensure that all advertising, including online, print, and in-store promotions, is truthful and not misleading. Disclose all material information about products or services, including pricing, features, and limitations.\n\nClear Disclosures: Provide clear and conspicuous disclosures when necessary. Disclosures should be easy to understand and prominently placed where consumers are likely to see them, especially when making claims about pricing, warranties, or other material aspects of products or services.\n\nHonest Representations: Make honest representations about products and services. Avoid making false or exaggerated claims about the benefits, performance, or efficacy of products.\n\nPricing Accuracy: Ensure that prices are accurately represented to consumers. This includes clearly displaying the total price of products or services, including any taxes, fees, or shipping costs.\n\nCustomer Reviews and Testimonials: If using customer reviews or testimonials in advertising, ensure that they reflect the honest opinions and experiences of actual customers. Avoid using fake or misleading reviews or testimonials.\n\nPrivacy Compliance: Comply with privacy laws and regulations when collecting, storing, and using consumer data. Provide clear and transparent privacy policies that explain how consumer data is collected, used, and shared.\n\nCancellation and Refund Policies: Clearly communicate cancellation and refund policies to consumers. Ensure that these policies are fair, reasonable, and comply with applicable laws and regulations.\n\nCompliance Training: Train employees on FTC regulations and best practices for advertising, marketing, and customer interactions. Employees should understand their responsibilities for ensuring compliance with the FTC Act.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) develops standards, guidelines, and best practices for various aspects of technology and cybersecurity. While the FTC doesn't directly enforce NIST standards, it may reference NIST guidelines in its enforcement actions or recommendations related to data security and privacy.\n\nPCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that companies that accept, process, store, or transmit credit card information maintain a secure environment. The FTC may enforce compliance with PCI DSS among companies that handle payment card data as part of its broader authority to protect consumers from deceptive or unfair practices.\n\nDepartment of Homeland Security (DHS) is primarily concerned with national security, including cybersecurity. While the FTC's focus is more on consumer protection and business practices, there may be instances where the two agencies collaborate on matters involving cybersecurity threats or critical infrastructure protection.\n\nGDPR (General Data Protection Regulation) is a regulation in the European Union (EU) that governs data protection and privacy for individuals within the EU and the European Economic Area (EEA). While the FTC does not enforce GDPR directly, it may come into play if a U.S.-based company conducts business with EU/EEA residents and is found to violate GDPR principles. The FTC may take action if such violations also constitute deceptive or unfair practices under U.S. law.\n\nISO (International Organization for Standardization) develops international standards for various industries, including standards related to information security and data privacy (e.g., ISO 27001 for information security management systems). Compliance with ISO standards may not be mandatory by law, but adherence to relevant ISO standards could be considered a best practice. The FTC may take into account a company's adherence to ISO standards as part of its assessment of that company's data security practices.\n\nhttps://www.ftc.gov/business-guidance/privacy-security/data-security\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected16) {
                this.retailAndECommerceResults.add("Question 8: No\n\nCompliance: FTC\n\nLevel of Importance: Highly Critical\n\nReasoning:\nViolations can carry minor to severe monetary punishments. FTC governs many aspects of business regulations\nwhich should always be followed.\n\nDescription:\nThe Federal Trade Commission (FTC) enforces a variety of laws and regulations pertaining to retail and consumer protection in the United States. While the FTC's jurisdiction covers a broad spectrum of issues, including antitrust enforcement and consumer privacy, several laws specifically address retail-related concerns\n\n(REQUIRED)\nHow to Further Comply:\nAvoid Deceptive Advertising: Ensure that all advertising, including online, print, and in-store promotions, is truthful and not misleading. Disclose all material information about products or services, including pricing, features, and limitations.\n\nClear Disclosures: Provide clear and conspicuous disclosures when necessary. Disclosures should be easy to understand and prominently placed where consumers are likely to see them, especially when making claims about pricing, warranties, or other material aspects of products or services.\n\nHonest Representations: Make honest representations about products and services. Avoid making false or exaggerated claims about the benefits, performance, or efficacy of products.\n\nPricing Accuracy: Ensure that prices are accurately represented to consumers. This includes clearly displaying the total price of products or services, including any taxes, fees, or shipping costs.\n\nCustomer Reviews and Testimonials: If using customer reviews or testimonials in advertising, ensure that they reflect the honest opinions and experiences of actual customers. Avoid using fake or misleading reviews or testimonials.