Free Desktop Tool for CSSF Outsourcing Compliance

If you work in risk management or compliance at a Luxembourg financial institution, you know the challenge: CSSF Outsourcing Circular & EBA Outsourcing guidelines require detailed tracking of every outsourcing arrangement. We're talking about 73 different pieces of information per supplier, from basic contract details to complex risk assessments.

Spreadsheets become unwieldy. Manual tracking is error-prone. And when audit time comes, pulling together the right reports can take days.

I built the Supplier Outsourcing Register to solve exactly this problem. It's a free, open-source desktop application that helps you stay compliant without the headache. It runs offline in your computer or company server and your IT team can verify the code before deployment.

What Does This Tool Do?

Think of it as a specialized database designed specifically for CSSF & EBA Guidelines compliance. Instead of juggling Excel files and trying to remember which fields are mandatory, you get:

• A complete register of all your outsourcing arrangements
• Built-in CSSF compliance - Each filed is referenced against CSSF Outsourcing Circular
• Dashboard analytics showing your compliance status at a glance
• Professional reports you can export for regulators or management
• Team collaboration - multiple people can work with the same data
• Data protection with backup and restore features

Everything runs on your own computer. No cloud services, no subscriptions, no data leaving your organization.

Installing the Application

For Windows Users

1. Download the installer
   • Get the file named Supplier Outsourcing Register Setup 0.1.0.exe
   • It's about 150MB in size
2. Run the installation
   • Double-click the downloaded file
   • Windows might show a security warning saying "Windows protected your PC"
   • This is normal for free software that hasn't been code-signed and I'm not a company.
   • Click "More info" then "Run anyway"
3. Follow the setup wizard
   • Choose where to install (default location is fine)
   • The installer will create shortcuts on your desktop and Start Menu
   • Installation takes about a minute
4. Launch the application
   • Double-click the desktop shortcut "Supplier Outsourcing Register"
   • The first time you open it, the app creates its database and adds 5 sample suppliers so you can see how it works

Getting Started: Your First Supplier

When you first open the application, you'll see a clean interface with several tabs:

The Register Tab

This is your main workspace - a table showing all your suppliers. Each row can be expanded to see full details across four organized sections:

1. Basic Information - Contract dates, what the service does, whether it's critical
2. Provider Details - Company information, addresses, contact details
3. Cloud Services - Only appears for cloud providers, tracks deployment models and data locations
4. Critical Functions - Only appears for critical suppliers, tracks risk assessments, audits, and regulatory notifications

Adding a New Supplier

Click the "New Entry" tab to open a comprehensive form. The beauty of this tool is that it guides you through exactly what information is needed:

• Reference numbers in parentheses (like "54.e") show you exactly which CSSF requirement each field addresses
• Amber pin buttons let you mark fields as "pending" if you don't have the information yet
• Save supplier will mark as "pending" any missing information.

You can save partially complete suppliers as drafts. The tool remembers what's missing and lets you come back to finish later.

Understanding the Dashboard

The Dashboard tab gives you a compliance overview:

• Alerts for overdue assessments or upcoming audits.
• Key metrics like how many suppliers are critical, how many use cloud services and number of pending fields in the register
• Risk distribution showing where your exposure lies
• Geographic breakdown of where your data and services are located

All these numbers update automatically as you add and edit suppliers. No manual calculations needed. The Dashboards refreshes based on the active filters set in the Register List Tab.

Key Features Explained

Smart Validation

The tool knows the difference between:

• Mandatory fields - required for all suppliers
• Cloud-specific fields - only required when you select "Cloud" as the category
• Critical supplier fields - only required when you mark a supplier as critical

This means you're never asked for information that doesn't apply to a particular arrangement.

Pending Fields

Can't find the LEI number right now? Don't have the last audit date handy? Click the amber pin button next to any field to mark it as "pending." The tool will save your supplier without complaining about the missing information.

Later, you can see which suppliers have pending fields (they show an amber badge) and come back to complete them.

Filtering and Search

Need to find all critical suppliers? All cloud services? Suppliers with contracts ending in the next 90 days?

Use the filter panel at the top of the register. You can combine multiple filters and search across all fields simultaneously. Your search terms get highlighted in yellow when you expand a supplier's details, making it easy to find exactly what you're looking for.

Reporting and Issue Tracking

The Reporting tab keeps a change log of major events:

• When suppliers become active or critical
• When risk levels change
• When contracts start, renew, or end

You can also track compliance issues:

• Record problems that need attention
• Assign them to team members
• Set due dates and severity levels
• Add follow-up notes as issues develop

There's even a Critical Outsourcing Monitor that gives you a focused view of your most important suppliers, with inline editing for tracking contracts and assessments.

Export Capabilities

Generate professional reports in seconds:

• Excel exports - Choose between compact (8 columns) or full detail (all 52 CSSF fields)
• PDF reports - Create formatted summaries for presentations
• Change log exports - Document all supplier updates
• Issue tracker exports - Share compliance issue status

All exports respect your current filters, so you can create targeted reports for specific categories or time periods.

Setting Up for Team Use

One of the most powerful features is multi-user access. Here's how to set it up so your entire compliance team can work together:

The Concept

The application stores all data in a single database file. By default, this file lives on your computer and only you can access it. But you can move that database to a shared network location so multiple people can access the same data.

Step-by-Step Setup

1. Prepare a shared network folder

• Your IT department should create a folder on your network (like \\CompanyServer\ComplianceData\)
• Make sure all team members have read/write access to this folder

2. Configure the first user (Admin setup)

• Install the application on your computer
• Add your suppliers and set up the register the way you want it
• Go to the Settings tab
• Click on "Database Location"
• Enter the network path: \\CompanyServer\ComplianceData\suppliers.db
• Important: Check the box "Copy existing data to new location"
• Click "Apply and Restart"
• The app will copy your data to the network and restart

3. Configure additional users

• Each team member installs the application on their computer
• They go to Settings → Database Location
• They enter the same path: \\CompanyServer\ComplianceData\suppliers.db
• They do NOT check "Copy existing data" (the data is already there)
• Click "Apply and Restart"

Now everyone is working with the same register. Changes made by one person appear immediately for everyone else.

Adding User Permissions (Optional)

If you want to control who can edit data versus who can only view it:

1. Go to Settings → Security Settings
2. Enable authentication
3. Log in with the default credentials (username: admin, password: admin)
4. Immediately change these default credentials in User Management
5. Create accounts for your team members with appropriate roles:
   • Viewers can see all data but cannot make changes
   • Editors can add, edit, and delete suppliers
   • Admins can do everything plus manage users

Important Notes for Teams

• The database uses file locking to prevent conflicts, but it's designed for small teams (up to 5 users)
• Changes are saved immediately - there's no "sync" button to remember
• Everyone needs access to the same network folder
• If someone is offline or can't reach the network share, they won't be able to use the application until connectivity is restored

Protecting Your Data

Backup System

The application includes a comprehensive backup feature:

Creating a Backup:

1. Go to Settings → Backup & Restore
2. Click "Create Backup"
3. Choose where to save it (USB drive, external hard drive, secure network location)
4. The app creates a ZIP file containing:
   • Your complete database
   • Excel exports of all your data (suppliers, events, issues)

Default filename: OutsourcingRegister_Backup_2025-12-23.zip

Restoring from Backup:

If something goes wrong, you can restore your data:

1. Go to Settings → Backup & Restore
2. Click "Select Backup File"
3. Choose which restore method:
   • From Database - Fast and exact (use this most of the time)
   • From Excel - Use only if you edited the Excel files in the backup
4. Select what to restore:
   • All data (default)
   • Or pick specific parts (just suppliers, just events, etc.)
5. Confirm and the app will restore your data

The page will reload automatically to show your restored information.

Backup Best Practices

• Regular schedule: Create backups weekly, or before making major changes
• Multiple locations: Keep backups in different places (one onsite, one offsite)
• Test restores: Occasionally test restoring from a backup to make sure it works
• Before updates: Always create a backup before updating to a new version of the application

Understanding the Interface

The Header

Shows:

• Current view (Register, New Entry, Dashboard, etc.)
• If authentication is enabled, your username and role
• The application name and version

The Main Views

Register List: Your working view. Filter, search, add, edit, duplicate, or delete suppliers here.

New Entry: The form for adding new suppliers. Four organized tabs make it easy to enter all required information.

Dashboard: Analytics and compliance overview. Great for management reports or preparing for audits.

Reporting: Track changes over time, manage compliance issues, and monitor critical suppliers.

Settings: Configure database location, manage backups, set up authentication, and manage users.

Visual Cues

• Red asterisks (*) - Required field
• Amber pins (📌) - Field marked as pending
• Amber badges - Supplier has some pending fields
• Green badges - Active suppliers
• Gray badges - Draft or terminated suppliers
• Blue text - CSSF circular references you can click for more information

Tips for Daily Use

Starting Your Day

1. Open the Dashboard to see any compliance alerts
2. Check for upcoming renewals or overdue assessments
3. Review any open issues in the Reporting tab

Adding a New Contract

1. Click "New Entry"
2. Fill in what you know
3. Use the amber pin to mark fields you'll complete later
4. Save as draft or save as complete (depending on how much information you have)

Regular Maintenance

• Weekly: Review and complete pending fields
• Monthly: Export a full backup
• Quarterly: Review the Dashboard for compliance gaps
• Annually: Export a complete report before your annual audit

Before an Audit

1. Go to Dashboard and review all compliance indicators
2. Use filters to find any problematic suppliers (overdue assessments, missing notifications, etc.)
3. Complete all pending fields
4. Export a full Excel report for the auditor
5. Create a PDF summary for the audit committee

Common Questions

Do I need to be online to use this? No. The application works completely offline. Your data stays on your computer (or your company's network if you're using team access).

What if I delete a supplier by mistake? As long as you have a recent backup, you can restore it. This is why regular backups are important.

Can I import data from Excel? The current version allows exporting to Excel but not importing. You'll need to enter suppliers manually or wait for a future version with import capability.

What happens to my data when I uninstall? The database file remains on your computer (in AppData/OutsourcingRegister) even after uninstalling. If you want to completely remove it, you'll need to delete that folder manually.

Is my data secure? Your data never leaves your organization. The application doesn't connect to the internet or send data anywhere. For additional security, you can enable the authentication system to control who can access or modify your data.

What if I find a bug or need help? The project is open source on GitHub. You can report issues there or check the documentation for troubleshooting steps.

System Requirements

Windows:

• Windows 10 or Windows 11 (64-bit)
• 4GB RAM minimum (8GB recommended)
• 500MB free disk space
• Network access (only for multi-user setup)

Conclusions

CSSF compliance doesn't have to be complicated. This tool handles the technical requirements so you can focus on actually managing your outsourcing relationships.

It's designed to grow with your needs:

• Start simple with just yourself
• Add team access when you need it
• Enable authentication if you want access control
• Export data in multiple formats for different audiences

The best part? It's completely free and open source. No licensing fees, no per-user costs, no surprise charges.

Download it, try it out with the sample data, and see if it makes your compliance work a little bit easier.

License: MIT (Free for commercial and personal use)

Built by a compliance professional, for compliance professionals. Questions? Issues? Suggestions? Send me an email to contact@iddi-labs.com or contact me in Linkedin.