Files
govoplan-risk-compliance/docs/RISK_COMPLIANCE_DOMAIN_BOUNDARY.md

1.2 KiB

Risk Compliance Domain Boundary

Purpose

Risk and compliance workflows for data protection incidents, DPIAs, compliance controls, audit measures, risk registers, and internal-control evidence.

Owns

  • risk registers
  • compliance controls
  • DPIA records
  • data protection incident records
  • audit measures
  • internal-control evidence

Does Not Own

  • immutable audit log storage
  • records retention engine
  • inspection fieldwork

Integration Candidates

  • audit
  • policy
  • records
  • inspections
  • files
  • tasks
  • notifications

Seed State

The current repository state is intentionally small:

  • module manifest and entry point
  • tenant-level permission definitions
  • manager and viewer role templates
  • documentation topic describing the module boundary
  • Gitea issue workflow templates
  • manifest contract test

No runtime API, database model, migration, WebUI route, or navigation item is registered yet. The first implementation slice should preserve the boundary above and only add user-visible surfaces once the workflow model is clear.

First Implementation Slice

Define risk register, control, evidence, DPIA, incident, measure, and review-cycle concepts.