feat: Environmental stress test — the architecture works OUTSIDE cyber (Phase Ω, data-only)
First NON-cyber stress test. Every prior journey was cyber (infosec/software/product security).
Environmental brings a completely different mental model (substance flows, emissions, water,
chemicals, energy, circularity). The claim under test: RS-005 carries it UNCHANGED — only new DATA,
zero runtime code.
ISO 14001 (an EMS) is modelled as a Company Profile and run through the SAME engines as ISO 27001 ->
CRA (new pattern transition_pattern_iso14001_to_environmental_v1.yaml, capabilities as VERBS):
- ISO 14001 yields 5 environmental MANAGEMENT capabilities (Welt-1, probably present)
- the concrete substance/emission/water/material EVIDENCE is the 11-capability delta
- rejected_assumptions state what ISO 14001 does NOT produce (substance lists, REACH, emissions,
battery passports, water analyses) — preserving the Welt-1/Welt-2 separation
- the Journey Matcher stays domain-agnostic: ISO14001->Environmental 100%, cyber journeys 0%
Result: a non-cyber domain ran through Reality -> ... -> Journey with 0 new runtime classes and 0
new pipeline — a stronger generality proof than ten more cyber regulations.
Also extends the Architecture Stability ledger with the third KPI column the user requested — "new
capability types" — as a granularity Frühindikator (a domain needing ~80 new types at 0 runtime would
flag a too-coarse/too-fine capability model). Environmental = 16 types (5 mgmt + 11 evidence), in
range. Ledger now flags cyber vs non_cyber family. Non-runtime -> no deploy. 19 tests pass, check-loc 0.
This commit is contained in:
Benjamin Admin
@@ -12,6 +12,9 @@
|
||||
# stability claim broke and Phase Ω failed; record it honestly.
|
||||
|
||||
# --- Integrated Requirement Sources: each is DATA (a pattern / a Required set), run by the shared pipeline ---
|
||||
# new_capability_types = distinct NEW capability ids the source introduced. NOT an architecture break —
|
||||
# a FRÜHINDIKATOR for capability-model granularity: if a domain ever needs ~80 new types with 0 runtime
|
||||
# change, the capability model is probably cut too coarse or too fine. Watch the number, not just 0/0.
|
||||
sources:
|
||||
- source: "Cyber Resilience Act (CRA)"
|
||||
domain: industrial_automation
|
||||
@@ -19,7 +22,9 @@ sources:
|
||||
integrated_as: transition_pattern_data
|
||||
new_runtime_classes: 0
|
||||
new_pipeline: false
|
||||
new_capability_types: 13
|
||||
integration_kind: data_only
|
||||
family: cyber
|
||||
exercised_by: "customer_mission_1/2/3, journey_matcher_demo"
|
||||
- source: "Maschinenverordnung (MaschinenVO)"
|
||||
domain: industrial_automation
|
||||
@@ -27,7 +32,9 @@ sources:
|
||||
integrated_as: transition_pattern_data
|
||||
new_runtime_classes: 0
|
||||
new_pipeline: false
|
||||
new_capability_types: 4
|
||||
integration_kind: data_only
|
||||
family: cyber
|
||||
exercised_by: "customer_mission_1/3, journey_matcher_demo"
|
||||
- source: "TISAX"
|
||||
domain: automotive
|
||||
@@ -35,7 +42,9 @@ sources:
|
||||
integrated_as: transition_pattern_data
|
||||
new_runtime_classes: 0
|
||||
new_pipeline: false
|
||||
new_capability_types: 5
|
||||
integration_kind: data_only
|
||||
family: cyber
|
||||
exercised_by: "customer_mission_3/5, journey_matcher_demo"
|
||||
- source: "Public Tender (öffentliche Ausschreibung)"
|
||||
domain: cross_industry
|
||||
@@ -43,7 +52,9 @@ sources:
|
||||
integrated_as: injected_required_set
|
||||
new_runtime_classes: 0
|
||||
new_pipeline: false
|
||||
new_capability_types: 3
|
||||
integration_kind: data_only
|
||||
family: cyber
|
||||
exercised_by: "customer_mission_3/4"
|
||||
- source: "OEM Specification (Lastenheft)"
|
||||
domain: automotive
|
||||
@@ -51,16 +62,20 @@ sources:
|
||||
integrated_as: injected_required_set
|
||||
new_runtime_classes: 0
|
||||
new_pipeline: false
|
||||
new_capability_types: 4
|
||||
integration_kind: data_only
|
||||
