Administrative Guide for Dataroom Center and Dataroom Managers

Brainloop Mobile for ipad Version 2.5 Administrative Guide for Dataroom Center and Dataroom Managers Copyright Brainloop AG, 2004-2014. All rights reserved. Document version 1.4 All trademarks referred to in this document are the property of their respective owners.

Contents Brainloop Mobile for ipad Version 2.5...1 1 General Information and Target Group...4 2 Prerequisites for using Brainloop Mobile for ipad version 2.5.x...5 2.1 Important information for updates to version 2.5 and fresh installs of version 2.5...6 2.2 Settings required to use the Commenting feature (Shared Document Reviews)...8 2.2.1 Can I use the Commenting function for shared document reviews both on the server and on my ipad?...8 2.2.2 Can I use the Commenting function for shared document reviews without Adobe LiveCycle Rights Management?...9 2.3 Settings required to use the Upload function for documents from other apps... 10 2.4 Settings required to use the Voting function... 10 2.5 Settings required to use the Authentication with One-Time Password function... 10 3 Downloading and Installing Brainloop Mobile from the Apple App Store... 11 4 Required Settings in Dataroom Administration... 12 4.1 Enabling API Access for Brainloop Mobile for ipad... 12 4.2 Configuring Brainmark Options... 12 4.3 Configuring Device Management Settings... 15 4.3.1 Enabling general Access of the Brainloop Mobile for ipad app with Logging... 15 4.3.2 Allowing and Denying Access of certain ipad Devices... 16 4.4 Specifying Login Security... 17 4.5 Assigning Permissions... 17 4.5.1 Assigning Group Permissions... 17 4.5.2 Assigning Object Permissions... 17 4.6 Configuring Document Properties... 18 4.7 Activating Server-side Shared Annotations to comment on Brainmark Documents on an ipad and to make Document Reviews... 19 4.7.1 Activating Server-side Shared Annotations... 19 4.7.2 Assigning the Add Server-side Annotations Group Permission... 19 Page 2 of 38

4.7.3 Further Dataroom Settings required for Commenting on Brainmark Documents... 20 4.8 Versioning of commented Brainmark Documents in Brainloop Mobile... 20 5 Settings in Dataroom Center Administration... 21 5.1 Blocking and Unblocking ipad Devices for Access to Brainloop Secure Dataroom Service... 21 5.2 Defining a Dataroom Configuration File and applying it to Brainloop Mobile for ipad... 22 5.2.1 Security Mechanisms and Presettings available for Brainloop Mobile... 23 5.2.2 Structure of an XML Configuration File... 26 5.2.3 Descriptions of the Elements contained in an XML File... 27 5.2.4 Uploading an XML Configuration File to a Dataroom... 32 6 Recommended ipad Security Settings... 33 6.1 Activating the ipad s Passcode Lock... 33 7 Sending a log file from within the Brainloop Mobile app to Support... 34 8 Download Behavior for Documents opened in Brainloop Mobile... 35 9 Syncing a Dataroom in Brainloop Mobile... 36 10 Support... 37 11 Appendix: Document revision history... 38 Page 3 of 38

1 General Information and Target Group The present guide is intended to assist Dataroom Center and Dataroom Managers in preparing a Dataroom for access with Brainloop Mobile for ipad, and with defining a Dataroom configuration file that can be applied to the Brainloop Mobile app. Basic knowledge in setting up a Dataroom is assumed. Please note that this guide describes only the settings in Brainloop Secure Dataroom Service that are relevant for the use of the Brainloop Mobile for ipad app. For information about general Dataroom configuration settings, please refer to our Brainloop Secure Dataroom Service manual for Dataroom Managers. For information about the use of the Brainloop Mobile for ipad app, please refer to our latest user guide. Important note: The following chapters describe the configuration settings in Brainloop Secure Dataroom Service using the Dataroom Administration as an example. These settings can be made, as usual, in the Dataroom Center Administration via the same menu items. Configuration settings can be made in the Dataroom Administration only, unless limited by a Dataroom Center Manager. Page 4 of 38

2 Prerequisites for using Brainloop Mobile for ipad version 2.5.x Below is a list of the minimum requirements for using Brainloop Mobile for ipad version 2.5.x: ipad 2 or newer Apple ios version 6.1 or newer (see chapter Important information for updating to and installing version 2.5, page 6) ios data protection (Passcode Lock) activated on your ipad Usage of API 3.0 Dataroom installed on a server with one of these versions of Brainloop Secure Dataroom Service installed - 8.20.43 or newer to use the app without Votes and without the Resumable Download function - 8.20.57 or newer to use the app including Votes and Resumable Download Dataroom security settings must permit access to the ipad Dataroom users must first register to a Dataroom via the browser. Registration through an ipad is not feasible. Dataroom users must first accept any existing terms of use through the browser. Page 5 of 38

2.1 Important information for updates to version 2.5 and fresh installs of version 2.5 The information that follows is only applicable to you, if you are using Device Management and if parameter Deny new device access for all trusted applications is enabled. If you are not using these parameters, please ignore the following instructions. As of ios version 6.1, a new Apple vendor ID is assigned. With the introduction of ios 7, Apple will only use the vendor ID for identifying devices, and no longer a fixed device ID. For this reason, please perform the following steps. 1. Inform all your ipad users early about the update to version 2.5 and about the upcoming maintenance steps, for which their assistance might be required. 2. Download Brainloop Mobile version 2.5 from the App Store and install it on all ipads on a specified date. 3. On that day, after the installation on all ipads, log in to the Dataroom server as Administrator. 4. Open Dataroom Center Administration. 5. Click Security, and select Device Management. 6. Click Edit. 7. Disable parameter Deny new device access for all trusted applications for all Datarooms in that Dataroom Center (see figure), and click OK to confirm. Page 6 of 38

8. Next, ask all your ipad users to log in to the corresponding Datarooms through Brainloop Mobile. 9. After login, all ipads are listed under Device Management. 10. Click a device in the list. 11. In the Modify Device Restrictions dialog window, open the Rule drop-down list and select Allow (see figure). 12. Click OK to save this setting. 13. Repeat these steps for all ipads you wish to allow access to Brainloop Secure Dataroom. 14. Once you have allowed access for all ipads, you can enable parameter Deny new device access for all trusted applications for all Datarooms in that Dataroom Center again. Please note that the above-mentioned steps are also required, if Brainloop Mobile version 2.5.x is uninstalled from an ipad and is installed again. Please advise your ipad users to uninstall and then reinstall the app only after prior consultation with you. Page 7 of 38

2.2 Settings required to use the Commenting feature (Shared Document Reviews) 2.2.1 Can I use the Commenting function for shared document reviews both on the server and on my ipad? Yes, you can. However, enabling Adobe LiveCycle Rights Management on the server is a key requirement if you want to comment on documents with other Dataroom members in a Dataroom on the server and on your ipad at the same time. Additionally, the following settings are required in Brainloop Secure Dataroom Service: Adobe LiveCycle Rights Management must be enabled in Dataroom Administration, under Settings General Features. The Server-side Shared Annotations setting must be enabled in Dataroom Administration, under Settings General Features (see page 19). Add Server-side Annotations group permission must be assigned to the respective user groups (see page 19). Users who should be allowed to share documents for a document review (initiators of the review) with other Dataroom users must have the permission to see all users they want to invite to the review. Users who are invited to join a document review (reviewers) must have the permissions to see each other and to see the initiator of the review. Page 8 of 38

2.2.2 Can I use the Commenting function for shared document reviews without Adobe LiveCycle Rights Management? Yes, you can. However, if Adobe LiveCycle Rights Management is disabled on the server, you may only comment on documents on your ipad. You do not have access to your own comments nor do you have to comments made by other Dataroom members on the server. Any comments are only visible on your ipad. To use the Commenting feature in Brainloop Mobile only, the following settings are required in Brainloop Secure Dataroom Service: The Server-side Shared Annotations setting must be enabled in Dataroom Administration, under Settings General Features (see page 19). Add Server-side Annotations group permission must be assigned to the respective user groups (see page 19). Users who should be allowed to share documents for a document review (initiators of the review) with other Dataroom users must have the permission to see all users they want to invite to the review. Users who are invited to join a document review (reviewers) must have the permissions to see each other and to see the initiator of the review. To ensure that your ipad users receive the invitations to document reviews by e-mail on their ipads, we recommend that you set up their e-mail addresses (i.e. their user names in Brainloop Secure Dataroom Service) in the ipad mail accounts. 1. On the ipad s Home screen, tap Settings and select Mail, Contacts, Calendars. 2. Select Add account. 3. Tap your service provider, e.g. Microsoft Exchange. 4. Enter the e-mail address you have specified for that user for registration on the Dataroom server. 5. If applicable, enter further data. Ask your service provider what settings you should use. Page 9 of 38

2.3 Settings required to use the Upload function for documents from other apps To ensure that your Dataroom users can make use of the Upload function for documents from other apps, these settings are required in Brainloop Secure Dataroom Service: Users who should be allowed to upload documents from other apps via the Open in function must have the Create Subitem permission. 2.4 Settings required to use the Voting function To ensure that your Dataroom users can make use of the Voting function in Brainloop Mobile, these settings are required in Brainloop Secure Dataroom Service: The Votes setting must be enabled in Dataroom Administration, under Settings General Features. The Calendar setting must be enabled in Dataroom Administration, under Settings General Features. 2.5 Settings required to use the Authentication with One-Time Password function With this authentication method, users who have already authenticated to the Brainloop Mobile app and want to open a folder or a document in the Secure Dataroom web browser do not need to authenticate again. This function is enabled by default in Brainloop Secure Dataroom Service as of version 8.20.071 or newer. If you do not want to use this authentication method, please ask Brainloop Support to deactivate it for you. Page 10 of 38

3 Downloading and Installing Brainloop Mobile from the Apple App Store Brainloop Mobile for ipad can be downloaded and installed free of charge from the Apple App Store. Type Brainloop Mobile into the search field to search for this app, and install it according to the instructions displayed on the screen. Important note: Parallel installation of both app versions, Brainloop Classic and Brainloop Mobile for ipad, is not supported. If both versions are installed on the same ipad, the link to open a folder or a document in the ipad s web browser does not work properly due to technical reasons. Page 11 of 38

4 Required Settings in Dataroom Administration 4.1 Enabling API Access for Brainloop Mobile for ipad Access to a Dataroom through the Brainloop Mobile for ipad app is provided via API. Make sure you enable API access in your Dataroom Administration as follows: 1. Log on to your Dataroom. 2. Open Dataroom Administration. 3. Select Security Security Features. 4. Select Edit. 5. Activate the Access via API option. 6. Click OK. Important note: If the Access via API option is not available, please contact your Brainloop Support. 4.2 Configuring Brainmark Options To ensure additional protection of your documents in the Brainloop Mobile app we recommend you to set the following Brainmark options. If a user opens a document in the Brainloop Mobile app, the Brainmark version of that document is generally opened, assuming that the document characteristics (versioning status, document permissions) and the Dataroom configuration settings allow such a viewing option. 1. Open Dataroom Administration. 2. Select Settings Brainmark Options. 3. Select Edit. Page 12 of 38

4. Open the Default Brainmark Style drop-down list and select one of these styles: a. View Only: With this setting, a document in simple PDF-based Brainmark format can be viewed in the app but not forwarded to other apps on the device. This Brainmark style is the most secure one for both, Brainloop Secure Dataroom Service and the Brainloop Mobile for ipad app. Important note: Make sure you enable the Permit Download of View-only or Viewand-Print Brainmarked Documents from Brainloop Mobile for ipad option when you select this Brainmark style. b. View & Print: This Brainmark style is only available if, in the Dataroom Center Administration, the Adobe LiveCycle RM option is enabled (see Settings Features). With this setting, documents in simple PDF-based Brainmark format can be viewed in the app but not forwarded to other apps on the device. This Brainmark style is the most secure one for the Brainloop Mobile for ipad app, however, less secure for Brainloop Secure Dataroom Service. Important note: Make sure you enable the Permit Download of View-only or Viewand-Print Brainmarked Documents from Brainloop Mobile for ipad option when you select this Brainmark style. c. Non-printable (PDF Reader dependent): With this setting, documents in simple PDF-based Brainmark format can be viewed in the app but not forwarded to other apps on the device. This Brainmark style is secure for the Brainloop Mobile for ipad app, however, less secure for Brainloop Secure Dataroom Service. d. Unrestricted: With this setting, documents in simple PDF-based Brainmark format can be forwarded to other apps on the device. This Brainmark style is the least secure one for both, Brainloop Secure Dataroom Service and the Brainloop Mobile for ipad app, and is therefore not recommended. Page 13 of 38

5. If you selected the Brainmark style View Only or View & Print make sure you also enable the Permit Download of View-only or View-and-Print Brainmarked Documents from Brainloop Mobile for ipad option. 6. Click OK. Important note: The Brainmark style you selected in the Brainmark options generally applies to all documents opened in the Brainloop Mobile app. If you want to define different Brainmark styles for documents, please use the security categories. You can also generally prohibit forwarding of documents through a Dataroom security policy (see Security Mechanisms and Pre-settings available for Brainloop Mobile for ipad, page 23). Page 14 of 38

