Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(admin): split vvt-baseline-catalog into domain barrel

Browse Source 
Extracted 630-LOC monolith into 6 domain files (all <200 LOC) plus a
29-line barrel re-exporting everything for zero breaking-change impact.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
2026-04-18 00:46:31 +02:00
parent 7d8e5667c9
commit 19d6437161
6 changed files with 469 additions and 623 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
admin-compliance/lib/sdk/vvt-baseline-catalog/support-it.ts Normal file
View File

@@ -0,0 +1,158 @@
/**
* VVT Baseline-Katalog — Support & IT Operations
*/
import type { BaselineTemplate } from './types'
export const SUPPORT_VVT_TEMPLATES: BaselineTemplate[] = [
{
templateId: 'support-ticketsystem',
businessFunction: 'support',
name: 'Kundenservice / Ticketsystem',
description: 'Bearbeitung von Kundenanfragen und Support-Tickets',
purposes: ['Kundenservice', 'Reklamationsbearbeitung', 'Vertragserfuellung'],
legalBases: [
{ type: 'CONTRACT', description: 'Kundenvertrag', reference: 'Art. 6 Abs. 1 lit. b DSGVO' },
],
dataSubjectCategories: ['CUSTOMERS', 'APP_USERS'],
personalDataCategories: ['NAME', 'CONTACT', 'CONTRACT_DATA', 'COMMUNICATION_DATA'],
recipientCategories: [
{ type: 'INTERNAL', name: 'Support-Team' },
{ type: 'PROCESSOR', name: 'Helpdesk-Software-Anbieter' },
],
retentionPeriod: { duration: 3, durationUnit: 'YEARS', description: '3 Jahre nach Ticketschliessung', legalBasis: 'BGB § 195', deletionProcedure: 'Automatische Loeschung geschlossener Tickets' },
tomDescription: 'Zugriffskontrolle nach Ticket-Owner, Verschluesselung, Audit-Trail',
structuredToms: {
accessControl: ['Ticket-basierte Zugriffskontrolle', 'Agent-Rollen'],
confidentiality: ['TLS', 'Verschluesselung'],
integrity: ['Ticket-Historie unveraenderbar'],
availability: ['Hochverfuegbarer Helpdesk'],
separation: ['Mandantentrennung'],
},
typicalSystems: ['Helpdesk-Software', 'E-Mail', 'Chat'],
protectionLevel: 'MEDIUM',
dpiaRequired: false,
tags: ['support', 'kundenservice', 'tickets'],
},
]
export const IT_OPERATIONS_VVT_TEMPLATES: BaselineTemplate[] = [
{
templateId: 'it-systemadministration',
businessFunction: 'it_operations',
name: 'Systemadministration',
description: 'Verwaltung von IT-Systemen, Benutzerkonten und Zugriffsrechten',
purposes: ['IT-Betrieb', 'Benutzerverwaltung', 'Sicherheitsueberwachung'],
legalBases: [
{ type: 'LEGITIMATE_INTEREST', description: 'IT-Sicherheit', reference: 'Art. 6 Abs. 1 lit. f DSGVO' },
{ type: 'CONTRACT', description: 'Bereitstellung IT-Dienste', reference: 'Art. 6 Abs. 1 lit. b DSGVO' },
],
dataSubjectCategories: ['EMPLOYEES', 'APP_USERS'],
personalDataCategories: ['NAME', 'CONTACT', 'LOGIN_DATA', 'IP_ADDRESS', 'DEVICE_ID'],
recipientCategories: [
{ type: 'INTERNAL', name: 'IT-Abteilung' },
{ type: 'PROCESSOR', name: 'IT-Dienstleister' },
],
retentionPeriod: { duration: 1, durationUnit: 'YEARS', description: '1 Jahr nach Kontodeaktivierung', deletionProcedure: 'Automatische Loeschung deaktivierter Konten' },
tomDescription: 'PAM, MFA, Protokollierung, regelmaessige Rechtereviews',
structuredToms: {
accessControl: ['PAM (Privileged Access Management)', 'MFA', 'Regelmaessige Rechtereviews'],
confidentiality: ['Verschluesselung', 'Passwort-Policies'],
integrity: ['Change Management', 'Konfigurationsmanagement'],
availability: ['Redundanz', 'Monitoring', 'Alerting'],
separation: ['Prod/Dev/Staging getrennt', 'Admin-Netze isoliert'],
},
typicalSystems: ['Active Directory / IAM', 'Monitoring', 'ITSM'],
protectionLevel: 'MEDIUM',
dpiaRequired: false,
tags: ['it', 'admin', 'benutzerverwaltung'],
},
{
templateId: 'it-backup',
businessFunction: 'it_operations',
name: 'Backup & Recovery',
description: 'Sicherung und Wiederherstellung von Daten und Systemen',
purposes: ['Datensicherung', 'Disaster Recovery', 'Geschaeftskontinuitaet'],
