From 2c59969f2c48f5f06fdda3526d7b6ed34775b931 Mon Sep 17 00:00:00 2001 From: Claudio Fuentes Date: Thu, 5 Jun 2025 11:08:59 -0400 Subject: [PATCH 1/6] chore: update Prisma dependencies to version 6.9.0 in lock files and package.json - Upgraded @prisma/client and prisma to version 6.9.0 in bun.lock, yarn.lock, and packages/db/package.json for improved functionality and compatibility. - Adjusted workspace protocol references in yarn.lock for consistency. --- bun.lock | 24 ++++---- packages/db/package.json | 4 +- yarn.lock | 117 +++++++++++++++++++-------------------- 3 files changed, 72 insertions(+), 73 deletions(-) diff --git a/bun.lock b/bun.lock index ed519c26a1..8733bb2336 100644 --- a/bun.lock +++ b/bun.lock @@ -352,8 +352,8 @@ "name": "@comp/db", "version": "1.0.0", "dependencies": { - "@prisma/client": "6.6.0", - "prisma": "^6.6.0", + "@prisma/client": "6.9.0", + "prisma": "^6.9.0", "ts-node": "^10.9.2", }, "devDependencies": { @@ -1244,21 +1244,21 @@ "@prisma/adapter-pg": ["@prisma/adapter-pg@6.5.0", "", { "dependencies": { "@prisma/driver-adapter-utils": "6.5.0", "postgres-array": "3.0.3" }, "peerDependencies": { "pg": "^8.11.3" } }, "sha512-ta1EhwAmIWnFjw0bTVdRe3rw5h40YDZ59i2Ko2FGVt4EDvAt4Po5aAN8eCj2Eq46wKJccEDwQ3qBXUQTKUbM8Q=="], - "@prisma/client": ["@prisma/client@6.6.0", "", { "peerDependencies": { "prisma": "*", "typescript": ">=5.1.0" }, "optionalPeers": ["prisma", "typescript"] }, "sha512-vfp73YT/BHsWWOAuthKQ/1lBgESSqYqAWZEYyTdGXyFAHpmewwWL2Iz6ErIzkj4aHbuc6/cGSsE6ZY+pBO04Cg=="], + "@prisma/client": ["@prisma/client@6.9.0", "", { "peerDependencies": { "prisma": "*", "typescript": ">=5.1.0" }, "optionalPeers": ["prisma", "typescript"] }, "sha512-Gg7j1hwy3SgF1KHrh0PZsYvAaykeR0PaxusnLXydehS96voYCGt1U5zVR31NIouYc63hWzidcrir1a7AIyCsNQ=="], - "@prisma/config": ["@prisma/config@6.8.2", "", { "dependencies": { "jiti": "2.4.2" } }, "sha512-ZJY1fF4qRBPdLQ/60wxNtX+eu89c3AkYEcP7L3jkp0IPXCNphCYxikTg55kPJLDOG6P0X+QG5tCv6CmsBRZWFQ=="], + "@prisma/config": ["@prisma/config@6.9.0", "", { "dependencies": { "jiti": "2.4.2" } }, "sha512-Wcfk8/lN3WRJd5w4jmNQkUwhUw0eksaU/+BlAJwPQKW10k0h0LC9PD/6TQFmqKVbHQL0vG2z266r0S1MPzzhbA=="], "@prisma/debug": ["@prisma/debug@6.5.0", "", {}, "sha512-fc/nusYBlJMzDmDepdUtH9aBsJrda2JNErP9AzuHbgUEQY0/9zQYZdNlXmKoIWENtio+qarPNe/+DQtrX5kMcQ=="], "@prisma/driver-adapter-utils": ["@prisma/driver-adapter-utils@6.5.0", "", { "dependencies": { "@prisma/debug": "6.5.0" } }, "sha512-/1gSkHSflDF+50JRZUGuhjtHu7EGhkiCh7lRcBI7S9lYyyl81TdPgCtxyeId+pDBxE2B4NtG6I4DlTqZH3f8pw=="], - "@prisma/engines": ["@prisma/engines@6.8.2", "", { "dependencies": { "@prisma/debug": "6.8.2", "@prisma/engines-version": "6.8.0-43.2060c79ba17c6bb9f5823312b6f6b7f4a845738e", "@prisma/fetch-engine": "6.8.2", "@prisma/get-platform": "6.8.2" } }, "sha512-XqAJ//LXjqYRQ1RRabs79KOY4+v6gZOGzbcwDQl0D6n9WBKjV7qdrbd042CwSK0v0lM9MSHsbcFnU2Yn7z8Zlw=="], + "@prisma/engines": ["@prisma/engines@6.9.0", "", { "dependencies": { "@prisma/debug": "6.9.0", "@prisma/engines-version": "6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e", "@prisma/fetch-engine": "6.9.0", "@prisma/get-platform": "6.9.0" } }, "sha512-im0X0bwDLA0244CDf8fuvnLuCQcBBdAGgr+ByvGfQY9wWl6EA+kRGwVk8ZIpG65rnlOwtaWIr/ZcEU5pNVvq9g=="], - "@prisma/engines-version": ["@prisma/engines-version@6.8.0-43.2060c79ba17c6bb9f5823312b6f6b7f4a845738e", "", {}, "sha512-Rkik9lMyHpFNGaLpPF3H5q5TQTkm/aE7DsGM5m92FZTvWQsvmi6Va8On3pWvqLHOt5aPUvFb/FeZTmphI4CPiQ=="], + "@prisma/engines-version": ["@prisma/engines-version@6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e", "", {}, "sha512-Qp9gMoBHgqhKlrvumZWujmuD7q4DV/gooEyPCLtbkc13EZdSz2RsGUJ5mHb3RJgAbk+dm6XenqG7obJEhXcJ6Q=="], - "@prisma/fetch-engine": ["@prisma/fetch-engine@6.8.2", "", { "dependencies": { "@prisma/debug": "6.8.2", "@prisma/engines-version": "6.8.0-43.2060c79ba17c6bb9f5823312b6f6b7f4a845738e", "@prisma/get-platform": "6.8.2" } }, "sha512-lCvikWOgaLOfqXGacEKSNeenvj0n3qR5QvZUOmPE2e1Eh8cMYSobxonCg9rqM6FSdTfbpqp9xwhSAOYfNqSW0g=="], + "@prisma/fetch-engine": ["@prisma/fetch-engine@6.9.0", "", { "dependencies": { "@prisma/debug": "6.9.0", "@prisma/engines-version": "6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e", "@prisma/get-platform": "6.9.0" } }, "sha512-PMKhJdl4fOdeE3J3NkcWZ+tf3W6rx3ht/rLU8w4SXFRcLhd5+3VcqY4Kslpdm8osca4ej3gTfB3+cSk5pGxgFg=="], - "@prisma/get-platform": ["@prisma/get-platform@6.8.2", "", { "dependencies": { "@prisma/debug": "6.8.2" } }, "sha512-vXSxyUgX3vm1Q70QwzwkjeYfRryIvKno1SXbIqwSptKwqKzskINnDUcx85oX+ys6ooN2ATGSD0xN2UTfg6Zcow=="], + "@prisma/get-platform": ["@prisma/get-platform@6.9.0", "", { "dependencies": { "@prisma/debug": "6.9.0" } }, "sha512-/B4n+5V1LI/1JQcHp+sUpyRT1bBgZVPHbsC4lt4/19Xp4jvNIVcq5KYNtQDk5e/ukTSjo9PZVAxxy9ieFtlpTQ=="], "@prisma/instrumentation": ["@prisma/instrumentation@6.6.0", "", { "dependencies": { "@opentelemetry/instrumentation": "^0.52.0 || ^0.53.0 || ^0.54.0 || ^0.55.0 || ^0.56.0 || ^0.57.0" }, "peerDependencies": { "@opentelemetry/api": "^1.8" } }, "sha512-M/a6njz3hbf2oucwdbjNKrSMLuyMCwgDrmTtkF1pm4Nm7CU45J/Hd6lauF2CDACTUYzu3ymcV7P0ZAhIoj6WRw=="], @@ -3646,7 +3646,7 @@ "pretty-ms": ["pretty-ms@9.2.0", "", { "dependencies": { "parse-ms": "^4.0.0" } }, "sha512-4yf0QO/sllf/1zbZWYnvWw3NxCQwLXKzIj0G849LSufP15BXKM0rbD2Z3wVnkMfjdn/CB0Dpp444gYAACdsplg=="], - "prisma": ["prisma@6.8.2", "", { "dependencies": { "@prisma/config": "6.8.2", "@prisma/engines": "6.8.2" }, "peerDependencies": { "typescript": ">=5.1.0" }, "optionalPeers": ["typescript"], "bin": { "prisma": "build/index.js" } }, "sha512-JNricTXQxzDtRS7lCGGOB4g5DJ91eg3nozdubXze3LpcMl1oWwcFddrj++Up3jnRE6X/3gB/xz3V+ecBk/eEGA=="], + "prisma": ["prisma@6.9.0", "", { "dependencies": { "@prisma/config": "6.9.0", "@prisma/engines": "6.9.0" }, "peerDependencies": { "typescript": ">=5.1.0" }, "optionalPeers": ["typescript"], "bin": { "prisma": "build/index.js" } }, "sha512-resJAwMyZREC/I40LF6FZ6rZTnlrlrYrb63oW37Gq+U+9xHwbyMSPJjKtM7VZf3gTO86t/Oyz+YeSXr3CmAY1Q=="], "prismjs": ["prismjs@1.30.0", "", {}, "sha512-DEvV2ZF2r2/63V+tK8hQvrR2ZGn10srHbXviTlcv7Kpzw8jWiNTqbVgjO3IY8RxrrOUF8VPMQQFysYYYv0YZxw=="], @@ -4634,11 +4634,11 @@ "@prisma/config/jiti": ["jiti@2.4.2", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-rg9zJN+G4n2nfJl5MW3BMygZX56zKPNVEYYqq7adpmMh4Jn2QNEwhvQlFy6jPVdcod7txZtKHWnyZiA3a0zP7A=="], - "@prisma/engines/@prisma/debug": ["@prisma/debug@6.8.2", "", {}, "sha512-4muBSSUwJJ9BYth5N8tqts8JtiLT8QI/RSAzEogwEfpbYGFo9mYsInsVo8dqXdPO2+Rm5OG5q0qWDDE3nyUbVg=="], + "@prisma/engines/@prisma/debug": ["@prisma/debug@6.9.0", "", {}, "sha512-bFeur/qi/Q+Mqk4JdQ3R38upSYPebv5aOyD1RKywVD+rAMLtRkmTFn28ZuTtVOnZHEdtxnNOCH+bPIeSGz1+Fg=="], - "@prisma/fetch-engine/@prisma/debug": ["@prisma/debug@6.8.2", "", {}, "sha512-4muBSSUwJJ9BYth5N8tqts8JtiLT8QI/RSAzEogwEfpbYGFo9mYsInsVo8dqXdPO2+Rm5OG5q0qWDDE3nyUbVg=="], + "@prisma/fetch-engine/@prisma/debug": ["@prisma/debug@6.9.0", "", {}, "sha512-bFeur/qi/Q+Mqk4JdQ3R38upSYPebv5aOyD1RKywVD+rAMLtRkmTFn28ZuTtVOnZHEdtxnNOCH+bPIeSGz1+Fg=="], - "@prisma/get-platform/@prisma/debug": ["@prisma/debug@6.8.2", "", {}, "sha512-4muBSSUwJJ9BYth5N8tqts8JtiLT8QI/RSAzEogwEfpbYGFo9mYsInsVo8dqXdPO2+Rm5OG5q0qWDDE3nyUbVg=="], + "@prisma/get-platform/@prisma/debug": ["@prisma/debug@6.9.0", "", {}, "sha512-bFeur/qi/Q+Mqk4JdQ3R38upSYPebv5aOyD1RKywVD+rAMLtRkmTFn28ZuTtVOnZHEdtxnNOCH+bPIeSGz1+Fg=="], "@radix-ui/react-accordion/@radix-ui/react-collapsible": ["@radix-ui/react-collapsible@1.1.2", "", { "dependencies": { "@radix-ui/primitive": "1.1.1", "@radix-ui/react-compose-refs": "1.1.1", "@radix-ui/react-context": "1.1.1", "@radix-ui/react-id": "1.1.0", "@radix-ui/react-presence": "1.1.2", "@radix-ui/react-primitive": "2.0.1", "@radix-ui/react-use-controllable-state": "1.1.0", "@radix-ui/react-use-layout-effect": "1.1.0" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-PliMB63vxz7vggcyq0IxNYk8vGDrLXVWw4+W4B8YnwI1s18x7YZYqlG9PLX7XxAJUi0g2DxP4XKJMFHh/iVh9A=="], diff --git a/packages/db/package.json b/packages/db/package.json index 52372326d2..7b88235798 100644 --- a/packages/db/package.json +++ b/packages/db/package.json @@ -28,8 +28,8 @@ } }, "dependencies": { - "@prisma/client": "6.6.0", - "prisma": "^6.6.0", + "@prisma/client": "6.9.0", + "prisma": "^6.9.0", "ts-node": "^10.9.2" }, "devDependencies": { diff --git a/yarn.lock b/yarn.lock index 65551ac8f9..855e529d11 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1628,14 +1628,14 @@ "@types/conventional-commits-parser" "^5.0.0" chalk "^5.3.0" -"@comp/analytics@^workspace:packages/analytics": +"@comp/analytics@packages/analytics": version "workspace:packages/analytics" resolved "workspace:packages/analytics" dependencies: posthog-js "^1.215.3" posthog-node "^4.4.1" -"@comp/app@^workspace:apps/app", "@comp/app@workspace:*": +"@comp/app@apps/app", "@comp/app@workspace:*": version "workspace:apps/app" resolved "workspace:apps/app" devDependencies: @@ -1741,19 +1741,18 @@ xml2js "^0.6.2" zustand "^5.0.3" -"@comp/db@^workspace:packages/db", "@comp/db@workspace:*": +"@comp/db@packages/db", "@comp/db@workspace:*": version "workspace:packages/db" resolved "workspace:packages/db" devDependencies: "@comp/tsconfig" "workspace:*" - devDependencies: typescript "^5.8.3" dependencies: - "@prisma/client" "6.6.0" - prisma "^6.6.0" + "@prisma/client" "6.9.0" + prisma "^6.9.0" ts-node "^10.9.2" -"@comp/email@^workspace:packages/email": +"@comp/email@packages/email": version "workspace:packages/email" resolved "workspace:packages/email" devDependencies: @@ -1775,7 +1774,7 @@ react-email "^4.0.15" responsive-react-email "^0.0.5" -"@comp/framework-editor@^workspace:apps/framework-editor": +"@comp/framework-editor@apps/framework-editor": version "workspace:apps/framework-editor" resolved "workspace:apps/framework-editor" devDependencies: @@ -1848,7 +1847,7 @@ vaul "^0.9.6" zod "latest" -"@comp/integrations@^workspace:packages/integrations": +"@comp/integrations@packages/integrations": version "workspace:packages/integrations" resolved "workspace:packages/integrations" devDependencies: @@ -1871,14 +1870,14 @@ sharp "^0.33.5" zod "^3.24.2" -"@comp/kv@^workspace:packages/kv": +"@comp/kv@packages/kv": version "workspace:packages/kv" resolved "workspace:packages/kv" dependencies: "@upstash/redis" "^1.34.2" server-only "0.0.1" -"@comp/notifications@^workspace:packages/notifications", "@comp/notifications@workspace:*": +"@comp/notifications@packages/notifications", "@comp/notifications@workspace:*": version "workspace:packages/notifications" resolved "workspace:packages/notifications" devDependencies: @@ -1887,7 +1886,7 @@ "@novu/node" "^2.0.1" nanoid "5.1.5" -"@comp/portal@^workspace:apps/portal": +"@comp/portal@apps/portal": version "workspace:apps/portal" resolved "workspace:apps/portal" devDependencies: @@ -1910,7 +1909,7 @@ react-email "^4.0.15" react-otp-input "^3.1.1" -"@comp/trust@^workspace:apps/trust": +"@comp/trust@apps/trust": version "workspace:apps/trust" resolved "workspace:apps/trust" devDependencies: @@ -1978,11 +1977,11 @@ vaul "^0.9.6" zod "latest" -"@comp/tsconfig@^workspace:packages/tsconfig", "@comp/tsconfig@workspace:*": +"@comp/tsconfig@packages/tsconfig", "@comp/tsconfig@workspace:*": version "workspace:packages/tsconfig" resolved "workspace:packages/tsconfig" -"@comp/ui@^workspace:packages/ui", "@comp/ui@workspace:*": +"@comp/ui@packages/ui", "@comp/ui@workspace:*": version "workspace:packages/ui" resolved "workspace:packages/ui" devDependencies: @@ -2047,7 +2046,7 @@ use-callback-ref "^1.3.3" vaul "^1.0.0" -"@comp/utils@^workspace:packages/utils", "@comp/utils@workspace:*": +"@comp/utils@packages/utils", "@comp/utils@workspace:*": version "workspace:packages/utils" resolved "workspace:packages/utils" devDependencies: @@ -3992,15 +3991,15 @@ "@prisma/driver-adapter-utils" "6.5.0" postgres-array "3.0.3" -"@prisma/client@6.6.0": - version "6.6.0" - resolved "https://registry.npmjs.org/@prisma/client/-/client-6.6.0.tgz" - integrity sha512-vfp73YT/BHsWWOAuthKQ/1lBgESSqYqAWZEYyTdGXyFAHpmewwWL2Iz6ErIzkj4aHbuc6/cGSsE6ZY+pBO04Cg== +"@prisma/client@6.9.0": + version "6.9.0" + resolved "https://registry.npmjs.org/@prisma/client/-/client-6.9.0.tgz" + integrity sha512-Gg7j1hwy3SgF1KHrh0PZsYvAaykeR0PaxusnLXydehS96voYCGt1U5zVR31NIouYc63hWzidcrir1a7AIyCsNQ== -"@prisma/config@6.8.2": - version "6.8.2" - resolved "https://registry.npmjs.org/@prisma/config/-/config-6.8.2.tgz" - integrity sha512-ZJY1fF4qRBPdLQ/60wxNtX+eu89c3AkYEcP7L3jkp0IPXCNphCYxikTg55kPJLDOG6P0X+QG5tCv6CmsBRZWFQ== +"@prisma/config@6.9.0": + version "6.9.0" + resolved "https://registry.npmjs.org/@prisma/config/-/config-6.9.0.tgz" + integrity sha512-Wcfk8/lN3WRJd5w4jmNQkUwhUw0eksaU/+BlAJwPQKW10k0h0LC9PD/6TQFmqKVbHQL0vG2z266r0S1MPzzhbA== dependencies: jiti "2.4.2" @@ -4009,10 +4008,10 @@ resolved "https://registry.npmjs.org/@prisma/debug/-/debug-6.5.0.tgz" integrity sha512-fc/nusYBlJMzDmDepdUtH9aBsJrda2JNErP9AzuHbgUEQY0/9zQYZdNlXmKoIWENtio+qarPNe/+DQtrX5kMcQ== -"@prisma/debug@6.8.2": - version "6.8.2" - resolved "https://registry.npmjs.org/@prisma/debug/-/debug-6.8.2.tgz" - integrity sha512-4muBSSUwJJ9BYth5N8tqts8JtiLT8QI/RSAzEogwEfpbYGFo9mYsInsVo8dqXdPO2+Rm5OG5q0qWDDE3nyUbVg== +"@prisma/debug@6.9.0": + version "6.9.0" + resolved "https://registry.npmjs.org/@prisma/debug/-/debug-6.9.0.tgz" + integrity sha512-bFeur/qi/Q+Mqk4JdQ3R38upSYPebv5aOyD1RKywVD+rAMLtRkmTFn28ZuTtVOnZHEdtxnNOCH+bPIeSGz1+Fg== "@prisma/driver-adapter-utils@6.5.0": version "6.5.0" @@ -4021,36 +4020,36 @@ dependencies: "@prisma/debug" "6.5.0" -"@prisma/engines@6.8.2": - version "6.8.2" - resolved "https://registry.npmjs.org/@prisma/engines/-/engines-6.8.2.tgz" - integrity sha512-XqAJ//LXjqYRQ1RRabs79KOY4+v6gZOGzbcwDQl0D6n9WBKjV7qdrbd042CwSK0v0lM9MSHsbcFnU2Yn7z8Zlw== +"@prisma/engines@6.9.0": + version "6.9.0" + resolved "https://registry.npmjs.org/@prisma/engines/-/engines-6.9.0.tgz" + integrity sha512-im0X0bwDLA0244CDf8fuvnLuCQcBBdAGgr+ByvGfQY9wWl6EA+kRGwVk8ZIpG65rnlOwtaWIr/ZcEU5pNVvq9g== dependencies: - "@prisma/debug" "6.8.2" - "@prisma/engines-version" "6.8.0-43.2060c79ba17c6bb9f5823312b6f6b7f4a845738e" - "@prisma/fetch-engine" "6.8.2" - "@prisma/get-platform" "6.8.2" + "@prisma/debug" "6.9.0" + "@prisma/fetch-engine" "6.9.0" + "@prisma/get-platform" "6.9.0" + "@prisma/engines-version" "6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e" -"@prisma/engines-version@6.8.0-43.2060c79ba17c6bb9f5823312b6f6b7f4a845738e": - version "6.8.0-43.2060c79ba17c6bb9f5823312b6f6b7f4a845738e" - resolved "https://registry.npmjs.org/@prisma/engines-version/-/engines-version-6.8.0-43.2060c79ba17c6bb9f5823312b6f6b7f4a845738e.tgz" - integrity sha512-Rkik9lMyHpFNGaLpPF3H5q5TQTkm/aE7DsGM5m92FZTvWQsvmi6Va8On3pWvqLHOt5aPUvFb/FeZTmphI4CPiQ== +"@prisma/engines-version@6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e": + version "6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e" + resolved "https://registry.npmjs.org/@prisma/engines-version/-/engines-version-6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e.tgz" + integrity sha512-Qp9gMoBHgqhKlrvumZWujmuD7q4DV/gooEyPCLtbkc13EZdSz2RsGUJ5mHb3RJgAbk+dm6XenqG7obJEhXcJ6Q== -"@prisma/fetch-engine@6.8.2": - version "6.8.2" - resolved "https://registry.npmjs.org/@prisma/fetch-engine/-/fetch-engine-6.8.2.tgz" - integrity sha512-lCvikWOgaLOfqXGacEKSNeenvj0n3qR5QvZUOmPE2e1Eh8cMYSobxonCg9rqM6FSdTfbpqp9xwhSAOYfNqSW0g== +"@prisma/fetch-engine@6.9.0": + version "6.9.0" + resolved "https://registry.npmjs.org/@prisma/fetch-engine/-/fetch-engine-6.9.0.tgz" + integrity sha512-PMKhJdl4fOdeE3J3NkcWZ+tf3W6rx3ht/rLU8w4SXFRcLhd5+3VcqY4Kslpdm8osca4ej3gTfB3+cSk5pGxgFg== dependencies: - "@prisma/debug" "6.8.2" - "@prisma/engines-version" "6.8.0-43.2060c79ba17c6bb9f5823312b6f6b7f4a845738e" - "@prisma/get-platform" "6.8.2" + "@prisma/debug" "6.9.0" + "@prisma/get-platform" "6.9.0" + "@prisma/engines-version" "6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e" -"@prisma/get-platform@6.8.2": - version "6.8.2" - resolved "https://registry.npmjs.org/@prisma/get-platform/-/get-platform-6.8.2.tgz" - integrity sha512-vXSxyUgX3vm1Q70QwzwkjeYfRryIvKno1SXbIqwSptKwqKzskINnDUcx85oX+ys6ooN2ATGSD0xN2UTfg6Zcow== +"@prisma/get-platform@6.9.0": + version "6.9.0" + resolved "https://registry.npmjs.org/@prisma/get-platform/-/get-platform-6.9.0.tgz" + integrity sha512-/B4n+5V1LI/1JQcHp+sUpyRT1bBgZVPHbsC4lt4/19Xp4jvNIVcq5KYNtQDk5e/ukTSjo9PZVAxxy9ieFtlpTQ== dependencies: - "@prisma/debug" "6.8.2" + "@prisma/debug" "6.9.0" "@prisma/instrumentation@6.6.0": version "6.6.0" @@ -15239,13 +15238,13 @@ pretty-ms@^9.2.0: dependencies: parse-ms "^4.0.0" -prisma@*, prisma@^6.6.0: - version "6.8.2" - resolved "https://registry.npmjs.org/prisma/-/prisma-6.8.2.tgz" - integrity sha512-JNricTXQxzDtRS7lCGGOB4g5DJ91eg3nozdubXze3LpcMl1oWwcFddrj++Up3jnRE6X/3gB/xz3V+ecBk/eEGA== +prisma@^6.9.0: + version "6.9.0" + resolved "https://registry.npmjs.org/prisma/-/prisma-6.9.0.tgz" + integrity sha512-resJAwMyZREC/I40LF6FZ6rZTnlrlrYrb63oW37Gq+U+9xHwbyMSPJjKtM7VZf3gTO86t/Oyz+YeSXr3CmAY1Q== dependencies: - "@prisma/config" "6.8.2" - "@prisma/engines" "6.8.2" + "@prisma/config" "6.9.0" + "@prisma/engines" "6.9.0" prismjs@1.30.0, prismjs@^1.30.0: version "1.30.0" @@ -18175,7 +18174,7 @@ typedarray-to-buffer@^3.1.5: dependencies: is-typedarray "^1.0.0" -typescript@*, typescript@>=2.7, typescript@>=4.5.0, typescript@>=4.9.5, typescript@>=5, typescript@>=5.1.0, typescript@>=5.4.5, typescript@>=5.7.2, typescript@^5, typescript@^5.8.2, typescript@^5.8.3: +typescript@*, typescript@>=2.7, typescript@>=4.5.0, typescript@>=4.9.5, typescript@>=5, typescript@>=5.4.5, typescript@>=5.7.2, typescript@^5, typescript@^5.8.2, typescript@^5.8.3: version "5.8.3" resolved "https://registry.npmjs.org/typescript/-/typescript-5.8.3.tgz" integrity sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ== From 859804b51b2bda82988175a1040f57d25ce43568 Mon Sep 17 00:00:00 2001 From: Claudio Fuentes Date: Thu, 5 Jun 2025 11:11:25 -0400 Subject: [PATCH 2/6] chore: update seed data - Reduced the size of FrameworkEditorControlTemplate.json by removing outdated entries and optimizing the structure. - Updated FrameworkEditorFramework.json to consolidate and clarify framework definitions, including the addition of new frameworks. - Streamlined FrameworkEditorPolicyTemplate.json by removing obsolete policies and enhancing existing ones for clarity and compliance. - Introduced new requirements in FrameworkEditorRequirement.json to address privacy commitments and vendor management. - Refined FrameworkEditorTaskTemplate.json to include updated tasks related to disaster recovery and secure remote working. - Adjusted relations in _FrameworkEditorControlTemplateToFrameworkEditorPolicyTemplate.json and _FrameworkEditorControlTemplateToFrameworkEditorRequirement.json to reflect the latest framework and policy changes. - Cleaned up _FrameworkEditorControlTemplateToFrameworkEditorTaskTemplate.json to ensure accurate task associations. --- .../FrameworkEditorControlTemplate.json | 1155 ++---------- .../primitives/FrameworkEditorFramework.json | 44 +- .../FrameworkEditorPolicyTemplate.json | 440 +---- .../FrameworkEditorRequirement.json | 668 ++++--- .../FrameworkEditorTaskTemplate.json | 1586 +++-------------- ...mplateToFrameworkEditorPolicyTemplate.json | 240 +-- ...lTemplateToFrameworkEditorRequirement.json | 1024 +++-------- ...TemplateToFrameworkEditorTaskTemplate.json | 540 +----- 8 files changed, 1306 insertions(+), 4391 deletions(-) diff --git a/packages/db/prisma/seed/primitives/FrameworkEditorControlTemplate.json b/packages/db/prisma/seed/primitives/FrameworkEditorControlTemplate.json index b1c7a1ec3e..034abe5d10 100644 --- a/packages/db/prisma/seed/primitives/FrameworkEditorControlTemplate.json +++ b/packages/db/prisma/seed/primitives/FrameworkEditorControlTemplate.json @@ -1,1115 +1,296 @@ [ { - "id": "frk_ct_681e851466129df67f4481ec", - "name": "Board Oversight", - "description": "The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514da133b59ed163e38", - "name": "Management Philosophy", - "description": "Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e851496e2129f1e601aeb", - "name": "Organizational Structure", - "description": "The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514a7b04dc9afb04450", - "name": "Personnel Policies", - "description": "The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85147e23e534c2e14497", - "name": "Code of Conduct", - "description": "The organization demonstrates a commitment to integrity and ethical values.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e851437b51ff9d2530a93", - "name": "Information Quality", - "description": "The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85145da70d329ead9847", - "name": "Internal Communication", - "description": "The organization internally communicates information, including objectives and responsibilities for internal control.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e851430aafd56ca35b17e", - "name": "External Communication", - "description": "The organization communicates with external parties regarding matters affecting the functioning of internal control.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514fa7c5b1be482ea51", - "name": "Risk Assessment Process", - "description": "The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514c174835611412d50", - "name": "Risk Identification", - "description": "The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514f6b0535abf7e7d44", - "name": "Fraud Risk Assessment", - "description": "The organization considers the potential for fraud in assessing risks to the achievement of objectives.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514bffbbb8e9c4f6fda", - "name": "Change Management Risk", - "description": "The organization identifies and assesses changes that could significantly impact the system of internal control.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85142aac5b23b3091fa5", - "name": "Control Monitoring", - "description": "The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e851408bb32ca1c2da5ea", - "name": "Deficiency Management", - "description": "The organization evaluates and communicates internal control deficiencies in a timely manner to those responsible for taking corrective action, including senior management and the board of directors, as appropriate.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514e2439f12eafde3a2", - "name": "Control Selection", - "description": "The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85145a1d98ea616c4416", - "name": "Technology Controls", - "description": "The organization selects and develops general control activities over technology to support the achievement of objectives.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e851476e511b965e59e0f", - "name": "Policy Implementation", - "description": "The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85142c97b81474dc630c", - "name": "Access Security", - "description": "The organization implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514bc4bb3ff18c84494", - "name": "Access Authentication", - "description": "Prior to issuing system credentials and granting system access, the organization registers and authorizes new internal and external users.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85144bc39c5a684c95e0", - "name": "Access Removal", - "description": "The organization removes access to protected information assets when appropriate.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514a373bb4d6ffdd8bd", - "name": "Access Review", - "description": "The organization evaluates and manages access to protected information assets on a periodic basis.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514799c91072234149a", - "name": "System Account Management", - "description": "The organization identifies and authenticates system users, devices, and other systems before allowing access.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514c3d2d7dbdf65c35c", - "name": "Access Restrictions", - "description": "The organization restricts physical access to facilities and protected information assets.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514f0cedff5d5c6d6fe", - "name": "Information Asset Changes", - "description": "The organization manages changes to system components to minimize the risk of unauthorized changes.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514f4f781c28a94d38d", - "name": "Malicious Software Prevention", - "description": "The organization implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85148a9aa81d180fbcb7", - "name": "Infrastructure Monitoring", - "description": "To detect and act upon security events in a timely manner, the organization monitors system capacity, security threats, and vulnerabilities.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e851422534191fa248b63", - "name": "Security Event Response", - "description": "The organization designs, develops, and implements policies and procedures to respond to security incidents and breaches.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e851469d12bf0ee92a7d3", - "name": "Security Event Recovery", - "description": "The organization implements recovery procedures to ensure timely restoration of systems or assets affected by security incidents.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514abc48665a93d48f2", - "name": "Security Event Analysis", - "description": "The organization implements incident response activities to identify root causes of security incidents and develop remediation plans.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85144d8b8603133c0716", - "name": "Security Event Communication", - "description": "The organization identifies, develops, and implements activities to communicate security incidents to affected parties.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85140a71eafd9d02b25c", - "name": "Confidential Information Classification", - "description": "The entity classifies information to identify and protect confidential information.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514f36c111cd881ae0e", - "name": "Access Restrictions for Confidential Data", - "description": "The entity restricts access to confidential information on a need-to-know basis.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85145ecc47d27590ec9c", - "name": "Confidential Data Disposal", - "description": "The entity securely disposes of confidential information when no longer needed.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514e701e9552fd8d47b", - "name": "Accuracy and Completeness", - "description": "The entity ensures data is processed accurately and completely.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85147213fe34d0f8610c", - "name": "Input, Processing, and Output Controls", - "description": "The entity validates the completeness and accuracy of data throughout processing.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85147ea2be07c072b766", - "name": "Exception Handling", - "description": "The entity identifies and resolves processing exceptions in a timely manner.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514580b64dea8512c50", - "name": "Privacy Notice", - "description": "The entity provides notice about the collection, use, and disclosure of personal information.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e85142e0ecc2db0148239", - "name": "Choice and Consent", - "description": "The entity obtains consent for personal information where required by policy or law.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_681e8514b92fc9083b53e382", - "name": "Data Retention and Disposal", - "description": "The entity retains personal information for only as long as needed and disposes of it securely.", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920" - }, - { - "id": "frk_ct_68257895edfaca1cae34a7c2", - "name": "Acceptable use of information and other associated assets", - "description": "Establish an Acceptable Use Policy for Information and Assets", - "createdAt": "2025-05-15 05:16:04.742", - "updatedAt": "2025-05-16 05:59:32.826" - }, - { - "id": "frk_ct_6825768ee6fd1e6272a9946e", - "name": "Threat intelligence", - "description": "Implement a Threat Intelligence Program", - "createdAt": "2025-05-15 05:07:26.133", - "updatedAt": "2025-05-16 05:53:17.510" - }, - { - "id": "frk_ct_682578588017390bf8d08c95", - "name": "Information security in project management", - "description": "Integrate Information Security into Project Management", - "createdAt": "2025-05-15 05:15:04.098", - "updatedAt": "2025-05-16 05:53:17.678" - }, - { - "id": "frk_ct_68257a1bbbb14da3e91c6f7d", - "name": "Addressing information security within supplier agreements", - "description": "Include Security Requirements in Supplier Agreements", - "createdAt": "2025-05-15 05:22:35.371", - "updatedAt": "2025-05-16 05:59:34.520" - }, - { - "id": "frk_ct_68257a1c39f66a3ad98b6478", - "name": "Monitoring, review and change management of supplier services", - "description": "Monitor and Manage Supplier Service Changes", - "createdAt": "2025-05-15 05:22:35.683", - "updatedAt": "2025-05-16 06:10:10.317" - }, - { - "id": "frk_ct_68257a1cb27eeefba4e726f1", - "name": "Information security for use of cloud services", - "description": "Ensure Security for Cloud Services Use", - "createdAt": "2025-05-15 05:22:35.854", - "updatedAt": "2025-05-16 06:10:10.534" - }, - { - "id": "frk_ct_68257a1c6f95e597e8de389d", - "name": "Information security incident management responsibilities and procedures", - "description": "Establish an Incident Management Policy and Procedures", - "createdAt": "2025-05-15 05:22:36.040", - "updatedAt": "2025-05-16 06:10:10.716" - }, - { - "id": "frk_ct_68257a91ec53ef3d17957782", - "name": "ICT readiness for business continuity", - "description": "Ensure ICT Readiness for Business Continuity", - "createdAt": "2025-05-15 05:24:33.234", - "updatedAt": "2025-05-16 06:12:13.215" - }, - { - "id": "frk_ct_68257a921c9496ee45a290e5", - "name": "Intellectual property rights", - "description": "Protect Intellectual Property Rights", - "createdAt": "2025-05-15 05:24:33.577", - "updatedAt": "2025-05-16 06:12:13.570" - }, - { - "id": "frk_ct_68257a928f88817150a5f53d", - "name": "Protection of records", - "description": "Protect and Retain Records", - "createdAt": "2025-05-15 05:24:33.733", - "updatedAt": "2025-05-16 06:12:13.757" + "id": "frk_ct_68406fc94e08f884cc085ded", + "name": "Secure Data Transfer", + "description": "Protect Information in Transit", + "createdAt": "2025-06-04 16:09:44.637", + "updatedAt": "2025-06-04 19:41:05.066" }, { - "id": "frk_ct_68257a92901f419b109e5ce6", - "name": "Privacy and protection of personally identifiable information (PII)", + "id": "frk_ct_684071e280c4e0f777b957f7", + "name": "Data Privacy", "description": "Protect Privacy and Personal Data (PII)", - "createdAt": "2025-05-15 05:24:33.907", - "updatedAt": "2025-05-16 06:12:13.945" - }, - { - "id": "frk_ct_68257a92c75b0c04afc66fc1", - "name": "Independent review of information security", - "description": "Conduct Independent Review of the ISMS", - "createdAt": "2025-05-15 05:24:34.071", - "updatedAt": "2025-05-16 06:12:14.100" - }, - { - "id": "frk_ct_68257a92051ac16b6f2206e4", - "name": "Compliance with policies, rules and standards for information security", - "description": "Ensure Compliance with Security Policies and Standards", - "createdAt": "2025-05-15 05:24:34.244", - "updatedAt": "2025-05-16 06:12:14.255" - }, - { - "id": "frk_ct_68257a9220efb5df901a3929", - "name": "Documented operating procedures", - "description": "Document Operational Procedures", - "createdAt": "2025-05-15 05:24:34.403", - "updatedAt": "2025-05-16 06:14:06.312" + "createdAt": "2025-06-04 16:18:42.339", + "updatedAt": "2025-06-04 19:41:05.908" }, { - "id": "frk_ct_68257b4042dbb83b90c1d7b4", - "name": "Screening", - "description": "Screen Employees and Contractors", - "createdAt": "2025-05-15 05:27:28.091", - "updatedAt": "2025-05-16 06:14:06.499" - }, - { - "id": "frk_ct_6825756149eb59b2b58fa856", - "name": "Information security roles and responsibilities", - "description": "Define Security Roles and Responsibilities", - "createdAt": "2025-05-15 05:02:25.102", - "updatedAt": "2025-05-16 05:53:16.646" - }, - { - "id": "frk_ct_6825762fad109b79022e8b41", - "name": "Segregation of duties", - "description": "Implement Segregation of Duties", - "createdAt": "2025-05-15 05:05:50.803", - "updatedAt": "2025-05-16 05:53:16.831" - }, - { - "id": "frk_ct_6825768e443b998bb7d8aa66", - "name": "Management responsibilities", - "description": "Ensure Management Addresses Security Responsibilities", - "createdAt": "2025-05-15 05:07:25.644", - "updatedAt": "2025-05-16 05:53:17.034" - }, - { - "id": "frk_ct_6825768ee413fe50e00d4965", - "name": "Contact with authorities", - "description": "Maintain Contact with Authorities", - "createdAt": "2025-05-15 05:07:25.807", - "updatedAt": "2025-05-16 05:53:17.182" - }, - { - "id": "frk_ct_6825768e84effc0e1b08dc17", - "name": "Contact with special interest groups", - "description": "Engage with Security Special Interest Groups", - "createdAt": "2025-05-15 05:07:25.964", - "updatedAt": "2025-05-16 05:53:17.343" - }, - { - "id": "frk_ct_6825785885a5e65dd48a940d", - "name": "Inventory of information and other associated assets", - "description": "Maintain an Inventory of Information Assets", - "createdAt": "2025-05-15 05:15:04.365", - "updatedAt": "2025-05-16 05:59:32.600" - }, - { - "id": "frk_ct_682578959c5e0c6a1e92728d", - "name": "Return of assets", + "id": "frk_ct_684073617d0706858cceb8c7", + "name": "Asset Return", "description": "Ensure Return of Assets Upon Termination", - "createdAt": "2025-05-15 05:16:04.922", - "updatedAt": "2025-05-16 05:59:32.988" - }, - { - "id": "frk_ct_682578c1a2732658c259c33d", - "name": "Classification of information", - "description": "Classify Information by Sensitivity", - "createdAt": "2025-05-15 05:16:49.198", - "updatedAt": "2025-05-16 05:59:33.162" - }, - { - "id": "frk_ct_682578c13517578300ab86c6", - "name": "Labelling of information", - "description": "Label Information According to Classification", - "createdAt": "2025-05-15 05:16:49.377", - "updatedAt": "2025-05-16 05:59:33.335" - }, - { - "id": "frk_ct_6825790ac77f9110f7f7bda3", - "name": "Information transfer", - "description": "Protect Information in Transit", - "createdAt": "2025-05-15 05:18:01.828", - "updatedAt": "2025-05-16 05:59:33.485" - }, - { - "id": "frk_ct_6825790ab98dc177efb6cb3d", - "name": "Access control", - "description": "Establish an Access Control Policy", - "createdAt": "2025-05-15 05:18:02.023", - "updatedAt": "2025-05-16 05:59:33.649" - }, - { - "id": "frk_ct_6825790aa95036379a57f580", - "name": "Identity management", - "description": "Implement Identity Management Processes", - "createdAt": "2025-05-15 05:18:02.188", - "updatedAt": "2025-05-16 05:59:33.840" - }, - { - "id": "frk_ct_6825790a77268ca155ee76c7", - "name": "Authentication information", - "description": "Protect Authentication Information", - "createdAt": "2025-05-15 05:18:02.341", - "updatedAt": "2025-05-16 05:59:34.009" - }, - { - "id": "frk_ct_68257a1bb4433e0a9a268b30", - "name": "Access rights", - "description": "Manage User Access Rights Lifecycle", - "createdAt": "2025-05-15 05:22:35.013", - "updatedAt": "2025-05-16 05:59:34.192" - }, - { - "id": "frk_ct_68257a1ba4e5ef9da219c322", - "name": "Information security in supplier relationships", - "description": "Ensure Security in Supplier Relationships", - "createdAt": "2025-05-15 05:22:35.234", - "updatedAt": "2025-05-16 05:59:34.342" - }, - { - "id": "frk_ct_68257a1c1dc57ad73c143841", - "name": "Assessment and decision on information security events", - "description": "Assess and Decide on Security Events", - "createdAt": "2025-05-15 05:22:36.201", - "updatedAt": "2025-05-16 06:11:00.558" - }, - { - "id": "frk_ct_68257a1c480068bdb0e616e7", - "name": "Response to information security incidents", - "description": "Respond to Information Security Incidents", - "createdAt": "2025-05-15 05:22:36.403", - "updatedAt": "2025-05-16 06:11:00.744" - }, - { - "id": "frk_ct_68257a1d3fb5e8d0604dfbb4", - "name": "Learning from information security incidents", - "description": "Learn from Information Security Incidents", - "createdAt": "2025-05-15 05:22:36.559", - "updatedAt": "2025-05-16 06:11:00.921" - }, - { - "id": "frk_ct_68257a1d57962f8da93b415f", - "name": "Collection of evidence", - "description": "Collect and Preserve Evidence of Incidents", - "createdAt": "2025-05-15 05:22:36.718", - "updatedAt": "2025-05-16 06:11:01.089" - }, - { - "id": "frk_ct_68257a1db9ff4c891fa87264", - "name": "Information security during disruption", - "description": "Maintain Security During Disruptions", - "createdAt": "2025-05-15 05:22:36.877", - "updatedAt": "2025-05-16 06:11:01.274" - }, - { - "id": "frk_ct_68257b416a92884774d39139", - "name": "Disciplinary process", - "description": "Establish a Disciplinary Process for Security Violations", - "createdAt": "2025-05-15 05:27:28.632", - "updatedAt": "2025-05-16 06:14:06.985" - }, - { - "id": "frk_ct_68257b414291d08ae512724d", - "name": "Confidentiality or nondisclosure agreements", - "description": "Use Confidentiality and Non-Disclosure Agreements", - "createdAt": "2025-05-15 05:27:28.963", - "updatedAt": "2025-05-16 06:14:07.292" - }, - { - "id": "frk_ct_68257b41f0a2fbb9d620aa64", - "name": "Remote working", - "description": "Implement Secure Remote Working Practices", - "createdAt": "2025-05-15 05:27:29.122", - "updatedAt": "2025-05-16 06:14:07.463" - }, - { - "id": "frk_ct_68257b4155976970e8c51279", - "name": "Information security event reporting", - "description": "Enable Security Event Reporting by Personnel", - "createdAt": "2025-05-15 05:27:29.283", - "updatedAt": "2025-05-16 06:14:07.620" - }, - { - "id": "frk_ct_68257b4196a28f5afe9cd387", - "name": "Physical security perimeters", - "description": "Establish Physical Security Perimeters", - "createdAt": "2025-05-15 05:27:29.437", - "updatedAt": "2025-05-16 06:14:07.772" - }, - { - "id": "frk_ct_68257b42ba09c901c6ac1671", - "name": "Physical entry", - "description": "Control Physical Entry to Facilities", - "createdAt": "2025-05-15 05:27:29.601", - "updatedAt": "2025-05-16 06:14:07.928" - }, - { - "id": "frk_ct_68257b42917c238c02fba2f6", - "name": "Securing offices, rooms and facilities", - "description": "Secure Offices, Rooms and Facilities", - "createdAt": "2025-05-15 05:27:29.760", - "updatedAt": "2025-05-16 06:14:08.087" - }, - { - "id": "frk_ct_68257b42723da9e329282499", - "name": "Physical security monitoring", - "description": "Monitor Physical Security", - "createdAt": "2025-05-15 05:27:29.905", - "updatedAt": "2025-05-16 06:14:08.242" - }, - { - "id": "frk_ct_68257b42ac201a974487d069", - "name": "Protecting against physical and environmental threats", - "description": "Protect Against Environmental and Physical Threats", - "createdAt": "2025-05-15 05:27:30.061", - "updatedAt": "2025-05-16 06:14:08.408" - }, - { - "id": "frk_ct_68257b4289478514ffb16b82", - "name": "Working in secure areas", - "description": "Secure Work in Sensitive Areas", - "createdAt": "2025-05-15 05:27:30.216", - "updatedAt": "2025-05-16 06:14:08.567" - }, - { - "id": "frk_ct_68257b79f55f03b23a05d978", - "name": "Clear desk and clear screen", - "description": "Implement a Clear Desk and Clear Screen Policy", - "createdAt": "2025-05-15 05:28:24.891", - "updatedAt": "2025-05-16 06:14:08.723" + "createdAt": "2025-06-04 16:25:04.708", + "updatedAt": "2025-06-04 19:41:06.360" }, { - "id": "frk_ct_68257b7999c5acaee8d923bd", - "name": "Equipment siting and protection", - "description": "Protect Equipment Through Secure Siting", - "createdAt": "2025-05-15 05:28:25.111", - "updatedAt": "2025-05-16 06:14:08.872" + "id": "frk_ct_68407429371f33886d8ab80d", + "name": "Encryption Key Management", + "description": "Implement Cryptographic Key Lifecycle Management", + "createdAt": "2025-06-04 16:28:25.083", + "updatedAt": "2025-06-04 19:41:06.998" }, { - "id": "frk_ct_68257b79b9b4d6e65b0e79f0", - "name": "Security of assets off-premises", - "description": "Secure Off-Premises Assets", - "createdAt": "2025-05-15 05:28:25.261", - "updatedAt": "2025-05-16 06:33:46.320" - }, - { - "id": "frk_ct_68257b79a261d4cc28a016c4", - "name": "Storage media", - "description": "Protect and Manage Removable Media", - "createdAt": "2025-05-15 05:28:25.420", - "updatedAt": "2025-05-16 06:33:46.541" - }, - { - "id": "frk_ct_68257c823279785197bfa39c", - "name": "Supporting utilities", - "description": "Ensure Security of Utilities", - "createdAt": "2025-05-15 05:32:50.356", - "updatedAt": "2025-05-16 06:33:46.728" - }, - { - "id": "frk_ct_68257c83bc2103d487f9cb07", - "name": "Cabling security", - "description": "Protect Cables from Interception or Damage", - "createdAt": "2025-05-15 05:32:50.594", - "updatedAt": "2025-05-16 06:33:46.926" - }, - { - "id": "frk_ct_68257c832d300691420aa693", - "name": "Equipment maintenance", - "description": "Maintain Equipment Securely", - "createdAt": "2025-05-15 05:32:50.789", - "updatedAt": "2025-05-16 06:33:47.157" - }, - { - "id": "frk_ct_68257c832c83f97420cb2397", - "name": "User endpoint devices", - "description": "Secure User Endpoint Devices", - "createdAt": "2025-05-15 05:32:51.108", - "updatedAt": "2025-05-16 06:33:47.578" - }, - { - "id": "frk_ct_68257c83ce6c664bb55a5eaa", - "name": "Privileged access rights", - "description": "Manage Privileged Access Rights", - "createdAt": "2025-05-15 05:32:51.266", - "updatedAt": "2025-05-16 06:33:47.805" - }, - { - "id": "frk_ct_68257c83575a9e4cd0609e57", - "name": "Information access restriction", - "description": "Restrict Access to Information", - "createdAt": "2025-05-15 05:32:51.437", - "updatedAt": "2025-05-16 06:33:48.033" - }, - { - "id": "frk_ct_68257c84b9312c2a755e9856", - "name": "Access to source code", - "description": "Control Access to Source Code", - "createdAt": "2025-05-15 05:32:51.588", - "updatedAt": "2025-05-16 06:33:48.191" - }, - { - "id": "frk_ct_68257c843eb14ca0fd67c607", - "name": "Secure authentication", - "description": "Implement Secure Authentication", - "createdAt": "2025-05-15 05:32:51.742", - "updatedAt": "2025-05-16 06:33:48.354" - }, - { - "id": "frk_ct_68257c84c5f7dde7ca228077", - "name": "Capacity management", - "description": "Perform Capacity Management for Resources", - "createdAt": "2025-05-15 05:32:51.897", - "updatedAt": "2025-05-16 06:33:48.679" + "id": "frk_ct_6840705b6dcee0506dabacfb", + "name": "Regulatory Compliance", + "description": "Identify and Comply with Legal and Contractual Requirements", + "createdAt": "2025-06-04 16:12:11.272", + "updatedAt": "2025-06-04 19:41:05.205" }, { - "id": "frk_ct_68257c84882e85fdec96c586", - "name": "Protection against malware", + "id": "frk_ct_684072e06f4a49ee669076cc", + "name": "Malware Protection", "description": "Protect Systems Against Malware", - "createdAt": "2025-05-15 05:32:52.054", - "updatedAt": "2025-05-16 06:37:11.815" - }, - { - "id": "frk_ct_68257c846d813b307758bbde", - "name": "Management of technical vulnerabilities", - "description": "Manage Technical Vulnerabilities and Patches", - "createdAt": "2025-05-15 05:32:52.209", - "updatedAt": "2025-05-16 06:37:12.056" - }, - { - "id": "frk_ct_68257c84ddf1e2b8f0d8e748", - "name": "Configuration management", - "description": "Implement Secure Configuration Management", - "createdAt": "2025-05-15 05:32:52.362", - "updatedAt": "2025-05-16 06:37:12.210" - }, - { - "id": "frk_ct_68257c854a920c4f48efaec1", - "name": "Information deletion", - "description": "Ensure Secure Deletion of Data", - "createdAt": "2025-05-15 05:32:52.510", - "updatedAt": "2025-05-16 06:37:12.389" - }, - { - "id": "frk_ct_68257c85630ac98cafc8ffe7", - "name": "Data masking", - "description": "Implement Data Masking for Sensitive Data", - "createdAt": "2025-05-15 05:32:52.660", - "updatedAt": "2025-05-16 06:37:12.568" + "createdAt": "2025-06-04 16:22:56.279", + "updatedAt": "2025-06-04 19:41:06.033" }, { - "id": "frk_ct_68257c85254d22991b9359ad", - "name": "Data leakage prevention", - "description": "Prevent Data Leakage", - "createdAt": "2025-05-15 05:32:52.813", - "updatedAt": "2025-05-16 06:37:12.788" + "id": "frk_ct_6840738800f98fa3c0f3a3ae", + "name": "Configuration & Patch Management", + "description": "Harden baselines; patch swiftly", + "createdAt": "2025-06-04 16:25:43.882", + "updatedAt": "2025-06-04 19:41:06.507" }, { - "id": "frk_ct_68257c8579b8506457ba5792", - "name": "Information backup", - "description": "Back Up Information Regularly", - "createdAt": "2025-05-15 05:32:52.962", - "updatedAt": "2025-05-16 06:37:12.956" + "id": "frk_ct_684075c692439e38c753c95d", + "name": "Physical Access Control", + "description": "Control Physical Entry to Facilities", + "createdAt": "2025-06-04 16:35:17.828", + "updatedAt": "2025-06-04 19:41:07.120" }, { - "id": "frk_ct_68257c8522174d14596e4f02", - "name": "Logging", + "id": "frk_ct_684070831cc83c4ab4c2c4d8", + "name": "Security Logging", "description": "Enable Logging of Security Events", - "createdAt": "2025-05-15 05:32:53.278", - "updatedAt": "2025-05-16 06:37:13.263" - }, - { - "id": "frk_ct_68257c85125fbb0cd22580df", - "name": "Monitoring activities", - "description": "Monitor Systems for Security Events", - "createdAt": "2025-05-15 05:32:53.445", - "updatedAt": "2025-05-16 06:37:13.417" - }, - { - "id": "frk_ct_68257d3deaa6d3b47bdf4581", - "name": "Clock synchronization", - "description": "Synchronize System Clocks", - "createdAt": "2025-05-15 05:35:57.081", - "updatedAt": "2025-05-16 06:37:13.572" - }, - { - "id": "frk_ct_68257d3d1cf492b6b94c23c0", - "name": "Use of privileged utility programs", - "description": "Control Use of Privileged Utilities", - "createdAt": "2025-05-15 05:35:57.377", - "updatedAt": "2025-05-16 06:37:13.737" - }, - { - "id": "frk_ct_68257d3eac14828df9620637", - "name": "Installation of software on operational systems", - "description": "Control Software Installation on Systems", - "createdAt": "2025-05-15 05:35:57.552", - "updatedAt": "2025-05-16 06:37:13.895" - }, - { - "id": "frk_ct_68257d3e78de01a147544960", - "name": "Networks security", - "description": "Implement Network Security Controls", - "createdAt": "2025-05-15 05:35:57.705", - "updatedAt": "2025-05-16 06:37:14.055" + "createdAt": "2025-06-04 16:12:50.757", + "updatedAt": "2025-06-04 19:41:05.344" }, { - "id": "frk_ct_68257d3ed093e55a2dd23b78", - "name": "Security of network services", - "description": "Ensure Security of Network Services", - "createdAt": "2025-05-15 05:35:57.867", - "updatedAt": "2025-05-16 06:37:14.214" - }, - { - "id": "frk_ct_68257d3ea6662c7087f59ad0", - "name": "Segregation of networks", - "description": "Segregate Networks", - "createdAt": "2025-05-15 05:35:58.031", - "updatedAt": "2025-05-16 06:37:14.365" - }, - { - "id": "frk_ct_68257d3e450af8736b49e858", - "name": "Web filtering", - "description": "Implement Web Content Filtering", - "createdAt": "2025-05-15 05:35:58.188", - "updatedAt": "2025-05-16 06:37:14.532" - }, - { - "id": "frk_ct_68257d3e66e2445f216f0622", - "name": "Use of cryptography", - "description": "Use Appropriate Cryptographic Controls", - "createdAt": "2025-05-15 05:35:58.350", - "updatedAt": "2025-05-16 06:37:14.730" + "id": "frk_ct_6840731ae0b857152b35ca8f", + "name": "Remote-Work Security", + "description": "Implement Secure Remote Working Practices", + "createdAt": "2025-06-04 16:23:54.000", + "updatedAt": "2025-06-04 19:41:06.238" }, { - "id": "frk_ct_68257d3ffa46ae099f302d7c", - "name": "Secure development life cycle", - "description": "Adopt a Secure Development Life Cycle", - "createdAt": "2025-05-15 05:35:58.508", - "updatedAt": "2025-05-16 06:37:14.915" + "id": "frk_ct_684073ba24475a83ba048022", + "name": "Segregation of duties", + "description": "Implement Segregation of Duties", + "createdAt": "2025-06-04 16:26:33.778", + "updatedAt": "2025-06-04 19:41:06.631" }, { - "id": "frk_ct_68257d3f503d4f4ff6104c0d", - "name": "Secure system architecture and engineering principles", - "description": "Apply Secure Architecture and Engineering Principles", - "createdAt": "2025-05-15 05:35:58.814", - "updatedAt": "2025-05-16 06:37:15.224" + "id": "frk_ct_684073d541bfb8b8b777e529", + "name": "Threat intelligence", + "description": "Implement a Threat Intelligence Program", + "createdAt": "2025-06-04 16:27:01.369", + "updatedAt": "2025-06-04 19:41:06.752" }, { - "id": "frk_ct_68257d3fcdb52d79e5eae03c", - "name": "Secure coding", - "description": "Adopt Secure Coding Practices", - "createdAt": "2025-05-15 05:35:58.963", - "updatedAt": "2025-05-16 06:37:15.476" + "id": "frk_ct_68407c9513000617776104c7", + "name": "Acceptable Use", + "description": "Establish an Acceptable Use Policy for Information and Assets", + "createdAt": "2025-06-04 17:04:20.799", + "updatedAt": "2025-06-04 19:41:07.258" }, { - "id": "frk_ct_68257d3f826abe8ce6f97aa9", - "name": "Security testing in development and acceptance", - "description": "Perform Security Testing in Development and Acceptance", - "createdAt": "2025-05-15 05:35:59.124", - "updatedAt": "2025-05-16 06:37:15.659" + "id": "frk_ct_683f4a410cf5bf6d40bf3583", + "name": "Access Rights", + "description": "Manage User Access Rights Lifecycle", + "createdAt": "2025-06-03 19:17:20.504", + "updatedAt": "2025-06-04 19:41:03.426" }, { - "id": "frk_ct_68257d3fdc7108cc189ba8b9", - "name": "Outsourced development", - "description": "Manage Security in Outsourced Development", - "createdAt": "2025-05-15 05:35:59.279", - "updatedAt": "2025-05-16 06:37:15.812" + "id": "frk_ct_683f4ae4acbd63d0e558a6f5", + "name": "Credential Management", + "description": "Protect Authentication Information", + "createdAt": "2025-06-03 19:20:04.055", + "updatedAt": "2025-06-04 19:41:03.601" }, { - "id": "frk_ct_68257d3fc71567322c285ed9", - "name": "Separation of development, test and production environments", - "description": "Separate Development, Test, and Production Environments", - "createdAt": "2025-05-15 05:35:59.441", - "updatedAt": "2025-05-16 06:37:15.958" + "id": "frk_ct_683f4b7614d209f8b6ffd477", + "name": "Resource Capacity Management", + "description": "Perform Capacity Management for Resources", + "createdAt": "2025-06-03 19:22:30.199", + "updatedAt": "2025-06-04 19:41:03.729" }, { - "id": "frk_ct_68257d40cc4edb6308b9e6e6", + "id": "frk_ct_683f4c30e2d3f1117fa58e13", "name": "Change management", "description": "Apply Change Management for Information Systems", - "createdAt": "2025-05-15 05:35:59.590", - "updatedAt": "2025-05-16 06:37:16.113" + "createdAt": "2025-06-03 19:25:36.373", + "updatedAt": "2025-06-04 19:41:03.850" }, { - "id": "frk_ct_68257d40fcac4d36fddb6e7a", - "name": "Test information", - "description": "Protect Sensitive Test Data", - "createdAt": "2025-05-15 05:35:59.762", - "updatedAt": "2025-05-16 06:37:16.375" + "id": "frk_ct_683f4c9db20e7cf4a303af1f", + "name": "Compliance Register", + "description": "Maintain compliance register exceptions", + "createdAt": "2025-06-03 19:27:24.623", + "updatedAt": "2025-06-04 19:41:03.972" }, { - "id": "frk_ct_68257d40d8112e98abab1d21", - "name": "Protection of information systems during audit and testing", - "description": "Protect Systems During Audits and Testing", - "createdAt": "2025-05-15 05:35:59.914", - "updatedAt": "2025-05-16 06:37:16.565" + "id": "frk_ct_683f4cf6afd7a19be2d4432c", + "name": "Configuration management", + "description": "Implement Secure Configuration Management", + "createdAt": "2025-06-03 19:28:54.395", + "updatedAt": "2025-06-04 19:41:04.126" }, { - "id": "frk_ct_68257b40873b0900545905b2", - "name": "Information security awareness, education and training", - "description": "Provide Information Security Awareness and Training", - "createdAt": "2025-05-15 05:27:28.421", - "updatedAt": "2025-05-16 06:14:06.830" + "id": "frk_ct_683f4d7360a876b972aba39a", + "name": "Vulnerability Disclosure", + "description": "Public CVD channel; triage", + "createdAt": "2025-06-03 19:30:59.173", + "updatedAt": "2025-06-04 19:41:04.258" }, { - "id": "frk_ct_68257a1cbbb440415393e176", - "name": "Managing information security in the ICT supply chain", - "description": "Manage Security in the ICT Supply Chain", - "createdAt": "2025-05-15 05:22:35.519", - "updatedAt": "2025-05-16 05:59:34.684" + "id": "frk_ct_683f4dd564057a97ae323c9f", + "name": "Disaster Recovery Planning", + "description": "Test DR; meet RTO/RPO", + "createdAt": "2025-06-03 19:32:37.325", + "updatedAt": "2025-06-04 19:41:04.410" }, { - "id": "frk_ct_6826d559729899533d6448ad", - "name": "Risk Management Program", - "description": "Maintain a Risk Management program", - "createdAt": "2025-05-16 06:04:09.095", - "updatedAt": "2025-05-16 06:04:09.095" + "id": "frk_ct_683f4ef6c6a5481a377be413", + "name": "Standard Operating Procedures (SOPs)", + "description": "Document Operational Procedures", + "createdAt": "2025-06-03 19:37:26.001", + "updatedAt": "2025-06-04 19:41:04.534" }, { - "id": "frk_ct_68257a912373223d5eb6da0f", - "name": "Legal, statutory, regulatory and contractual requirements", - "description": "Identify and Comply with Legal and Contractual Requirements", - "createdAt": "2025-05-15 05:24:33.422", - "updatedAt": "2025-05-16 06:12:13.402" + "id": "frk_ct_683f4f59dea367ca96145e14", + "name": "Independent ISMS Review", + "description": "Conduct Independent Review of the ISMS", + "createdAt": "2025-06-03 19:39:04.628", + "updatedAt": "2025-06-04 19:41:04.669" }, { - "id": "frk_ct_68257b4096e29810708e8f47", - "name": "Terms and conditions of employment", - "description": "Include Security in Employment Terms and Conditions", - "createdAt": "2025-05-15 05:27:28.258", - "updatedAt": "2025-05-16 06:14:06.655" + "id": "frk_ct_683f50556124040dc15d62cb", + "name": "Continuity-Time Security", + "description": "Maintain Security During Disruptions", + "createdAt": "2025-06-03 19:43:16.530", + "updatedAt": "2025-06-04 19:41:04.806" }, { - "id": "frk_ct_68257b41bffad919f3ac218a", - "name": "Responsibilities after termination or change of employment", - "description": "Address Security Responsibilities After Termination", - "createdAt": "2025-05-15 05:27:28.801", - "updatedAt": "2025-05-16 06:14:07.142" + "id": "frk_ct_683f50aae46f5e4e096e6bb3", + "name": "Secure SDLC Integration", + "description": "Integrate Information Security into Project Management", + "createdAt": "2025-06-03 19:44:41.732", + "updatedAt": "2025-06-04 19:41:04.941" }, { - "id": "frk_ct_68257c8391427752506791b8", - "name": "Secure disposal or reuse of equipment", - "description": "Ensure Secure Disposal of Equipment", - "createdAt": "2025-05-15 05:32:50.943", - "updatedAt": "2025-05-16 06:33:47.323" + "id": "frk_ct_684070c1f0091d850df02e59", + "name": "Mobile Security", + "description": "Enforce MDM on mobile", + "createdAt": "2025-06-04 16:13:52.979", + "updatedAt": "2025-06-04 19:41:05.484" }, { - "id": "frk_ct_68257c85e28246dc477a2f9d", - "name": "Redundancy of information-processing facilities", - "description": "Implement Redundancy for Critical Systems", - "createdAt": "2025-05-15 05:32:53.117", - "updatedAt": "2025-05-16 06:37:13.107" + "id": "frk_ct_684070f0b4f6c2036306e23c", + "name": "Network Security", + "description": "Enforce segmentation and firewalls", + "createdAt": "2025-06-04 16:14:40.321", + "updatedAt": "2025-06-04 19:41:05.635" }, { - "id": "frk_ct_68257d3f9c52019e6454d2f7", - "name": "Application security requirements", - "description": "Define Security Requirements for Applications", - "createdAt": "2025-05-15 05:35:58.657", - "updatedAt": "2025-05-16 06:37:15.068" + "id": "frk_ct_68407122565b1968676d93db", + "name": "Physical Access Control", + "description": "Control Physical Entry to Facilities", + "createdAt": "2025-06-04 16:15:29.760", + "updatedAt": "2025-06-04 19:41:05.759" }, { - "id": "frk_ct_683f318e767647a9309edbe9", - "name": "Test Control", - "description": "Control Description", - "createdAt": "2025-06-03 17:31:57.526", - "updatedAt": "2025-06-03 17:31:57.526" + "id": "frk_ct_68407406644c56d42eac3295", + "name": "Endpoint Security", + "description": "Secure User Endpoint Devices", + "createdAt": "2025-06-04 16:27:49.808", + "updatedAt": "2025-06-04 19:41:06.874" }, { - "id": "frk_ct_683f3b6cfc5f200113d2972f", - "name": "S Acceptable Use", - "description": "Establish an Acceptable Use Policy for Information and Assets", - "createdAt": "2025-06-03 18:14:04.317", - "updatedAt": "2025-06-03 18:14:04.317" + "id": "frk_ct_683f3ecd42e62fde624c59c1", + "name": "Policy Compliance", + "description": "Ensure Compliance with Security Policies and Standards", + "createdAt": "2025-06-03 18:28:29.154", + "updatedAt": "2025-06-04 19:41:01.555" }, { "id": "frk_ct_683f4036b541126388e2989a", - "name": "S Security Governance Roles", + "name": "Security Governance Roles", "description": "Define Security Roles and Responsibilities", "createdAt": "2025-06-03 18:34:29.668", - "updatedAt": "2025-06-03 18:34:29.668" - }, - { - "id": "frk_ct_683f3ecd42e62fde624c59c1", - "name": "S Policy Compliance", - "description": "Ensure Compliance with Security Policies and Standards", - "createdAt": "2025-06-03 18:28:29.154", - "updatedAt": "2025-06-03 18:34:29.907" + "updatedAt": "2025-06-04 19:41:01.679" }, { "id": "frk_ct_683f41e775f4ca03d8f6bae2", - "name": "S Management Security Accountability", + "name": "Management Security Accountability", "description": "Ensure Management Addresses Security Responsibilities", "createdAt": "2025-06-03 18:41:43.467", - "updatedAt": "2025-06-03 18:44:34.060" + "updatedAt": "2025-06-04 19:41:01.801" }, { "id": "frk_ct_683f42c71eea99f22f9df060", - "name": "S Asset Inventory", + "name": "Asset Inventory", "description": "Maintain an Inventory of Information Assets", "createdAt": "2025-06-03 18:45:27.396", - "updatedAt": "2025-06-03 18:51:13.986" + "updatedAt": "2025-06-04 19:41:01.922" }, { "id": "frk_ct_683f43a65de3b6044e63220f", - "name": "S Personnel Security", + "name": "Personnel Security", "description": "Screen onboard offboard securely", "createdAt": "2025-06-03 18:49:09.819", - "updatedAt": "2025-06-03 18:51:14.207" + "updatedAt": "2025-06-04 19:41:02.105" }, { "id": "frk_ct_683f4457b14856e700c8c25b", - "name": "S Disciplinary process", + "name": "Disciplinary process", "description": "Establish a Disciplinary Process for Security Violations", "createdAt": "2025-06-03 18:52:06.698", - "updatedAt": "2025-06-03 18:53:00.377" + "updatedAt": "2025-06-04 19:41:02.231" }, { "id": "frk_ct_683f44c8074680be528353c1", - "name": "S Data Retention & Destruction", + "name": "Data Retention & Destruction", "description": "Follow retention; securely dispose", "createdAt": "2025-06-03 18:54:00.325", - "updatedAt": "2025-06-03 18:54:00.325" + "updatedAt": "2025-06-04 19:41:02.378" }, { "id": "frk_ct_683f45c5058c486f3fa5b7bc", - "name": "S Regulatory Liaison", + "name": "Regulatory Liaison", "description": "Maintain Contact with Authorities", "createdAt": "2025-06-03 18:58:13.372", - "updatedAt": "2025-06-03 18:58:13.372" + "updatedAt": "2025-06-04 19:41:02.510" }, { "id": "frk_ct_683f464bec8bea67de7b9c31", - "name": "S Information Classification", + "name": "Information Classification", "description": "Classify Information by Sensitivity", "createdAt": "2025-06-03 19:00:26.503", - "updatedAt": "2025-06-03 19:00:26.503" + "updatedAt": "2025-06-04 19:41:02.645" }, { "id": "frk_ct_683f46f3f181af3f93773c1d", - "name": "S Security Monitoring & Detection", + "name": "Security Monitoring & Detection", "description": "Central SIEM with alerting", "createdAt": "2025-06-03 19:03:14.483", - "updatedAt": "2025-06-03 19:03:14.483" + "updatedAt": "2025-06-04 19:41:02.777" }, { "id": "frk_ct_683f47cc2faa426603d6bee8", - "name": "S Security Incident Management", + "name": "Security Incident Management", "description": "Establish an Incident Management Policy and Procedures", "createdAt": "2025-06-03 19:06:52.138", - "updatedAt": "2025-06-03 19:06:52.138" + "updatedAt": "2025-06-04 19:41:03.035" }, { "id": "frk_ct_683f484fc7b5506ab97c26af", - "name": "S Risk Management", + "name": "Risk Management", "description": "Maintain a Risk Management Program", "createdAt": "2025-06-03 19:09:02.849", - "updatedAt": "2025-06-03 19:09:02.849" + "updatedAt": "2025-06-04 19:41:03.156" }, { "id": "frk_ct_683f48ee9534e1e0a088e922", - "name": "S Supplier Security", + "name": "Supplier Security", "description": "Ensure Security in Supplier Relationships", "createdAt": "2025-06-03 19:11:41.449", - "updatedAt": "2025-06-03 19:11:41.449" - }, - { - "id": "frk_ct_683f4a410cf5bf6d40bf3583", - "name": "S Access Rights", - "description": "Manage User Access Rights Lifecycle", - "createdAt": "2025-06-03 19:17:20.504", - "updatedAt": "2025-06-03 19:17:20.504" - }, - { - "id": "frk_ct_683f4ae4acbd63d0e558a6f5", - "name": "S Credential Management", - "description": "Protect Authentication Information", - "createdAt": "2025-06-03 19:20:04.055", - "updatedAt": "2025-06-03 19:20:04.055" - }, - { - "id": "frk_ct_683f4b7614d209f8b6ffd477", - "name": "S Resource Capacity Management", - "description": "Perform Capacity Management for Resources", - "createdAt": "2025-06-03 19:22:30.199", - "updatedAt": "2025-06-03 19:22:30.199" - }, - { - "id": "frk_ct_683f4c30e2d3f1117fa58e13", - "name": "S Change management", - "description": "Apply Change Management for Information Systems", - "createdAt": "2025-06-03 19:25:36.373", - "updatedAt": "2025-06-03 19:25:36.373" - }, - { - "id": "frk_ct_683f4c9db20e7cf4a303af1f", - "name": "S Compliance Register", - "description": "Maintain compliance register exceptions", - "createdAt": "2025-06-03 19:27:24.623", - "updatedAt": "2025-06-03 19:27:24.623" - }, - { - "id": "frk_ct_683f4cf6afd7a19be2d4432c", - "name": "S Configuration management", - "description": "Implement Secure Configuration Management", - "createdAt": "2025-06-03 19:28:54.395", - "updatedAt": "2025-06-03 19:28:54.395" - }, - { - "id": "frk_ct_683f4d7360a876b972aba39a", - "name": "S Vulnerability Disclosure", - "description": "Public CVD channel; triage", - "createdAt": "2025-06-03 19:30:59.173", - "updatedAt": "2025-06-03 19:30:59.173" - }, - { - "id": "frk_ct_683f4dd564057a97ae323c9f", - "name": "S Disaster Recovery Planning", - "description": "Test DR; meet RTO/RPO", - "createdAt": "2025-06-03 19:32:37.325", - "updatedAt": "2025-06-03 19:32:37.325" - }, - { - "id": "frk_ct_683f4ef6c6a5481a377be413", - "name": "S Standard Operating Procedures (SOPs)", - "description": "Document Operational Procedures", - "createdAt": "2025-06-03 19:37:26.001", - "updatedAt": "2025-06-03 19:37:26.001" - }, - { - "id": "frk_ct_683f4f59dea367ca96145e14", - "name": "S Independent ISMS Review", - "description": "Conduct Independent Review of the ISMS", - "createdAt": "2025-06-03 19:39:04.628", - "updatedAt": "2025-06-03 19:39:04.628" - }, - { - "id": "frk_ct_683f50556124040dc15d62cb", - "name": "S Continuity-Time Security", - "description": "Maintain Security During Disruptions", - "createdAt": "2025-06-03 19:43:16.530", - "updatedAt": "2025-06-03 19:43:16.530" - }, - { - "id": "frk_ct_683f50aae46f5e4e096e6bb3", - "name": "S Secure SDLC Integration", - "description": "Integrate Information Security into Project Management", - "createdAt": "2025-06-03 19:44:41.732", - "updatedAt": "2025-06-03 19:44:41.732" + "updatedAt": "2025-06-04 19:41:03.278" } ] \ No newline at end of file diff --git a/packages/db/prisma/seed/primitives/FrameworkEditorFramework.json b/packages/db/prisma/seed/primitives/FrameworkEditorFramework.json index b19dabe7e2..82d01b9124 100644 --- a/packages/db/prisma/seed/primitives/FrameworkEditorFramework.json +++ b/packages/db/prisma/seed/primitives/FrameworkEditorFramework.json @@ -1,13 +1,4 @@ [ - { - "id": "frk_681ecc34e85064efdbb76993", - "name": "ISO 27001", - "description": "ISO 27001", - "version": "2022", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-14 19:20:44.920", - "visible": true - }, { "id": "frk_6820c8b318a6d88bf2c4586d", "name": "NIS 2", @@ -62,15 +53,6 @@ "updatedAt": "2025-05-14 19:20:44.920", "visible": false }, - { - "id": "frk_681ebae2f29f0ab08eb802ec", - "name": "SOC 2", - "description": "SOC 2", - "version": "1.0.0", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-19 21:42:04.147", - "visible": true - }, { "id": "frk_683f3102f9ae801df35d47b4", "name": "Test", @@ -90,12 +72,30 @@ "visible": false }, { - "id": "frk_683f377429b8408d1c85f9bd", - "name": "SOC 2 A", - "description": "Accorp", + "id": "frk_681ebae2f29f0ab08eb802ec", + "name": "SOC 2", + "description": "SOC 2", "version": "1.0.0", + "createdAt": "2025-05-14 19:20:44.920", + "updatedAt": "2025-06-04 19:22:37.620", + "visible": false + }, + { + "id": "frk_683f377429b8408d1c85f9bd", + "name": "SOC 2", + "description": "SOC 2 Type I & II", + "version": "1", "createdAt": "2025-06-03 17:57:07.496", - "updatedAt": "2025-06-03 17:57:14.945", + "updatedAt": "2025-06-04 21:53:53.548", + "visible": true + }, + { + "id": "frk_681ecc34e85064efdbb76993", + "name": "ISO 27001", + "description": "ISO 27001", + "version": "2022", + "createdAt": "2025-05-14 19:20:44.920", + "updatedAt": "2025-06-05 10:38:33.912", "visible": false } ] \ No newline at end of file diff --git a/packages/db/prisma/seed/primitives/FrameworkEditorPolicyTemplate.json b/packages/db/prisma/seed/primitives/FrameworkEditorPolicyTemplate.json index dfeb4d1150..5d7cc22cfc 100644 --- a/packages/db/prisma/seed/primitives/FrameworkEditorPolicyTemplate.json +++ b/packages/db/prisma/seed/primitives/FrameworkEditorPolicyTemplate.json @@ -1,452 +1,202 @@ [ { - "id": "frk_pt_681e851453f496ccb1636cb5", - "name": "Application Security Policy_v1", - "description": "This policy outlines the security framework and requirements for applications, notably web applications, within the organization's production environment.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Application Security Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This application security policy defines the security framework and requirements for applications, notably web applications, within the organization's production environment.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This document also provides implementing controls and instructions for web application security, to include periodic vulnerability scans and other types of evaluations and assessments.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all applications within the organization's production environment, as well as administrators and users of these applications. This typically includes employees and contractors.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Background", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Application vulnerabilities typically account for the largest number of initial attack vectors after malware infections. As a result, it is important that applications are designed with security in mind, and that they are scanned and continuously monitored for malicious activity that could indicate a system compromise. Discovery and subsequent mitigation of application vulnerabilities will limit the organization's attack surface, and ensures a baseline level of security across all systems.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "In addition to scanning guidance, this policy also defines technical requirements and procedures to ensure that applications are properly hardened in accordance with security best practices.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Data Classification Policy", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "OWASP Risk Rating Methodology", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "OWASP Testing Guide", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "OWASP Top Ten Project", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Security Best Practices", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "The organization must ensure that all applications it develops and/or acquires are securely configured and managed. The following security best practices must be considered and, if feasible, applied as a matter of the application's security design:", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Data handled and managed by the application must be classified in accordance with the Data Classification Policy.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "If the application processes confidential information, a confidential record banner must be prominently displayed which highlights the type of confidential data being accessed (e.g., personally-identifiable information (PII), protected health information (PHI), etc.)", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Third-Party Applications", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "When applications are acquired from a third party, such as a vendor:", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Only applications that are supported by an approved vendor shall be procured and used.