Skip to content

Improve ISO 27001 SoA risk traceability gates#1421

Open
danyili2632 wants to merge 1 commit into
UnitOneAI:mainfrom
danyili2632:improve/iso27001-soa-risk-traceability
Open

Improve ISO 27001 SoA risk traceability gates#1421
danyili2632 wants to merge 1 commit into
UnitOneAI:mainfrom
danyili2632:improve/iso27001-soa-risk-traceability

Conversation

@danyili2632
Copy link
Copy Markdown

@danyili2632 danyili2632 commented Jun 6, 2026

Summary

  • addresses [REVIEW] iso27001-gap: add SoA risk traceability gates #1412 by adding SoA risk traceability gates to iso27001-gap
  • requires included controls to link to risk, legal, contractual, statutory, regulatory, or business drivers
  • requires excluded controls to include scope-specific justification and conformity impact analysis
  • adds treatment option, treatment plan, owner, evidence location, residual risk acceptance, approval trail, and weak-record classification checks
  • updates the report output with a SoA Risk Traceability table

Validation

  • git diff --check
  • verified required markers for SoA Risk Traceability, SOA-TRACE checks, driver/linked risk, treatment option, residual risk acceptance, traceability status, and weak SoA records
  • verified Markdown fence count is balanced

Bounty

  • Target tier: Improver Moderate ($100) if accepted
  • Preferred payment method: crypto, Base USDC 0x6CBF4b5cb88b8C2B7af776Bc2B073163B5d3C08A

@danyili2632 danyili2632 mentioned this pull request Jun 6, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@danyili2632