refactor(admin-compliance): split 7 oversized files under 500 LOC hard cap (batch 3)
- tom-generator/export/zip.ts: extract private helpers to zip-helpers.ts (544→342 LOC) - tom-generator/export/docx.ts: extract private helpers to docx-helpers.ts (525→378 LOC) - tom-generator/export/pdf.ts: extract private helpers to pdf-helpers.ts (517→446 LOC) - tom-generator/demo-data/index.ts: extract DEMO_RISK_PROFILES + DEMO_EVIDENCE_DOCUMENTS to demo-data-part2.ts (518→360 LOC) - einwilligungen/generator/privacy-policy-sections.ts: extract sections 5-7 to part2 (559→313 LOC) - einwilligungen/export/pdf.ts: extract HTML/CSS helpers to pdf-helpers.ts (505→296 LOC) - vendor-compliance/context.tsx: extract API action hooks to context-actions.tsx (509→286 LOC) All originals re-export from sibling files — zero consumer import changes needed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -0,0 +1,168 @@
|
||||
// =============================================================================
|
||||
// TOM Generator Demo Data (Part 2)
|
||||
// DEMO_RISK_PROFILES and DEMO_EVIDENCE_DOCUMENTS
|
||||
// Extracted from index.ts to stay under 500 LOC hard cap
|
||||
// =============================================================================
|
||||
|
||||
import {
|
||||
RiskProfile,
|
||||
EvidenceDocument,
|
||||
} from '../types'
|
||||
|
||||
// =============================================================================
|
||||
// DEMO RISK PROFILES
|
||||
// =============================================================================
|
||||
|
||||
export const DEMO_RISK_PROFILES: Record<string, RiskProfile> = {
|
||||
saas: {
|
||||
ciaAssessment: {
|
||||
confidentiality: 3,
|
||||
integrity: 3,
|
||||
availability: 4,
|
||||
justification: 'Als SaaS-Anbieter ist die Verfügbarkeit kritisch für unsere Kunden. Vertraulichkeit und Integrität sind wichtig aufgrund der verarbeiteten Geschäftsdaten.',
|
||||
},
|
||||
protectionLevel: 'HIGH',
|
||||
specialRisks: ['Cloud-Abhängigkeit', 'Multi-Mandanten-Umgebung'],
|
||||
regulatoryRequirements: ['DSGVO', 'Kundenvorgaben'],
|
||||
hasHighRiskProcessing: false,
|
||||
dsfaRequired: false,
|
||||
},
|
||||
healthcare: {
|
||||
ciaAssessment: {
|
||||
confidentiality: 5,
|
||||
integrity: 5,
|
||||
availability: 4,
|
||||
justification: 'Gesundheitsdaten erfordern höchsten Schutz. Fehlerhafte Daten können Patientensicherheit gefährden.',
|
||||
},
|
||||
protectionLevel: 'VERY_HIGH',
|
||||
specialRisks: ['Gesundheitsdaten', 'Minderjährige', 'Telemedizin'],
|
||||
regulatoryRequirements: ['DSGVO', 'SGB', 'MDR'],
|
||||
hasHighRiskProcessing: true,
|
||||
dsfaRequired: true,
|
||||
},
|
||||
enterprise: {
|
||||
ciaAssessment: {
|
||||
confidentiality: 4,
|
||||
integrity: 5,
|
||||
availability: 5,
|
||||
justification: 'Finanzdienstleistungen erfordern höchste Integrität und Verfügbarkeit. Vertraulichkeit ist kritisch für Kundendaten und Transaktionen.',
|
||||
},
|
||||
protectionLevel: 'VERY_HIGH',
|
||||
specialRisks: ['Finanztransaktionen', 'Regulatorische Auflagen', 'Cyber-Risiken'],
|
||||
regulatoryRequirements: ['DSGVO', 'MaRisk', 'BAIT', 'PSD2'],
|
||||
hasHighRiskProcessing: true,
|
||||
dsfaRequired: true,
|
||||
},
|
||||
}
|
||||
|
||||
// =============================================================================
|
||||
// DEMO EVIDENCE DOCUMENTS
|
||||
// =============================================================================
|
||||
|
||||
export const DEMO_EVIDENCE_DOCUMENTS: EvidenceDocument[] = [
|
||||
{
|
||||
id: 'demo-evidence-1',
|
||||
filename: 'iso27001-certificate.pdf',
|
||||
originalName: 'ISO 27001 Zertifikat.pdf',
|
||||
mimeType: 'application/pdf',
|
||||
size: 245678,
|
||||
uploadedAt: new Date('2025-01-15'),
|
||||
uploadedBy: 'admin@company.de',
|
||||
documentType: 'CERTIFICATE',
|
||||
detectedType: 'CERTIFICATE',
|
||||
hash: 'sha256:abc123def456',
|
||||
validFrom: new Date('2024-06-01'),
|
||||
validUntil: new Date('2027-05-31'),
|
||||
linkedControlIds: ['TOM-RV-04', 'TOM-AZ-01'],
|
||||
aiAnalysis: {
|
||||
summary: 'ISO 27001:2022 Zertifikat bestätigt die Implementierung eines Informationssicherheits-Managementsystems.',
|
||||
extractedClauses: [
|
||||
{
|
||||
id: 'clause-1',
|
||||
text: 'Zertifiziert nach ISO/IEC 27001:2022',
|
||||
type: 'certification',
|
||||
relatedControlId: 'TOM-RV-04',
|
||||
},
|
||||
],
|
||||
applicableControls: ['TOM-RV-04', 'TOM-AZ-01', 'TOM-RV-01'],
|
||||
gaps: [],
|
||||
confidence: 0.95,
|
||||
analyzedAt: new Date('2025-01-15'),
|
||||
},
|
||||
status: 'VERIFIED',
|
||||
},
|
||||
{
|
||||
id: 'demo-evidence-2',
|
||||
filename: 'passwort-richtlinie.pdf',
|
||||
originalName: 'Passwortrichtlinie v2.1.pdf',
|
||||
mimeType: 'application/pdf',
|
||||
size: 128456,
|
||||
uploadedAt: new Date('2025-01-10'),
|
||||
uploadedBy: 'admin@company.de',
|
||||
documentType: 'POLICY',
|
||||
detectedType: 'POLICY',
|
||||
hash: 'sha256:xyz789abc012',
|
||||
validFrom: new Date('2024-09-01'),
|
||||
validUntil: null,
|
||||
linkedControlIds: ['TOM-ADM-02'],
|
||||
aiAnalysis: {
|
||||
summary: 'Interne Passwortrichtlinie definiert Anforderungen an Passwortlänge, Komplexität und Wechselintervalle.',
|
||||
extractedClauses: [
|
||||
{
|
||||
id: 'clause-1',
|
||||
text: 'Mindestlänge 12 Zeichen, Groß-/Kleinbuchstaben, Zahlen und Sonderzeichen erforderlich',
|
||||
type: 'password-policy',
|
||||
relatedControlId: 'TOM-ADM-02',
|
||||
},
|
||||
{
|
||||
id: 'clause-2',
|
||||
text: 'Passwörter müssen alle 90 Tage geändert werden',
|
||||
type: 'password-policy',
|
||||
relatedControlId: 'TOM-ADM-02',
|
||||
},
|
||||
],
|
||||
applicableControls: ['TOM-ADM-02'],
|
||||
gaps: ['Keine Regelung zur Passwort-Historie gefunden'],
|
||||
confidence: 0.85,
|
||||
analyzedAt: new Date('2025-01-10'),
|
||||
},
|
||||
status: 'ANALYZED',
|
||||
},
|
||||
{
|
||||
id: 'demo-evidence-3',
|
||||
filename: 'aws-avv.pdf',
|
||||
originalName: 'AWS Data Processing Addendum.pdf',
|
||||
mimeType: 'application/pdf',
|
||||
size: 456789,
|
||||
uploadedAt: new Date('2025-01-05'),
|
||||
uploadedBy: 'admin@company.de',
|
||||
documentType: 'AVV',
|
||||
detectedType: 'DPA',
|
||||
hash: 'sha256:qwe123rty456',
|
||||
validFrom: new Date('2024-01-01'),
|
||||
validUntil: null,
|
||||
linkedControlIds: ['TOM-OR-01', 'TOM-OR-02'],
|
||||
aiAnalysis: {
|
||||
summary: 'AWS Data Processing Addendum regelt die Auftragsverarbeitung durch AWS als Unterauftragsverarbeiter.',
|
||||
extractedClauses: [
|
||||
{
|
||||
id: 'clause-1',
|
||||
text: 'AWS verpflichtet sich zur Einhaltung der DSGVO-Anforderungen',
|
||||
type: 'data-processing',
|
||||
relatedControlId: 'TOM-OR-01',
|
||||
},
|
||||
{
|
||||
id: 'clause-2',
|
||||
text: 'Jährliche SOC 2 und ISO 27001 Audits werden durchgeführt',
|
||||
type: 'audit',
|
||||
relatedControlId: 'TOM-OR-02',
|
||||
},
|
||||
],
|
||||
applicableControls: ['TOM-OR-01', 'TOM-OR-02', 'TOM-OR-04'],
|
||||
gaps: [],
