Skip to content

[EPIC] Ecosystem-wide ISO standard compliance #645

Description

@kcenon

What

Coordinate ISO standard compliance work across the kcenon ecosystem so that each Tier-1 and higher system can document concrete mapping to the relevant ISO standards.

  • Current: ISO compliance is implemented in places (DICOM in pacs, audit HMAC in logger audit_logger) but not documented or applied consistently
  • Expected: Each system has a docs/compliance/ page with control-by-control mapping
  • Scope: logger, monitoring, database, pacs (common and network already align)

Why

  • Enterprise adopters request ISO evidence at procurement
  • Regulated domains (medical, financial) need demonstrable compliance, not just "we use TLS"
  • Consistent posture across the ecosystem simplifies the story for anyone evaluating kcenon as a foundation

Where

Standard Relevant systems Scope
ISO/IEC 14882 (C++20) common, thread, logger, container, monitoring, database, network, pacs Already enforced via CMAKE_CXX_EXTENSIONS OFF
ISO/IEC 27001 (InfoSec) logger, monitoring, database Log integrity, audit retention, TLS defaults
ISO/IEC 20000-1 (ITSM) monitoring Incident/problem management
ISO 8601 (date/time) logger Already implemented
ISO/IEC 9075 (SQL) database ACID + parameterized queries
ISO 12052 (DICOM) pacs Already implemented
ISO 27799 (health info sec) pacs Audit log encryption

How

Sub-issues (implementation work)

Sub-issues (documentation gap, opened 2026-04-21)

Acceptance Criteria

  • Each implementation sub-issue closed
  • Each target system has docs/compliance/ section linked from its README (2/4 done — monitoring, database)
  • Ecosystem-level compliance summary added to common_system/docs/compliance/ISO_OVERVIEW.md

Verification 2026-04-21: monitoring_system and database_system meet the per-system criterion. logger and pacs lack docs/compliance/ directories on develop. ISO_OVERVIEW.md is absent. Three gap sub-issues opened to close the remaining work — see verification comment.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions