Skip to content

docs: document ISO/IEC 27001 and 20000 compliance mapping #671

Description

@kcenon

What

Add a compliance mapping document that shows how monitoring_system's features (audit log retention, access control over metrics, incident alerting, SLO tracking) map to ISO/IEC 27001 A.12 and ISO/IEC 20000-1 service management clauses.

  • Current: No compliance documentation exists
  • Expected: docs/compliance/ISO_MAPPING.md with control-by-control mapping
  • Scope: Documentation only

Why

  • Enterprise adopters need to evidence compliance when integrating third-party components
  • Gap surfaced during ecosystem-wide ISO review
  • Aligns monitoring with the same ISO documentation already planned for logger and pacs

How

Technical Approach

  1. Draft mapping for ISO/IEC 27001 A.12.4 (logging/monitoring) and A.16 (incident management)
  2. Draft mapping for ISO/IEC 20000-1 Clause 8.6 (problem management) and 8.7 (service availability)
  3. Reference existing features (alert_manager, health_monitoring, distributed_tracer)
  4. Link from README and CLAUDE.md

Acceptance Criteria

  • Mapping doc covers both ISO standards
  • Each control references a concrete feature/module
  • Gaps explicitly listed where no feature exists yet

Metadata

Metadata

Assignees

Labels

area/coreCore architecture and infrastructurepriority/lowLow priority - Nice to havesize/MMedium - 1-3 days of worktype/docs

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions