What
Coordinate ISO standard compliance work across the kcenon ecosystem so that each Tier-1 and higher system can document concrete mapping to the relevant ISO standards.
- Current: ISO compliance is implemented in places (DICOM in pacs, audit HMAC in logger audit_logger) but not documented or applied consistently
- Expected: Each system has a
docs/compliance/ page with control-by-control mapping
- Scope: logger, monitoring, database, pacs (common and network already align)
Why
- Enterprise adopters request ISO evidence at procurement
- Regulated domains (medical, financial) need demonstrable compliance, not just "we use TLS"
- Consistent posture across the ecosystem simplifies the story for anyone evaluating kcenon as a foundation
Where
| Standard |
Relevant systems |
Scope |
| ISO/IEC 14882 (C++20) |
common, thread, logger, container, monitoring, database, network, pacs |
Already enforced via CMAKE_CXX_EXTENSIONS OFF |
| ISO/IEC 27001 (InfoSec) |
logger, monitoring, database |
Log integrity, audit retention, TLS defaults |
| ISO/IEC 20000-1 (ITSM) |
monitoring |
Incident/problem management |
| ISO 8601 (date/time) |
logger |
Already implemented |
| ISO/IEC 9075 (SQL) |
database |
ACID + parameterized queries |
| ISO 12052 (DICOM) |
pacs |
Already implemented |
| ISO 27799 (health info sec) |
pacs |
Audit log encryption |
How
Sub-issues (implementation work)
Sub-issues (documentation gap, opened 2026-04-21)
Acceptance Criteria
Verification 2026-04-21: monitoring_system and database_system meet the per-system criterion. logger and pacs lack docs/compliance/ directories on develop. ISO_OVERVIEW.md is absent. Three gap sub-issues opened to close the remaining work — see verification comment.
What
Coordinate ISO standard compliance work across the kcenon ecosystem so that each Tier-1 and higher system can document concrete mapping to the relevant ISO standards.
docs/compliance/page with control-by-control mappingWhy
Where
CMAKE_CXX_EXTENSIONS OFFHow
Sub-issues (implementation work)
Sub-issues (documentation gap, opened 2026-04-21)
docs/compliance/iso-27001.mdand README linkdocs/compliance/iso-27799.mdand README linkdocs/compliance/ISO_OVERVIEW.mdecosystem summaryAcceptance Criteria
docs/compliance/section linked from its README (2/4 done — monitoring, database)common_system/docs/compliance/ISO_OVERVIEW.md