4.3 Configuring Device Management Settings In the Device Management, you can enable the access of the Brainloop Mobile for ipad app to Brainloop Secure Dataroom Service and enable logging of every access to a Dataroom. In addition, you can restrict access to Brainloop Secure Dataroom Service to certain ipad devices. Please note that only a Dataroom Center Manager can allow and restrict access to Brainloop Secure Dataroom Service in the Dataroom Center Administration. 4.3.1 Enabling general Access of the Brainloop Mobile for ipad app with Logging Once the Access via API option is enabled in a Dataroom s security settings (see Enabling API Access for Brainloop Mobile for ipad, page 12), users can access Brainloop Secure Dataroom Service via the Brainloop Mobile for ipad app even With Device Management disabled. With Device Management enabled, you can log every access of an ipad device to Brainloop Secure Dataroom Service and, in specific cases, block access of a specific device. 1. Open Dataroom Administration. 2. Select Security Device Management. 3. Select Edit. 4. In the Configure Device Restrictions dialog window, select these options: a. Allow device management in Datarooms: Enable this option to enable logging of device access. Important note: Only then, the other options do have any effect. Every access of a device and application using the API is recorded in Device Management with the application identifier and the user account used. b. Only allow access for trusted applications: Enable this option if only the Brainloop Mobile for ipad app may access Brainloop Secure Dataroom Service, and access of other API applications, such as Send-To and the Outlook Add-In are blocked. c. Deny new device access for all trusted applications: For details, see Allowing and Denying Access of certain ipad Devices. 5. Click OK. Page 15 of 38

4.3.2 Allowing and Denying Access of certain ipad Devices In the Device Management, you can define that only specific ipad devices may access Brainloop Secure Dataroom Service. Every access of an ipad and the Brainloop Mobile app using API is recorded in Device Management with the application identifier and the user account used. Important note: Only a Dataroom Center Manager can block and unblock individual ipad devices in the Dataroom Center Administration (see Blocking and Unblocking ipad Devices for Access to Brainloop Secure Dataroom Service, page 21). 1. Open Dataroom Administration. 2. Select Security Device Management. 3. Select Edit. 4. In the Configure Device Restrictions dialog window, select these options: a. Allow device management in Datarooms: Enable this option to enable logging of device access. Important note: Only then, the other options do have any effect. Every access of a device and application using the API is recorded in Device Management with the application identifier and the user account used. b. Only allow access for trusted applications: Enable this option if only the Brainloop Mobile for ipad app may access Brainloop Secure Dataroom Service, and access of other API applications, such as Send-To and the Outlook Add-In are blocked. c. Deny new device access for all trusted applications: Enable this option to block access to Brainloop Secure Dataroom Service for all new, nonregistered ipad devices. Those devices can then be verified and unblocked by the Dataroom Center Manager (see Blocking and Unblocking ipad Devices for Access to Brainloop Secure Dataroom Service, page 21). Note: ipad devices that were already registered before, and could access Brainloop Secure Dataroom Service, can also be blocked afterwards (see Blocking and Unblocking ipad Devices for Access to Brainloop Secure Dataroom Service, page 21). 5. Click OK. Page 16 of 38

4.4 Specifying Login Security The login security specified for Brainloop Secure Dataroom Service, e.g. authentication by password and one-time PIN, also applies for login to the Brainloop Mobile app. For more information, please refer to our Brainloop Secure Dataroom Service manual for Dataroom Managers. 4.5 Assigning Permissions 4.5.1 Assigning Group Permissions To access a Dataroom through Brainloop Mobile for ipad, a user group must have at least the Enter Dataroom permission. For more information about assigning permissions, please refer to our Brainloop Secure Dataroom Service manual for Dataroom Managers. 4.5.2 Assigning Object Permissions To view documents on the Brainloop Mobile app, a user group must have at least the View Object permission. To download documents to the Brainloop Mobile app, a user group must have at least the Download Brainmarked Document permission. To download original documents to the Brainloop Mobile app, a user group must also have t the Download Original Document permission. For more information about assigning object permissions, please refer to our Brainloop Secure Dataroom Service manual for Dataroom Managers. Page 17 of 38

4.6 Configuring Document Properties To access Brainmark documents through the Brainloop Mobile for ipad app, the following document properties are required or recommended: Required: Documents must be frozen. Recommended: Autoversioning should be enabled on Folder level to ensure that documents are automatically frozen. Brainmark versions should be pre-converted, e.g. by enabling the Automatic generation of Brainmarks feature in the Brainmark Options. Page 18 of 38

4.7 Activating Server-side Shared Annotations to comment on Brainmark Documents on an ipad and to make Document Reviews Brainloop Mobile supports shared comments for Brainmark documents. Dataroom users and users of Brainloop Mobile can comment on documents in Brainmark format and can share these documents with other Dataroom and app users for a document review. For this, the Server-side Shared Annotations setting and the Add Server-side Annotations group permission have been implemented in Brainloop Secure Dataroom Service. 4.7.1 Activating Server-side Shared Annotations 1. Open Dataroom Administration. 2. Go to Settings Brainmark Options. 3. Select Edit and activate the Server-side Shared Annotations setting. 4. Click Save. 4.7.2 Assigning the Add Server-side Annotations Group Permission 1. Open Dataroom Administration. 2. Go to Users and Groups Group Management. 3. Select See Permissions. 4. In the Group Permissions and Policies dialog window, select the desired group and click Change Permissions. 5. In the Change section, activate the Add Server-side Annotations permission. 6. Click Save. Page 19 of 38

