Files
govoplan-risk-compliance/docs/RISK_COMPLIANCE_DOMAIN_BOUNDARY.md

48 lines
1.2 KiB
Markdown

# Risk Compliance Domain Boundary
## Purpose
Risk and compliance workflows for data protection incidents, DPIAs, compliance controls, audit measures, risk registers, and internal-control evidence.
## Owns
- risk registers
- compliance controls
- DPIA records
- data protection incident records
- audit measures
- internal-control evidence
## Does Not Own
- immutable audit log storage
- records retention engine
- inspection fieldwork
## Integration Candidates
- audit
- policy
- records
- inspections
- files
- tasks
- notifications
## Seed State
The current repository state is intentionally small:
- module manifest and entry point
- tenant-level permission definitions
- manager and viewer role templates
- documentation topic describing the module boundary
- Gitea issue workflow templates
- manifest contract test
No runtime API, database model, migration, WebUI route, or navigation item is registered yet. The first implementation slice should preserve the boundary above and only add user-visible surfaces once the workflow model is clear.
## First Implementation Slice
Define risk register, control, evidence, DPIA, incident, measure, and review-cycle concepts.