Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
786bb409e48d964de7786c670ce9448e124c57d6
breakpilot-compliance/admin-compliance/lib/sdk/compliance-scope-data.ts
Sharang Parnerkar 911d872178 refactor(admin): split compliance-scope-engine.ts (1811 LOC) into focused modules 
Extract data constants and document-scope logic from the monolithic engine:
- compliance-scope-data.ts (133 LOC): score weights + answer multipliers
- compliance-scope-triggers.ts (823 LOC): 50 hard trigger rules (data table)
- compliance-scope-documents.ts (497 LOC): document scope, risk flags, gaps, actions, reasoning
- compliance-scope-engine.ts (406 LOC): core class with scoring + trigger evaluation

All logic files stay under the 500 LOC cap. The triggers file exceeds it
as a pure declarative data table with no logic.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 13:33:51 +02:00

134 lines
4.1 KiB
TypeScript
Raw Blame History

// ============================================================================
// SCORE WEIGHTS PRO FRAGE
// ============================================================================
export const QUESTION_SCORE_WEIGHTS: Record<
string,
{ risk: number; complexity: number; assurance: number }
> = {
// Organisationsprofil (6 Fragen)
org_employee_count: { risk: 3, complexity: 5, assurance: 4 },
org_industry: { risk: 6, complexity: 4, assurance: 5 },
org_business_model: { risk: 5, complexity: 3, assurance: 4 },
org_customer_count: { risk: 4, complexity: 6, assurance: 5 },
org_cert_target: { risk: 2, complexity: 8, assurance: 9 },
org_has_dpo: { risk: 7, complexity: 2, assurance: 8 },
// Datenarten (5 Fragen)
data_art9: { risk: 10, complexity: 7, assurance: 9 },
data_minors: { risk: 10, complexity: 6, assurance: 9 },
data_volume: { risk: 6, complexity: 7, assurance: 6 },
data_retention_years: { risk: 5, complexity: 4, assurance: 5 },
data_sources: { risk: 4, complexity: 5, assurance: 4 },
// Verarbeitungszwecke (9 Fragen)
proc_adm_scoring: { risk: 9, complexity: 7, assurance: 8 },
proc_ai_usage: { risk: 8, complexity: 8, assurance: 8 },
proc_video_surveillance: { risk: 7, complexity: 5, assurance: 7 },
proc_employee_monitoring: { risk: 7, complexity: 5, assurance: 7 },
proc_tracking: { risk: 6, complexity: 4, assurance: 6 },
proc_dsar_process: { risk: 8, complexity: 6, assurance: 8 },
proc_deletion_concept: { risk: 7, complexity: 5, assurance: 7 },
proc_incident_response: { risk: 9, complexity: 6, assurance: 9 },
proc_regular_audits: { risk: 5, complexity: 7, assurance: 8 },
// Technik (7 Fragen)
tech_hosting_location: { risk: 7, complexity: 5, assurance: 7 },
tech_third_country: { risk: 8, complexity: 6, assurance: 8 },
tech_encryption_transit: { risk: 8, complexity: 4, assurance: 8 },
tech_encryption_rest: { risk: 8, complexity: 4, assurance: 8 },
tech_access_control: { risk: 7, complexity: 5, assurance: 7 },
tech_logging: { risk: 6, complexity: 5, assurance: 7 },
tech_backup_recovery: { risk: 6, complexity: 5, assurance: 7 },
// Produkt/Features (5 Fragen)
prod_webshop: { risk: 5, complexity: 4, assurance: 5 },
prod_data_broker: { risk: 9, complexity: 7, assurance: 8 },
prod_api_external: { risk: 6, complexity: 5, assurance: 6 },
prod_consent_management: { risk: 7, complexity: 5, assurance: 8 },
prod_data_portability: { risk: 4, complexity: 5, assurance: 5 },
// Compliance Reife (3 Fragen)
comp_training: { risk: 5, complexity: 4, assurance: 7 },
comp_vendor_management: { risk: 6, complexity: 6, assurance: 7 },
comp_documentation_level: { risk: 6, complexity: 7, assurance: 8 },
}
// ============================================================================
// ANSWER MULTIPLIERS FÜR SINGLE-CHOICE FRAGEN
// ============================================================================
export const ANSWER_MULTIPLIERS: Record<string, Record<string, number>> = {
org_employee_count: {
'1-9': 0.1,
'10-49': 0.3,
'50-249': 0.5,
'250-999': 0.7,
'1000+': 1.0,
},
org_industry: {
tech: 0.4,
finance: 0.8,
healthcare: 0.9,
public: 0.7,
retail: 0.5,
education: 0.6,
other: 0.3,
},
org_business_model: {
b2b: 0.4,
b2c: 0.7,
b2b2c: 0.6,
internal: 0.3,
},
org_customer_count: {
'0-100': 0.1,
'100-1000': 0.2,
'1000-10000': 0.4,
'10000-100000': 0.7,
'100000+': 1.0,
},
data_volume: {
'<1000': 0.1,
'1000-10000': 0.2,
'10000-100000': 0.4,
'100000-1000000': 0.7,
'>1000000': 1.0,
},
data_retention_years: {
'<1': 0.2,
'1-3': 0.4,
'3-5': 0.6,
'5-10': 0.8,
'>10': 1.0,
},
tech_hosting_location: {
eu: 0.2,
eu_us_adequacy: 0.4,
us_adequacy: 0.6,
drittland: 1.0,
},
tech_access_control: {
none: 1.0,
basic: 0.6,
rbac: 0.3,
advanced: 0.1,
},
tech_logging: {
none: 1.0,
basic: 0.6,
comprehensive: 0.2,
},
tech_backup_recovery: {
none: 1.0,
basic: 0.5,
tested: 0.2,
},
comp_documentation_level: {
none: 1.0,
basic: 0.6,
structured: 0.3,
comprehensive: 0.1,
},
}
Reference in New Issue View Git Blame Copy Permalink