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Full support contracts must be arranged with the application vendor for full life-cycle support.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Web Application Assessment", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "Web applications must be assessed according to the following criteria:", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "New or major application releases must have a full assessment prior to approval of the change control documentation and/or release into the production environment.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Vulnerability Risk Levels", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "Vulnerabilities discovered during application assessments must be mitigated based upon the following risk levels, which are based on the Open Web Application Security Project (OWASP) Risk Rating Methodology:", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "High Risk", "type": "text"}]}, {"type": "bulletList", "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Issues must be fixed immediately", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Alternate mitigation strategies must be implemented to limit exposure before deployment", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Security Assessment Types", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "The following security assessment types may be leveraged to perform an application security assessment:", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "Full Assessment", "type": "text"}]}, {"type": "bulletList", "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Comprised of tests for all known web application vulnerabilities", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Uses both automated and manual tools based on the OWASP Testing Guide", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Must leverage manual penetration testing techniques", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Validates discovered vulnerabilities to determine overall risk", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "Quick Assessment", "type": "text"}]}, {"type": "bulletList", "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Consists of an automated scan of an application", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Covers, at minimum, the OWASP Top Ten web application security risks", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "Targeted Assessment", "type": "text"}]}, {"type": "bulletList", "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Verifies vulnerability remediation changes", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Validates new application functionality", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Additional Security Controls", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "To counter the risk of unauthorized access, the organization maintains a Data Center Security Policy.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Security requirements for the software development life cycle, including system development, acquisition and maintenance are defined in the Software Development Lifecycle Policy.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Security requirements for handling information security incidents are defined in the Security Incident Response Policy.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Disaster recovery and business continuity management policy is defined in the Disaster Recovery Policy.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Requirements for information system availability and redundancy are defined in the System Availability Policy.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:41:33.537" - }, - { - "id": "frk_pt_681e8514d07bde4c01f083b1", - "name": "Availability Policy_v1", - "description": "This policy defines the requirements for ensuring that information systems and data are available for use when needed.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Availability Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Revision History", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Version", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Date", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Description", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "1.0", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Initial document", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The purpose of this policy is to define requirements for proper controls to protect the availability of the organization's information systems.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all users of information systems within the organization. This typically includes employees and contractors, as well as any external parties that come into contact with systems and information controlled by the organization (hereinafter referred to as \"users\"). This policy must be made readily available to all users.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Background", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "The intent of this policy is to minimize the amount of unexpected or unplanned downtime (also known as outages) of information systems under the organization's control. This policy prescribes specific measures for the organization that will increase system redundancy, introduce failover mechanisms, and implement monitoring such that outages are prevented as much as possible. Where they cannot be prevented, outages will be quickly detected and remediated.", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "Within this policy, availability is defined as a characteristic of information or information systems in which such information or systems can be accessed by authorized entities whenever needed.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Risk Assessment Policy", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "System Availability Requirements", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Information systems must be consistently available to conduct and support business operations.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Information systems must have a defined availability classification, with appropriate controls enabled and incorporated into development and production processes based on this classification.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "System and network failures must be reported promptly to the organization's lead for Information Technology (IT) or designated IT operations manager.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Users must be notified of scheduled outages (e.g., system maintenance) that require periods of downtime. This notification must specify the date and time of the system maintenance, expected duration, and anticipated system or service resumption time.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Prior to production use, each new or significantly modified application must have a completed risk assessment that includes availability risks. Risk assessments must be completed in accordance with the Risk Assessment Policy.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Capacity management and load balancing techniques must be used, as deemed necessary, to help minimize the risk and impact of system failures.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Backup Requirements", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "Information systems must have an appropriate data backup plan that ensures:", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All sensitive data can be restored within a reasonable time period.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Full backups of critical resources are performed on at least a weekly basis.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Incremental backups for critical resources are performed on at least a daily basis.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Backups and associated media are maintained for a minimum of thirty (30) days and retained for at least one (1) year, or in accordance with legal and regulatory requirements.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Backups are stored off-site with multiple points of redundancy and protected using encryption and key management.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Tests of backup data must be conducted once per quarter. Tests of configurations must be conducted twice per year.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Redundancy and Failover", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "Information systems must have an appropriate redundancy and failover plan that meets the following criteria:", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Network infrastructure that supports critical resources must have system-level redundancy (including but not limited to a secondary power supply, backup disk-array, and secondary computing system).", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Critical core components must have an actively maintained spare. SLAs must require parts replacement within twenty-four (24) hours.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Servers that support critical resources must have redundant power supplies and network interface cards.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Servers classified as high availability must use disk mirroring.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Business Continuity", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "Information systems must have an appropriate business continuity plan that adheres to the following availability classifications and requirements:", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Availability Classification", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Availability Requirements", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Scheduled Outage", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Recovery Time", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Data Loss or Impact Loss", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "High", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "High to Continuous", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "30 minutes", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "1 hour", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Minimal", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Medium", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Standard Availability", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "2 hours", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "4 hours", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Some data loss is tolerated if it results in quicker restoration", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Low", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Limited Availability", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "4 hours", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Next business day", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Some data loss is tolerated if it results in quicker restoration", "type": "text"}]}]}]}, {"type": "paragraph", "content": [{"text": "The business continuity plan must also ensure:", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Recovery time requirements and data loss limits must be adhered to with specific documentation in the plan.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Company and/or external critical resources, personnel, and necessary corrective actions must be specifically identified.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Specific responsibilities and tasks for responding to emergencies and resuming business operations must be included in the plan.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All applicable legal and regulatory requirements must be satisfied.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Requirements for information system availability and redundancy are defined in the System Availability Policy.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:41:42.559" - }, - { - "id": "frk_pt_681e8514ba0cf2deb9ef66c0", - "name": "Change Management Policy_v1", - "description": "This policy establishes standardized procedures for managing changes to IT systems and infrastructure to minimize risk and disruption.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Change Management Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "IT Management", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Restricted", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy outlines the process for managing changes to systems and infrastructure, ensuring all modifications are reviewed, approved, tested, and documented.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All change requests must be submitted via the designated change management system.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Changes must be reviewed and approved by the Change Advisory Board (CAB) before implementation, except for approved emergency changes.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Post-implementation reviews must be conducted to ensure changes did not negatively impact operations.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:41:55.317" - }, - { - "id": "frk_pt_681e8514cdc55480f813f41b", - "name": "General Classification Policy_v1", - "description": "This policy provides a general framework for classification of assets and information.", - "frequency": "yearly", - "department": "gov", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Data Classification Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This data classification policy defines the requirements to ensure that information within the organization is protected at an appropriate level.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This document applies to the entire scope of the organization's information security program. It includes all types of information, regardless of its form, such as paper or electronic documents, applications and databases, and knowledge or information that is not written.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all individuals and systems that have access to information kept by the organization.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Background", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy defines the high level objectives and implementation instructions for the organization's data classification scheme. This includes data classification levels, as well as procedures for the classification, labeling and handling of data within the organization. Confidentiality and non-disclosure agreements maintained by the organization must reference this policy.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Classification Levels", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"type": "paragraph", "content": [{"text": "Confidentiality Level", "type": "text", "marks": [{"type": "bold"}]}]}]}, {"type": "tableCell", "content": [{"type": "paragraph", "content": [{"text": "Label", "type": "text", "marks": [{"type": "bold"}]}]}]}, {"type": "tableCell", "content": [{"type": "paragraph", "content": [{"text": "Classification Criteria", "type": "text", "marks": [{"type": "bold"}]}]}]}, {"type": "tableCell", "content": [{"type": "paragraph", "content": [{"text": "Access Restrictions", "type": "text", "marks": [{"type": "bold"}]}]}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Public", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "For Public Release", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Making the information public will not harm the organization in any way.", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Information is available to the public.", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Internal Use", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Internal Use", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Unauthorized access may cause minor damage and/or inconvenience to the organization.", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Information is available to all employees and authorized third parties.", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Restricted", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Restricted", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Unauthorized access to information may cause considerable damage to the business and/or the organization's reputation.", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Information is available to a specific group of employees and authorized third parties.", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Unauthorized access to information may cause catastrophic damage to business and/or the organization's reputation.", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Information is available only to specific individuals in the organization.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "If classified information is received from outside the organization, the person who receives the information must classify it in accordance with the rules prescribed in this policy. The person thereby will become the owner of the information.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "If classified information is received from outside the organization and handled as part of business operations activities (e.g., customer data on provided cloud services), the information classification, as well as the owner of such information, must be made in accordance with the specifications of the respective customer service agreement and other legal requirements.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "When classifying information, the level of confidentiality is determined by:", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": " Value", "type": "text"}, {"text": ": ", "type": "text"}, {"text": "The value of the information, based on impacts identified during the risk assessment process.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": " Sensitivity", "type": "text"}, {"text": ": ", "type": "text"}, {"text": "Sensitivity and criticality of the information, based on the highest risk calculated for each information item during the risk assessment.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": " Legal obligations", "type": "text"}, {"text": ": ", "type": "text"}, {"text": "Legal, regulatory and contractual obligations.", "type": "text"}]}]}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Appendices", "type": "text"}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Appendix A: Handling of Classified Information", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "Information and information systems must be handled according to detailed guidelines covering:", "type": "text"}]}, {"type": "bulletList", "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Paper Documents", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Electronic Documents", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Information Systems", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Electronic Mail", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Electronic Storage Media", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Information Transmitted Orally", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:01.310" - }, - { - "id": "frk_pt_681e851474b8d8dcd4ecc52d", - "name": "Code of Conduct Policy_v1", - "description": "This policy outlines the expected standards of behavior and ethical conduct for all employees and representatives of the organization.", - "frequency": "yearly", - "department": "hr", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Code of Conduct Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Human Resources", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The purpose of this policy is to define expected behavior from employees towards their colleagues, supervisors, and the organization as a whole.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All employees and contractors must follow this policy as outlined in their Employment Offer Letter or Independent Contractor Agreement while performing their duties.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Compliance with Law: Employees must understand and comply with environmental, safety, and fair dealing laws while ensuring ethical and responsible conduct in their job duties.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Respect in the Workplace: Discriminatory behavior, harassment, or victimization is strictly prohibited.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Protection of Company Property: Employees must not misuse company equipment, respect intellectual property, and protect material property from damage.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Personal Appearance: Employees must present themselves in a professional manner and adhere to the company dress code.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Corruption: Employees must not accept bribes or inappropriate gifts from clients or partners.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Job Duties and Authority: Employees must act with integrity, respect team members, and avoid abuse of authority when delegating responsibilities.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Absenteeism and Tardiness: Employees must adhere to their designated work schedules unless exceptions are approved by their hiring manager.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Conflict of Interest: Employees must avoid personal or financial interests that interfere with their job duties.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Collaboration: Employees must promote a positive and cooperative work environment.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Communication: Employees must maintain open and professional communication with colleagues and supervisors.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Benefits: Employees must not abuse employment benefits, such as time off, insurance, or company resources.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Policy Adherence: Employees must comply with all company policies. Questions should be directed to HR or their hiring manager.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Disciplinary Actions", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Violations of this policy may result in disciplinary actions, including but not limited to:", "type": "text"}]}, {"type": "bulletList", "content": [{"type": "listItem", "content": [{"text": "Demotion", "type": "text"}]}, {"type": "listItem", "content": [{"text": "Reprimand", "type": "text"}]}, {"type": "listItem", "content": [{"text": "Suspension or termination", "type": "text"}]}, {"type": "listItem", "content": [{"text": "Reduction of benefits", "type": "text"}]}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Serious violations such as corruption, theft, or embezzlement may result in legal action.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:06.339" - }, - { - "id": "frk_pt_681e8514115392afbe309f7f", - "name": "Confidentiality Policy_v1", - "description": "This policy defines the requirements for protecting confidential information from unauthorized access, use, or disclosure.", - "frequency": "yearly", - "department": "gov", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Confidentiality Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The purpose of this policy is to define guidelines for maintaining the confidentiality of sensitive and proprietary information within the organization.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all employees, contractors, third-party vendors, and other individuals who access confidential information belonging to the organization.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Confidential information includes, but is not limited to, customer data, trade secrets, intellectual property, financial records, employee records, and other sensitive organizational data.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Confidential Information Handling", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Confidential information must be accessed only by authorized individuals with a legitimate business need.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Confidential data must be encrypted at rest and in transit to prevent unauthorized access.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Employees must use company-approved systems and communication channels for handling confidential data.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Unauthorized disclosure, duplication, or transmission of confidential data is strictly prohibited.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Non-Disclosure Agreements (NDAs)", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All employees, contractors, and third-party vendors must sign a Non-Disclosure Agreement (NDA) before accessing confidential information.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "NDAs outline obligations to protect and prevent the unauthorized use or disclosure of confidential information.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Violations of an NDA may result in disciplinary action, contract termination, and potential legal consequences.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Access Control Measures", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Access to confidential information is based on the principle of least privilege (PoLP).", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Users must authenticate via company-approved methods (e.g., Multi-Factor Authentication) before accessing confidential data.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Confidential data must not be stored on personal devices unless explicitly authorized.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Incident Reporting and Enforcement", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Employees must report any suspected or actual breaches of confidentiality to the Information Security Manager (ISM) immediately.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Violations of this policy may result in disciplinary actions, including termination of employment or legal action.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:11.967" - }, - { - "id": "frk_pt_681e8514ad468431b62a04bf", - "name": "Corporate Governance Policy_v1", - "description": "This policy outlines the structure, responsibilities, and processes that guide the organization's overall direction and management.", - "frequency": "yearly", - "department": "gov", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Corporate Governance Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Board of Directors", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Revision History", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Version", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Date", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Description", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "1.0", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Initial version", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy provides a framework for effective governance by outlining the responsibilities of the board, senior management, and related committees. It applies to all members of the board and senior leadership.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Board Oversight and Management Responsibilities", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Ensure the board maintains independence from management.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Review and approve internal control frameworks and risk management reports regularly.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Establish committees and processes for oversight of key business functions.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Review and update this policy at least annually.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Risk Management Policy", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:17.553" - }, - { - "id": "frk_pt_681e85144c3f0e334c13c449", - "name": "Cyber Risk Policy_v1", - "description": "This policy outlines the strategies and procedures for identifying, assessing, and mitigating cyber risks to protect organizational assets and ensure operational resilience.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Cyber Risk Assessment Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The purpose of this policy is to establish a structured approach for conducting cyber risk assessments to identify, evaluate, and mitigate cybersecurity threats to the organization.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all employees, contractors, and third parties responsible for cybersecurity risk management within the organization.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Cyber risk assessments must be conducted on all critical systems, networks, and applications to ensure compliance with security policies and regulatory requirements.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Cyber Risk Assessment Process", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The organization must establish a cyber risk assessment methodology that includes identifying assets, assessing threats, evaluating vulnerabilities, and determining potential impact.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All risks must be documented in a cyber risk register and categorized based on severity and business impact.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Cyber risk assessments must be conducted at least annually and whenever significant changes to the IT infrastructure or threat landscape occur.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Identified risks must be assigned an owner responsible for implementing appropriate mitigation measures.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Cyber Risk Mitigation Strategies", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The organization must implement cyber risk mitigation strategies based on the severity of identified risks, including risk avoidance, acceptance, transfer, or reduction.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Cybersecurity controls such as firewalls, encryption, endpoint protection, and access controls must be implemented to reduce risk to an acceptable level.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Cyber risk treatment plans must be reviewed periodically to ensure their continued effectiveness.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Reporting and Compliance", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Cyber risk assessment results must be reported to senior management and cybersecurity stakeholders for informed decision-making.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The organization must comply with industry standards, regulations, and best practices for cybersecurity risk management.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Cyber risk assessments must be updated periodically to adapt to evolving cyber threats and business changes.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Non-compliance with this policy may result in corrective actions, including enhanced security controls, additional training, or disciplinary measures.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:22.940" - }, - { - "id": "frk_pt_681e85148e122ac6129f816b", - "name": "Disaster Recovery Policy_v1", - "description": "This policy outlines the procedures for recovering IT systems and data in the event of a disaster to ensure business continuity.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Disaster Recovery Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy establishes the framework for disaster recovery planning to ensure the organization can recover from disruptive events, including natural disasters, cyber incidents, and other emergencies.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "A disaster recovery plan must be developed, documented, and maintained for all critical systems and data.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The disaster recovery plan must include recovery time objectives (RTO) and recovery point objectives (RPO) for each critical system.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Regular testing of the disaster recovery plan must be conducted to ensure its effectiveness and to identify areas for improvement.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All employees must be trained on their roles and responsibilities in the event of a disaster.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Business Continuity Policy", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:47.832" - }, - { - "id": "frk_pt_681e8514c347be33fc7e30eb", - "name": "Human Resources Policy_v1", - "description": "This policy defines guidelines for HR practices including employee conduct, data privacy, and security awareness.", - "frequency": "yearly", - "department": "hr", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Human Resources Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "HR Director", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Internal", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy governs all aspects of human resource management including recruitment, performance management, and employee accountability for internal control responsibilities.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Recruitment processes must include background checks and verification of qualifications for roles with access to sensitive information.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Employees must complete training on internal controls and ethical behavior during onboarding and at regular intervals.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Performance evaluations shall include assessments of adherence to internal control responsibilities.