\n\nPrivacy Compliance: Comply with privacy laws and regulations when collecting, storing, and using consumer data. Provide clear and transparent privacy policies that explain how consumer data is collected, used, and shared.\n\nCancellation and Refund Policies: Clearly communicate cancellation and refund policies to consumers. Ensure that these policies are fair, reasonable, and comply with applicable laws and regulations.\n\nCompliance Training: Train employees on FTC regulations and best practices for advertising, marketing, and customer interactions. Employees should understand their responsibilities for ensuring compliance with the FTC Act.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) develops standards, guidelines, and best practices for various aspects of technology and cybersecurity. While the FTC doesn't directly enforce NIST standards, it may reference NIST guidelines in its enforcement actions or recommendations related to data security and privacy.\n\nPCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that companies that accept, process, store, or transmit credit card information maintain a secure environment. The FTC may enforce compliance with PCI DSS among companies that handle payment card data as part of its broader authority to protect consumers from deceptive or unfair practices.\n\nDepartment of Homeland Security (DHS) is primarily concerned with national security, including cybersecurity. While the FTC's focus is more on consumer protection and business practices, there may be instances where the two agencies collaborate on matters involving cybersecurity threats or critical infrastructure protection.\n\nGDPR (General Data Protection Regulation) is a regulation in the European Union (EU) that governs data protection and privacy for individuals within the EU and the European Economic Area (EEA). While the FTC does not enforce GDPR directly, it may come into play if a U.S.-based company conducts business with EU/EEA residents and is found to violate GDPR principles. The FTC may take action if such violations also constitute deceptive or unfair practices under U.S. law.\n\nISO (International Organization for Standardization) develops international standards for various industries, including standards related to information security and data privacy (e.g., ISO 27001 for information security management systems). Compliance with ISO standards may not be mandatory by law, but adherence to relevant ISO standards could be considered a best practice. The FTC may take into account a company's adherence to ISO standards as part of its assessment of that company's data security practices.\n\nhttps://www.ftc.gov/business-guidance/privacy-security/data-security\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if (isSelected17) {
                this.retailAndECommerceResults.add("Question 9: Yes\n\nCompliance: SEC\n\nLevel of Importance: Most Critical\n\nReasoning:\nLarge civil cases as well as stiff monetary fines are enforced to ensure SEC compliance.\n\nDescription:\nThe U.S. Securities and Exchange Commission (SEC) primarily regulates the securities industry to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.\nWhile the SEC's focus is primarily on securities markets and investment activities, it does have regulations that indirectly impact retail investors and retail brokerage firms.\n\n(OPTIONAL)\nHow to Further Comply:\nFinancial Reporting Compliance: Ensure accurate and timely filing of financial statements, including annual reports (Form 10-K), quarterly reports (Form 10-Q), and current reports (Form 8-K). These filings must adhere to Generally Accepted Accounting Principles (GAAP) or International Financial Reporting Standards (IFRS) if applicable.\n\nInternal Controls Compliance: Implement and maintain effective internal controls over financial reporting (ICFR) to ensure the reliability of financial statements. This involves establishing procedures and policies to prevent fraud and ensure accuracy in financial reporting.\n\nInsider Trading Compliance: Develop and enforce policies to prevent insider trading, including blackout periods, pre-clearance requirements for trading, and disclosure obligations for insiders. Employees with access to material non-public information must adhere to strict guidelines to prevent illegal trading activities.\n\nDisclosure Compliance: Provide accurate and timely disclosure of material information to investors and the public. This includes disclosing information regarding financial performance, significant events, risks, and other material information through various channels such as SEC filings, press releases, and investor presentations.\n\nCorporate Governance Compliance: Maintain appropriate corporate governance practices, including a well-structured board of directors, independent audit committees, and transparent executive compensation practices. Compliance with regulations such as the Sarbanes-Oxley Act (SOX) is essential for ensuring corporate governance integrity.\n\nRegulatory Filings Compliance: Comply with SEC rules and regulations regarding registration statements for securities offerings (e.g., IPOs, secondary offerings) and proxy statements for shareholder meetings. Companies must accurately disclose information regarding the securities being offered, including financial statements, risk factors, and management discussions.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) provides cybersecurity frameworks and guidelines that organizations, including those regulated by the SEC, can adopt to strengthen their cybersecurity posture.