feat(isms): ISO 27001 Frontend, Proxy, Sidebar, Flow-Data, Architecture, MkDocs

ISMS-Modul mit 6 Tabs (Uebersicht, Policies, SoA, Ziele, Audits/Findings/CAPA, Management-Reviews) fuer alle 39 Backend-Endpoints. Readiness-Check identifiziert potenzielle Major/Minor-Findings vor externer Zertifizierung. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 14:53:31 +01:00
parent 1e84df9769
commit 9e65dff7d6
7 changed files with 1605 additions and 0 deletions
--- a/admin-compliance/app/sdk/architecture/architecture-data.ts
+++ b/admin-compliance/app/sdk/architecture/architecture-data.ts
@@ -160,6 +160,11 @@ export const ARCH_SERVICES: ArchService[] = [
      'security_backlog', 'quality_entries',
      'notfallplan_incidents', 'notfallplan_templates',
      'data_processing_agreement',
+      'compliance_isms_scope', 'compliance_isms_context', 'compliance_isms_policy',
+      'compliance_security_objectives', 'compliance_soa',
+      'compliance_audit_findings', 'compliance_corrective_actions',
+      'compliance_management_reviews', 'compliance_internal_audits',
+      'compliance_audit_trail', 'compliance_isms_readiness_checks',
    ],
    ragCollections: [],
    apiEndpoints: [
@@ -173,6 +178,16 @@ export const ARCH_SERVICES: ArchService[] = [
      'CRUD /api/compliance/vvt',
      'CRUD /api/compliance/loeschfristen',
      'CRUD /api/compliance/obligations',
+      'CRUD /api/isms/scope',
+      'CRUD /api/isms/policies',
+      'CRUD /api/isms/objectives',
+      'CRUD /api/isms/soa',
+      'CRUD /api/isms/findings',
+      'CRUD /api/isms/capa',
+      'CRUD /api/isms/management-reviews',
+      'CRUD /api/isms/internal-audits',
+      'GET /api/isms/overview',
+      'POST /api/isms/readiness-check',
      'CRUD /api/compliance/legal-documents',
      'CRUD /api/compliance/legal-templates',
    ],
--- a/admin-compliance/app/sdk/isms/page.tsx
+++ b/admin-compliance/app/sdk/isms/page.tsx
--- a/admin-compliance/app/sdk/sdk-flow/flow-data.ts
+++ b/admin-compliance/app/sdk/sdk-flow/flow-data.ts
@@ -864,6 +864,34 @@ export const SDK_FLOW_STEPS: SDKFlowStep[] = [
    url: '/sdk/quality',
    completion: 100,
  },
+  {
+    id: 'isms',
+    name: 'ISMS (ISO 27001)',
+    nameShort: 'ISMS',
+    package: 'betrieb',
+    seq: 5100,
+    checkpointId: 'CP-ISMS',
+    checkpointType: 'RECOMMENDED',
+    checkpointReviewer: 'DSB',
+    description: 'Informationssicherheits-Managementsystem: Scope, Policies, SoA, Audits, CAPA, Management-Reviews und Readiness-Check.',
+    descriptionLong: 'ISO 27001 Zertifizierungsvorbereitung. Verwaltet den ISMS-Scope (Kap. 4.3), Kontextanalyse (4.1/4.2), Sicherheitspolicies (5.2), Security Objectives mit SMART-KPIs (6.2), Statement of Applicability fuer alle 93 Annex-A-Controls, interne Audits (9.2), Management-Reviews (9.3), Audit-Findings mit CAPA-Workflow und einen automatischen Readiness-Check der potenzielle Major/Minor-Findings vor der externen Zertifizierung identifiziert.',
+    legalBasis: 'ISO/IEC 27001:2022, Art. 32 DSGVO (Sicherheit der Verarbeitung)',
+    inputs: ['risks', 'controls', 'requirements'],
+    outputs: ['ismsReadiness'],
+    prerequisiteSteps: ['quality'],
+    dbTables: [
+      'compliance_isms_scope', 'compliance_isms_context', 'compliance_isms_policy',
+      'compliance_security_objectives', 'compliance_soa',
+      'compliance_audit_findings', 'compliance_corrective_actions',
+      'compliance_management_reviews', 'compliance_internal_audits',
+      'compliance_audit_trail', 'compliance_isms_readiness_checks',
+    ],
+    dbMode: 'read/write',
+    ragCollections: [],
+    isOptional: true,
+    url: '/sdk/isms',
+    completion: 100,
+  },
 ]

 // =============================================================================