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:43:44.300" - }, - { - "id": "frk_pt_681e8514dd1b9d1effbac601", - "name": "Incident Response Policy_v1", - "description": "This policy outlines the procedures for responding to and managing security incidents to minimize impact and restore normal operations quickly.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Incident Response Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "CISO", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy defines the steps for identifying, reporting, and responding to security incidents to minimize impact and restore normal operations as quickly as possible.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Establish an Incident Response Team (IRT) with defined roles and responsibilities.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Implement processes for incident detection, reporting, containment, eradication, and recovery.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Conduct regular incident response training and simulation exercises.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:43:49.937" - }, - { - "id": "frk_pt_681e8514f1394ef0a3180c5e", - "name": "Vendor Risk Management Policy_v1", - "description": "This policy outlines the criteria and procedures for evaluating, selecting, and monitoring third-party vendors to manage risks associated with external service providers.", - "frequency": "yearly", - "department": "gov", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Vendor Risk Management Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Procurement", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Restricted", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy establishes guidelines for evaluating and managing risks associated with vendors and third-party service providers.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Conduct risk assessments for all vendors prior to engagement.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Maintain ongoing monitoring and periodic reassessment of vendor risk.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Include appropriate security and compliance requirements in vendor contracts.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:43:55.167" - }, - { - "id": "frk_pt_681e851487680f5947b37844", - "name": "Password Policy_v1", - "description": "This policy defines the requirements for creating and managing strong passwords.", - "frequency": "yearly", - "department": "it", - "content": [], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:59.777" - }, - { - "id": "frk_pt_681e85147720a7016af7fc98", - "name": "Privacy Policy_v1", - "description": "This policy outlines the criteria and procedures for handling personal data and ensuring compliance with privacy regulations.", - "frequency": "yearly", - "department": "gov", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Privacy Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Privacy Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy outlines the organization's practices for handling personal data, including collection, processing, retention, and disposal, to ensure compliance with privacy regulations.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Obtain explicit consent prior to collecting personal data where required.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Limit the collection of personal data to what is necessary for business purposes.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Ensure personal data is stored securely and only accessible to authorized personnel.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:43:05.439" - }, - { - "id": "frk_pt_681e85140f3371cb58787962", - "name": "Risk Assessment Policy_v1", - "description": "This policy defines the process and responsibilities for conducting risk assessments to identify, analyze, and evaluate potential threats and vulnerabilities.", - "frequency": "yearly", - "department": "gov", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Risk Assessment Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The purpose of this policy is to establish a structured approach for identifying, evaluating, and mitigating risks associated with the organization's information systems, operations, and assets.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all employees, contractors, and third parties responsible for assessing and managing risk within the organization.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Risk assessments must be conducted for all business units, departments, and critical systems to ensure compliance with regulatory and security requirements.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Risk Assessment Process", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The organization must establish a formal risk assessment methodology that includes identifying assets, assessing threats, determining vulnerabilities, and evaluating impact and likelihood.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All risks must be documented in a risk register and categorized based on their severity and potential business impact.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Risk assessments must be conducted at least annually and whenever significant changes to systems, processes, or threats occur.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All identified risks must be assigned an owner responsible for implementing appropriate mitigation measures.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Risk Mitigation Strategies", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The organization must implement risk mitigation strategies based on the level of identified risk, including risk avoidance, acceptance, transfer, and reduction.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Controls must be implemented to reduce risk to an acceptable level, including security controls, process improvements, and technical safeguards.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Risk treatment plans must be reviewed periodically to ensure continued effectiveness.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:43:12.669" - }, - { - "id": "frk_pt_681e85146d1a55e5ec51924c", - "name": "Software Development Lifecycle Policy_v1", - "description": "This policy outlines the requirements for the software development lifecycle to ensure secure, reliable, and high-quality software development practices.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Software Development Lifecycle (SDLC) Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The purpose of this policy is to define a structured Software Development Lifecycle (SDLC) to ensure secure, reliable, and high-quality software development practices.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all software development teams, including employees, contractors, and third-party developers involved in designing, developing, testing, deploying, and maintaining software for the organization.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The policy covers all software, including internal applications, customer-facing applications, and third-party integrated software solutions.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Software Development Lifecycle Phases", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "1. Planning & Requirements:", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Define business, functional, and security requirements before software development begins. Risk assessments must be conducted to identify security concerns early in the process.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "2. Design & Architecture:", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Software design must incorporate security principles, including secure authentication, encryption, and least privilege access controls.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "3. Development & Implementation:", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Developers must adhere to secure coding practices, including input validation, proper error handling, and protection against known vulnerabilities (e.g., OWASP Top Ten threats).", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "4. Testing & Validation:", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "All software must undergo security, functional, and performance testing before deployment. Automated and manual security testing must be conducted, including penetration testing and code reviews.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:43:26.316" - }, - { - "id": "frk_pt_681e851459c0f07f94a8e37f", - "name": "System Change Policy_v1", - "description": "This policy outlines the requirements for system changes to ensure secure, reliable, and high-quality software development practices.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "System Change Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This information security policy defines how changes to information systems are planned and implemented.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to the entire information security program at the organization (i.e. to all information and communications technology, as well as related documentation).", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All employees, contractors, part-time and temporary workers, service providers, and those employed by others to perform work for the organization, or who have been granted to the organization's information and communications technology, must comply with this policy.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Background", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy defines specific requirements to ensure that changes to systems and applications are properly planned, evaluated, reviewed, approved, communicated, implemented, documented, and reviewed, thereby ensuring the greatest probability of success. Where changes are not successful, this document provides mechanisms for conducting post-implementation review such that future mistakes and errors can be prevented.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All changes to information systems must follow a standardized process that includes planning, testing, approval, and documentation.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:43:37.776" - }, - { - "id": "frk_pt_681e8514fe074f8dd4dede29", - "name": "Third Party Policy_v1", - "description": "This policy outlines the requirements for third party integrations to ensure secure, reliable, and high-quality software development practices.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Third-Party Management Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy defines the rules for relationships with the organization's Information Technology (IT) third-parties and partners.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all IT third-parties and partners who can impact the confidentiality, integrity, and availability of the organization's technology and sensitive information, or who are within the scope of the organization's information security program.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all employees and contractors responsible for the management and oversight of IT third-parties and partners of the organization.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Background", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "The overall security of the organization is highly dependent on the security of its contractual relationships with its IT suppliers and partners. This policy defines requirements for effective management and oversight of such suppliers and partners from an information security perspective. It prescribes minimum security standards third-parties must meet, including security clauses, risk assessments, service level agreements, and incident management.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Information Security Policy", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Security Incident Response Policy", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "IT third-parties are prohibited from accessing the organization's information security assets until a contract containing security controls is agreed to and signed by the appropriate parties.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All IT third-parties must comply with the security policies defined in the Information Security Policy.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All security incidents involving IT third-parties or partners must be documented per the Security Incident Response Policy and immediately reported to the Information Security Manager (ISM).", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The organization must adhere to the terms of all Service Level Agreements (SLAs) entered into with IT third-parties. As SLAs are updated or new agreements are made, necessary changes or controls must be implemented to maintain compliance.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:44:01.227" - }, - { - "id": "frk_pt_681e8514cc14467963d0c7b5", - "name": "Workstation Policy_v1", - "description": "This policy outlines the requirements for workstations to ensure secure, reliable, and high-quality software development practices.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Workstation Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy defines best practices to reduce the risk of data loss or exposure through workstations.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all employees and contractors using workstations.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Workstations are defined as all company-owned and personal devices containing company data.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Workstation Device Requirements", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Operating systems must be no more than one generation older than the current version.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Devices must be encrypted at rest to protect company data.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Devices must be locked when not in use or when an employee leaves the workstation.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Workstations must be used for authorized business purposes only.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Loss or destruction of devices must be reported immediately to IT.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Laptops and desktop devices must run the latest version of IT-approved antivirus software.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Desktop & Laptop Devices", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All desktop and laptop devices must be company-owned and managed by IT.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Personal devices are not allowed to access company data or systems.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All devices must have a password-protected screensaver that activates after 5 minutes of inactivity.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Devices must be returned to IT upon termination of employment.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Mobile Devices", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Mobile devices used for business purposes must be enrolled in Mobile Device Management (MDM).", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All mobile devices must have a passcode or biometric authentication enabled.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Mobile devices must be kept up to date with the latest security patches.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Lost or stolen devices must be reported immediately to IT for remote wipe.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Software Installation", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Only IT-approved software may be installed on company devices.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Users must not attempt to bypass security controls or install unauthorized software.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All software must be kept up to date with the latest security patches.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Data Protection", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Sensitive data must be stored in approved locations only.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Data must be backed up regularly using approved backup solutions.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Users must not store sensitive data on personal devices or cloud storage.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Information Security Policy", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Data Protection Policy", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:44:07.060" - }, - { - "id": "frk_pt_681e851422bde5d0dd74a186", - "name": "Access Control Policy_V1", - "description": "Sets boundaries on how employees may use company systems, data, and internet resources to ensure productivity, legal compliance, and information security.", + "id": "frk_pt_683d2f8cfdf08987e67a2dff", + "name": "Information Protection Policy", + "description": "This policy preserves the confidentiality, integrity, and availability of organizational information by establishing clear requirements for data retention and secure disposal, network protections, and strong cryptographic safeguards for data at rest and in transit.", "frequency": "yearly", "department": "none", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Access Control Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "CISO", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Restricted", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy governs access to all organizational systems and data. It is designed to enforce the principle of least privilege and protect sensitive information from unauthorized access.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Access rights must be granted based on business need and reviewed periodically.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "User authentication must incorporate strong passwords and multi-factor authentication.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Access privileges must be promptly revoked upon termination or role change.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:41:04.556" - }, - { - "id": "frk_pt_681e85144a0a9cfbe7465490", - "name": "Business Continuity Policy_v1", - "description": "This policy outlines the procedures and strategies for ensuring that essential business functions can continue during and after a disruption.", - "frequency": "yearly", - "department": "gov", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Business Continuity & Disaster Recovery Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "IT & Business Continuity Committee", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy provides guidelines and procedures to ensure the continuous operation of critical business processes and the rapid recovery of IT systems following a disruptive event.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Identify critical business functions and define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Develop, maintain, and test business continuity and disaster recovery plans.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Ensure backup systems, data redundancy, and failover mechanisms are in place.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:41:49.365" - }, - { - "id": "frk_pt_681e8514b0b466fffc94c8a7", - "name": "Data Center Policy_v1", - "description": "This policy outlines the security and operational requirements for data centers to protect physical infrastructure and ensure service availability.", - "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Datacenter Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Chief Information Security Officer", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "The purpose of this policy is to define security and operational requirements for the organization's datacenter facilities to ensure protection, availability, and reliability of critical systems and data.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "This policy applies to all employees, contractors, vendors, and third-party service providers who access or maintain datacenter infrastructure.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All datacenter locations, including on-premises, colocation, and cloud facilities that host the organization's critical IT infrastructure, fall under this policy's scope.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Datacenter Security Requirements", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Datacenters must have physical security controls such as access restrictions, video surveillance, and intrusion detection systems.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Access to the datacenter must be granted only to authorized personnel with a legitimate business need.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Visitor access must be logged, monitored, and restricted to authorized escorts within the facility.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Multi-factor authentication must be required for personnel accessing restricted areas of the datacenter.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Environmental Controls", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Datacenters must have redundant power supplies and backup generators to ensure continuous operation.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Temperature and humidity must be monitored and maintained within manufacturer-recommended ranges for critical equipment.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Fire suppression systems must be in place to protect against damage to IT infrastructure.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Datacenter Access and Auditing", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Access logs must be maintained and reviewed periodically to ensure compliance with access control policies.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Annual security assessments must be conducted to evaluate compliance with datacenter security requirements.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Unauthorized access attempts must be reported immediately to security personnel.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Disaster Recovery and Business Continuity", "type": "text"}]}, {"type": "orderedList", "attrs": {"start": 1, "tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Datacenter facilities must be included in the organization's Business Continuity and Disaster Recovery plans.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Data backups must be stored securely and regularly tested to ensure data recoverability.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Datacenter failover plans must be documented and tested periodically.", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:32.782" + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who create, store, transmit, or manage organizational or customer information; and to anyone who administers production or non-production databases, hosts, or network infrastructure in any environment.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Data Retention & Destruction", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-023) Document and maintain guidelines that define retention periods and secure disposal methods for all information assets.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-061) Document a policy for decommissioning information assets containing classified information, including secure sanitization procedures.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-128) Document a policy for disposing of confidential information in accordance with confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-129) Document a policy for decommissioning information assets containing confidential information to meet confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Network Security", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 5}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-074) Prevent public-internet access to production databases and Secure Shell interfaces by enforcing network segmentation and restricted access controls.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-075) Protect every production host with a firewall configured with a deny-by-default rule set.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-076) Document and implement guidelines for communications protection and network security of critical systems.", "type": "text"}]}, {"type": "paragraph"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Secure Data Transfer", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 8}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-071) Encrypt all production databases that store customer data at rest using approved cryptographic mechanisms.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-072) Use industry-standard encryption (e.g., HTTPS with TLS) for all data transmitted over public or untrusted networks.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-073) Apply the same level of cryptographic protection to customer data in non-production environments as in production.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-141) Encrypt production databases containing customer data to meet confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-153) Encrypt production databases to protect system inputs, in-process items, and outputs as specified.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit information-protection exception requests through the ticketing system, providing business justification, compensating controls, and desired duration. The Information Security Officer and data owner jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Continuous monitoring, audits, and incident reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}, {"type": "hardBreak"}]}], + "createdAt": "2025-06-02 04:58:51.740", + "updatedAt": "2025-06-04 19:41:39.207" }, { - "id": "frk_pt_681e85146ec09c23d84a7a05", - "name": "Data Classification Policy_v1", - "description": "This policy establishes guidelines for classifying data based on its sensitivity and defining handling requirements for each classification level.", + "id": "frk_pt_683d2fbdba5115ed83c6652f", + "name": "Secure Development Policy", + "description": "This policy embeds secure-coding and data-validation practices into the software development life cycle (SDLC) to preserve processing integrity and prevent unauthorized or malformed data from compromising organizational systems.", "frequency": "yearly", - "department": "gov", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Data Classification Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "CISO", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Restricted", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy establishes the criteria for classifying data into categories (e.g., Public, Internal, Confidential, Highly Sensitive) and specifies handling requirements for each category.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All data must be classified at the time of creation or receipt.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Classification levels must be defined with corresponding handling, storage, and disposal requirements.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Access to confidential data must be restricted on a need-to-know basis.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:42.023" + "department": "none", + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who design, develop, test, or maintain software applications and services—whether on-premises or in the cloud—that store, process, or transmit organizational or customer data.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Secure SDLC Integration", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-150) Validate software-application input values against defined acceptable ranges to meet processing-integrity objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-151) Enforce completion of mandatory fields before accepting any record entry or edit.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-152) Limit input values to acceptable ranges to satisfy system-input control requirements.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Developers must submit SDLC-related exception requests through the ticketing system, providing business justification, compensating controls, and requested duration. The Application Security Lead and Information Security Officer jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Code reviews, automated scans, and security audits detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate code rollback or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], + "createdAt": "2025-06-02 04:59:41.100", + "updatedAt": "2025-06-04 19:42:21.085" }, { - "id": "frk_pt_683d2f8cfdf08987e67a2dff", - "name": "P-14-IP Information Protection", - "description": "This policy preserves the confidentiality, integrity, and availability of organizational information by establishing clear requirements for data retention and secure disposal, network protections, and strong cryptographic safeguards for data at rest and in transit.", + "id": "frk_pt_683d3302c5965789e22c8d7d", + "name": "Encryption & Cryptographic Control Policy", + "description": "This policy establishes requirements for managing encryption, keys, and cryptographic protections to safeguard the confidentiality and integrity of customer and organizational data at rest and in transit.", "frequency": "yearly", "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who create, store, transmit, or manage organizational or customer information; and to anyone who administers production or non-production databases, hosts, or network infrastructure in any environment.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Data Retention & Destruction", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-023) Document and maintain guidelines that define retention periods and secure disposal methods for all information assets.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-061) Document a policy for decommissioning information assets containing classified information, including secure sanitization procedures.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-128) Document a policy for disposing of confidential information in accordance with confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-129) Document a policy for decommissioning information assets containing confidential information to meet confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Network Security", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 5}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-074) Prevent public-internet access to production databases and Secure Shell interfaces by enforcing network segmentation and restricted access controls.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-075) Protect every production host with a firewall configured with a deny-by-default rule set.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-076) Document and implement guidelines for communications protection and network security of critical systems.", "type": "text"}]}, {"type": "paragraph"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Secure Data Transfer", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 8}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-071) Encrypt all production databases that store customer data at rest using approved cryptographic mechanisms.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-072) Use industry-standard encryption (e.g., HTTPS with TLS) for all data transmitted over public or untrusted networks.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-073) Apply the same level of cryptographic protection to customer data in non-production environments as in production.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-141) Encrypt production databases containing customer data to meet confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-153) Encrypt production databases to protect system inputs, in-process items, and outputs as specified.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit information-protection exception requests through the ticketing system, providing business justification, compensating controls, and desired duration. The Information Security Officer and data owner jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Continuous monitoring, audits, and incident reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}, {"type": "hardBreak"}]}], - "createdAt": "2025-06-02 04:58:51.740", - "updatedAt": "2025-06-02 04:59:21.375" + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who design, implement, or manage cryptographic solutions, keys, databases, and network services—whether in production or non-production environments—that store or transmit organizational or customer data.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Encryption Key Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-086) Document and maintain a policy that governs encryption and cryptographic-protection controls, including key generation, storage, rotation, and retirement.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Secure Data Transfer", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 2}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-071) Encrypt all production databases that store customer data at rest using approved cryptographic mechanisms.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-072) Use industry-standard encryption (e.g., HTTPS with TLS) to keep data confidential during transmission over public or untrusted networks.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-073) Apply the same level of cryptographic protection to customer data in non-production environments as in production.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-141) Encrypt production databases containing customer data to meet confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-153) Encrypt production databases to protect system inputs, in-process items, and outputs as specified by system requirements.