\n\nPCI DSS (Payment Card Industry Data Security Standard) primarily applies to entities handling credit card transactions, companies subject to SEC regulation may still need to comply with PCI DSS if they process payment card information.\n\nThe Department of Homeland Security (DHS) primarily deals with national security, emergency preparedness, and response. While their regulations may not directly apply to the SEC, there may be areas of collaboration or information sharing, especially regarding critical infrastructure protection.\n\nThe General Data Protection Regulation (GDPR) is a European Union regulation that governs the protection of personal data of individuals within the EU. While the SEC primarily operates within the United States, companies subject to SEC regulations may still need to comply with GDPR if they handle personal data of EU citizens.\n\nISO (International Organization for Standardization) standards cover various aspects of organizational management, including information security (ISO/IEC 27001), quality management (ISO 9001), and more. While these standards are not directly mandated by the SEC, they provide best practices that organizations can adopt to improve their operations, which could indirectly impact SEC-regulated entities.\n\nhttps://www.sec.gov/about\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected18) {
                this.retailAndECommerceResults.add("Question 9: No\n\nCompliance: SEC\n\nLevel of Importance: Most Critical\n\nReasoning:\nLarge civil cases as well as stiff monetary fines are enforced to ensure SEC compliance.\n\nDescription:\nThe U.S. Securities and Exchange Commission (SEC) primarily regulates the securities industry to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.\nWhile the SEC's focus is primarily on securities markets and investment activities, it does have regulations that indirectly impact retail investors and retail brokerage firms.\n\n(REQUIRED)\nHow to Further Comply:\nFinancial Reporting Compliance: Ensure accurate and timely filing of financial statements, including annual reports (Form 10-K), quarterly reports (Form 10-Q), and current reports (Form 8-K). These filings must adhere to Generally Accepted Accounting Principles (GAAP) or International Financial Reporting Standards (IFRS) if applicable.\n\nInternal Controls Compliance: Implement and maintain effective internal controls over financial reporting (ICFR) to ensure the reliability of financial statements. This involves establishing procedures and policies to prevent fraud and ensure accuracy in financial reporting.\n\nInsider Trading Compliance: Develop and enforce policies to prevent insider trading, including blackout periods, pre-clearance requirements for trading, and disclosure obligations for insiders. Employees with access to material non-public information must adhere to strict guidelines to prevent illegal trading activities.\n\nDisclosure Compliance: Provide accurate and timely disclosure of material information to investors and the public. This includes disclosing information regarding financial performance, significant events, risks, and other material information through various channels such as SEC filings, press releases, and investor presentations.\n\nCorporate Governance Compliance: Maintain appropriate corporate governance practices, including a well-structured board of directors, independent audit committees, and transparent executive compensation practices. Compliance with regulations such as the Sarbanes-Oxley Act (SOX) is essential for ensuring corporate governance integrity.\n\nRegulatory Filings Compliance: Comply with SEC rules and regulations regarding registration statements for securities offerings (e.g., IPOs, secondary offerings) and proxy statements for shareholder meetings. Companies must accurately disclose information regarding the securities being offered, including financial statements, risk factors, and management discussions.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) provides cybersecurity frameworks and guidelines that organizations, including those regulated by the SEC, can adopt to strengthen their cybersecurity posture.\n\nPCI DSS (Payment Card Industry Data Security Standard) primarily applies to entities handling credit card transactions, companies subject to SEC regulation may still need to comply with PCI DSS if they process payment card information.\n\nThe Department of Homeland Security (DHS) primarily deals with national security, emergency preparedness, and response. While their regulations may not directly apply to the SEC, there may be areas of collaboration or information sharing, especially regarding critical infrastructure protection.\n\nThe General Data Protection Regulation (GDPR) is a European Union regulation that governs the protection of personal data of individuals within the EU. While the SEC primarily operates within the United States, companies subject to SEC regulations may still need to comply with GDPR if they handle personal data of EU citizens.\n\nISO (International Organization for Standardization) standards cover various aspects of organizational management, including information security (ISO/IEC 27001), quality management (ISO 9001), and more. While these standards are not directly mandated by the SEC, they provide best practices that organizations can adopt to improve their operations, which could indirectly impact SEC-regulated entities.\n\nhttps://www.sec.gov/about\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if (isSelected19) {
