Joint Technical Alignment — FAA × x.1 Foundation

Current Infrastructure 1 / 6

Does FAA currently run any servers? Key Includes physical servers at your office, rented cloud VMs, or any hosting services for your website.

Yes — on-premise Yes — cloud-hosted Both No servers Not sure

Which cloud platforms does FAA use or have access to? Optional Select all that apply. This shapes our infrastructure decision together: Azure VM if you're already in the Microsoft ecosystem, or Linux VPS for a lighter, more flexible setup.

Microsoft Azure Amazon AWS Google Cloud Shared web hosting None currently Not sure

OS your team is comfortable managing? Key "Comfortable" means someone on your team can install software, manage files, and restart services. The workshop system runs on either Windows Server or Linux.

Windows Server Linux (Ubuntu) Linux (other) Prefer fully managed No preference Not sure

Who is our IT co-lead for the workshop? Key This is the person x.1 Foundation works alongside throughout — from setup to the final handover. A clearly named partner makes everything run smoothly.

Full-time IT staff Part-time / shared Outsourced No dedicated IT Not sure

Microsoft 365 & Graph API — Our Integration Foundation 2 / 6

Since when has FAA been using Microsoft 365 / Office 365 for email? Key This determines how many years of email history we can mine. The further back, the richer the data — but we need to know where the coverage starts.

From when FAA was founded Several years ago Recently migrated Not sure — will check

How do your sales / admissions staff handle prospect email? Key This determines how we scope the mailbox extraction. Individual accounts mean we need access to multiple mailboxes; shared inboxes require different permissions.

Individual accounts (e.g. maria@faa.com.ph) Shared inbox (e.g. admissions@faa.com.ph) Both individual + shared Not sure

How many mailboxes are relevant to prospect communications? Key Roughly how many email accounts receive or send prospect enquiries. Each mailbox counts as one data source.

Approx. number of mailboxes

Examples (optional)

Who administers your Microsoft 365 tenant? Key The M365 Global Admin grants the API permissions for the Graph integration. We only need them for a focused 30-minute session — you run the configuration, x.1 guides remotely and you keep full control of all credentials.

Data Landscape — What We'll Work With Together 3 / 6

Where is prospect / student data currently stored? Key Select all that apply — this is the data landscape we'll work through together. More sources means richer analysis, but we scope to what's realistic for the workshop timeline.

Local Excel OneDrive / SharePoint Google Drive In email threads Microsoft Forms Paper records Messenger / WhatsApp Not sure

Approximate scope of data to be mined Optional Rough estimates help us size the server correctly and estimate processing time. No precision needed.

Workspace Setup — Where We'll Run the Workshop 4 / 6

Internet connection at the Subic facility Key The workshop makes AI API calls and screen-share sessions. A stable broadband connection (10 Mbps+) is more than enough — we've designed it to work within normal office conditions.

Fibre broadband DSL / cable LTE / mobile only Limited / intermittent Not sure

How many participants are expected at the workshop? Key Helps us plan machine requirements and prepare the right number of workspaces.

Will each participant have their own machine? Key Ideally each person has their own laptop or desktop for the duration of the workshop. Sharing machines slows down hands-on exercises.

Yes — everyone on their own machine No — machines will be shared Mix — some own, some shared TBD / not confirmed yet

What types of machines are available? Optional Desktops with large monitors are ideal for intensive data work — bigger screens make a real difference for side-by-side comparisons.

Personal laptops (own devices) Office laptops Desktops Mix of above Not sure

What is the screen / monitor situation? Optional Workshop sessions involve multiple open windows simultaneously. Larger or dual screens significantly improve the experience.

Laptop screens only Large external monitors (24"+) Dual monitors available Projector / shared screen Not sure

Does the IT workstation have a dual-monitor setup? Optional The IT station is used for setup, monitoring, and troubleshooting during the workshop. Two screens make this significantly easier.

Yes — dual monitors available No — single monitor only Can arrange one No dedicated IT station

Firewall or network restrictions? Optional Blocked ports, content filtering, VPN requirements, or managed devices. Most office setups have none — but strict environments may need port whitelisting.

No known restrictions Some — will check Strict IT policy Not sure

Our Shared Team 5 / 6

Our IT lead for the workshop Key The IT lead is our primary collaborator throughout — actively involved in setup, validation, and the final handover. Reachable by phone during the workshop week.

Who will attend the workshop? Helps us tailor the workshop content and pace to each group — so everyone gets value from the sessions, not just the technical participants.

Management / leadership Sales / admissions IT staff Admin / operations Not sure

Additional notes or questions for x.1 Foundation

Data Privacy & Compliance 6 / 6

Who is FAA's Data Protection Officer (DPO)? Key FAA's privacy page lists faadataprivacy@firstaviationacademy.com as the privacy contact. Under RA 10173, the DPO should be identified by name. Can you confirm who manages this inbox?

Does anyone monitor the privacy email inbox? Key If a data subject (prospect, parent, applicant) emails faadataprivacy@firstaviationacademy.com with a request to access or delete their data — who receives it, and is there a process for responding?

Yes — actively monitored Goes to a shared inbox Not actively monitored Not sure

Is FAA registered with the National Privacy Commission (NPC)? Key FAA's privacy page shows an NPC Certificate of Registration seal dated November 2024. Can you confirm this registration is current and provide the registration number?

Yes — registered and current We have the seal but not sure of status Not registered Not sure

Are you aware that FAA's website runs 4 Google Analytics trackers without a consent banner? Key Our privacy review found tracking IDs G-XRKCMPCDY1, G-XD00KKP0LZ, G-82SDLRBSQ9, and UA-154625202-1 loading on every page. Under RA 10173, this requires user consent. Do you know who manages these?

Yes — IT manages analytics Set up by a web agency Was not aware of this Not sure

Has FAA executed a Data Access or Outsourcing Agreement with a consultant before? Optional FAA has a Data Sharing Agreement template from 2020 — but a DACA is different: it covers supervised server access, not data sharing between controllers. Since x.1 never stores data locally, we use a lighter Data Access & Confidentiality Agreement instead of a full DOA.

Yes — we've done DOAs before Only DSAs (data sharing) No Not sure

Who at FAA is authorised to sign the Data Outsourcing Agreement? Key The DACA must be signed before x.1 Foundation receives server access. Typically signed by the CEO, General Manager, or DPO. Draft PDF available. Digital signature accepted.

IT Preparation

Joint Technical Alignment Meeting

Setup Reference: MS Graph API & HubSpot