family: cyber
|
||||
exercised_by: "customer_mission_4"
|
||||
- source: "Environmental / Material evidence target"
|
||||
- source: "ISO 14001 -> Environmental/Material (REACH/RoHS/Batterie/Wasser/Energie/Abfall)"
|
||||
domain: environmental
|
||||
target_type: environmental
|
||||
integrated_as: injected_required_set
|
||||
target_type: regulation
|
||||
integrated_as: transition_pattern_data
|
||||
new_runtime_classes: 0
|
||||
new_pipeline: false
|
||||
new_capability_types: 16
|
||||
integration_kind: data_only
|
||||
exercised_by: "customer_mission_5"
|
||||
family: non_cyber # FIRST non-cyber domain — the real generality test
|
||||
exercised_by: "customer_mission_5, environmental_stress_test"
|
||||
|
||||
# --- One-time, domain-AGNOSTIC pipeline functions (built once, now FROZEN per Phase Ω). ---
|
||||
# Listed for honesty so the stability KPI cannot be gamed: these are NOT per-domain costs. The last
|
||||
|
||||
+118
@@ -0,0 +1,118 @@
|
||||
# Transition KNOWLEDGE Pattern (TKP) — ISO 14001 (EMS) -> Environmental / Material compliance
|
||||
# THE FIRST NON-CYBER STRESS TEST. Every prior pattern lives in the cyber family (infosec / software /
|
||||
# product cybersecurity). Environmental brings entirely different mental models: substance flows,
|
||||
# emissions, water, chemicals, energy, circularity, disposal. If RS-005 carries this UNCHANGED (only new
|
||||
# DATA, zero runtime code), the architecture is general beyond cyber.
|
||||
#
|
||||
# Same shape as ISO 9001 -> CRA: ISO 14001 is a MANAGEMENT system. It gives environmental management
|
||||
# discipline (aspects, compliance process, audits, improvement, document control) but NOT the concrete,
|
||||
# substance-/product-specific EVIDENCE. So the delta is large, and the new quality question is explicit:
|
||||
# "which environmental capabilities does ISO 14001 typically NOT produce?" -> rejected_assumptions.
|
||||
# Capabilities are VERBS (capability-is-a-verb). Curated expert FIRST DRAFT, NOT a normative proof.
|
||||
|
||||
id: TP-ISO14001-ENV-v1
|
||||
status: draft # draft(L1) -> reviewed(L2) -> validated(L3, expert) -> proven(L4)
|
||||
version: 1
|
||||
|
||||
transition_goal:
|
||||
from:
|
||||
standard: "ISO 14001"
|
||||
edition: "2015"
|
||||
nature: organizational_environmental_management_system
|
||||
to:
|
||||
domain: "Environmental / Material compliance"
|
||||
nature: concrete_environmental_evidence
|
||||
sources: ["REACH", "RoHS", "Batterieverordnung", "Wasserrecht", "Abwasservorschriften", "Energiemanagement (EnEfG)", "Kreislaufwirtschaft (KrWG/AVV)", "Emissionsschutz (BImSchG)"]
|
||||
one_line: "Move a manufacturer whose only environmental management system is ISO 14001 toward concrete environmental/material compliance for a product placed on the EU market."
|
||||
|
||||
provenance:
|
||||
author: "Claude (Reasoning session) — AI first draft (L1)"
|
||||
basis: "ISO 14001:2015 (6.1.2 aspects, 6.1.3 compliance obligations, 7.5 documented information, 9.2 internal audit, 10.3 continual improvement) vs concrete substance/emission/water/material duties."
|
||||
reviewed_by: null
|
||||
validated_by: null
|
||||
|
||||
disclaimer: >
|
||||
Curated expert knowledge, NOT a normative proof. KEY INSIGHT: ISO 14001 is an environmental MANAGEMENT
|
||||
system — it provides the discipline to identify aspects and run compliance/audit/improvement processes,
|
||||
but it produces NO concrete substance lists, emission measurements, REACH registrations, battery
|
||||
passports or water analyses. The environmental delta for an ISO-14001-only manufacturer is therefore
|
||||
LARGE. Welt-1; confidence from the curated relationship, never "erfüllt".
|
||||
|
||||
source_state_variants:
|
||||
certified: "ISO 14001 certified -> the management-discipline assumptions hold; concrete evidence is still missing."
|
||||
ems_introduced: "EMS implemented but not certified -> downgrade 'partially_supports' to needs_confirmation."