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit cryptographic-control exception requests through the ticketing system, providing business justification, compensating controls, and requested duration. The Information Security Officer and Data Owner jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated encryption checks, audits, and security reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate key revocation, access removal, or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], + "createdAt": "2025-06-02 05:13:38.181", + "updatedAt": "2025-06-04 19:42:46.651" }, { - "id": "frk_pt_683d2de2d5691a4ba424edff", - "name": "P-12-LG Logging", - "description": "This policy mandates continuous monitoring and logging to detect, evaluate, and respond to security events, thereby protecting the integrity, availability, and reliability of organizational systems and controls.", + "id": "frk_pt_683d333874c936f38d84fecc", + "name": "Incident Response Policy", + "description": "This policy ensures the organization can rapidly detect, report, and respond to information-security incidents to minimize business impact, fulfill legal obligations, and protect stakeholder interests.", "frequency": "yearly", "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who design, administer, or use the organization’s information systems, networks, and cloud services that generate, store, or analyze security-related logs.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Security Monitoring & Detection", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-027) Configure systems to generate log information that is reviewed to assess impacts on internal control performance.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-043) Use a continuous-monitoring system to track and report the overall health of the information security program.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-044) Use a continuous-monitoring system to communicate internal-control deficiencies to stakeholders.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-053) Develop and refine control activities through insights gained from the continuous-monitoring system.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-087) Use a continuous-monitoring system to evaluate security events and identify failures to meet security objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-088) Use a continuous-monitoring system to track and report security incidents to stakeholders.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Security Logging", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 7}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-105) Configure infrastructure to generate audit events for security-related actions to support detection monitoring.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-106) Configure infrastructure to review and analyze audit events to detect anomalous activity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-107) Configure infrastructure to generate audit events for system-component monitoring.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-108) Configure infrastructure to review and analyze audit events for anomaly detection.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-109) Configure infrastructure to generate audit events for security-event evaluation.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-110) Configure infrastructure to review and analyze audit events to support incident analysis.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit logging exceptions through the ticketing system, detailing business justification, compensating controls, and requested duration. The Information Security Officer and system owner jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated log reviews, audits, and security monitoring detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], - "createdAt": "2025-06-02 04:51:46.215", - "updatedAt": "2025-06-02 04:52:34.585" + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who use, administer, or support organizational information systems, data, or services—across on-premises and cloud environments.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Security Incident Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-028) Provide employees with clear instructions in the Information Security Policies on how to report failures, incidents, concerns, or complaints.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-045) Establish reporting mechanisms that allow employees to communicate internal-control deficiencies promptly and confidentially.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-091) Maintain a documented incident-response policy and procedure that defines roles, responsibilities, and guidelines for handling information-security incidents.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-089) Document guidelines for notifying customers and other stakeholders in the event of a breach.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-090) Maintain records of information-security incidents, including investigations and response-plan execution detail.", "type": "text"}]}, {"type": "paragraph"}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit incident-response exceptions through the ticketing system, providing justification, compensating controls, and required duration. The Information Security Officer and Incident Response Lead must jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Continuous monitoring, audits, and post-incident reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], + "createdAt": "2025-06-02 05:14:32.403", + "updatedAt": "2025-06-04 19:42:53.147" }, { "id": "frk_pt_683d2e212de960aa758a25f5", - "name": "P-13-CP Capacity & Performance Management", + "name": "Capacity & Performance Management", "description": "This policy ensures critical assets are continuously monitored for capacity, performance, and anomalous behavior so the organization can anticipate demand, prevent service degradation, and defend against denial-of-service or other capacity-related threats.", "frequency": "yearly", "department": "none", "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who design, operate, or support the organization’s production infrastructure, applications, networks, and cloud resources that handle business-critical workloads.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Resource Capacity Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-092) Continuously monitor critical assets and generate capacity alerts that support vulnerability detection.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-093) Continuously monitor critical assets for anomaly detection.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-094) Continuously monitor critical assets and analyze data for security-event evaluation.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-131) Continuously monitor critical assets and generate capacity alerts to ensure optimal performance, meet future capacity requirements, and protect against denial-of-service attacks.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit capacity-management exceptions through the ticketing system, providing business justification, compensating controls, and requested duration. The Infrastructure Lead and Information Security Officer jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated monitoring, performance audits, and management reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], "createdAt": "2025-06-02 04:52:49.149", - "updatedAt": "2025-06-02 04:58:18.787" + "updatedAt": "2025-06-04 19:42:08.103" }, { "id": "frk_pt_683d2d85d2a665c6334ff5c3", - "name": "P-11-TPRM Third-Party Risk Management Policy", + "name": "Third-Party Risk Management Policy", "description": "This policy ensures that vendors and other third parties do not introduce unacceptable risk to the organization by establishing a structured program for assessing, monitoring, and mitigating supplier risks aligned with security commitments and regulatory requirements.", "frequency": "yearly", "department": "none", "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and business units that select, onboard, manage, or rely on vendors, subservice organizations, or other third parties that store, process, or transmit organizational data or provide critical services.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Supplier Security", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-032) Perform a formal vendor-risk-assessment exercise at least annually to identify and evaluate vendors critical to system security commitments and requirements.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-046) Review and evaluate all subservice organizations periodically to ensure they continue to meet customer commitments.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-054) Develop and update general control activities based on insights gained from periodic subservice-organization evaluations.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-120) Document policies and procedures for managing vendors and third-party suppliers, including guidance for risk assessment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-121) Document policies and procedures to identify and mitigate vendor risks, incorporating service commitments and system requirements.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit third-party-risk exceptions via the ticketing system, outlining business justification, compensating controls, and desired duration. The Information Security Officer and Vendor Owner must jointly approve, document, and time-limit each exception, which is reviewed upon expiration or earlier if risk conditions change.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Vendor audits, continuous monitoring, and management reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations are handled under HR disciplinary tiers—verbal warning, written warning, suspension, or termination—depending on severity, and may include contract suspension or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], "createdAt": "2025-06-02 04:50:12.968", - "updatedAt": "2025-06-02 04:50:39.156" + "updatedAt": "2025-06-04 19:42:14.642" }, { - "id": "frk_pt_683d2fbdba5115ed83c6652f", - "name": "P-15-SD Secure Development", - "description": "This policy embeds secure-coding and data-validation practices into the software development life cycle (SDLC) to preserve processing integrity and prevent unauthorized or malformed data from compromising organizational systems.", + "id": "frk_pt_683d2de2d5691a4ba424edff", + "name": "Logging Policy", + "description": "This policy mandates continuous monitoring and logging to detect, evaluate, and respond to security events, thereby protecting the integrity, availability, and reliability of organizational systems and controls.", "frequency": "yearly", "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who design, develop, test, or maintain software applications and services—whether on-premises or in the cloud—that store, process, or transmit organizational or customer data.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Secure SDLC Integration", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-150) Validate software-application input values against defined acceptable ranges to meet processing-integrity objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-151) Enforce completion of mandatory fields before accepting any record entry or edit.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-152) Limit input values to acceptable ranges to satisfy system-input control requirements.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Developers must submit SDLC-related exception requests through the ticketing system, providing business justification, compensating controls, and requested duration. The Application Security Lead and Information Security Officer jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Code reviews, automated scans, and security audits detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate code rollback or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], - "createdAt": "2025-06-02 04:59:41.100", - "updatedAt": "2025-06-02 05:07:38.414" + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who design, administer, or use the organization’s information systems, networks, and cloud services that generate, store, or analyze security-related logs.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Security Monitoring & Detection", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-027) Configure systems to generate log information that is reviewed to assess impacts on internal control performance.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-043) Use a continuous-monitoring system to track and report the overall health of the information security program.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-044) Use a continuous-monitoring system to communicate internal-control deficiencies to stakeholders.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-053) Develop and refine control activities through insights gained from the continuous-monitoring system.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-087) Use a continuous-monitoring system to evaluate security events and identify failures to meet security objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-088) Use a continuous-monitoring system to track and report security incidents to stakeholders.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Security Logging", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 7}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-105) Configure infrastructure to generate audit events for security-related actions to support detection monitoring.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-106) Configure infrastructure to review and analyze audit events to detect anomalous activity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-107) Configure infrastructure to generate audit events for system-component monitoring.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-108) Configure infrastructure to review and analyze audit events for anomaly detection.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-109) Configure infrastructure to generate audit events for security-event evaluation.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-110) Configure infrastructure to review and analyze audit events to support incident analysis.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit logging exceptions through the ticketing system, detailing business justification, compensating controls, and requested duration. The Information Security Officer and system owner jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated log reviews, audits, and security monitoring detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], + "createdAt": "2025-06-02 04:51:46.215", + "updatedAt": "2025-06-04 19:42:59.341" }, { - "id": "frk_pt_683d3302c5965789e22c8d7d", - "name": "P-17-CC Cryptographic Controls", - "description": "This policy establishes requirements for managing encryption, keys, and cryptographic protections to safeguard the confidentiality and integrity of customer and organizational data at rest and in transit.", + "id": "frk_pt_683d23ceaf2c5e4e8933b0ae", + "name": "Asset Management Policy", + "description": "This policy ensures that all organizational assets are identified, assigned ownership, and protected according to their value and risk, reducing the likelihood of loss, misuse, or inadequate accountability.", "frequency": "yearly", "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who design, implement, or manage cryptographic solutions, keys, databases, and network services—whether in production or non-production environments—that store or transmit organizational or customer data.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Encryption Key Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-086) Document and maintain a policy that governs encryption and cryptographic-protection controls, including key generation, storage, rotation, and retirement.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Secure Data Transfer", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 2}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-071) Encrypt all production databases that store customer data at rest using approved cryptographic mechanisms.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-072) Use industry-standard encryption (e.g., HTTPS with TLS) to keep data confidential during transmission over public or untrusted networks.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-073) Apply the same level of cryptographic protection to customer data in non-production environments as in production.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-141) Encrypt production databases containing customer data to meet confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-153) Encrypt production databases to protect system inputs, in-process items, and outputs as specified by system requirements.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit cryptographic-control exception requests through the ticketing system, providing business justification, compensating controls, and requested duration. The Information Security Officer and Data Owner jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated encryption checks, audits, and security reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate key revocation, access removal, or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], - "createdAt": "2025-06-02 05:13:38.181", - "updatedAt": "2025-06-02 05:14:00.581" + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who create, use, maintain, or dispose of the organization’s information assets, including hardware, software, data, and cloud resources across all environments.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Asset Inventory", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-015) Establish mechanisms to assign and manage asset ownership and to ensure a common understanding of protection requirements.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-041) Assign and manage asset ownership responsibilities as part of an ongoing evaluation process.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-042) Periodically update and review the system inventory as part of ongoing evaluations.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-060) Develop, document, and maintain an inventory of organizational infrastructure systems for accountability.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit asset-related exception requests through the ticketing system, including business justification, compensating controls, and requested duration. The Information Security Officer and asset owner must approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated monitoring and periodic audits detect non-compliance. Suspected violations are reported to the Information Security Officer and HR. Confirmed violations are addressed under HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include revocation of access or legal action.", "type": "text"}]}], + "createdAt": "2025-06-02 04:08:45.762", + "updatedAt": "2025-06-04 19:43:46.154" }, { - "id": "frk_pt_683d333874c936f38d84fecc", - "name": "P-18-IR Incident Response", - "description": "This policy ensures the organization can rapidly detect, report, and respond to information-security incidents to minimize business impact, fulfill legal obligations, and protect stakeholder interests.", + "id": "frk_pt_683d2375aef9512864fe62bb", + "name": "Access Control Policy", + "description": "This policy establishes controls that limit access to information systems and data to authorized users, thereby reducing the risk of unauthorized disclosure, alteration, or disruption of critical services.", "frequency": "yearly", "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who use, administer, or support organizational information systems, data, or services—across on-premises and cloud environments.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Security Incident Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-028) Provide employees with clear instructions in the Information Security Policies on how to report failures, incidents, concerns, or complaints.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-045) Establish reporting mechanisms that allow employees to communicate internal-control deficiencies promptly and confidentially.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-091) Maintain a documented incident-response policy and procedure that defines roles, responsibilities, and guidelines for handling information-security incidents.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-089) Document guidelines for notifying customers and other stakeholders in the event of a breach.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-090) Maintain records of information-security incidents, including investigations and response-plan execution detail.", "type": "text"}]}, {"type": "paragraph"}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit incident-response exceptions through the ticketing system, providing justification, compensating controls, and required duration. The Information Security Officer and Incident Response Lead must jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Continuous monitoring, audits, and post-incident reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], - "createdAt": "2025-06-02 05:14:32.403", - "updatedAt": "2025-06-02 05:14:58.782" + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who request, grant, or use logical or physical access to the organization’s production consoles, databases, applications, networks, endpoints, and cloud environments—whether on-site or remote.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Access Rights", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-055) Review and approve the list of individuals with production-console access at least annually.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-062) Require authorized personnel to approve logical access provisioning to critical systems based on individual need or predefined role.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-063) Document policies and procedures that register and authorize users before issuing system credentials.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-064) Use continuous monitoring to alert the security team to adjust access levels promptly when roles change.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-065) Periodically review and confirm that access to critical systems is limited to personnel who require it.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-066) Periodically review and confirm that administrative access to critical systems is limited to personnel who require it.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-067) Remove or disable logical access promptly when it is no longer required, including upon termination.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-068) Restrict production-database access to personnel whose job functions require it.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-145) Require documented approval for logical access provisioning to critical systems to ensure accurate and timely output delivery.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-146) Document policies and procedures that govern access control for storing inputs, in-process items, and outputs according to system specifications.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Credential Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 11}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-069) Document and publish guidelines for password management and secure login mechanisms.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-070) Enforce secure login mechanisms, including multi-factor authentication, for all staff with access to critical systems.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Remote-Work Security", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 13}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-079) Perform security and privacy compliance checks on software versions and patches of remote devices before allowing internal connections.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-080) Configure endpoints that access critical servers or data to auto-lock after 15 minutes of inactivity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-111) Conduct ongoing security and privacy compliance checks on remote devices to support security-event evaluation.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Segregation Of Duties", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 16}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-059) Segregate responsibilities and duties to mitigate risks to customer services.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit access-related exception requests through the ticketing system, providing business justification, compensating controls, and requested duration. The Information Security Officer and system owner jointly review and approve or reject each request. Approved exceptions are documented, time-bound, and reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated monitoring, periodic audits, and managerial oversight detect access-control violations. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations are addressed under HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], + "createdAt": "2025-06-02 04:07:16.844", + "updatedAt": "2025-06-04 19:43:54.993" }, { - "id": "frk_pt_681e8514fd94abd1ded805aa", - "name": "Information Security Policy_v1", - "description": "This policy establishes the framework for protecting the organization's information assets by defining security objectives, roles, responsibilities, and controls.", + "id": "frk_pt_683d29e47d5ca62e4146ff62", + "name": "Business Continuity Policy", + "description": "This policy ensures the organization can quickly restore critical operations after a disruption by maintaining reliable backups, robust disaster-recovery plans, and validated continuity procedures, thereby reducing the risk of prolonged outages, data loss, and safety hazards.", "frequency": "yearly", - "department": "it", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Information Security Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "CISO", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "The purpose of this policy is to protect the confidentiality, integrity, and availability of information assets by establishing security requirements and responsibilities across the organization. This policy applies to all employees, contractors, and third-party service providers.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All information assets shall be classified and handled according to their sensitivity.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Access to information must be restricted based on role and business need.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Security controls such as encryption, firewalls, and intrusion detection systems must be implemented and regularly tested.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Data Classification Policy", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:42:53.246" + "department": "none", + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all business units, employees, contractors, and third parties who design, operate, or support the organization’s information systems, infrastructure, and facilities—whether on-premises or in the cloud—that are required to sustain or restore business operations.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Disaster Recovery Planning", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-102) Document a policy that defines data-backup management requirements for security-incident recovery.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-132) Document a policy that aligns data-backup practices with established recovery-time and recovery-point objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-133) Back up user and system data regularly to meet recovery objectives and verify backup integrity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-134) Test backup media periodically to confirm reliability and information integrity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-138) Test backup data periodically as part of recovery-plan validation.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-103) Document guidelines that govern disaster-recovery activities required to sustain business operations.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-135) Document guidelines that address disaster recovery for environmental protection and business continuity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-139) Document disaster-recovery guidelines that specify procedures for recovery-plan testing.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-104) Document policies and procedures that support ongoing business operations and contingency controls.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-136) Document contingency-planning controls that protect operations and the environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-140) Document business-continuity policies that define requirements for recovery-plan testing.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-137) Conduct regular tests and exercises to evaluate the effectiveness and readiness of the contingency plan.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit business-continuity exceptions through the ticketing system, providing business justification, compensating controls, and requested duration. The Information Security Officer and Business Continuity Manager review each request; approved exceptions are documented, time-bound, and re-evaluated at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Audits, monitoring tools, and incident reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations are addressed under HR disciplinary tiers—verbal warning, written warning, suspension, or termination—according to severity, and may include immediate access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], + "createdAt": "2025-06-02 04:34:43.519", + "updatedAt": "2025-06-04 19:44:01.990" }, { - "id": "frk_pt_681e851431b4692f3f69ca29", - "name": "Risk Management Policy_v1", - "description": "This policy establishes the framework for identifying, assessing, treating, and monitoring risks across the organization to protect its assets and achieve its objectives.", + "id": "frk_pt_683d2b1405adc4b3773db2c6", + "name": "Endpoint Protection Policy", + "description": "This policy safeguards the organization’s information assets by ensuring endpoints are protected against malware, encrypted against unauthorized access, and accurately inventoried, thereby minimizing the risk of compromise, data loss, or service disruption.", "frequency": "yearly", - "department": "gov", - "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"text": "Risk Management Policy", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy Information", "type": "text"}]}, {"type": "table", "content": [{"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "Organization", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Last Review", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Review Frequency", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Approved By", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Classification", "type": "text"}]}]}, {"type": "tableRow", "content": [{"type": "tableCell", "content": [{"text": "{{organization}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "{{date}}", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Annual", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Risk Committee", "type": "text"}]}, {"type": "tableCell", "content": [{"text": "Confidential", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Purpose and Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy establishes the framework and process for identifying, assessing, and mitigating risks that could impact the organization's objectives. It applies to all business units and processes.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "Policy", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Conduct risk assessments at least annually and whenever significant changes occur.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Document identified risks in a risk register and assign risk owners.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Implement risk mitigation strategies based on the assessed impact and likelihood.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "References", "type": "text"}]}, {"type": "orderedList", "attrs": {"tight": true}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Information Security Policy", "type": "text"}]}]}]}], - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-06-01 01:43:17.914" + "department": "none", + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who configure, use, or manage organizational endpoints—laptops, desktops, mobile devices, and servers—whether on-premises or remote, that access, store, or process organizational data.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Malware Protection", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-078) Ensure endpoints that access critical servers or data are protected by approved malware-protection software.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Endpoint Security Administration", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 2}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-084) Document and maintain policies and procedures that govern endpoint security and related controls.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-085) Develop, document, and maintain an inventory of organizational endpoint systems, capturing details necessary for accountability.