4.7.3 Further Dataroom Settings required for Commenting on Brainmark Documents The following Dataroom configuration settings are also required to use the new commenting feature on the server and on an ipad. Adobe LiveCycle Rights Management must be enabled in Dataroom Administration under Settings General Settings. Users who should be allowed to share documents for a document review (initiators of the review) with other Dataroom users must have the permission to see all users they want to invite to the review. Users who are invited to join a document review (reviewers) must have the permissions to see each other and to see the initiator of the review. 4.8 Versioning of commented Brainmark Documents in Brainloop Mobile As of version 2.2, the new Brainloop PDF Viewer offers the ability to open a specific version of a document if the following conditions are met: Several frozen document versions exist on the Dataroom server. Note: A new document version can be created by activating the Autoversioning option, or by selecting the Create new version action and then freezing the version in Brainloop Secure Dataroom Service. A user is joining a document review, either as the initiator of the review or as an invited reviewer. Please also observe the following rules: A user cannot create a new document version on their ipad. The latest document version that exists on the Dataroom server is the one that is opened in Brainloop PDF Viewer on your ipad by default, irrespective of whether that version contains comments made by the respective Dataroom user or not. For details on how to comment on Brainmark documents and make document reviews, please refer to our latest user guide. Page 20 of 38

5 Settings in Dataroom Center Administration 5.1 Blocking and Unblocking ipad Devices for Access to Brainloop Secure Dataroom Service In the Device Management in Dataroom Center Administration, you can block and unblock access of certain ipad devices to Brainloop Secure Dataroom Service. Please note that blocking and unblocking of devices is only feasible if the "Allow device management in Datarooms" option and thus logging of device access is enabled (see Enabling API Access for Brainloop Mobile for ipad, page 12). 1. Open Dataroom Center Administration. 2. Select Security Device Management. 3. The list contains devices and applications that have tried to access Brainloop Secure Dataroom Service or that have already accessed Brainloop Secure Dataroom Service. 4. Click a device in the list. 5. The Configure Device Restrictions dialog window is displayed. 6. Open the Rule drop-down list and select Allow or Deny. 7. As an option, you can enter a description. 8. Click OK. Allowed applications and devices are marked with the icon displayed to the left of the Description column, denied applications are marked with the icon. Page 21 of 38

5.2 Defining a Dataroom Configuration File and applying it to Brainloop Mobile for ipad A Dataroom Center Manager can define one or more Dataroom configuration files that include security mechanisms and presettings to be applied to the Brainloop Mobile for ipad app. Every configuration file must be set up as an XML file and must be loaded into the Dataroom Center Administration. Please ask your Brainloop Support to provide you with an XML file example to use as a template for your own configuration file. Important note: A configuration file that was loaded into a Dataroom Center Administration or a Dataroom Administration also applies to Brainloop Mobile for ipad if the Allow device management in Datarooms option is disabled in the Device Management. A Dataroom Manager can select one of these configuration files in Dataroom Administration once they have been uploaded to the Dataroom Center Administration. The following chapters describe the security mechanisms and presettings available for the Brainloop Mobile for ipad app, and the structure and meanings of the elements of an XML security policy file. Page 22 of 38

5.2.1 Security Mechanisms and Presettings available for Brainloop Mobile The following list summarizes security mechanisms and presettings that can be set in a Dataroom configuration file applied to Brainloop Mobile for ipad: 1. Complexity of access code (PIN complexity): Define whether users must log on to the Brainloop Mobile app using a simple or a complex, and thus a more secure access code. If a user has defined a simple access code in the app itself, they have to change this simple code to a complex one in the app s Settings window. 2. Time interval for access code request after a certain time of inactivity (maxlock): Define after which time of inactivity (timeout) a user must re-authenticate to the Brainloop Mobile app by entering their access code. 3. Time interval for change of access code (maxage): Define after which time a user must change their access code for security reasons. 4. Retention period for documents (retention maxtime): Define after which time documents that have been downloaded to the ipad are deleted after expiration of this period. Any shorter retention period for documents defined in the Dataroom s configuration file overrides the time defined in the Brainloop Mobile app. 5. Keep-alive mechanisms (synchronization mininterval): Define after which time users must perform a synchronization of Datarooms and Dataroom contents to validate their authenticity on a regular basis. This synchronization process is independent from the synchronization interval defined in the app s Settings and contains the following checks and mainly performs the following actions on the ipad: a. Checking for any changed and new configuration file and applying this to the app b. Refreshing the Dataroom s list c. Removing all local content that is no longer used d. Checking whether a Dataroom is still available and if not, removing all local content 6. Forwarding original documents (exporting allowviewers): Define whether users are allowed to forward original documents or unprotected Brainmark documents from the Brainloop Mobile app to other apps or not. Protected Brainmark documents cannot be forwarded at all. Page 23 of 38