|
||||
|
||||
# ── A) LIKELY COVERED — only environmental MANAGEMENT discipline (partially_supports), NOT evidence. ──
|
||||
likely_covered:
|
||||
- capability: identify_environmental_aspects
|
||||
iso14001_basis: ["6.1.2"]
|
||||
relationship: partially_supports
|
||||
confidence_source: relationship
|
||||
verification: required
|
||||
expected_evidence: [environmental_aspects_register]
|
||||
rationale: "ISO 14001 requires identifying environmental aspects/impacts — the discipline to KNOW where chemicals, water, energy and waste are relevant — but not the concrete substance/emission data itself."
|
||||
reviewable_claim: "Aspect identification scopes environmental topics but does not measure or declare any substance."
|
||||
- capability: operate_environmental_compliance_process
|
||||
iso14001_basis: ["6.1.3", "9.1.2"]
|
||||
relationship: partially_supports
|
||||
confidence_source: relationship
|
||||
verification: required
|
||||
expected_evidence: [compliance_obligations_register]
|
||||
rationale: "ISO 14001 requires a process to determine and evaluate compliance obligations — a framework to TRACK duties, not to discharge any specific one."
|
||||
reviewable_claim: "A compliance-obligations process tracks duties but does not produce a REACH registration or an emission report."
|
||||
- capability: conduct_internal_environmental_audits
|
||||
iso14001_basis: ["9.2"]
|
||||
relationship: partially_supports
|
||||
confidence_source: relationship
|
||||
verification: required
|
||||
expected_evidence: [internal_audit_programme]
|
||||
rationale: "Internal audit gives assurance that the EMS runs — process assurance, not substance evidence."
|
||||
reviewable_claim: "Internal audits assure the management system, not concrete environmental performance."
|
||||
- capability: run_continual_environmental_improvement
|
||||
iso14001_basis: ["10.3"]
|
||||
relationship: partially_supports
|
||||
confidence_source: relationship
|
||||
verification: required
|
||||
expected_evidence: [improvement_objectives]
|
||||
rationale: "Continual improvement drives objectives/targets — direction, not the concrete deliverables a regulation demands."
|
||||
reviewable_claim: "Improvement objectives set direction but do not constitute regulatory evidence."
|
||||
- capability: control_environmental_documents
|
||||
iso14001_basis: ["7.5"]
|
||||
relationship: partially_supports
|
||||
confidence_source: relationship
|
||||
verification: required
|
||||
expected_evidence: [document_control_procedure]
|
||||
rationale: "Documented-information control gives the discipline to MAINTAIN records — but no record content."
|
||||
reviewable_claim: "Document control maintains records; it does not create the substance/emission records themselves."
|
||||
|
||||
# ── B) DELTA — the concrete substance/emission/water/material EVIDENCE ISO 14001 does NOT produce. ──
|
||||
# Each carries covers_targets = the requirement sources that demand it (the verb -> sources mapping).
|
||||
delta_requirements:
|
||||
- {capability: manage_chemical_substances, missing_because: "An EMS does not maintain a concrete chemical inventory.", why_asked: "REACH/RoHS require knowing exactly which substances are present.", dropped_if: ["A maintained substance inventory exists."], needed_information: verify_existence, covers_targets: [REACH, RoHS], expected_evidence: [chemical_inventory], priority: high, reviewable_claim: "ISO 14001 does not maintain a concrete substance inventory."}
|
||||
- {capability: register_substances_under_reach, missing_because: "No REACH registration dossiers in an EMS.", why_asked: "REACH requires registration of manufactured/imported substances >1 t/a.", dropped_if: ["REACH registration/notification dossiers exist."], needed_information: request_evidence, covers_targets: [REACH], expected_evidence: [reach_registration_dossier], priority: high, reviewable_claim: "ISO 14001 does not produce REACH registrations."}
|
||||
- {capability: restrict_hazardous_substances_rohs, missing_because: "No RoHS substance-restriction evidence in an EMS.", why_asked: "RoHS restricts specific hazardous substances in EEE.", dropped_if: ["RoHS compliance declarations + material data exist."], needed_information: request_evidence, covers_targets: [RoHS], expected_evidence: [rohs_declaration], priority: high, reviewable_claim: "ISO 14001 does not establish RoHS substance-restriction evidence."}
|
||||
- {capability: monitor_water_consumption, missing_because: "An EMS does not meter water by permit.", why_asked: "Water permits require monitoring abstraction/consumption.", dropped_if: ["Water consumption is metered and reported per permit."], needed_information: verify_existence, covers_targets: ["Wasserrecht"], expected_evidence: [water_consumption_records], priority: medium, reviewable_claim: "ISO 14001 does not meter water consumption per permit."}
|
||||
- {capability: treat_and_document_wastewater, missing_because: "No concrete effluent treatment/analysis in an EMS.", why_asked: "National wastewater rules set discharge limits + monitoring.", dropped_if: ["Effluent treatment + discharge analyses exist."], needed_information: request_evidence, covers_targets: ["Abwasservorschriften"], expected_evidence: [wastewater_analysis], priority: high, reviewable_claim: "ISO 14001 does not treat or analyse wastewater."}
|
||||
- {capability: account_energy_consumption, missing_because: "No concrete energy accounting in an EMS.", why_asked: "Energy-management duties require documented consumption.", dropped_if: ["Energy consumption is accounted and reported."], needed_information: verify_existence, covers_targets: ["Energiemanagement (EnEfG)"], expected_evidence: [energy_consumption_report], priority: medium, reviewable_claim: "ISO 14001 does not account energy consumption."}
|
||||
- {capability: document_waste_streams, missing_because: "No concrete waste-stream records in an EMS.", why_asked: "Circular-economy/waste law requires documented streams + codes.", dropped_if: ["Waste streams are documented with EWC codes."], needed_information: verify_existence, covers_targets: ["Kreislaufwirtschaft (KrWG/AVV)"], expected_evidence: [waste_register], priority: medium, reviewable_claim: "ISO 14001 does not document concrete waste streams."}
|
||||
- {capability: declare_material_composition, missing_because: "No material declaration in an EMS.", why_asked: "Customer/SCIP/battery rules require material declarations.", dropped_if: ["Material declarations (e.g. SCIP) exist."], needed_information: request_evidence, covers_targets: ["Kundenanforderungen", "Batterieverordnung"], expected_evidence: [material_declaration], priority: high, reviewable_claim: "ISO 14001 does not declare material composition."}
|
||||
- {capability: issue_battery_passport, missing_because: "No battery passport in an EMS.", why_asked: "The Battery Regulation requires a battery passport for in-scope batteries.", dropped_if: ["A battery passport is issued per unit/model."], needed_information: request_evidence, covers_targets: ["Batterieverordnung"], expected_evidence: [battery_passport], priority: high, reviewable_claim: "ISO 14001 does not produce a battery passport."}
|
||||
- {capability: measure_air_emissions, missing_because: "No concrete emission measurements in an EMS.", why_asked: "Emission-protection law requires measured emissions for in-scope installations.", dropped_if: ["Emission measurements/reports exist per permit."], needed_information: request_evidence, covers_targets: ["Emissionsschutz (BImSchG)"], expected_evidence: [emission_measurement_report], priority: medium, reviewable_claim: "ISO 14001 does not measure air emissions."}
|
||||
- {capability: analyze_water_discharge, missing_because: "No concrete water analyses in an EMS.", why_asked: "Permits require periodic water/effluent analyses.", dropped_if: ["Periodic water analyses exist."], needed_information: request_evidence, covers_targets: ["Wasserrecht", "Abwasservorschriften"], expected_evidence: [water_analysis], priority: medium, reviewable_claim: "ISO 14001 does not perform water analyses."}
|
||||
|
||||
# ── C) REJECTED ASSUMPTIONS — the new quality question: what ISO 14001 typically does NOT produce. ──
|
||||
rejected_assumptions:
|
||||
- "ISO 14001 does NOT produce concrete substance lists or REACH registrations."
|
||||
- "ISO 14001 does NOT produce concrete air-emission measurements."
|
||||
- "ISO 14001 does NOT produce battery passports or material declarations."
|
||||
- "ISO 14001 does NOT produce water or wastewater analyses."
|
||||
- "An ISO 14001 certificate does NOT establish RoHS substance-restriction evidence."
|
||||
|
||||
determinism_goal: >
|
||||
Two independent auditors should agree that an ISO-14001-only manufacturer has the environmental
|
||||
MANAGEMENT discipline but is missing nearly all concrete substance/emission/water/material evidence —
|
||||
the same shape as ISO 9001 -> CRA, in a completely non-cyber domain.
|
||||
|
||||
review_checklist:
|
||||
- "Confirm the delta + rejected_assumptions with an environmental compliance expert."
|
||||
- "Replace capability ids with Capability Registry MCAP ids once assigned."
|
||||
Reference in New Issue
Block a user