1.2 KiB
1.2 KiB
Risk Compliance Domain Boundary
Purpose
Risk and compliance workflows for data protection incidents, DPIAs, compliance controls, audit measures, risk registers, and internal-control evidence.
Owns
- risk registers
- compliance controls
- DPIA records
- data protection incident records
- audit measures
- internal-control evidence
Does Not Own
- immutable audit log storage
- records retention engine
- inspection fieldwork
Integration Candidates
- audit
- policy
- records
- inspections
- files
- tasks
- notifications
Seed State
The current repository state is intentionally small:
- module manifest and entry point
- tenant-level permission definitions
- manager and viewer role templates
- documentation topic describing the module boundary
- Gitea issue workflow templates
- manifest contract test
No runtime API, database model, migration, WebUI route, or navigation item is registered yet. The first implementation slice should preserve the boundary above and only add user-visible surfaces once the workflow model is clear.
First Implementation Slice
Define risk register, control, evidence, DPIA, incident, measure, and review-cycle concepts.