48 lines
1.2 KiB
Markdown
48 lines
1.2 KiB
Markdown
# Risk Compliance Domain Boundary
|
|
|
|
## Purpose
|
|
|
|
Risk and compliance workflows for data protection incidents, DPIAs, compliance controls, audit measures, risk registers, and internal-control evidence.
|
|
|
|
## Owns
|
|
|
|
- risk registers
|
|
- compliance controls
|
|
- DPIA records
|
|
- data protection incident records
|
|
- audit measures
|
|
- internal-control evidence
|
|
|
|
## Does Not Own
|
|
|
|
- immutable audit log storage
|
|
- records retention engine
|
|
- inspection fieldwork
|
|
|
|
## Integration Candidates
|
|
|
|
- audit
|
|
- policy
|
|
- records
|
|
- inspections
|
|
- files
|
|
- tasks
|
|
- notifications
|
|
|
|
## Seed State
|
|
|
|
The current repository state is intentionally small:
|
|
|
|
- module manifest and entry point
|
|
- tenant-level permission definitions
|
|
- manager and viewer role templates
|
|
- documentation topic describing the module boundary
|
|
- Gitea issue workflow templates
|
|
- manifest contract test
|
|
|
|
No runtime API, database model, migration, WebUI route, or navigation item is registered yet. The first implementation slice should preserve the boundary above and only add user-visible surfaces once the workflow model is clear.
|
|
|
|
## First Implementation Slice
|
|
|
|
Define risk register, control, evidence, DPIA, incident, measure, and review-cycle concepts.
|