What
Add a compliance mapping document that shows how monitoring_system's features (audit log retention, access control over metrics, incident alerting, SLO tracking) map to ISO/IEC 27001 A.12 and ISO/IEC 20000-1 service management clauses.
- Current: No compliance documentation exists
- Expected:
docs/compliance/ISO_MAPPING.md with control-by-control mapping
- Scope: Documentation only
Why
- Enterprise adopters need to evidence compliance when integrating third-party components
- Gap surfaced during ecosystem-wide ISO review
- Aligns monitoring with the same ISO documentation already planned for logger and pacs
How
Technical Approach
- Draft mapping for ISO/IEC 27001 A.12.4 (logging/monitoring) and A.16 (incident management)
- Draft mapping for ISO/IEC 20000-1 Clause 8.6 (problem management) and 8.7 (service availability)
- Reference existing features (alert_manager, health_monitoring, distributed_tracer)
- Link from README and CLAUDE.md
Acceptance Criteria
What
Add a compliance mapping document that shows how monitoring_system's features (audit log retention, access control over metrics, incident alerting, SLO tracking) map to ISO/IEC 27001 A.12 and ISO/IEC 20000-1 service management clauses.
docs/compliance/ISO_MAPPING.mdwith control-by-control mappingWhy
How
Technical Approach
Acceptance Criteria