|
||||
confidence: 0.9,
|
||||
analyzedAt: new Date('2025-01-05'),
|
||||
},
|
||||
status: 'VERIFIED',
|
||||
},
|
||||
]
|
||||
@@ -9,13 +9,13 @@ import {
|
||||
DataProfile,
|
||||
ArchitectureProfile,
|
||||
SecurityProfile,
|
||||
RiskProfile,
|
||||
EvidenceDocument,
|
||||
DerivedTOM,
|
||||
GapAnalysisResult,
|
||||
TOM_GENERATOR_STEPS,
|
||||
} from '../types'
|
||||
import { getTOMRulesEngine } from '../rules-engine'
|
||||
import { DEMO_RISK_PROFILES, DEMO_EVIDENCE_DOCUMENTS } from './demo-data-part2'
|
||||
|
||||
// Re-export risk profiles and evidence from part2 for backward compatibility
|
||||
export { DEMO_RISK_PROFILES, DEMO_EVIDENCE_DOCUMENTS } from './demo-data-part2'
|
||||
|
||||
// =============================================================================
|
||||
// DEMO COMPANY PROFILES
|
||||
@@ -216,164 +216,6 @@ export const DEMO_SECURITY_PROFILES: Record<string, SecurityProfile> = {
|
||||
},
|
||||
}
|
||||
|
||||
// =============================================================================
|
||||
// DEMO RISK PROFILES
|
||||
// =============================================================================
|
||||
|
||||
export const DEMO_RISK_PROFILES: Record<string, RiskProfile> = {
|
||||
saas: {
|
||||
ciaAssessment: {
|
||||
confidentiality: 3,
|
||||
integrity: 3,
|
||||
availability: 4,
|
||||
justification: 'Als SaaS-Anbieter ist die Verfügbarkeit kritisch für unsere Kunden. Vertraulichkeit und Integrität sind wichtig aufgrund der verarbeiteten Geschäftsdaten.',
|
||||
},
|
||||
protectionLevel: 'HIGH',
|
||||
specialRisks: ['Cloud-Abhängigkeit', 'Multi-Mandanten-Umgebung'],
|
||||
regulatoryRequirements: ['DSGVO', 'Kundenvorgaben'],
|
||||
hasHighRiskProcessing: false,
|
||||
dsfaRequired: false,
|
||||
},
|
||||
healthcare: {
|
||||
ciaAssessment: {
|
||||
confidentiality: 5,
|
||||
integrity: 5,
|
||||
availability: 4,
|
||||
justification: 'Gesundheitsdaten erfordern höchsten Schutz. Fehlerhafte Daten können Patientensicherheit gefährden.',
|
||||
},
|
||||
protectionLevel: 'VERY_HIGH',
|
||||
specialRisks: ['Gesundheitsdaten', 'Minderjährige', 'Telemedizin'],
|
||||
regulatoryRequirements: ['DSGVO', 'SGB', 'MDR'],
|
||||
hasHighRiskProcessing: true,
|
||||
dsfaRequired: true,
|
||||
},
|
||||
enterprise: {
|
||||
ciaAssessment: {
|
||||
confidentiality: 4,
|
||||
integrity: 5,
|
||||
availability: 5,
|
||||
justification: 'Finanzdienstleistungen erfordern höchste Integrität und Verfügbarkeit. Vertraulichkeit ist kritisch für Kundendaten und Transaktionen.',
|
||||
},
|
||||
protectionLevel: 'VERY_HIGH',
|
||||
specialRisks: ['Finanztransaktionen', 'Regulatorische Auflagen', 'Cyber-Risiken'],
|
||||
regulatoryRequirements: ['DSGVO', 'MaRisk', 'BAIT', 'PSD2'],
|
||||
hasHighRiskProcessing: true,
|
||||
dsfaRequired: true,
|
||||
},
|
||||
}
|
||||
|
||||
// =============================================================================
|
||||
// DEMO EVIDENCE DOCUMENTS
|
||||
// =============================================================================
|
||||
|
||||
export const DEMO_EVIDENCE_DOCUMENTS: EvidenceDocument[] = [
|
||||
{
|
||||
id: 'demo-evidence-1',
|
||||
filename: 'iso27001-certificate.pdf',
|
||||
originalName: 'ISO 27001 Zertifikat.pdf',
|
||||
mimeType: 'application/pdf',
|
||||
size: 245678,
|
||||
uploadedAt: new Date('2025-01-15'),
|
||||
uploadedBy: 'admin@company.de',
|
||||
documentType: 'CERTIFICATE',
|
||||
detectedType: 'CERTIFICATE',
|
||||