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-082) Encrypt endpoints that access critical servers or data to prevent unauthorized access.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-083) Encrypt all critical endpoints to prevent unauthorized access.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-142) Encrypt endpoints that access critical servers or data to protect confidential information from unauthorized disclosure.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must request endpoint-security exceptions through the ticketing system, providing business justification, compensating controls, and requested duration. The Information Security Officer and system owner jointly review, approve, document, and time-limit each exception, which is re-evaluated at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated monitoring, audits, and security reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity and may include immediate access revocation, device quarantine, or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], + "createdAt": "2025-06-02 04:39:47.774", + "updatedAt": "2025-06-04 19:44:12.582" + }, + { + "id": "frk_pt_683d2cbc12b93dc5c8fe3a7d", + "name": "Change Management Policy ", + "description": "This policy ensures that all changes to the operating environment are planned, approved, tested, and documented so that system integrity, availability, and accuracy are preserved during and after implementation.", + "frequency": "yearly", + "department": "none", + "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who request, approve, develop, test, or deploy changes to the organization’s applications, infrastructure, and configuration items across production, staging, and development environments.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Change Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-113) Establish and follow approval procedures before implementing any changes to the operating environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-114) Document policies and procedures that govern change management activities.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-115) Implement standardized procedures to control all changes to the operating environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-147) Conduct application regression testing during change management to validate key processing for integrity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-148) Require formal approval for changes that affect output accuracy and timeliness.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-149) Conduct regression testing to verify accurate output delivery after changes are implemented.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Configuration Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 7}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-116) Establish approval procedures before implementing configuration changes to the operating environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-117) Document policies and procedures that govern configuration-change activities.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-118) Implement standardized procedures to control all configuration changes to the operating environment.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit change-related exception requests through the ticketing system, providing business justification, compensating controls, and requested duration. The Change Advisory Board (CAB) and the Information Security Officer must jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated logging, change audits, and management reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations are handled under HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity and may include change rollback or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], + "createdAt": "2025-06-02 04:46:52.065", + "updatedAt": "2025-06-04 19:44:21.237" }, { "id": "frk_pt_683d2315c8fc7f97a083081c", - "name": "P-01-ISP Information Security Program", + "name": "Information Security Program", "description": "This policy defines and governs the organization’s information security program to protect the confidentiality, integrity, and availability of information assets and to reduce risks arising from inadequate governance, oversight, or staff awareness.", "frequency": "yearly", "department": "none", "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who design, build, manage, or use the organization’s information systems, data, networks, facilities, and cloud services across all locations.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Policy Compliance", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-002) Establish procedures requiring staff to periodically acknowledge all applicable company policies.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-003) Establish procedures requiring new staff to acknowledge applicable company policies during onboarding.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-022) Make all policies and procedures readily available for staff review.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-127) Document an Information Security Policy that governs the confidentiality, integrity, and availability of information systems.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Security Governance Roles", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 5}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-004) Outline and document cybersecurity responsibilities for all personnel.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-005) Communicate roles and responsibilities to staff through established procedures.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-006) Maintain an organizational structure that defines authorities, facilitates information flow, and establishes responsibilities.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-007) Appoint a Compliance Program Manager responsible for planning and implementing the internal control environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-008) Assign an Information Security Officer to centrally manage and maintain the enterprise-wide cybersecurity and privacy program.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-009) Appoint a People Operations Officer to develop and drive personnel-related security strategies.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-033) Delegate the Information Security Officer to coordinate, develop, implement, and maintain the enterprise-wide cybersecurity and privacy program.", "type": "text"}, {"type": "hardBreak"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Management Security Accountability", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 12}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-010) Ensure senior management reviews and approves all company policies at least annually.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-011) Ensure senior management reviews and approves the organizational chart for all employees annually.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-012) Ensure senior management reviews and approves the Risk Assessment Report annually.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-013) Ensure senior management reviews and approves the Information Security Program at planned intervals or upon significant change.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-014) Ensure senior management reviews and approves the Vendor Risk Assessment Report annually.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-034) Conduct annual policy reviews to evaluate ongoing effectiveness.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-035) Conduct annual organizational chart reviews to evaluate ongoing effectiveness.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-036) Conduct annual risk assessment reviews to evaluate ongoing effectiveness.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-037) Conduct ongoing evaluations of Information Security Program effectiveness.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-038) Conduct annual vendor risk assessment reviews to evaluate ongoing effectiveness.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-039) Communicate Information Security Program status to senior management for corrective action.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-040) Communicate policy compliance status to senior management for corrective action.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-048) Develop control activities based on insights from annual policy reviews.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-049) Develop control activities based on insights from annual organizational chart reviews.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-050) Develop control activities based on insights from annual risk assessment reviews.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-051) Develop control activities based on insights from Information Security Program reviews.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-052) Develop control activities based on insights from annual vendor risk assessment reviews.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Disciplinary Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 29}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-021) Require periodic evaluations of employees in IT, Engineering, and Information Security roles to confirm responsibilities are fulfilled.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Regulatory Liaison", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 30}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-024) Display current service information on a customer-accessible website.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-025) Provide customers with clear instructions for reporting failures, incidents, concerns, or complaints.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Standard Operating Procedures (SOPs)", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 32}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-122) Document policies and procedures that establish expected behavior within the control environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-123) Document policies and procedures that support general control activities over technology.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-124) Deploy control activities in accordance with documented policies and procedures.", "type": "text"}, {"type": "hardBreak"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Personnel Security", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 35}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-016) Perform security risk screening of individuals before authorizing access.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-017) Ensure security-related positions are staffed by qualified personnel with necessary skills.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-018) Provide job-related information security and privacy training to staff.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-019) Require new staff to complete security and privacy literacy training during onboarding.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-020) Document, monitor, and retain individual training activities and records.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit exception requests via the ticketing system, providing business justification, compensating controls, and requested duration. The Information Security Officer and Compliance Program Manager must approve, document, and time-bound each exception, which is reviewed at expiration or sooner if conditions change.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "E. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated monitoring, audits, and management reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations are addressed under HR’s disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity and intent, and may include access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], "createdAt": "2025-06-02 04:05:40.674", - "updatedAt": "2025-06-02 04:06:29.832" + "updatedAt": "2025-06-04 19:43:08.606" }, { "id": "frk_pt_683d2865c3f65743f7c7a350", - "name": "P-07-AUP Acceptable Use ", + "name": "Acceptable Use Policy", "description": " Define acceptable behaviour and technology usage so employees safeguard organisational assets, uphold confidentiality, integrity and availability, and foster a respectful work environment.", "frequency": "yearly", "department": "none", "content": [{"type": "paragraph", "content": [{"text": "A. Applicability and Scope", "type": "text", "marks": [{"type": "bold"}]}, {"type": "hardBreak", "marks": [{"type": "bold"}]}, {"text": " This policy applies to all employees, contractors, interns and third parties who access or use the organisation’s information systems, networks, devices or data in any location (office, remote or hybrid) from onboarding through off-boarding.", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Acceptable Use Standards", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "bulletList", "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Access company resources only with unique, organisation-issued credentials protected by multi-factor authentication; never share secrets or leave sessions unattended.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Maintain device hygiene: install security patches promptly, run approved endpoint protection, enable full-disk encryption and auto-lock screens after ≤ 5 minutes idle.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Store sensitive data only in approved services; transmit it via encrypted channels (e.g., VPN, TLS); copying to personal storage requires written approval.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Use a corporate VPN on untrusted networks and refrain from operating rogue Wi-Fi, personal hotspots or network-scanning tools without authorisation.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Prohibited activities include pirated software, illegal content, harassment, crypto-mining, personal commercial ventures and any action that degrades service or security.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All activity on corporate assets may be logged and reviewed to defend against threats; users have no expectation of personal privacy on these assets.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "Personal devices (BYOD) accessing company data must enrol in mobile-device management and may be remotely wiped on termination or suspected compromise.", "type": "text"}]}]}]}, {"type": "paragraph", "content": [{"text": "Policy Acknowledgement", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "bulletList", "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "New personnel acknowledge all applicable policies during onboarding.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "All personnel re-acknowledge annually (or when significant changes occur) to reinforce accountability and awareness.", "type": "text"}]}]}]}, {"type": "paragraph", "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}, {"type": "hardBreak", "marks": [{"type": "bold"}]}, {"text": " Employees request acceptable-use exceptions through the ticketing system, providing business justification, compensating controls and duration. The Information Security Officer and HR jointly approve, document and time-limit each exception, reviewing it at or before expiration.", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "D. Violations and Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}, {"type": "hardBreak", "marks": [{"type": "bold"}]}, {"text": " Automated monitoring, audits and management oversight detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension or termination—based on severity, and may include immediate access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], "createdAt": "2025-06-02 04:28:21.280", - "updatedAt": "2025-06-02 04:34:18.741" + "updatedAt": "2025-06-04 19:43:22.614" }, { "id": "frk_pt_683d26b7a8705c7002350b01", - "name": "P-04-RM Risk Management Policy ", + "name": "Risk Management Policy ", "description": "This policy establishes a structured risk management process to identify, analyze, and treat threats that could jeopardize the organization’s ability to meet its security commitments and business objectives.", "frequency": "yearly", "department": "none", "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all business units, employees, contractors, and third parties involved in planning, operating, or supporting the organization’s information systems, services, and infrastructure across all environments.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Risk Assessment And Treatment", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-029) Perform a formal risk-assessment exercise at least annually, following documented guidelines to identify threats that could impair security commitments and requirements.", "type": "text"}, {"type": "hardBreak"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-030) Assess each identified risk and assign a risk score based on likelihood and impact on confidentiality, integrity, and availability, mapping risks to mitigating factors.", "type": "text"}, {"type": "hardBreak"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-031) Include consideration of potential fraud as a factor in the risk matrix when evaluating risks.", "type": "text"}, {"type": "hardBreak"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-119) Document, maintain, and follow policies and procedures that identify risks to business objectives and incorporate service commitments and system requirements into risk mitigation plans.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must request exceptions via the ticketing system, providing justification, proposed compensating controls, and desired duration. The Information Security Officer and Risk Owner jointly approve, document, and time-limit each exception, which is reviewed upon expiration or earlier if risk levels change.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Audits and continuous monitoring detect non-compliance with this policy. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations are addressed per HR disciplinary tiers—verbal warning, written warning, suspension, or termination—depending on severity, and may include immediate risk mitigation actions or legal referral.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], "createdAt": "2025-06-02 04:21:10.980", - "updatedAt": "2025-06-02 04:21:45.746" - }, - { - "id": "frk_pt_683bb08aaa1930f0786c21c1", - "name": "Acceptable Use Policy", - "description": "Sets boundaries on how employees may use company systems, data, and internet resources to ensure productivity, legal compliance, and information security.", - "frequency": "yearly", - "department": "none", - "content": [{"type": "heading", "attrs": {"level": 2}, "content": [{"text": "1. Objective", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "This policy outlines the appropriate and secure use of organizational information systems and digital assets. Its goal is to support a strong security posture ensuring system security, controlled access, and protection of sensitive data against misuse or unauthorized exposure.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "2. Applicability and Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "This policy is mandatory for all individuals granted access to the organization's technological resources, including full-time and part-time employees, contractors, vendors, and other authorized users, whether accessing systems on company premises or remotely.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "3. Authorized and Expected Use", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "3.1 Professional Use Expectations", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "- Users must operate technology systems in a professional manner consistent with their duties.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Data classified as proprietary or confidential must be used strictly in line with internal data protection controls.", "type": "text"}, {"type": "hardBreak"}, {"text": "- All access to data and systems must be job-relevant and formally approved when required.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "3.2 Limitations on Non-Business Use", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "- Any installation or use of third-party software without prior IT approval is forbidden.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Company data must not be transferred to external, unvetted platforms.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Activities on company-owned resources are subject to monitoring and must not be presumed private.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "4. Digital Communication and Messaging", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "- Do not engage with unsolicited email attachments unless verified.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Any suspicious email or message must be reported to the security response team immediately.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Personal communication tools must not be used for transmitting work-related information.", "type": "text"}, {"type": "hardBreak"}, {"text": "- All business communication must occur through sanctioned corporate channels.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "5. Credentials and Physical Access Devices", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "- Badge access or digital keys are non-transferable.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Report any lost, stolen, or compromised access devices without delay.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Return issued access tools immediately upon termination of need or employment.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "6. Network and Web Conduct", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "- Access to restricted or high-risk websites is not allowed without formal authorization.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Cloud storage and file sharing services must be officially approved and compliant.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Use of VPNs and encryption protocols must align with IT security standards.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "7. Endpoint Usage Guidelines", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "- System security settings must not be bypassed or altered.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Do not install or connect personal devices to enterprise systems without consent.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Implement measures to prevent screen exposure of sensitive data.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Company credentials are to be used exclusively for sanctioned applications.", "type": "text"}, {"type": "hardBreak"}, {"text": "- Signing up for non-business services using work email is not permitted.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "8. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Any deviation from this policy must be formally reviewed and approved by the organization's executive leadership. Such exceptions must be documented with justification and applicable limitations.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "9. Violations and Disciplinary Protocols", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Violations of this policy will be handled under progressive disciplinary actions, which may include warnings, suspension, access revocation, or termination, depending on the severity and frequency of the breach.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "10. Policy Governance and Maintenance", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "This policy will be reassessed annually by the Compliance and Security team to ensure it meets ongoing SOC 2 standards. Policy revisions will be communicated to all stakeholders and enforced across all departments.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], - "createdAt": "2025-06-01 01:44:42.085", - "updatedAt": "2025-06-01 01:50:12.904" + "updatedAt": "2025-06-04 19:43:28.786" }, { "id": "frk_pt_683d27517ca91b1c3c748256", - "name": "P-06-SAT Security Awareness & Training Policy", + "name": "Security Awareness & Training Policy", "description": "This policy promotes a security-conscious culture by setting behavioral expectations and ensuring all personnel possess the knowledge and qualifications necessary to safeguard organizational assets.", "frequency": "yearly", "department": "none", "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who access, manage, or support the organization’s information systems, devices, and data—whether on-site or remote.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Acceptable Use", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-001) Document a policy that defines behavioral standards and acceptable business conduct.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-047) Establish guidelines for acceptable and unacceptable technology usage, including consequences for violations.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-125) Require staff to periodically acknowledge applicable company policies to reinforce confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-126) Require new staff to acknowledge applicable company policies during onboarding to support confidentiality objectives.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Personnel Security", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 5}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-016) Perform security risk screening of individuals before authorizing access.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-017) Ensure security-related positions are staffed by qualified individuals with the necessary skill sets.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-018) Provide information security and privacy training tailored to each staff member’s job functions.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-019) Require new staff to complete security and privacy literacy training during onboarding.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-020) Document, monitor, and retain individual training activities and records.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit written exception requests through the ticketing system, including business justification, compensating controls, and requested duration. The Information Security Officer and HR must jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Monitoring, audits, and management oversight detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include mandatory retraining or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], "createdAt": "2025-06-02 04:23:45.315", - "updatedAt": "2025-06-02 04:24:41.432" + "updatedAt": "2025-06-04 19:43:34.272" }, { "id": "frk_pt_683d2716ed82ad63da55dc7f", - "name": "P-05-ICH Information Classification & Handling Policy", + "name": "Information Classification & Handling Policy", "description": "This policy ensures all information assets are consistently classified and labeled so they receive protection commensurate with their sensitivity and integrity requirements, reducing the risk of unauthorized disclosure or processing errors.", "frequency": "yearly", "department": "none", "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who create, store, process, transmit, or dispose of organizational information in any form—physical or digital—across all systems, facilities, and cloud environments.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Information Classification", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-026) Document and maintain policies and procedures for physical and logical labeling of information in accordance with the data-classification scheme.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-130) Physically and logically label information systems and media to identify confidential information as required by classification guidelines.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-143) Label information systems to support processing-integrity objectives and align with approved data definitions.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-144) Apply physical and logical labels to information systems to enforce policies over system inputs that affect processing integrity.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must request classification-related exceptions through the ticketing system, providing business justification, proposed compensating controls, and desired duration. The Information Security Officer and data owner jointly review, approve, document, and time-limit each exception, which is re-evaluated at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Audits, automated scans, and monitoring detect misclassification or mishandling of information. Suspected violations are reported to the Information Security Officer and HR. Confirmed violations are addressed under HR’s disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include mandatory retraining or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], "createdAt": "2025-06-02 04:22:46.117", - "updatedAt": "2025-06-02 04:23:18.431" - }, - { - "id": "frk_pt_683d23ceaf2c5e4e8933b0ae", - "name": "P-03-AM Asset Management Policy", - "description": "This policy ensures that all organizational assets are identified, assigned ownership, and protected according to their value and risk, reducing the likelihood of loss, misuse, or inadequate accountability.", - "frequency": "yearly", - "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who create, use, maintain, or dispose of the organization’s information assets, including hardware, software, data, and cloud resources across all environments.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Asset Inventory", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-015) Establish mechanisms to assign and manage asset ownership and to ensure a common understanding of protection requirements.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-041) Assign and manage asset ownership responsibilities as part of an ongoing evaluation process.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-042) Periodically update and review the system inventory as part of ongoing evaluations.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-060) Develop, document, and maintain an inventory of organizational infrastructure systems for accountability.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit asset-related exception requests through the ticketing system, including business justification, compensating controls, and requested duration. The Information Security Officer and asset owner must approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated monitoring and periodic audits detect non-compliance. Suspected violations are reported to the Information Security Officer and HR. Confirmed violations are addressed under HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include revocation of access or legal action.", "type": "text"}]}], - "createdAt": "2025-06-02 04:08:45.762", - "updatedAt": "2025-06-02 04:17:49.170" - }, - { - "id": "frk_pt_683d2375aef9512864fe62bb", - "name": "P-02-AC Access Control", - "description": "This policy establishes controls that limit access to information systems and data to authorized users, thereby reducing the risk of unauthorized disclosure, alteration, or disruption of critical services.", - "frequency": "yearly", - "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who request, grant, or use logical or physical access to the organization’s production consoles, databases, applications, networks, endpoints, and cloud environments—whether on-site or remote.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Access Rights", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-055) Review and approve the list of individuals with production-console access at least annually.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-062) Require authorized personnel to approve logical access provisioning to critical systems based on individual need or predefined role.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-063) Document policies and procedures that register and authorize users before issuing system credentials.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-064) Use continuous monitoring to alert the security team to adjust access levels promptly when roles change.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-065) Periodically review and confirm that access to critical systems is limited to personnel who require it.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-066) Periodically review and confirm that administrative access to critical systems is limited to personnel who require it.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-067) Remove or disable logical access promptly when it is no longer required, including upon termination.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-068) Restrict production-database access to personnel whose job functions require it.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-145) Require documented approval for logical access provisioning to critical systems to ensure accurate and timely output delivery.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-146) Document policies and procedures that govern access control for storing inputs, in-process items, and outputs according to system specifications.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Credential Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 11}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-069) Document and publish guidelines for password management and secure login mechanisms.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-070) Enforce secure login mechanisms, including multi-factor authentication, for all staff with access to critical systems.