Home
Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
Compliance
The following section describes how you can leverage HCL Commerce features and functionality to help your site be compliant with different privacy and security standards.
GDPR and HCL Commerce
HCL Commerce provides documentation and functions that your organization can use to help it on the journey to GDPR readiness. If your store operates within the European Union (EU), sells products or services to those people in the EU, or monitors the behavior of EU data subjects, your site likely needs to be GDPR compliant from May 25, 2018.
Data protection by design and default
Data protection by design and default, in accordance with the GDPR, requires that customer data is encrypted during all communications, internal and external. Enable a Secure Sockets Layer (SSL) connection for data transfer between HCL Commerce servers and the database.
Enabling enhanced audit logging
If your company needs to maintain an audit history of actions that are completed against your shoppers' personal data, you can enable enhanced audit logging.
Customizing the audit log
If you customized HCL Commerce to collect more personal information, you can extend the AuditLogging helper to record details in the audit log about the actions that are completed against your additional collected data.

Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
- Getting started
  HCL Commerce has different advantages for business users, administrators and developers. HCL Commerce targets each of these roles with a tailored set of offerings so that each of your users can get maximum benefit.
- Installing and deploying
  Learn how to install and deploy HCL Commerce development environments and HCL Commerce production environments.
- Migrating
  Before you migrate to HCL Commerce Version 9, review this information to help plan and execute your migration.
- Operating
  Topics in the Operating category highlight tasks that are typically performed by business users, customer support representatives, to complete their day-to-day tasks in the operation of the HCL Commerce site.
- Integrating
  Topics in the Integrating category highlight the tasks that are commonly performed for using HCL Commerce in combination with other products.
- Administering
  Topics in the Administering category highlight tasks that are typically performed by the Site Administrator, to support daily operations of the HCL Commerce site.
- Customizing
  The topics in the Customizing section describe tasks performed by an application developer to customize HCL Commerce.
- Tutorials
  HCL Commerce provides many tutorials to help you customize and understand your HCL Commerce instance and stores.
- Samples
  Topics in the Samples category highlight the various samples that are provided with HCL Commerce.
- Compliance
  The following section describes how you can leverage HCL Commerce features and functionality to help your site be compliant with different privacy and security standards.
  - GDPR and HCL Commerce
    HCL Commerce provides documentation and functions that your organization can use to help it on the journey to GDPR readiness. If your store operates within the European Union (EU), sells products or services to those people in the EU, or monitors the behavior of EU data subjects, your site likely needs to be GDPR compliant from May 25, 2018.
    - Privacy and consent
      HCL Commerce provides storefront and business user functionality that your site can use to present your privacy information and provide consent management options to your shoppers.
    - Right to access
      Right to access, in accordance with the GDPR, is the right for an individual to access their personal data upon request. To help support this requirement, HCL Commerce provides a set of SQL queries. If your site uses custom tables or columns to store personal data, customize the queries as needed. It is your responsibility to define a GDPR-compliant process for handling right to access requests.
    - Right to erasure
      Right to erasure, in accordance with the GDPR, is the right for an individual to require that their personal data is deleted when the individual requests it. To help support this requirement, HCL Commerce provides a set of SQL queries. If your site uses custom tables or columns to store personal data, customize the queries as needed. It is your responsibility to define a GDPR-compliant process for handling right to erasure requests.
    - Data protection by design and default
      Data protection by design and default, in accordance with the GDPR, requires that customer data is encrypted during all communications, internal and external. Enable a Secure Sockets Layer (SSL) connection for data transfer between HCL Commerce servers and the database.
      - Enabling SSL for database connections in runtime environments
        As you update your site to be General Data Protection Regulation (GDPR) ready, you may need to take additional steps so that customer data is encrypted during all communication, both internal and external. To help encrypt the communication between your servers and your database, you can set up a Secure Sockets Layer (SSL) connection.
      - Enabling SSL for database connections in a development environment
        As you update your site to be General Data Protection Regulation (GDPR) ready, you may need to take additional steps to encrypt customer data during all communication, both internal and external. Typically, your development environment should not include personal data for your shoppers. If circumstances necessitate the use of personal data in the development environment, encrypt the communication between your servers and your database. To protect any data transfer between a server and your database, you can set up a Secure Sockets Layer (SSL) connection.
      - Enabling enhanced audit logging
        If your company needs to maintain an audit history of actions that are completed against your shoppers' personal data, you can enable enhanced audit logging.
        Customizing the audit log
        If you customized HCL Commerce to collect more personal information, you can extend the AuditLogging helper to record details in the audit log about the actions that are completed against your additional collected data.
  - HCL Commerce and the PCI Data Security Standard
    The Payment Card Industry (PCI) Data Security Standard (DSS), developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International, facilitates the global adoption of consistent data security measures.
  - Security standards
    Some main security standards are: NIST SP 800-131A, FIPS 140-2 and PCI.
- Securing
  These topics describe the security features of HCL Commerce and how to configure these features.
- Performance
  Topics in the Performance section describe the means by which to plan, implement, test, and re-visit the optimization of HCL Commerce site performance.
- Troubleshooting
  Topics in the Troubleshooting section highlight common issues that are encountered with HCL Commerce, and how they can be addressed or mitigated.
- Reference
  Topics in the Reference section contain all of the HCL Commerce reference documentation.

HCL Commerce Version 9.0.0.2

Customizing the audit log

If you customized HCL Commerce to collect more personal information, you can extend the AuditLogging helper to record details in the audit log about the actions that are completed against your additional collected data.

About this task

When the AuditLogging helper is enabled, audit log information is made available within the Transaction server container /profile/logs/container/ts_auth_txn/trace.log file. Both REST resources and commands are tracked.

You can use the audit logging API to adjust the behavior of the AuditLogging helper. The following access methods and resources are available.


Access method	Resource or service name
REST resource handlers	PersonHandler PersonContactHandler PersonCheckoutProfileHandler WishListHandler OrderHandler SubscriptionHandler CouponHandler RequisitionListHandler
Administrative and HCL Commerce Accelerator commands	OrderCreateCmdImpl OrderItemBaseCmdImpl AdminOrderCancelCmdImpl OrderDataBean UserRegistrationDataBean UserDisplayDataBean UserRegistrationAdminUpdateCmdImpl UserRegistrationAdminAddCmdImpl

Procedure

Create your own REST request handler, using the template provided in Creating custom REST request handlers.

The audit logging API provides the following request handler.

com.ibm.commerce.businessaudit.util.AuditLoggingHelper
public void logPersonalDataAccess(String className, String methodName, 
String remoteAddress, String userId, String action, String forUserId, String data)

where:

className

The name of the class that is being used to access personal data.

methodName

The name of the method that is being used to access personal data.

remoteAddress

The remote address of the host that is accessing personal data.

userId

The unique id of the user who access personal data.

action

The action applied to the personal data. Accepted values are:

AuditLoggingHelper.ACTION_READ
AuditLoggingHelper.ACTION_CREATE
AuditLoggingHelper.ACTION_UPDDATE
AuditLoggingHelper.ACTION_DELETE

forUserid

The unique ID of the user whose personal data is being accessed.

data

The type of personal data being accessed, for example:

AuditLoggingHelper.PERSONAL_DATA
AuditLoggingHelper.PERSONAL_DATA_CONTACT
AuditLoggingHelper.PERSONAL_DATA_WISH_LIST
AuditLoggingHelper.PERSONAL_DATA_ORDER_HISTORY

You can add your own person data string here.