Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Phase 3 — Security + HR/Vendor/BCM policies

Browse Source 
Phase 3 of the Document Templates Masterplan:

- 103: 4 new security policies (information_security_policy, password_policy,
  encryption_policy, access_control_policy) + updates for CRA (056) and
  all 15 HR/Vendor/BCM policies (072)

New templates:
- Information Security Policy: ISMS-Leitlinie (ISO 27001, BSI, NIS2)
- Password Policy: BSI/NIST compliant (12+ chars, MFA, no forced rotation)
- Encryption Policy: BSI TR-02102, algorithms, key management, TLS config
- Access Control Policy: RBAC, Least Privilege, Zero Trust, rezertification

Updates: AI Act + NIS2UmsuCG references for CRA and all 15 HR/Vendor/BCM
Generator: 6 new categories (security, HR, data, vendor, BCM policies)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-05-01 09:05:03 +02:00
parent 90c7f02b40
commit 4417938558
2 changed files with 434 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin-compliance/app/sdk/document-generator/_constants.ts
+5
View File
@@ -29,6 +29,11 @@ export const CATEGORIES: { key: string; label: string; types: string[] | null }[
{ key: 'whistleblower', label: 'Whistleblower', types: ['whistleblower_policy'] },
{ key: 'hr_dsi', label: 'HR-Datenschutz', types: ['applicant_dsi', 'employee_dsi'] },
{ key: 'module_docs', label: 'Konzepte', types: ['vvt_register', 'loeschkonzept', 'pflichtenregister', 'it_security_concept', 'data_protection_concept', 'backup_recovery_concept', 'logging_concept', 'incident_response_plan', 'access_control_concept', 'risk_management_concept'] },
{ key: 'security_policies', label: 'Sicherheitsrichtlinien', types: ['information_security_policy', 'access_control_policy', 'password_policy', 'encryption_policy', 'cybersecurity_policy'] },
{ key: 'hr_policies', label: 'HR-Richtlinien', types: ['employee_security_policy', 'security_awareness_policy', 'remote_work_policy', 'offboarding_policy'] },
{ key: 'data_policies', label: 'Datenrichtlinien', types: ['data_protection_policy', 'data_classification_policy', 'data_retention_policy', 'data_transfer_policy', 'privacy_incident_policy'] },
{ key: 'vendor_policies', label: 'Lieferanten', types: ['vendor_risk_management_policy', 'third_party_security_policy', 'supplier_security_policy'] },
{ key: 'bcm_policies', label: 'BCM/Notfall', types: ['business_continuity_policy', 'disaster_recovery_policy', 'crisis_management_policy'] },
]
// =============================================================================