                this.retailAndECommerceResults.add("Question 10: Yes\n\nCompliance: COPPA\n\nLevel of Importance: Most Critical\n\nReasoning:\nViolations can lead to civil lawsuits and up $50,000 in monetary fines.\n\nDescription:\nCOPPA stands for the Children's Online Privacy Protection Act. It is a United States federal law enacted in 1998 that imposes certain requirements on operators of websites or online services directed toward children under 13 years of age, or on operators that have actual knowledge that they are collecting personal information from children under 13 online.\n\n(OPTIONAL)\nHow to Further Comply:\nObtaining Parental Consent: One of the primary requirements of COPPA is obtaining verifiable parental consent before collecting personal information from children under 13. Companies can comply by implementing mechanisms for obtaining this consent, such as through email, signed forms, or a toll-free phone number.\n\nTransparent Privacy Policies: Companies should have a clear and comprehensive privacy policy that outlines the types of information collected from children, how it is used, and whether it is shared with third parties. This policy should be easily accessible and written in language that is understandable to both parents and children.\n\nLimited Data Collection: Companies should only collect personal information from children that is necessary for the operation of the website or service. They should avoid collecting sensitive information such as full names, addresses, phone numbers, or geolocation data without parental consent.\n\nSecurity Measures: Implementing robust security measures to protect the personal information collected from children is crucial. This includes encryption, firewalls, and other safeguards to prevent unauthorized access, disclosure, or alteration of the data.\n\nAge Verification Mechanisms: Companies can implement age verification mechanisms to ensure that users are not misrepresenting their age to access the website or service. This can include asking for the user's date of birth or using CAPTCHA tests to verify age.\n\nEducational Material for Parents and Children: Providing educational material for both parents and children about online privacy and safety can help promote compliance with COPPA. This can include tips for parents on how to monitor their children's online activities and guidance for children on how to protect their personal information online.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) provides cybersecurity frameworks and guidelines that organizations can use to enhance their cybersecurity posture. While not directly related to COPPA, organizations may use NIST guidelines to develop security measures to protect children's personal information in compliance with COPPA.\n\nISO (International Organization for Standards regulations, such as ISO/IEC 27001 for information security management systems, provide frameworks for organizations to establish and maintain effective information security practices. Compliance with ISO standards can help organizations align with COPPA requirements by implementing appropriate security measures to protect children's personal information.\n\nhttps://advisera.com/27001academy/what-is-iso-27001/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("Yes");
            } else if (isSelected20) {
                this.retailAndECommerceResults.add("Question 10: No\n\nCompliance: COPPA\n\nLevel of Importance: Most Critical\n\nReasoning:\nViolations can lead to civil lawsuits and up $50,000 in monetary fines.\n\nDescription:\nCOPPA stands for the Children's Online Privacy Protection Act. It is a United States federal law enacted in 1998 that imposes certain requirements on operators of websites or online services directed toward children under 13 years of age, or on operators that have actual knowledge that they are collecting personal information from children under 13 online.\n\n(REQUIRED)\nHow to Further Comply:\nObtaining Parental Consent: One of the primary requirements of COPPA is obtaining verifiable parental consent before collecting personal information from children under 13. Companies can comply by implementing mechanisms for obtaining this consent, such as through email, signed forms, or a toll-free phone number.\n\nTransparent Privacy Policies: Companies should have a clear and comprehensive privacy policy that outlines the types of information collected from children, how it is used, and whether it is shared with third parties. This policy should be easily accessible and written in language that is understandable to both parents and children.\n\nLimited Data Collection: Companies should only collect personal information from children that is necessary for the operation of the website or service. They should avoid collecting sensitive information such as full names, addresses, phone numbers, or geolocation data without parental consent.\n\nSecurity Measures: Implementing robust security measures to protect the personal information collected from children is crucial. This includes encryption, firewalls, and other safeguards to prevent unauthorized access, disclosure, or alteration of the data.\n\nAge Verification Mechanisms: Companies can implement age verification mechanisms to ensure that users are not misrepresenting their age to access the website or service. This can include asking for the user's date of birth or using CAPTCHA tests to verify age.\n\nEducational Material for Parents and Children: Providing educational material for both parents and children about online privacy and safety can help promote compliance with COPPA. This can include tips for parents on how to monitor their children's online activities and guidance for children on how to protect their personal information online.