hash: 'sha256:abc123def456',
|
||||
validFrom: new Date('2024-06-01'),
|
||||
validUntil: new Date('2027-05-31'),
|
||||
linkedControlIds: ['TOM-RV-04', 'TOM-AZ-01'],
|
||||
aiAnalysis: {
|
||||
summary: 'ISO 27001:2022 Zertifikat bestätigt die Implementierung eines Informationssicherheits-Managementsystems.',
|
||||
extractedClauses: [
|
||||
{
|
||||
id: 'clause-1',
|
||||
text: 'Zertifiziert nach ISO/IEC 27001:2022',
|
||||
type: 'certification',
|
||||
relatedControlId: 'TOM-RV-04',
|
||||
},
|
||||
],
|
||||
applicableControls: ['TOM-RV-04', 'TOM-AZ-01', 'TOM-RV-01'],
|
||||
gaps: [],
|
||||
confidence: 0.95,
|
||||
analyzedAt: new Date('2025-01-15'),
|
||||
},
|
||||
status: 'VERIFIED',
|
||||
},
|
||||
{
|
||||
id: 'demo-evidence-2',
|
||||
filename: 'passwort-richtlinie.pdf',
|
||||
originalName: 'Passwortrichtlinie v2.1.pdf',
|
||||
mimeType: 'application/pdf',
|
||||
size: 128456,
|
||||
uploadedAt: new Date('2025-01-10'),
|
||||
uploadedBy: 'admin@company.de',
|
||||
documentType: 'POLICY',
|
||||
detectedType: 'POLICY',
|
||||
hash: 'sha256:xyz789abc012',
|
||||
validFrom: new Date('2024-09-01'),
|
||||
validUntil: null,
|
||||
linkedControlIds: ['TOM-ADM-02'],
|
||||
aiAnalysis: {
|
||||
summary: 'Interne Passwortrichtlinie definiert Anforderungen an Passwortlänge, Komplexität und Wechselintervalle.',
|
||||
extractedClauses: [
|
||||
{
|
||||
id: 'clause-1',
|
||||
text: 'Mindestlänge 12 Zeichen, Groß-/Kleinbuchstaben, Zahlen und Sonderzeichen erforderlich',
|
||||
type: 'password-policy',
|
||||
relatedControlId: 'TOM-ADM-02',
|
||||
},
|
||||
{
|
||||
id: 'clause-2',
|
||||
text: 'Passwörter müssen alle 90 Tage geändert werden',
|
||||
type: 'password-policy',
|
||||
relatedControlId: 'TOM-ADM-02',
|
||||
},
|
||||
],
|
||||
applicableControls: ['TOM-ADM-02'],
|
||||
gaps: ['Keine Regelung zur Passwort-Historie gefunden'],
|
||||
confidence: 0.85,
|
||||
analyzedAt: new Date('2025-01-10'),
|
||||
},
|
||||
status: 'ANALYZED',
|
||||
},
|
||||
{
|
||||
id: 'demo-evidence-3',
|
||||
filename: 'aws-avv.pdf',
|
||||
originalName: 'AWS Data Processing Addendum.pdf',
|
||||
mimeType: 'application/pdf',
|
||||
size: 456789,
|
||||
uploadedAt: new Date('2025-01-05'),
|
||||
uploadedBy: 'admin@company.de',
|
||||
documentType: 'AVV',
|
||||
detectedType: 'DPA',
|
||||
hash: 'sha256:qwe123rty456',
|
||||
validFrom: new Date('2024-01-01'),
|
||||
validUntil: null,
|
||||
linkedControlIds: ['TOM-OR-01', 'TOM-OR-02'],
|
||||
aiAnalysis: {
|
||||
summary: 'AWS Data Processing Addendum regelt die Auftragsverarbeitung durch AWS als Unterauftragsverarbeiter.',
|
||||
extractedClauses: [
|
||||
{
|
||||
id: 'clause-1',
|
||||
text: 'AWS verpflichtet sich zur Einhaltung der DSGVO-Anforderungen',
|
||||
type: 'data-processing',
|
||||
relatedControlId: 'TOM-OR-01',
|
||||
},
|
||||
{
|
||||
id: 'clause-2',
|
||||
text: 'Jährliche SOC 2 und ISO 27001 Audits werden durchgeführt',
|
||||
type: 'audit',
|
||||
relatedControlId: 'TOM-OR-02',
|
||||
},
|
||||
],
|
||||
applicableControls: ['TOM-OR-01', 'TOM-OR-02', 'TOM-OR-04'],
|
||||
gaps: [],
|
||||
confidence: 0.9,
|
||||
analyzedAt: new Date('2025-01-05'),
|
||||
},
|
||||
status: 'VERIFIED',
|
||||
},
|
||||
]
|
||||
|
||||
// =============================================================================
|
||||
// DEMO STATE GENERATOR
|
||||
// =============================================================================
|
||||
|
||||
Reference in New Issue
Block a user