feat(isms): ISO 27001 Frontend, Proxy, Sidebar, Flow-Data, Architecture, MkDocs

ISMS-Modul mit 6 Tabs (Uebersicht, Policies, SoA, Ziele, Audits/Findings/CAPA,
Management-Reviews) fuer alle 39 Backend-Endpoints. Readiness-Check identifiziert
potenzielle Major/Minor-Findings vor externer Zertifizierung.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

admin-compliance/app/api/sdk/v1/isms/[[...path]]/route.ts

@@ -0,0 +1,111 @@
+/**
+ * ISMS (ISO 27001) API Proxy - Catch-all route
+ * Proxies all /api/sdk/v1/isms/* requests to backend-compliance /api/isms/*
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+
+const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
+
+async function proxyRequest(
+  request: NextRequest,
+  pathSegments: string[] | undefined,
+  method: string
+) {
+  const pathStr = pathSegments?.join('/') || ''
+  const searchParams = request.nextUrl.searchParams.toString()
+  const basePath = `${BACKEND_URL}/api/isms`
+  const url = pathStr
+    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
+    : `${basePath}${searchParams ? `?${searchParams}` : ''}`
+
+  try {
+    const headers: HeadersInit = {
+      'Content-Type': 'application/json',
+    }
+
+    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
+    for (const name of headerNames) {
+      const value = request.headers.get(name)
+      if (value) {
+        headers[name] = value
+      }
+    }
+
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    const clientUserId = request.headers.get('x-user-id')
+    const clientTenantId = request.headers.get('x-tenant-id')
+    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
+    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
+
+    const fetchOptions: RequestInit = {
+      method,
+      headers,
+      signal: AbortSignal.timeout(60000),
+    }
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      const body = await request.text()
+      if (body) {
+        fetchOptions.body = body
+      }
+    }
+
+    const response = await fetch(url, fetchOptions)
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      let errorJson
+      try {
+        errorJson = JSON.parse(errorText)
+      } catch {
+        errorJson = { error: errorText }
+      }
+      return NextResponse.json(
+        { error: `Backend Error: ${response.status}`, ...errorJson },
+        { status: response.status }
+      )
+    }
+
+    const data = await response.json()
+    return NextResponse.json(data)
+  } catch (error) {
+    console.error('ISMS API proxy error:', error)
+    return NextResponse.json(
+      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
+      { status: 503 }
+    )
+  }
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'GET')
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'POST')
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'PUT')
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path?: string[] }> }
+) {
+  const { path } = await params
+  return proxyRequest(request, path, 'DELETE')
+}

admin-compliance/app/sdk/architecture/architecture-data.ts

@@ -160,6 +160,11 @@ export const ARCH_SERVICES: ArchService[] = [
       'security_backlog', 'quality_entries',
       'notfallplan_incidents', 'notfallplan_templates',
       'data_processing_agreement',
+      'compliance_isms_scope', 'compliance_isms_context', 'compliance_isms_policy',
+      'compliance_security_objectives', 'compliance_soa',
+      'compliance_audit_findings', 'compliance_corrective_actions',
+      'compliance_management_reviews', 'compliance_internal_audits',
+      'compliance_audit_trail', 'compliance_isms_readiness_checks',
     ],
     ragCollections: [],
     apiEndpoints: [
@@ -173,6 +178,16 @@ export const ARCH_SERVICES: ArchService[] = [
       'CRUD /api/compliance/vvt',
       'CRUD /api/compliance/loeschfristen',
       'CRUD /api/compliance/obligations',
+      'CRUD /api/isms/scope',
+      'CRUD /api/isms/policies',
+      'CRUD /api/isms/objectives',
+      'CRUD /api/isms/soa',
+      'CRUD /api/isms/findings',
+      'CRUD /api/isms/capa',
+      'CRUD /api/isms/management-reviews',
+      'CRUD /api/isms/internal-audits',
+      'GET /api/isms/overview',
+      'POST /api/isms/readiness-check',
       'CRUD /api/compliance/legal-documents',
       'CRUD /api/compliance/legal-templates',
     ],

admin-compliance/app/sdk/sdk-flow/flow-data.ts

@@ -864,6 +864,34 @@ export const SDK_FLOW_STEPS: SDKFlowStep[] = [
     url: '/sdk/quality',
     completion: 100,
   },
+  {
+    id: 'isms',
+    name: 'ISMS (ISO 27001)',
+    nameShort: 'ISMS',
+    package: 'betrieb',
+    seq: 5100,
+    checkpointId: 'CP-ISMS',
+    checkpointType: 'RECOMMENDED',
+    checkpointReviewer: 'DSB',
+    description: 'Informationssicherheits-Managementsystem: Scope, Policies, SoA, Audits, CAPA, Management-Reviews und Readiness-Check.',
+    descriptionLong: 'ISO 27001 Zertifizierungsvorbereitung. Verwaltet den ISMS-Scope (Kap. 4.3), Kontextanalyse (4.1/4.2), Sicherheitspolicies (5.2), Security Objectives mit SMART-KPIs (6.2), Statement of Applicability fuer alle 93 Annex-A-Controls, interne Audits (9.2), Management-Reviews (9.3), Audit-Findings mit CAPA-Workflow und einen automatischen Readiness-Check der potenzielle Major/Minor-Findings vor der externen Zertifizierung identifiziert.',
+    legalBasis: 'ISO/IEC 27001:2022, Art. 32 DSGVO (Sicherheit der Verarbeitung)',
+    inputs: ['risks', 'controls', 'requirements'],
+    outputs: ['ismsReadiness'],
+    prerequisiteSteps: ['quality'],
+    dbTables: [
+      'compliance_isms_scope', 'compliance_isms_context', 'compliance_isms_policy',
+      'compliance_security_objectives', 'compliance_soa',
+      'compliance_audit_findings', 'compliance_corrective_actions',
+      'compliance_management_reviews', 'compliance_internal_audits',
+      'compliance_audit_trail', 'compliance_isms_readiness_checks',
+    ],
+    dbMode: 'read/write',
+    ragCollections: [],
+    isOptional: true,
+    url: '/sdk/isms',
+    completion: 100,
+  },
 ]
 
 // =============================================================================

admin-compliance/components/sdk/Sidebar/SDKSidebar.tsx

@@ -678,6 +678,18 @@ export function SDKSidebar({ collapsed = false, onCollapsedChange }: SDKSidebarP
             isActive={pathname === '/sdk/roadmap'}
             collapsed={collapsed}
           />
+          <AdditionalModuleItem
+            href="/sdk/isms"
+            icon={
+              <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2}
+                  d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z" />
+              </svg>
+            }
+            label="ISMS (ISO 27001)"
+            isActive={pathname === '/sdk/isms'}
+            collapsed={collapsed}
+          />
           <AdditionalModuleItem
             href="/sdk/audit-llm"
             icon={