\n\nAdditional Concerns (PLEASE READ):\nNIST (National Institute of Standards and Technology) provides cybersecurity frameworks and guidelines that organizations can use to enhance their cybersecurity posture. While not directly related to COPPA, organizations may use NIST guidelines to develop security measures to protect children's personal information in compliance with COPPA.\n\nISO (International Organization for Standards regulations, such as ISO/IEC 27001 for information security management systems, provide frameworks for organizations to establish and maintain effective information security practices. Compliance with ISO standards can help organizations align with COPPA requirements by implementing appropriate security measures to protect children's personal information.\n\nhttps://advisera.com/27001academy/what-is-iso-27001/\n\n---------------------------------------------------------------------------------------------------------------------------------------------------------------\n");
                this.retailAndECommerceResultsInfo.add("No");
            }
            if ((gUIView.guiForm().getRetailAndECommerceQ1Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ1N().isSelected()) && ((gUIView.guiForm().getRetailAndECommerceQ2Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ2N().isSelected()) && ((gUIView.guiForm().getRetailAndECommerceQ3Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ3N().isSelected()) && ((gUIView.guiForm().getRetailAndECommerceQ4Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ4N().isSelected()) && ((gUIView.guiForm().getRetailAndECommerceQ5Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ5N().isSelected()) && ((gUIView.guiForm().getRetailAndECommerceQ6Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ6N().isSelected()) && ((gUIView.guiForm().getRetailAndECommerceQ7Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ7N().isSelected()) && ((gUIView.guiForm().getRetailAndECommerceQ8Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ8N().isSelected()) && ((gUIView.guiForm().getRetailAndECommerceQ9Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ9N().isSelected()) && (gUIView.guiForm().getRetailAndECommerceQ10Y().isSelected() || gUIView.guiForm().getRetailAndECommerceQ10N().isSelected())))))))))) {
                Iterator<String> it = this.retailAndECommerceResults.iterator();
                while (it.hasNext()) {
                    gUIView.guiForm().getRetailAndECommerceResultsOutput().append(it.next());
                }
                this.allAnswers.addAll(this.retailAndECommerceResultsInfo);
                this.allAnswersDB3.addAll(this.retailAndECommerceResultsInfo);
                gUIView.guiForm().getRetailAndECommerceSubmitButton().setEnabled(false);
            } else {
                gUIView.guiForm().getRetailAndECommerceResultsOutput().append("Please Answer ALL Questions Before Submitting");
            }
            double frequency = 100.0d * (Collections.frequency(this.retailAndECommerceResultsInfo, "Yes") / this.retailAndECommerceResultsInfo.size());
            String valueOf = String.valueOf(frequency);
            this.allAnswers.add(valueOf);
            this.allAnswersDB2.add(valueOf);
            this.allAnswersDB3.add(valueOf);
            getAllStuffWritten();
            getAllStuffWrittenDB2();
            getAllStuffWrittenDB3();
            sort(this.inputFile);
            gUIView.guiForm().getRetailAndECommerceGraph().repaint();
            DomainHistogram.createHistogram(gUIView, gUIView.guiForm().getRetailAndECommerceGraph(), "Retail And E Commerce");
            gUIView.guiForm().getRetailAndECommerceGraph().repaint();
            if (frequency >= 0.0d && frequency < 60.0d) {
                gUIView.guiForm().getRetailAndECommerceScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getRetailAndECommerceScore().setForeground(Color.RED);
            } else if (frequency >= 60.0d && frequency <= 80.0d) {
                gUIView.guiForm().getRetailAndECommerceScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getRetailAndECommerceScore().setForeground(Color.ORANGE);
            } else {
                if (frequency <= 80.0d || frequency > 100.0d) {
                    return;
                }
                gUIView.guiForm().getRetailAndECommerceScore().setText("Score: " + valueOf + " % Compliant");
                gUIView.guiForm().getRetailAndECommerceScore().setForeground(Color.GREEN);
            }
        });
        gUIView.guiForm().getRetailAndECommerceNextResults().addActionListener(this::recNextResult);
        gUIView.guiForm().getRetailAndECommercePreviousResults().addActionListener(this::recPreviousResult);
        gUIView.guiForm().getAutomotivePreviousButton().addActionListener(this::showAutomotivePreviousPanel);
        gUIView.guiForm().getAutomotiveNextButton().addActionListener(this::showAutomotiveNextPanel);
        gUIView.guiForm().getBankingAndFinancePreviousButton().addActionListener(this::showBankingAndFinancePreviousPanel);
        gUIView.guiForm().getBankingAndFinanceNextButton().addActionListener(this::showBankingAndFinanceNextPanel);
        gUIView.guiForm().getLifeSciencesPreviousButton().addActionListener(this::showLifeSciencesPreviousPanel);
        gUIView.guiForm().getLifeSciencesNextButton().addActionListener(this::showLifeSciencesNextPanel);
        gUIView.guiForm().getPatentsAndLegalPreviousButton().addActionListener(this::showPatentsAndLegalPreviousPanel);
        gUIView.guiForm().getPatentsAndLegalNextButton().addActionListener(this::showPatentsAndLegalNextPanel);
        gUIView.guiForm().getRetailAndECommercePreviousButton().addActionListener(this::showRetailAndECommercePreviousPanel);
        gUIView.guiForm().getRetailAndECommerceNextButton().addActionListener(this::showRetailAndECommerceNextPanel);
    }

    private void aDisplayCurrentResult() {
        this.guiview.guiForm().getAutomotiveResultsOutput().setText("");
        if (this.currentIndex < 0 || this.currentIndex >= this.automotiveResults.size()) {
            return;
        }
        this.guiview.guiForm().getAutomotiveResultsOutput().append(this.automotiveResults.get(this.currentIndex));
    }

    private void aNextResult(ActionEvent actionEvent) {
        this.currentIndex++;
        if (this.currentIndex >= this.automotiveResults.size()) {
            this.currentIndex = 0;
        }
        aDisplayCurrentResult();
    }

    private void aPreviousResult(ActionEvent actionEvent) {
        this.currentIndex--;
        if (this.currentIndex < 0) {
            this.currentIndex = this.automotiveResults.size() - 1;
        }
        aDisplayCurrentResult();
    }

    private void bfDisplayCurrentResult() {
        this.guiview.guiForm().getBankingAndFinanceResultsOutput().setText("");
        if (this.currentIndex < 0 || this.currentIndex >= this.bankingAndFinanceResults.size()) {
            return;
        }
        this.guiview.guiForm().getBankingAndFinanceResultsOutput().append(this.bankingAndFinanceResults.get(this.currentIndex));
    }

    private void bfNextResult(ActionEvent actionEvent) {
        this.currentIndex++;
        if (this.currentIndex >= this.bankingAndFinanceResults.size()) {
            this.currentIndex = 0;
        }
        bfDisplayCurrentResult();
    }

    private void bfPreviousResult(ActionEvent actionEvent) {
        this.currentIndex--;
        if (this.currentIndex < 0) {
            this.currentIndex = this.bankingAndFinanceResults.size() - 1;
        }
        bfDisplayCurrentResult();
    }

    private void lsDisplayCurrentResult() {
        this.guiview.guiForm().getLifeSciencesResultsOutput().setText("");
        if (this.currentIndex < 0 || this.currentIndex >= this.lifeSciencesResults.size()) {
            return;
        }
        this.guiview.guiForm().getLifeSciencesResultsOutput().append(this.lifeSciencesResults.get(this.currentIndex));
    }

    private void lsNextResult(ActionEvent actionEvent) {
        this.currentIndex++;
        if (this.currentIndex >= this.lifeSciencesResults.size()) {
            this.currentIndex = 0;
        }
        lsDisplayCurrentResult();
    }

    private void lsPreviousResult(ActionEvent actionEvent) {
        this.currentIndex--;
        if (this.currentIndex < 0) {
            this.currentIndex = this.lifeSciencesResults.size() - 1;
        }
        lsDisplayCurrentResult();
    }

    private void plDisplayCurrentResult() {
        this.guiview.guiForm().getPatentsAndLegalResultsOutput().setText("");
        if (this.currentIndex < 0 || this.currentIndex >= this.patentsAndLegalResults.size()) {
            return;
        }
        this.guiview.guiForm().getPatentsAndLegalResultsOutput().append(this.patentsAndLegalResults.get(this.currentIndex));
    }

    private void plNextResult(ActionEvent actionEvent) {
        this.currentIndex++;
        if (this.currentIndex >= this.patentsAndLegalResults.size()) {
            this.currentIndex = 0;
        }
        plDisplayCurrentResult();
    }

    private void plPreviousResult(ActionEvent actionEvent) {
        this.currentIndex--;
        if (this.currentIndex < 0) {
            this.currentIndex = this.patentsAndLegalResults.size() - 1;
        }
        plDisplayCurrentResult();
    }

    private void recDisplayCurrentResult() {
        this.guiview.guiForm().getRetailAndECommerceResultsOutput().setText("");
        if (this.currentIndex < 0 || this.currentIndex >= this.retailAndECommerceResults.size()) {
            return;
        }
        this.guiview.guiForm().getRetailAndECommerceResultsOutput().append(this.retailAndECommerceResults.get(this.currentIndex));
    }

    private void recNextResult(ActionEvent actionEvent) {
        this.currentIndex++;
        if (this.currentIndex >= this.retailAndECommerceResults.size()) {
            this.currentIndex = 0;
        }
        recDisplayCurrentResult();
    }

    private void recPreviousResult(ActionEvent actionEvent) {
        this.currentIndex--;
        if (this.currentIndex < 0) {
            this.currentIndex = this.retailAndECommerceResults.size() - 1;
        }
        recDisplayCurrentResult();
    }

    private void showAutomotivePreviousPanel(ActionEvent actionEvent) {
        if (this.automotiveQuestionsIndex > 0) {
            this.automotiveQuestionsIndex--;
            this.guiview.guiForm().getAutomotiveQuestions().setSelectedIndex(this.automotiveQuestionsIndex);
        }
    }

    private void showAutomotiveNextPanel(ActionEvent actionEvent) {
        if (this.automotiveQuestionsIndex < this.automotiveQuestionsPanel.size() - 1) {
            this.automotiveQuestionsIndex++;
            this.guiview.guiForm().getAutomotiveQuestions().setSelectedIndex(this.automotiveQuestionsIndex);
        }
    }