legalBases: [
{ type: 'LEGITIMATE_INTEREST', description: 'Datensicherheit', reference: 'Art. 6 Abs. 1 lit. f DSGVO, Art. 32 DSGVO' },
],
dataSubjectCategories: ['EMPLOYEES', 'CUSTOMERS'],
personalDataCategories: ['NAME', 'CONTACT', 'CONTRACT_DATA'],
recipientCategories: [
{ type: 'PROCESSOR', name: 'Backup-Dienstleister' },
{ type: 'INTERNAL', name: 'IT-Abteilung' },
],
retentionPeriod: { duration: 90, durationUnit: 'DAYS', description: '90 Tage Aufbewahrung der Backups', deletionProcedure: 'Automatische Rotation und Loeschung' },
tomDescription: 'Verschluesselung, Zugriffskontrolle, regelmaessige Wiederherstellungstests',
structuredToms: {
accessControl: ['Nur Backup-Admins', 'Separater Encryption Key'],
confidentiality: ['AES-256-Verschluesselung', 'Verschluesselter Transport'],
integrity: ['Checksummen-Pruefung', 'Regelmaessige Restore-Tests'],
availability: ['3-2-1-Backup-Regel', 'Georedundanz'],
separation: ['Backup-Netzwerk isoliert'],
},
typicalSystems: ['Backup-Software', 'Cloud-Storage'],
protectionLevel: 'MEDIUM',
dpiaRequired: false,
tags: ['it', 'backup', 'recovery'],
},
{
templateId: 'it-logging',
businessFunction: 'it_operations',
name: 'Protokollierung & Logging',
description: 'Erfassung von System- und Sicherheitslogs zur Fehlerbehebung und Angriffserkennung',
purposes: ['IT-Sicherheit', 'Fehlerbehebung', 'Angriffserkennung'],
legalBases: [
{ type: 'LEGITIMATE_INTEREST', description: 'IT-Sicherheit und Betrieb', reference: 'Art. 6 Abs. 1 lit. f DSGVO' },
],
dataSubjectCategories: ['EMPLOYEES', 'APP_USERS', 'WEBSITE_USERS'],
personalDataCategories: ['IP_ADDRESS', 'LOGIN_DATA', 'USAGE_DATA', 'DEVICE_ID'],
recipientCategories: [
{ type: 'INTERNAL', name: 'IT-Sicherheit' },
{ type: 'PROCESSOR', name: 'SIEM-Anbieter' },
],
retentionPeriod: { duration: 90, durationUnit: 'DAYS', description: '90 Tage (Standard) / 1 Jahr (Security-Logs)', deletionProcedure: 'Automatische Rotation' },
tomDescription: 'SIEM, Integritaetsschutz der Logs, Zugriffskontrolle, Pseudonymisierung',
structuredToms: {
accessControl: ['Nur Security-Team', 'Read-Only fuer Auditoren'],
confidentiality: ['Pseudonymisierung wo moeglich'],
integrity: ['WORM-Storage fuer Security-Logs', 'Hashketten'],
availability: ['Redundante Log-Speicherung'],
separation: ['Zentrale Log-Infrastruktur getrennt'],
},
typicalSystems: ['SIEM', 'ELK Stack', 'Syslog'],
protectionLevel: 'MEDIUM',
dpiaRequired: false,
tags: ['it', 'logging', 'sicherheit'],
},
{
templateId: 'it-iam',
businessFunction: 'it_operations',
name: 'Identity & Access Management',
description: 'Verwaltung von Identitaeten, Authentifizierung und Autorisierung',
purposes: ['Zugriffskontrolle', 'Identitaetsverwaltung', 'Compliance'],
legalBases: [
{ type: 'LEGITIMATE_INTEREST', description: 'IT-Sicherheit', reference: 'Art. 6 Abs. 1 lit. f DSGVO' },
{ type: 'CONTRACT', description: 'Bereitstellung IT-Dienste', reference: 'Art. 6 Abs. 1 lit. b DSGVO' },
],
dataSubjectCategories: ['EMPLOYEES', 'APP_USERS'],
personalDataCategories: ['NAME', 'CONTACT', 'LOGIN_DATA'],
recipientCategories: [
{ type: 'INTERNAL', name: 'IT-Abteilung' },
{ type: 'PROCESSOR', name: 'IAM-Anbieter' },
],
retentionPeriod: { duration: 6, durationUnit: 'MONTHS', description: '6 Monate nach Kontodeaktivierung', deletionProcedure: 'Automatische Deprovisionierung' },
tomDescription: 'MFA, SSO, regelmaessige Access Reviews, Least-Privilege-Prinzip',
structuredToms: {
accessControl: ['MFA', 'SSO', 'Least Privilege', 'Regelmaessige Reviews'],
confidentiality: ['Passwort-Hashing (bcrypt)', 'Token-basierte Auth'],
integrity: ['Audit-Trail aller Aenderungen'],
availability: ['Hochverfuegbarer IdP'],
separation: ['Identitaeten pro Mandant'],
},
typicalSystems: ['IAM-System', 'SSO Provider', 'MFA'],
protectionLevel: 'HIGH',
dpiaRequired: false,
tags: ['it', 'iam', 'zugriffskontrolle'],
},
]