7. Configuring a Dataroom-specific start page (DataroomHome startingtile and enforcestartingtile): Define the default start page for the Brainloop Mobile app that is to be opened when a user enters a Dataroom or taps the Home Favorites, Folders and Search. icon. The following start pages can be defined: Calendar, 8. Hiding declined events on the Calendar start page (DataroomHome showdeclinedevents): Define whether to display or to hide declined events on the Calendar start page. 9. Defining the number of past events to be displayed on the Calendar start page (DataroomHome numberofpastevents): Define a number of past events that are to be displayed on the Calendar start page. Important note: The maximum number of all events (past, current and future events) that can be displayed on the Calendar start page is 30. Events are displayed in hierarchical order, that is, past events are displayed first, followed by current and future events. 10. Defining the number of current and future events to be displayed on the Calendar start page (DataroomHome numberoffutureevents): Define a number of current and future events that are to be displayed on the Calendar start page. Important note: The maximum number of all events (past, current and future events) that can be displayed on the Calendar start page is 30. Events are displayed in hierarchical order, that is, past events are displayed first, followed by current and future events. 11. New as of version 2.4.3: Enabling or disabling the automatic download of changed and new content (ChangedContent ChangedContentDownload): Define whether or not new and changed content is downloaded automatically to the ipad during synchronization. This setting does not depend on any change period which means that new and changed documents are always downloaded irrespective of when they were uploaded or changed. The value defined in the Dataroom s configuration file overrides the time period defined in the Brainloop Mobile app. Page 24 of 38

12. New as of version 2.4.3: Time interval for downloading changed and new content (ChangedContent Interval): Define after which time period new and changed documents are downloaded to the ipad during synchronization. For this, the documents change dates are checked. The shortest time period is daily, whereas there is no limit for the longest time period in the configuration file. Any shorter time period defined in the Dataroom s configuration file overrides the time period defined in the Brainloop Mobile app. Important note: You may only use one of the two settings at a time, i.e. either to automatically download all content (irrespective of the change date), or to download only that content that was changed within the specified time period. Page 25 of 38

5.2.2 Structure of an XML Configuration File An XML Dataroom configuration file that can be applied to Brainloop Mobile for ipad must have the following structure: <root> <policies> <PIN complexity="complex" maxage="p7dt0h0m0s" maxlock="p0dt0h3m0s"/> <Retention maxtime="p3dt0h0m0s"/> <Synchronization mininterval="p0dt0h100m0s"/> <Exporting allowviewers="0"/> <DataroomHome startingtile="calendar" enforcestartingtile="1" showdeclinedevents="0" numberofpastevents="11" numberoffutureevents="2"/> <ChangedContent ChangedContentDownload= All"/>!!! OR as an ALTERNATIVE: <ChangedContent Interval= 7"/>!!! </policies> </root> Page 26 of 38

5.2.3 Descriptions of the Elements contained in an XML File <root>: Fix start tag of the XML file. Each security policy XML file must start with <root>. <policies>: Fix tag that marks the beginning of the used security mechanisms. <PIN complexity=" "/>: Defines whether a user must log on to the Brainloop Mobile app using a simple or a complex, and thus a more secure access code. The following values are available: - "Simple": Users may log on to the app using a simple access code. - "Complex": Users must log on to the app using a complex access code. A complex access code must contain different alphanumeric characters and must be at least eight characters long. <PIN complexity= maxage="p0dt0h0m0s"/>: Defines after which time a user must change their access code for security reasons. The date format is as follows (default XML format): P0DT0H0M0S - P: Fix value - 0D: Zero Days - T: Time - 0H: Zero Hours - 0M: Zero Minutes - 0S: Zero Seconds <PIN complexity= maxlock="p0dt0h0m0s"/>: Defines after which time of inactivity (timeout) a user must re-authenticate to the Brainloop Mobile app by entering their access code. The date format is the same as for maxage. <Retention maxtime="p0dt0h0m0s"/>: Defines after which time documents that have been downloaded to the ipad, and have not been opened within a specified period are deleted from the ipad after expiration of this period. The date format is the same as for maxage and maxlock. Page 27 of 38