    private void showBankingAndFinancePreviousPanel(ActionEvent actionEvent) {
        if (this.bankingAndFinanceQuestionsIndex > 0) {
            this.bankingAndFinanceQuestionsIndex--;
            this.guiview.guiForm().getBankingAndFinanceQuestions().setSelectedIndex(this.bankingAndFinanceQuestionsIndex);
        }
    }

    private void showBankingAndFinanceNextPanel(ActionEvent actionEvent) {
        if (this.bankingAndFinanceQuestionsIndex < this.bankingAndFinanceQuestionsPanel.size() - 1) {
            this.bankingAndFinanceQuestionsIndex++;
            this.guiview.guiForm().getBankingAndFinanceQuestions().setSelectedIndex(this.bankingAndFinanceQuestionsIndex);
        }
    }

    private void showLifeSciencesPreviousPanel(ActionEvent actionEvent) {
        if (this.lifeSciencesQuestionsIndex > 0) {
            this.lifeSciencesQuestionsIndex--;
            this.guiview.guiForm().getLifeSciencesQuestions().setSelectedIndex(this.lifeSciencesQuestionsIndex);
        }
    }

    private void showLifeSciencesNextPanel(ActionEvent actionEvent) {
        if (this.lifeSciencesQuestionsIndex < this.lifeSciencesQuestionsPanel.size() - 1) {
            this.lifeSciencesQuestionsIndex++;
            this.guiview.guiForm().getLifeSciencesQuestions().setSelectedIndex(this.lifeSciencesQuestionsIndex);
        }
    }

    private void showPatentsAndLegalPreviousPanel(ActionEvent actionEvent) {
        if (this.patentsAndLegalQuestionsIndex > 0) {
            this.patentsAndLegalQuestionsIndex--;
            this.guiview.guiForm().getPatentsAndLegalQuestions().setSelectedIndex(this.patentsAndLegalQuestionsIndex);
        }
    }

    private void showPatentsAndLegalNextPanel(ActionEvent actionEvent) {
        if (this.patentsAndLegalQuestionsIndex < this.patentsAndLegalQuestionsPanel.size() - 1) {
            this.patentsAndLegalQuestionsIndex++;
            this.guiview.guiForm().getPatentsAndLegalQuestions().setSelectedIndex(this.patentsAndLegalQuestionsIndex);
        }
    }

    private void showRetailAndECommercePreviousPanel(ActionEvent actionEvent) {
        if (this.retailAndECommerceQuestionsIndex > 0) {
            this.retailAndECommerceQuestionsIndex--;
            this.guiview.guiForm().getRetailAndECommerceQuestions().setSelectedIndex(this.retailAndECommerceQuestionsIndex);
        }
    }

    private void showRetailAndECommerceNextPanel(ActionEvent actionEvent) {
        if (this.retailAndECommerceQuestionsIndex < this.retailAndECommerceQuestionsPanel.size() - 1) {
            this.retailAndECommerceQuestionsIndex++;
            this.guiview.guiForm().getRetailAndECommerceQuestions().setSelectedIndex(this.retailAndECommerceQuestionsIndex);
        }
    }

    public void getAllStuffWritten() {
        this.printer.writeToCSV(this.allAnswers, this);
    }

    public void getAllStuffWrittenDB2() {
        this.printer.writeToCsvDb2(this.allAnswersDB2, this);
    }

    public void getAllStuffWrittenDB3() {
        this.printer.writeToCsvDb3(this.allAnswersDB3, this);
    }

    public void sort(String str) {
        this.sorter.sortCSVByDomain(str);
    }

    public static boolean isNotBlankAndIsInt(String str) {
        if (str == null || str.trim().isEmpty()) {
            return false;
        }
        try {
            Integer.parseInt(str);
            return true;
        } catch (NumberFormatException e) {
            return false;
        }
    }

    public static boolean blankOrNotInt(String str) {
        if (str.isBlank()) {
            return true;
        }
        try {
            Integer.parseInt(str);
            return false;
        } catch (NumberFormatException e) {
            return true;
        }
    }
}