<Synchronization mininterval="p0dt0h0m0s"/>: Defines after which time users must perform a synchronization of Datarooms and Dataroom contents to validate their authenticity on a regular basis. The date format is the same as for maxage and maxlock. <Exporting allowviewers=" "/>: Defines whether users are allowed to forward original documents or unprotected Brainmark documents from the Brainloop Mobile app to other apps or not. The following values are available: - 0: Users may not forward original documents or unprotected Brainmark documents from the Brainloop Mobile app to other apps. - 1: Users may forward original documents or unprotected Brainmark documents from the Brainloop Mobile app to other apps. <DataroomHome startingtile= enforcestartingtile= 1 />: Defines the default start page for the Brainloop Mobile app that is to be opened when a user enters a Dataroom or taps the Home icon. These values are available: - Calendar: Opens the Calendar start page. - Favorites: Opens the Favorites start page. - RecentFolders: Opens the Folders start page. - Search: Opens the Search start page. Important note: To define a specific start page that is to be opened each time a user enters a Dataroom or taps the Home icon, the <enforcestartingtile> parameter must contain value 1. If <enforcestartingtile> contains value 0, the default behavior for start pages applies as in previous versions (cf. user documentation). Page 28 of 38

<DataroomHome showdeclinedevents= />: Defines whether declined events are displayed or hidden on the app s start page. These values are available: - 0: Declined events are hidden from the Calendar start page. Important note: Nevertheless, declined events are displayed in the Calendar s month view. - 1: Declined events are displayed on the Calendar s start page. <DataroomHome numberofpastevents = />: Defines the number of past events to be displayed on the app s Calendar start page by default. If you do not want to display any past events on this start page, set this parameter to value 0. Important note: The total number of events (past, current and future events) that can be displayed on the Calendar start page is limited to 30, these events being displayed in hierarchal order: First, all past events are displayed, and then current and future event. <DataroomHome numberoffutureevents = />: Defines the number of current and future events to be displayed on the app s Calendar start page by default. Important note: The total number of events (past, current and future events) that can be displayed on the Calendar start page is limited to 30, these events being displayed in hierarchal order: First, all past events are displayed, and then current and future events. New as of version 2.4.3: <ChangedContent ChangedContentDownload= />: Defines whether or not new and changed content is downloaded automatically to the ipad during synchronization. These values are available: - ALL: Changed and new content are always downloaded to the ipad automatically during synchronization, irrespective of their change dates. - OFF: Changed and new content are not downloaded to the ipad automatically and must be downloaded manually. Page 29 of 38

New as of version 2.4.3: ChangedContent Interval= />: Defines after which time period new and changed content is downloaded to the ipad. The shortest time period is daily (1), whereas there is no limit for the longest time period in the configuration file. Important note: You may only use one of these two settings at a time, i.e. either use <ChangedContent ChangedContentDownload= /> or <ChangedContent Interval= />. </policies>: Fix tag that marks the end of the used security mechanisms. </root>: Fix end tag of the XML file. Each security policy XML file must end with </root>. Page 30 of 38

Example of an XML file with explanations: <root> <policies> <PIN complexity="complex" maxage="p7dt0h0m0s" maxlock="p0dt0h3m0s"/> <Retention maxtime="p3dt0h0m0s"/> <Synchronization mininterval="p0dt24h0m0s"/> <Exporting allowviewers="0"/> <DataroomHome startingtile="calendar" enforcestartingtile="1" showdeclinedevents="0" numberofpastevents="0" numberoffutureevents="10"/> </policies> </root> With the above XML file example, the following security mechanisms are applied to the Brainloop Mobile for ipad app: Users must log on to the app using a complex access code (PIN complexity="complex"). Users must change their access codes every seven days (maxage="p7dt0h0m0s"). Users must re-authenticate to the app by entering their access codes after three minutes of inactivity (maxlock="p0dt0h3m0s"). Documents that were downloaded to the ipad and were not opened within three days, are deleted from the ipad (Retention maxtime="p3dt0h0m0s"). Users must perform a synchronization of Datarooms and Dataroom contents every 24 hours to validate their authenticity (Synchronization mininterval="p0dt24h0m0s"). Users are not allowed to forward original documents and unprotected Brainmark documents from the Brainloop Mobile app to any other app on the ipad (Exporting allowviewers="0"). The Calendar start page is opened by default when users enter a Dataroom or tap the Home icon (DataroomHome startingtile="calendar" enforcestartingtile="1"). Declined events are hidden from the Calendar start page (showdeclinedevents="0"). The Calendar start page does not contain any past events (numberofpastevents="0"). The Calendar start page contains up to 10 current and future events (numberoffutureevents="10"). Page 31 of 38

5.2.4 Uploading an XML Configuration File to a Dataroom 1. Create an XML file based on the template you received from your Brainloop Support. 2. Save this file to a safe location. 3. Log on to your Dataroom. 4. Open the Dataroom Center Administration. 5. Select Security Device Management. 6. Select Edit. 7. In the Configure Device Restrictions dialog window, make sure that the Allow device management in Datarooms option is enabled. 8. In the API Client Security Policy section, select Upload new. 9. Click Search and select the XML file s location from the Select File for Upload dialog window. 10. Select the XML file and select Open. 11. The path and filename are displayed in the Select File field. 12. Click Upload. 13. Next, open the API Client Security Policy drop-down list and select the XML file from the list. 14. Click OK. The selected configuration file is automatically transferred to the Device Management in Dataroom Administration. If a Dataroom Center Manager has uploaded several configuration files, a Dataroom Manager can select any configuration file from the API Client Security Policy drop-down list. Page 32 of 38

6 Recommended ipad Security Settings 6.1 Activating the ipad s Passcode Lock To secure your ipads and to encrypt all files, make sure your ipad users set a passcode. Only with this passcode lock, are documents stored on the device secured in case of loss or theft. This also applies to documents from other apps on your ipad. We recommend you to use a complex, alphanumeric passcode. 1. On the ipad s Home screen, tap the Settings icon and select General. 2. Tap Passcode Lock OFF. 3. First, tap Turn Passcode ON. 4. Enter a simple, four-digit passcode and repeat this code. 5. Next, tap Simple Passcode ON. 6. Type the simple code into the Change Passcode dialog window. 7. Next, type a new, complex (alphanumeric) passcode and tap Next. 8. Repeat the new passcode, and tap Done to confirm it. At the bottom of the Passcode Lock page, the text Data protection is enabled is displayed. The given ipad is now secured by a complex passcode. Page 33 of 38

7 Sending a log file from within the Brainloop Mobile app to Support With the Send Log File function, you can easily and quickly report a problem or an error that occurred within the Brainloop Mobile. Information is sent to the e-mail address of Brainloop Support by default. This e-mail address can be changed to any other customer-specific support e-mail address. 1. Tap Settings. 2. Tap Other settings. 3. Tap Send Log File. 4. The content of the log file is displayed. 5. Tap Send in the top left corner. 6. Confirm the message The log file will be sent via the internet. Please make sure you do not add any confidential or personal data to the e-mail. message with OK. 7. A new e-mail message is opened. It contains the e-mail address of Brainloop Support, a default subject as well as the attached log file. 8. You may either accept the default information in this e-mail or overwrite it with your own information. Please be careful not to delete the attached log file accidentally. 9. Then, tap Send. Tip: Tapping Cancel in the top left corner of the e-mail message allows you to either delete the e-mail or save it to your mail app s Drafts folder to send it later. Page 34 of 38

8 Download Behavior for Documents opened in Brainloop Mobile Download behavior when tapping an individual document in Brainloop Mobile is as follows: By default, the document is opened as a Brainmark, if Brainmark Document Conversion is enabled in the respective Dataroom. If Brainmark Document Conversion is disabled, the document is opened in its original format. If a newer version of a document exists on the server, users are asked whether they want to download the latest version. If the current local version is an original file, it might be replaced by a Brainmark. If the file to be downloaded is an original file and the current local version is a Brainmark version with unsynced or local comments attached, users are warned and asked if they want to continue. If a complete Dataroom is synced, the same logic applies as if tapping each of the documents to be downloaded. Page 35 of 38

9 Syncing a Dataroom in Brainloop Mobile The synchronization process in Brainloop Mobile consists of the following steps: Verify Dataroom access Check for Dataroom policies Sync comments to server Update visible users Download folders, documents, document collections and folder hierarchy Update favorites Get additional document versions (from reviews) Clean up downloaded files Check document retention Clean up reviews Update calendar events and votes Download content Set the last refresh date Page 36 of 38

10 Support If you have any additional questions about Brainloop Mobile for ipad, please also refer to our latest user guide, or contact our support staff: 24/7 Phone Support: From within Germany dial: 0 800 517 3181 (toll-free) From within Switzerland: 0 800 272 465 (toll-free) From within UK dial: 0 800 520 0430 (toll-free) From within USA dial: 800 517 3181 (toll-free) From other countries dial: +49 89 444 699-84 Online Support: Please click here to open our online support form. E-mail Support: support@brainloop.com Page 37 of 38

11 Appendix: Document revision history Version Date of change Revision 1.0 08 August 2013 First release for Brainloop Mobile for ipad 2.4 1.1 31 October 2013 1.2 24 January 2014 1.3 30 May 2014 The Brainmark style Non-printable was renamed to Non-printable (PDF Reader dependent) (see page 13) Renaming of the term Entry Code into Access Code New chapter Settings required to use the Authentication with One-Time Password function (see page 10) New chapter Sending a log file from within the Brainloop Mobile app to Support (see page 34) The following chapters have been adjusted: Security Mechanisms and Presettings available for Brainloop Mobile (see page 24) Structure of an XML Configuration File (see page 26) Descriptions of the Elements contained in an XML File (see page 29) New link to the online support form (see page 37) 1.4 11 February 2015 Update to Brainloop Mobile for ipad Version 2.5 Page 38 of 38