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Remote-Work Security", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 13}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-079) Perform security and privacy compliance checks on software versions and patches of remote devices before allowing internal connections.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-080) Configure endpoints that access critical servers or data to auto-lock after 15 minutes of inactivity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-111) Conduct ongoing security and privacy compliance checks on remote devices to support security-event evaluation.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Segregation Of Duties", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 16}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-059) Segregate responsibilities and duties to mitigate risks to customer services.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit access-related exception requests through the ticketing system, providing business justification, compensating controls, and requested duration. The Information Security Officer and system owner jointly review and approve or reject each request. Approved exceptions are documented, time-bound, and reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated monitoring, periodic audits, and managerial oversight detect access-control violations. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations are addressed under HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], - "createdAt": "2025-06-02 04:07:16.844", - "updatedAt": "2025-06-02 04:08:14.871" - }, - { - "id": "frk_pt_683d29e47d5ca62e4146ff62", - "name": "P-08-BCP Business Continuity Policy", - "description": "This policy ensures the organization can quickly restore critical operations after a disruption by maintaining reliable backups, robust disaster-recovery plans, and validated continuity procedures, thereby reducing the risk of prolonged outages, data loss, and safety hazards.", - "frequency": "yearly", - "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all business units, employees, contractors, and third parties who design, operate, or support the organization’s information systems, infrastructure, and facilities—whether on-premises or in the cloud—that are required to sustain or restore business operations.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Disaster Recovery Planning", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-102) Document a policy that defines data-backup management requirements for security-incident recovery.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-132) Document a policy that aligns data-backup practices with established recovery-time and recovery-point objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-133) Back up user and system data regularly to meet recovery objectives and verify backup integrity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-134) Test backup media periodically to confirm reliability and information integrity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-138) Test backup data periodically as part of recovery-plan validation.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-103) Document guidelines that govern disaster-recovery activities required to sustain business operations.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-135) Document guidelines that address disaster recovery for environmental protection and business continuity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-139) Document disaster-recovery guidelines that specify procedures for recovery-plan testing.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-104) Document policies and procedures that support ongoing business operations and contingency controls.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-136) Document contingency-planning controls that protect operations and the environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-140) Document business-continuity policies that define requirements for recovery-plan testing.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-137) Conduct regular tests and exercises to evaluate the effectiveness and readiness of the contingency plan.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit business-continuity exceptions through the ticketing system, providing business justification, compensating controls, and requested duration. The Information Security Officer and Business Continuity Manager review each request; approved exceptions are documented, time-bound, and re-evaluated at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Audits, monitoring tools, and incident reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations are addressed under HR disciplinary tiers—verbal warning, written warning, suspension, or termination—according to severity, and may include immediate access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], - "createdAt": "2025-06-02 04:34:43.519", - "updatedAt": "2025-06-02 04:39:18.912" - }, - { - "id": "frk_pt_683d2b1405adc4b3773db2c6", - "name": "P-09-EP Endpoint Protection", - "description": "This policy safeguards the organization’s information assets by ensuring endpoints are protected against malware, encrypted against unauthorized access, and accurately inventoried, thereby minimizing the risk of compromise, data loss, or service disruption.", - "frequency": "yearly", - "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who configure, use, or manage organizational endpoints—laptops, desktops, mobile devices, and servers—whether on-premises or remote, that access, store, or process organizational data.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Malware Protection", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-078) Ensure endpoints that access critical servers or data are protected by approved malware-protection software.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Endpoint Security Administration", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 2}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-084) Document and maintain policies and procedures that govern endpoint security and related controls.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-085) Develop, document, and maintain an inventory of organizational endpoint systems, capturing details necessary for accountability.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-082) Encrypt endpoints that access critical servers or data to prevent unauthorized access.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-083) Encrypt all critical endpoints to prevent unauthorized access.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-142) Encrypt endpoints that access critical servers or data to protect confidential information from unauthorized disclosure.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must request endpoint-security exceptions through the ticketing system, providing business justification, compensating controls, and requested duration. The Information Security Officer and system owner jointly review, approve, document, and time-limit each exception, which is re-evaluated at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated monitoring, audits, and security reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity and may include immediate access revocation, device quarantine, or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], - "createdAt": "2025-06-02 04:39:47.774", - "updatedAt": "2025-06-02 04:40:09.068" - }, - { - "id": "frk_pt_683d2cbc12b93dc5c8fe3a7d", - "name": "P-10-CM Change Management Policy ", - "description": "This policy ensures that all changes to the operating environment are planned, approved, tested, and documented so that system integrity, availability, and accuracy are preserved during and after implementation.", - "frequency": "yearly", - "department": "none", - "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third parties who request, approve, develop, test, or deploy changes to the organization’s applications, infrastructure, and configuration items across production, staging, and development environments.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Change Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-113) Establish and follow approval procedures before implementing any changes to the operating environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-114) Document policies and procedures that govern change management activities.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-115) Implement standardized procedures to control all changes to the operating environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-147) Conduct application regression testing during change management to validate key processing for integrity.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-148) Require formal approval for changes that affect output accuracy and timeliness.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-149) Conduct regression testing to verify accurate output delivery after changes are implemented.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Configuration Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 7}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-116) Establish approval procedures before implementing configuration changes to the operating environment.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-117) Document policies and procedures that govern configuration-change activities.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-118) Implement standardized procedures to control all configuration changes to the operating environment.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit change-related exception requests through the ticketing system, providing business justification, compensating controls, and requested duration. The Change Advisory Board (CAB) and the Information Security Officer must jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated logging, change audits, and management reviews detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations are handled under HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity and may include change rollback or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], - "createdAt": "2025-06-02 04:46:52.065", - "updatedAt": "2025-06-02 04:49:29.395" + "updatedAt": "2025-06-04 19:43:40.915" }, { "id": "frk_pt_683d3362f2059bd8f1d493bd", - "name": "P-19-VM Vulnerability Management", + "name": "Vulnerability Management Policy", "description": "This policy ensures timely identification, evaluation, and remediation of vulnerabilities to prevent exploitation, reduce business impact, and maintain the confidentiality, integrity, and availability of organizational systems and data.", "frequency": "yearly", "department": "none", "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to all employees, contractors, and third-party service providers who design, administer, or use organizational platforms, infrastructure, applications, and endpoints—whether on-premises or remote.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Vulnerability Disclosure", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-095) Identify vulnerabilities on the company platform by performing regular vulnerability scans for detection monitoring.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-098) Identify vulnerabilities through periodic scans that monitor individual system components.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-101) Identify vulnerabilities annually through penetration testing to prevent security incidents.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-096) Track and remediate all identified vulnerabilities in accordance with documented procedures.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-099) Track vulnerabilities and remediate them to support anomaly analysis.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-097) Document policies and procedures that establish guidelines for managing technical vulnerabilities.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-100) Document vulnerability-management guidelines that support security-event evaluation.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Configuration & Patch Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 8}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-081) Perform security and privacy compliance checks on software versions and patches of remote devices before internal connections are established.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-112) Perform ongoing security and privacy compliance checks on devices to support security-event evaluation and incident prevention.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit vulnerability-management exception requests through the ticketing system, detailing business justification, compensating controls, and requested duration. The Information Security Officer and Vulnerability Management Lead must jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Automated scans, patch-status reports, and security audits detect non-compliance. Suspected violations are reported to the Information Security Officer and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may include immediate access revocation or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], "createdAt": "2025-06-02 05:15:13.657", - "updatedAt": "2025-06-02 05:22:39.466" + "updatedAt": "2025-06-04 19:44:28.806" + }, + { + "id": "frk_pt_6840747d5056e2862c94d0f5", + "name": "Physical Security Policy", + "description": "Appoint Compliance Program Manager delegated with responsibility for planning and implementing internal control environment", + "frequency": "monthly", + "department": "gov", + "content": [{"type": "paragraph"}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "A. Objective", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy establishes controls that ensure the physical security of the organization’s assets, facilities, and personnel. The goal is to prevent unauthorized physical access, damage, or interference to the organization’s premises and critical infrastructure.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "B. Applicability And Scope", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "This policy applies to all employees, contractors, and third parties who enter or request access to the organization’s premises, including but not limited to offices, data centers, secure rooms, and other physical locations housing critical infrastructure.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "C. Controls", "type": "text"}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Access Rights", "type": "text"}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-001)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Maintain an up-to-date list of individuals authorized for physical access to secure areas, and review this list at least annually.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-002)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Require approval from authorized personnel (e.g., manager, security officer) for physical access provisioning to secure areas based on individual need or predefined role.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-003)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Document procedures to register and authorize visitors and temporary staff before granting them physical access.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-004)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Implement continuous monitoring (e.g., CCTV, security personnel) to detect and respond to unauthorized physical access attempts.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-005)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Periodically review and confirm that access to secure areas is restricted to personnel who require it for their job functions.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-006)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Immediately revoke or disable physical access when it is no longer required, including upon termination or change of role.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-007)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Restrict physical access to critical infrastructure (e.g., server rooms, data centers) to authorized personnel only.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-008)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Require documented approval for any physical access to critical infrastructure, ensuring proper authorization and audit trails.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Key and Badge Management", "type": "text"}]}, {"type": "orderedList", "attrs": {"type": null, "start": 9}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-009)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Implement controls for issuing, tracking, and managing physical keys, access cards, or badges.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-010)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Require secure storage of spare keys or master keys in a locked cabinet accessible only to authorized personnel.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-011)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Periodically review issued keys and badges to ensure they are returned or deactivated when no longer required.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Monitoring and Surveillance", "type": "text"}]}, {"type": "orderedList", "attrs": {"type": null, "start": 12}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-012)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Deploy and maintain surveillance systems (e.g., CCTV) in critical areas, ensuring continuous recording and appropriate retention.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-013)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Monitor physical security systems and alarms to ensure timely detection of security events.", "type": "text"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-014)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Conduct regular inspections of physical security measures (e.g., locks, doors, barriers) to ensure they are functional and effective.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 3}, "content": [{"text": "Segregation Of Duties", "type": "text"}]}, {"type": "orderedList", "attrs": {"type": null, "start": 15}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(P-015)", "type": "text", "marks": [{"type": "bold"}]}, {"text": " Segregate duties among security personnel, facilities management, and IT staff to mitigate risks related to physical security breaches.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "D. Exceptions Process", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "Employees must submit physical security exception requests through the designated ticketing system, providing business justification, compensating controls, and the requested duration. The Information Security Officer and Facilities Manager jointly review, approve, or reject each request. Approved exceptions are documented, time-bound, and reviewed prior to expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 2}, "content": [{"text": "E. Violations And Disciplinary Action", "type": "text"}]}, {"type": "paragraph", "content": [{"text": "Physical security violations are detected through surveillance, periodic audits, and managerial oversight. Suspected violations must be reported to the Information Security Officer and HR for investigation. Confirmed violations are addressed according to HR disciplinary policies—verbal warning, written warning, suspension, or termination—depending on severity, and may include immediate revocation of access or legal action.", "type": "text"}]}], + "createdAt": "2025-06-04 16:29:49.189", + "updatedAt": "2025-06-04 19:44:37.572" }, { "id": "frk_pt_683d352ed697c40275349026", - "name": "P-20-PP Privacy Policy", + "name": "Privacy Policy", "description": "This policy embeds privacy-by-design principles across all business processes to protect personal data, meet global regulatory requirements, and maintain stakeholder trust.", "frequency": "yearly", "department": "none", "content": [{"type": "heading", "attrs": {"level": 4}, "content": [{"text": "A. Applicability And Scope", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "The policy applies to every employee, contractor, and third party that collects, uses, stores, shares, or disposes of personal data on behalf of the organization in any location or system.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "B. Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Privacy Governance & Framework", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 1}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-154) Integrate privacy principles into product and process design through documented policies and procedures.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-155) Publish and maintain a Privacy Policy that satisfies applicable regulatory requirements on the company website.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-156) Include Privacy Act statements on all forms that collect information for systems of records.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-160) Document a Data Protection Policy assigning staff responsibilities for handling personal data.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-167) Appoint a Privacy Officer to oversee and facilitate regulatory compliance.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Data Inventory & Classification", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 6}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-157) Maintain an up-to-date inventory of personal-data categories with sources, usage, and purposes recorded.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Consent & Transparency", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 7}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-158) Obtain user consent as required before processing personal data.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-175) Document procedures for providing privacy notices to data subjects.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-176) Update and communicate changes to privacy practices to data subjects in a timely manner.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-177) Communicate choices available for collection, use, retention, disclosure, and disposal of personal data.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-178) Obtain explicit consent for processing personal data when required.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-179) Document the basis for determining implicit consent where permitted.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-181) Explain the need for explicit consent and the consequences of failure to provide it.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-192) Obtain consent before disclosing personal data to third parties for privacy objectives.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Data Lifecycle & Retention", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 15}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-162) Document retention and disposal guidelines for personal data.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-180) Collect personal data only for stated privacy objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-182) Limit personal-data use to identified privacy objectives.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-183) Retain personal data in line with privacy objectives and legal requirements.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-184) Securely dispose of personal data when no longer required.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-201) Maintain complete and accurate personal-data records throughout the lifecycle.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Data Subject Rights", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 21}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-163) Honour Subject-Access Requests in accordance with this policy.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-185) Grant data subjects access to stored personal data for review.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-186) Provide copies of personal data upon request in electronic or physical form.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-187) Inform data subjects of access denial and the reasons when applicable.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-188) Correct, amend, or append personal data on valid data-subject request.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-189) Communicate corrections to third parties as committed or required.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-190) Inform data subjects of correction denial and the reasons when applicable.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-200) Provide an accounting of personal data held and disclosures on request.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Privacy Risk & Impact Assessment", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 29}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-165) Conduct Data Protection Impact Assessments to evaluate regulatory risks.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-166) Perform vendor privacy-risk assessments for third parties handling personal data.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-168) Assess suspected data breaches and notify affected parties without undue delay.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Vendor & Third-Party Privacy Management", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 32}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-159) Maintain a list of contractual privacy obligations derived from customer contracts.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-164) Ensure appropriate remediation when personal data is shared with vendors.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-173) Document a vendor-management policy that incorporates privacy-risk assessment guidance.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-195) Obtain written privacy commitments from vendors and third parties with personal-data access.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-196) Assess vendor privacy compliance periodically and initiate corrective action when needed.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-197) Require vendors to notify the organization of unauthorized personal-data disclosures.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-198) Report vendor notifications to the appropriate personnel per incident-response procedures.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-172) Apply documented procedures to ensure cross-border personal-data transfers comply with applicable laws.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Access & Authorization Controls", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 40}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-161) Require authorized approval for logical-access provisioning to privacy-related systems.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Awareness & Reporting", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 41}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-174) Provide employees with instructions for reporting privacy failures, incidents, and complaints.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Incident & Breach Response", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 42}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-169) Document guidelines for notifying customers and stakeholders of privacy breaches.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-170) Maintain records of privacy-incident investigations and response actions.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-171) Document guidelines for notifying customers and stakeholders of PII breaches.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-199) Provide breach notifications to affected data subjects, regulators, and others as required.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Disclosure & Recordkeeping", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 46}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-191) Disclose personal data to third parties only with explicit data-subject consent.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-193) Create and retain accurate, timely records of authorized personal-data disclosures.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-194) Create and retain accurate, timely records of unauthorized personal-data disclosures.", "type": "text"}, {"type": "hardBreak"}]}]}]}, {"type": "heading", "attrs": {"level": 5}, "content": [{"text": "Monitoring & Corrective Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "orderedList", "attrs": {"type": null, "start": 49}, "content": [{"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-202) Implement a process for receiving, addressing, and resolving privacy inquiries, complaints, and disputes.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-203) Monitor privacy-program compliance and take corrective actions for identified deficiencies.", "type": "text"}, {"type": "hardBreak"}]}]}, {"type": "listItem", "content": [{"type": "paragraph", "content": [{"text": "(T-204) Communicate resolutions of privacy inquiries, complaints, and disputes to data subjects.", "type": "text"}]}]}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "C. Exceptions Process", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Employees must submit privacy-related exception requests through the ticketing system, including business justification, compensating controls, and requested duration. The Privacy Officer and Information Security Officer must jointly approve, document, and time-limit each exception, which is reviewed at or before expiration.", "type": "text"}]}, {"type": "heading", "attrs": {"level": 4}, "content": [{"text": "D. Violations And Disciplinary Action", "type": "text", "marks": [{"type": "bold"}]}]}, {"type": "paragraph", "content": [{"text": "Audits, monitoring tools, and incident reviews detect non-compliance with this policy. Suspected violations are reported to the Privacy Officer, Information Security Officer, and HR for investigation. Confirmed violations follow HR disciplinary tiers—verbal warning, written warning, suspension, or termination—based on severity, and may involve regulatory notification or legal action.", "type": "text"}]}, {"type": "paragraph", "content": [{"type": "hardBreak"}]}], "createdAt": "2025-06-02 05:22:53.597", - "updatedAt": "2025-06-02 05:28:56.599" + "updatedAt": "2025-06-04 19:44:45.148" } ] \ No newline at end of file diff --git a/packages/db/prisma/seed/primitives/FrameworkEditorRequirement.json b/packages/db/prisma/seed/primitives/FrameworkEditorRequirement.json index 9d3626de0c..d2556d0174 100644 --- a/packages/db/prisma/seed/primitives/FrameworkEditorRequirement.json +++ b/packages/db/prisma/seed/primitives/FrameworkEditorRequirement.json @@ -1,4 +1,13 @@ [ + { + "id": "frk_rq_683f83a86dd03eded4fbc480", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity securely disposes of personal information to meet the entity‚Entity objectives related to privacy.", + "description": "The organization maintains a documented Privacy Policy, published on the company website, that meets all regulatory requirements and includes guidelines for the disposal and retention of information. It compiles and annually reviews a Record of Processing Activities—an inventory of the categories of personal information collected, their sources, usage, and specific purposes—and requires that every form collecting personal data include a Privacy Act statement, either on the form itself or via a separate notice for individuals to retain. The organization also ensures that all subject access requests are honored promptly and in accordance with its Privacy Policy, thereby guaranteeing transparency, compliance, and secure handling of personal data throughout its lifecycle.", + "identifier": "P4.3", + "createdAt": "2025-06-03 23:22:15.695", + "updatedAt": "2025-06-04 21:41:09.189" + }, { "id": "frk_rq_681ec1a899a2a887571df4aa", "frameworkId": "frk_681ebae2f29f0ab08eb802ec", @@ -1844,6 +1853,15 @@ "createdAt": "2025-05-14 19:20:44.920", "updatedAt": "2025-05-14 19:20:44.920" }, + { + "id": "frk_rq_683f8435fe070a53cd9784dd", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity corrects, amends, or appends personal information based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity‚ objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity‚objectives related to privacy.", + "description": "The organization has a documented Privacy Policy that meets all regulatory requirements and is published on the company’s website. This Policy mandates that all forms collecting personal information include a Privacy Act statement—either directly on the form or via a separate notice for individuals to retain—and requires that subject access requests be honored promptly and in full accordance with the Policy. Moreover, whenever personal data is shared with third-party vendors as part of processing activities, the organization implements appropriate remediation measures—including contractual safeguards, vendor assessments, and incident response procedures—to ensure ongoing protection, transparency, and compliance throughout the data lifecycle.", + "identifier": "P5.2", + "createdAt": "2025-06-03 23:24:37.378", + "updatedAt": "2025-06-04 21:44:53.687" + }, { "id": "frk_rq_681ef78d507099efe7aff812", "frameworkId": "frk_681ef4bb8eeb2b60d2d9d187", @@ -2186,6 +2204,15 @@ "createdAt": "2025-05-14 19:20:44.920", "updatedAt": "2025-05-14 19:20:44.920" }, + { + "id": "frk_rq_683f84cffe92068d1ed9c723", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity obtains privacy commitments from vendors and other third parties who have access to personal information to meet the entity‚objectives related to privacy. The entity assesses those parties‚Äô compliance on a periodic and as-needed basis and takes corrective action, if necessary.", + "description": "The organization has documented policies and procedures governing vendor and third-party management that provide staff with clear guidance on conducting risk assessments and require appropriate remediation measures—such as contractual data protection clauses, security control reviews, and incident response protocols—whenever personal data is shared. These same policies establish procedures to ensure compliance with all regulatory requirements for transferring personal data outside the region in which it was collected, mandating that cross-border data flows be authorized, secured, and monitored in accordance with applicable laws.", + "identifier": "P6.4", + "createdAt": "2025-06-03 23:27:11.134", + "updatedAt": "2025-06-04 21:49:08.151" + }, { "id": "frk_rq_681f8ef5d93571d7cecb629b", "frameworkId": "frk_681ef4bb8eeb2b60d2d9d187", @@ -2384,6 +2411,15 @@ "createdAt": "2025-05-14 19:20:44.920", "updatedAt": "2025-05-14 19:20:44.920" }, + { + "id": "frk_rq_683f850f11a550572b3bd0bf", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity obtains commitments from vendors and other third parties with access to personal information to notify the entity in the event of actual or suspected unauthorized disclosures of personal information. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity‚objectives related to privacy.", + "description": "The organization has documented policies and procedures governing personal data protection, including requirements to obtain user consent prior to any processing and to follow documented vendor management guidelines—complete with staff guidance on performing vendor risk assessments and mandated remediation measures whenever personal data is shared. These procedures also enforce compliance with all regulatory obligations for cross-border data transfers. In the event of suspected data breaches, the organization conducts risk assessments and, for any significant breach, notifies all affected parties without unreasonable delay. Employees are provided with clear Information Security policies and procedures detailing how to report operational failures, security incidents, concerns, or complaints related to the organization’s services or systems, ensuring accountability and ongoing protection of personal data.", + "identifier": "P6.5", + "createdAt": "2025-06-03 23:28:15.428", + "updatedAt": "2025-06-04 21:50:49.364" + }, { "id": "frk_rq_681f9413f598932f058b541d", "frameworkId": "frk_681ef4bb8eeb2b60d2d9d187", @@ -3122,6 +3158,15 @@ "createdAt": "2025-05-14 19:20:44.920", "updatedAt": "2025-05-14 19:20:44.920" }, + { + "id": "frk_rq_6840c1981a48b83f9a3661be", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values.", + "description": "", + "identifier": "CC1.1", + "createdAt": "2025-06-04 21:58:47.712", + "updatedAt": "2025-06-04 21:58:47.712" + }, { "id": "frk_rq_681fba0ed03d7fe3f7ed0414", "frameworkId": "frk_681ef4bb8eeb2b60d2d9d187", @@ -7272,354 +7317,525 @@ "updatedAt": "2025-05-14 19:20:44.920" }, { - "id": "frk_rq_683f3a1f08cc55cacec20739", + "id": "frk_rq_683f56e9693dbfc43020b888", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values.", - "description": "The organization has established procedures for staff to acknowledge applicable company policies periodically.", - "identifier": "CC1.1", - "createdAt": "2025-06-03 18:08:31.192", - "updatedAt": "2025-06-03 18:08:31.192" + "name": "COSO Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.", + "description": "The organization has documented a comprehensive suite of policies and procedures that define expected behavior with regard to the Company, including guidelines for information disposal and retention. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services by enforcing systematic governance oversight, which comprises annual reviews and approvals of all company policies, risk assessment reports (including vendor assessments), and the organizational chart for all employees, as well as planned interval reviews of the Information Security program—covering its policies, standards, and procedures—whenever significant changes occur, thereby ensuring their continuing suitability, adequacy, and effectiveness in protecting and supporting customer service delivery.", + "identifier": "CC1.2", + "createdAt": "2025-06-03 20:11:20.589", + "updatedAt": "2025-06-04 21:27:13.886" }, { - "id": "frk_rq_683f53a49fb685fdef51bd84", + "id": "frk_rq_683f5b8241dbd32ac2c6ad2b", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values.", - "description": "The organization has established procedures for new staff to acknowledge applicable company policies as a part of their onboarding.", - "identifier": "CC1.1", - "createdAt": "2025-06-03 19:57:23.993", - "updatedAt": "2025-06-03 19:57:23.993" + "name": "COSO Principle 5: The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through comprehensive personnel development and oversight programs, including: providing job-function-relevant information security and privacy training to all staff; requiring new staff to complete security and privacy literacy training during onboarding; establishing procedures for periodic acknowledgment of applicable company policies; conducting periodic evaluations of employees in client serving, IT, Engineering, and Information Security roles regarding their job responsibilities; and documenting, monitoring, and retaining individual training activities and records to ensure ongoing competency and compliance in protecting customer service delivery", + "identifier": "CC1.5", + "createdAt": "2025-06-03 20:30:58.109", + "updatedAt": "2025-06-04 20:16:53.332" }, { - "id": "frk_rq_683f5632b0fc59f9e7a6f017", + "id": "frk_rq_683f5c2de17c4c845303afa7", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values.", - "description": "The organization has a documented policy to define behavioral standards and acceptable business conduct.", - "identifier": "CC1.1", - "createdAt": "2025-06-03 20:08:17.543", - "updatedAt": "2025-06-03 20:08:17.543" + "name": "COSO Principle 13: The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including documented policies for data classification through physical and logical labeling, and guidelines for information disposal and retention. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through systematic information management and transparency controls, including: generating and reviewing system information to evaluate impacts on internal control functioning; making all policies and procedures available to staff members for reference and compliance; maintaining current service information on the company website for customer accessibility; and implementing data classification and retention procedures to ensure proper information handling that protects customer service delivery and regulatory compliance", + "identifier": "CC2.1", + "createdAt": "2025-06-03 20:33:49.325", + "updatedAt": "2025-06-04 20:18:44.176" }, { - "id": "frk_rq_683f5668c8c29ade4f138409", + "id": "frk_rq_683f5f4d18de5fee7df6f15a", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values.", - "description": "The organization outlines and documents cybersecurity responsibilities for all personnel.", - "identifier": "CC1.1", - "createdAt": "2025-06-03 20:09:11.733", - "updatedAt": "2025-06-03 20:09:11.733" + "name": "COSO Principle 6: The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.", + "description": "The organization performs a formal risk assessment exercise annually, as per documented guidelines and procedures, to identify threats that could impair systems' security commitments and requirements.", + "identifier": "CC3.1", + "createdAt": "2025-06-03 20:47:09.217", + "updatedAt": "2025-06-03 20:47:09.217" }, { - "id": "frk_rq_683f56e9693dbfc43020b888", + "id": "frk_rq_683f6001b56cab9a3247d87b", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.", - "description": "The organization's Senior Management reviews and approves all company policies annually.", - "identifier": "CC1.2", - "createdAt": "2025-06-03 20:11:20.589", - "updatedAt": "2025-06-03 20:11:20.589" + "name": "COSO Principle 8: The entity considers the potential for fraud in assessing risks to the achievement of objectives.", + "description": "The organization considers the potential for fraud when assessing risks. This is an entry in the risk matrix.", + "identifier": "CC3.3", + "createdAt": "2025-06-03 20:50:08.709", + "updatedAt": "2025-06-03 20:50:08.709" }, { - "id": "frk_rq_683f5739ffea5f4b8a4a38a2", + "id": "frk_rq_683f60819f8e5af7b509af44", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.", - "description": "The organization's Senior Management reviews and approves the Organizational Chart for all employees annually.", - "identifier": "CC1.2", - "createdAt": "2025-06-03 20:12:41.270", - "updatedAt": "2025-06-03 20:12:41.270" + "name": "COSO Principle 9: The entity identifies and assesses changes that could significantly impact the system of internal control.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including documented guidelines and procedures for formal risk assessment exercises. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through comprehensive annual risk management activities, including: performing formal risk assessment exercises to identify threats that could impair systems' security commitments and requirements; conducting formal vendor risk assessments to identify vendors critical to systems' security commitments; and assessing each identified risk with scoring based on likelihood of occurrence and potential impact on security, availability, and confidentiality of the Company platform, with risks mapped to mitigating factors that address some or all of the identified risk to ensure protection of customer service delivery", + "identifier": "CC3.4", + "createdAt": "2025-06-03 20:52:16.656", + "updatedAt": "2025-06-04 20:28:50.111" }, { - "id": "frk_rq_683f57a2f0ff68d354188fc8", + "id": "frk_rq_683f6118bf597bc269ad5d22", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.", - "description": "The organization's Senior Management reviews and approves the \"Risk Assessment Report\" annually.", - "identifier": "CC1.2", - "createdAt": "2025-06-03 20:14:25.932", - "updatedAt": "2025-06-03 20:14:25.932" + "name": "COSO Principle 16: The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through comprehensive governance and oversight mechanisms, including: assigning an Information Security Officer to centrally manage, coordinate, develop, implement, and maintain the enterprise-wide cybersecurity and privacy program; conducting annual reviews and approvals of all company policies, Risk Assessment Reports, Vendor Risk Assessment Reports, and organizational charts for all employees; performing planned interval reviews of the Information Security program including policies, standards, and procedures, or when significant changes occur, to ensure continuing suitability, adequacy, and effectiveness; establishing mechanisms to assign and manage asset ownership responsibilities with common understanding of asset protection requirements; periodically updating and reviewing system inventories as part of installations, removals, and system updates; periodically evaluating all subservice organizations to ensure customer commitments can be met; and implementing continuous monitoring systems to track and report information security program health to stakeholders, ensuring systematic protection of customer service delivery.", + "identifier": "CC4.1", + "createdAt": "2025-06-03 20:54:48.139", + "updatedAt": "2025-06-04 20:32:21.343" }, { - "id": "frk_rq_683f57ee29510dff7d67bae5", + "id": "frk_rq_683f679780b75c3b865095c9", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.", - "description": "The organization's Senior Management reviews and approves the state of the Information Security program including policies, standards, and procedures, at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness.", - "identifier": "CC1.2", - "createdAt": "2025-06-03 20:15:42.391", - "updatedAt": "2025-06-03 20:15:42.391" + "name": "Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity. For those users whose access is administered by the entity, user system credentials are removed when user access is no longer authorized.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including Access Control policies and procedures with an accompanying process to register and authorize users for issuing system credentials that grant access to critical systems. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through structured access management controls, including: ensuring logical access provisioning to critical systems requires approval from authorized personnel on an individual need or predefined role basis; and ensuring that logical access is made inaccessible in a timely manner when no longer required due to termination, thereby maintaining systematic protection of customer service delivery through proper access governance and lifecycle management.", + "identifier": "CC6.2", + "createdAt": "2025-06-03 21:22:30.667", + "updatedAt": "2025-06-04 20:42:38.921" }, { - "id": "frk_rq_683f5826155074066b20f359", + "id": "frk_rq_683f6827c11ca1796928001c", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.", - "description": "The organization's Senior Management reviews and approves the \"Vendor Risk Assessment Report\" annually.", - "identifier": "CC1.2", - "createdAt": "2025-06-03 20:16:38.069", - "updatedAt": "2025-06-03 20:16:38.069" + "name": "The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including Access Control policies and procedures with an accompanying process to register and authorize users for issuing system credentials that grant access to critical systems. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through comprehensive access management controls, including: ensuring logical access provisioning to critical systems requires approval from authorized personnel on an individual need or predefined role basis; restricting access to production databases and critical systems to only those individuals who require such access to perform their job functions; requiring Senior Management or the Information Security Officer to periodically review and ensure that both general and administrative access to critical systems is restricted to authorized individuals based on job function requirements; and ensuring that logical access is made inaccessible in a timely manner when no longer required due to termination, thereby maintaining systematic protection of customer service delivery through proper access governance, lifecycle management, and ongoing oversight.", + "identifier": "CC6.3", + "createdAt": "2025-06-03 21:24:54.802", + "updatedAt": "2025-06-04 20:45:40.628" }, { - "id": "frk_rq_683f5903d0298dd0f3c9a6f0", + "id": "frk_rq_683f728e5b99238031db8c10", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.", - "description": "The organization has set up mechanisms to assign and manage asset ownership responsibilities and establish a common understanding of asset protection requirements.", - "identifier": "CC1.3", - "createdAt": "2025-06-03 20:20:18.964", - "updatedAt": "2025-06-03 20:20:18.964" + "name": "The entity restricts physical access to facilities and protected information assets (for example, data center facilities, back-up media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives. ", + "description": "", + "identifier": "CC6.4", + "createdAt": "2025-06-03 22:09:18.065", + "updatedAt": "2025-06-03 22:09:18.065" }, { - "id": "frk_rq_683f592cf0799dd8d8581d1f", + "id": "frk_rq_683f72b90ef35d871333a776", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.", - "description": "The organization has established procedures to communicate with staff about their roles and responsibilities.", - "identifier": "CC1.3", - "createdAt": "2025-06-03 20:20:59.894", - "updatedAt": "2025-06-03 20:20:59.894" + "name": "The entity discontinues logical and physical protections over physical assets only after the ability to read or recover data and software from those assets has been diminished and is no longer required to meet the entity‚Äôs objectives.", + "description": "The organization has a documented policy that provides guidance on decommissioning of information assets that contain classified information.", + "identifier": "CC6.5", + "createdAt": "2025-06-03 22:10:01.362", + "updatedAt": "2025-06-03 22:10:01.362" }, { - "id": "frk_rq_683f596636e1bd804233af0b", + "id": "frk_rq_683f76c4fcd357257a5e58cb", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.", - "description": "The organization maintains an organizational structure to define authorities, facilitate information flow and establish responsibilities.", - "identifier": "CC1.3", - "createdAt": "2025-06-03 20:21:58.310", - "updatedAt": "2025-06-03 20:21:58.310" + "name": "The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity objectives.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through systematic infrastructure protection and compliance controls, including: ensuring every production host is protected by a firewall with deny-by-default rules leveraging cloud provider security defaults; and implementing measures to perform security and privacy compliance checks on software versions and patches of remote devices prior to establishing internal connections, thereby maintaining comprehensive network security governance to protect customer service delivery through controlled access and validated device compliance.", + "identifier": "CC6.8", + "createdAt": "2025-06-03 22:27:15.507", + "updatedAt": "2025-06-04 20:54:19.726" }, { - "id": "frk_rq_683f598fc18a528adfcdd561", + "id": "frk_rq_683f781a00e52dcf0143af5d", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.", - "description": "and implementing the internal control environment.", - "identifier": "CC1.3", - "createdAt": "2025-06-03 20:22:39.029", - "updatedAt": "2025-06-03 20:22:39.029" + "name": "The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including documented policies and procedures to establish guidelines for managing technical vulnerabilities. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through comprehensive vulnerability management and monitoring controls, including: identifying vulnerabilities on the Company platform through regular vulnerability scan execution; tracking all vulnerabilities and remediating them according to defined vulnerability management policies and procedures; configuring infrastructure to generate audit events for security-related actions of interest on all critical systems and to review and analyze audit events to detect anomalous or suspicious activity and threats; and implementing methods to continuously monitor critical assets to generate capacity alerts ensuring optimal performance, meeting future capacity requirements, and protecting against denial-of-service attacks, thereby maintaining systematic vulnerability and threat management governance to ensure comprehensive protection of customer service delivery through proactive detection, monitoring, and remediation capabilities.", + "identifier": "CC7.2", + "createdAt": "2025-06-03 22:32:58.026", + "updatedAt": "2025-06-04 21:01:33.327" }, { - "id": "frk_rq_683f59f677b228d92e8dbd87", + "id": "frk_rq_683f78ea0fa2580304e11a1e", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.", - "description": "The organization's Senior Management assigns the role of Information Security Officer who is delegated to centrally manage, coordinate, develop, implement, and maintain an enterprise-wide cybersecurity and privacy program.", - "identifier": "CC1.3", - "createdAt": "2025-06-03 20:24:22.005", - "updatedAt": "2025-06-03 20:24:22.005" + "name": "The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including documented policies and procedures to establish guidelines for managing technical vulnerabilities, documented guidelines on notifying customers and other stakeholders in case of a breach, and policies for reporting and managing incidents. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through comprehensive security monitoring, vulnerability management, and incident response controls, including: configuring infrastructure to generate audit events for security-related actions of interest on all critical systems and to review and analyze audit events to detect anomalous or suspicious activity and threats; implementing methods to continuously monitor critical assets to generate capacity alerts ensuring optimal performance, meeting future capacity requirements, and protecting against denial-of-service attacks; identifying vulnerabilities on the Company platform through regular vulnerability scans and annual penetration testing exercises conducted by qualified third-party service providers; tracking all vulnerabilities and remediating them according to defined vulnerability management policies and procedures; performing security and privacy compliance checks on software versions and patches of remote devices prior to establishing internal connections; maintaining records of information security incidents, investigations, and response plan executions; and utilizing continuous monitoring systems to track and report information security program health to stakeholders, thereby maintaining systematic security governance to ensure comprehensive protection of customer service delivery through proactive monitoring, vulnerability management, and incident response capabilities", + "identifier": "CC7.3", + "createdAt": "2025-06-03 22:36:25.879", + "updatedAt": "2025-06-04 21:03:53.576" }, { - "id": "frk_rq_683f5a1d694266a1bc584c0d", + "id": "frk_rq_683f7d89ddcefa3b73fb2a0c", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.", - "description": "The organization's Senior Management reviews and approves the state of the Information Security program including policies, standards, and procedures, at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness.", - "identifier": "CC1.3", - "createdAt": "2025-06-03 20:25:01.101", - "updatedAt": "2025-06-03 20:25:01.101" + "name": "The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including documented policies and procedures to manage changes to its operating environment. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through structured change management controls, including: establishing procedures to govern changes to the operating environment; implementing approval procedures when making changes to the operating environment; and developing, documenting, and maintaining an inventory of organizational infrastructure systems with all necessary information to achieve accountability, thereby maintaining systematic change governance to ensure comprehensive protection of customer service delivery through controlled and documented operational modifications.", + "identifier": "CC8.1", + "createdAt": "2025-06-03 22:56:08.792", + "updatedAt": "2025-06-04 21:10:36.304" }, { - "id": "frk_rq_683f5a3e34bd9d03b30b5abd", + "id": "frk_rq_683f80e6ec8d4803595647a9", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.", - "description": "The organization appoints a People Operations Officer to develop and drive all personnel-related security strategies.", - "identifier": "CC1.3", - "createdAt": "2025-06-03 20:25:34.151", - "updatedAt": "2025-06-03 20:25:34.151" + "name": "The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including documented policies and procedures that describe how to identify risks to business objectives and how those risks are assessed and mitigated, with objectives incorporating the organization's service commitments and system requirements. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through systematic risk management processes, including: performing annual formal risk assessment exercises according to documented guidelines and procedures to identify threats that could impair systems' security commitments and requirements; assessing each risk and assigning risk scores based on the likelihood of occurrence and potential impact on the security, availability, and confidentiality of the Company platform; and mapping risks to mitigating factors that address some or all of the identified risk, thereby maintaining comprehensive risk governance to ensure systematic protection of customer service delivery through proactive risk identification, assessment, and mitigation capabilities.", + "identifier": "CC9.1", + "createdAt": "2025-06-03 23:10:30.356", + "updatedAt": "2025-06-04 21:12:43.611" }, { - "id": "frk_rq_683f5a7da5c95341a76298e5", + "id": "frk_rq_683f80f8a30b8d35d65617d3", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 4: The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.", - "description": "The organization has established procedures to perform security risk screening of individuals before authorizing access.", - "identifier": "CC1.4", - "createdAt": "2025-06-03 20:26:36.583", - "updatedAt": "2025-06-03 20:26:36.583" + "name": "The entity assesses and manages risks associated with vendors and business partners.", + "description": "The organization has established documented policies and procedures that define expected behavior, including vendor and third-party management guidelines instructing staff on how to perform risk assessments, and a risk management framework for identifying, assessing, and mitigating risks to business objectives—fully aligned with the organization’s service commitments and system requirements. Senior Management segregates responsibilities and duties across the organization to ensure effective oversight, including a formal annual vendor risk assessment to identify and address the security-critical suppliers whose performance could impact the delivery of customer services.", + "identifier": "CC9.2", + "createdAt": "2025-06-03 23:10:47.630", + "updatedAt": "2025-06-04 21:17:51.243" }, { - "id": "frk_rq_683f5aa3f69b481d3b6940fe", + "id": "frk_rq_683f810113cc5e7ecf329428", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 4: The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.", - "description": "The organization has procedures to ensure that all security-related positions are staffed by qualified individuals who have the necessary skill set.", - "identifier": "CC1.4", - "createdAt": "2025-06-03 20:27:14.762", - "updatedAt": "2025-06-03 20:27:14.762" + "name": "The entity maintains, monitors, and evaluates current processing capacity and use of system components (infrastructure, data, and software) to manage capacity demand and to enable the implementation of additional capacity to help meet its objectives.", + "description": "The organization has set up methods to continuously monitor critical assets to generate capacity alerts to ensure optimal performance, meet future capacity requirements, and protect against denial-of-service attacks.", + "identifier": "A1.1", + "createdAt": "2025-06-03 23:10:57.131", + "updatedAt": "2025-06-03 23:10:57.131" }, { - "id": "frk_rq_683f5acf45eb7c83462ba655", + "id": "frk_rq_683f8141c8854481f15006a2", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 5: The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives.", - "description": "The organization has established procedures for staff to acknowledge applicable company policies periodically.", - "identifier": "CC1.5", - "createdAt": "2025-06-03 20:27:58.856", - "updatedAt": "2025-06-03 20:27:58.856" + "name": "The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives.", + "description": "The organization has documented policies and procedures that establish guidelines for managing data backups, contingency planning, and disaster recovery, including a data-backup policy accessible to all relevant staff via the company portal, contingency-planning controls to sustain operations, and disaster-recovery procedures for restoring services after a disruption or security incident. The organization regularly backs up all relevant user and system data to meet defined recovery-time and recovery-point objectives, periodically verifies backup integrity, and tests backup media for reliability, thereby ensuring timely restoration of operations and uninterrupted delivery of customer services under adverse conditions.", + "identifier": "A1.2", + "createdAt": "2025-06-03 23:12:01.487", + "updatedAt": "2025-06-04 21:20:32.339" }, { - "id": "frk_rq_683f5b403fbef4ebd6a8c99d", + "id": "frk_rq_683f81a18cfc6660bdb1acea", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 5: The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives.", - "description": "The organization provides information security and privacy training to staff that is relevant to their job function.", - "identifier": "CC1.5", - "createdAt": "2025-06-03 20:29:52.158", - "updatedAt": "2025-06-03 20:29:52.158" + "name": "The entity tests recovery plan procedures supporting system recovery to meet its objectives.", + "description": "The organization has documented policies and procedures establishing guidelines for continuing business operations, contingency planning, and disaster recovery, including regular backups of all relevant user and system data to meet defined recovery-time and recovery-point objectives with periodic verification of backup media reliability and data integrity; comprehensive disaster-recovery guidelines that define roles, responsibilities, and procedures to sustain operations during disruptions or security incidents; and scheduled tests and exercises of the contingency plan to assess its effectiveness and the organization’s readiness to execute recovery processes. Together, these integrated controls ensure that customer-facing services can be restored promptly and reliably following any interruption.", + "identifier": "A1.3", + "createdAt": "2025-06-03 23:13:36.901", + "updatedAt": "2025-06-04 21:24:07.041" }, { - "id": "frk_rq_683f5b63affa0d376c386095", + "id": "frk_rq_683f81d974beae08683f7c65", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 5: The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives.", - "description": "The organization requires that all employees in client serving, IT, Engineering, and Information Security roles are periodically evaluated regarding their job responsibilities.", - "identifier": "CC1.5", - "createdAt": "2025-06-03 20:30:26.884", - "updatedAt": "2025-06-03 20:30:26.884" + "name": "The entity identifies and maintains confidential information to meet the entity‚Äôs objectives related to confidentiality.", + "description": "The organization has documented a comprehensive suite of policies and procedures that define expected behavior with regard to the Company, including behavioral standards, acceptable business conduct, cybersecurity responsibilities, and an Information Security Policy governing the confidentiality, integrity, and availability of its systems. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services by enforcing structured policy governance, which requires new staff to acknowledge applicable policies during onboarding and mandates periodic policy acknowledgment by all personnel to ensure ongoing compliance and awareness. In addition, the organization labels information systems physically and/or logically in accordance with its data classification policy, employs cryptographic mechanisms to encrypt all production databases that store customer data at rest, and ensures that endpoints with access to critical servers or data are encrypted to protect against unauthorized access, thereby integrating controls across people, processes, and technology to safeguard service delivery.", + "identifier": "C1.1", + "createdAt": "2025-06-03 23:14:32.887", + "updatedAt": "2025-06-04 21:26:07.833" }, { - "id": "frk_rq_683f5b8241dbd32ac2c6ad2b", + "id": "frk_rq_683f8206ed8b866232b554dd", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 5: The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives.", - "description": "The organization has established procedures for new staff to complete security and privacy literacy training as a part of their onboarding.", - "identifier": "CC1.5", - "createdAt": "2025-06-03 20:30:58.109", - "updatedAt": "2025-06-03 20:30:58.109" + "name": "The entity obtains or generates, uses, and communicates relevant, quality information regarding the objectives related to processing, including definitions of data processed and product and service specifications, to support the use of products and services.", + "description": "The organization has documented a comprehensive data classification policy requiring physical and logical labeling of all information systems to reflect sensitivity levels, data definitions, and product/service specifications. In support of this policy, its software applications enforce data quality controls by requiring all mandatory fields to be completed before a record can be created or modified, and by validating that input values fall within predefined acceptable ranges, thereby ensuring the accuracy, completeness, and consistency of critical system data.", + "identifier": "PI1.1", + "createdAt": "2025-06-03 23:15:17.949", + "updatedAt": "2025-06-04 22:05:55.514" }, { - "id": "frk_rq_683f5ba644d4f017a7ff14d7", + "id": "frk_rq_683f82394fcb1c573b1fdc2a", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 5: The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives.", - "description": "The organization documents, monitors, and retains individual training activities and records.", - "identifier": "CC1.5", - "createdAt": "2025-06-03 20:31:33.950", - "updatedAt": "2025-06-03 20:31:33.950" + "name": "The entity implements policies and procedures over system processing to result in products, services, and reporting to meet the entity‚Äôs objectives.", + "description": "The organization has established procedures for approval when implementing changes to the operating environment.", + "identifier": "PI1.3", + "createdAt": "2025-06-03 23:16:08.820", + "updatedAt": "2025-06-03 23:16:08.820" }, { - "id": "frk_rq_683f5bf4aadd827a8cfb5b54", + "id": "frk_rq_683f8345a76125f5c3a71d5c", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 13: The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.", - "description": "The organization has a documented policy outlining guidelines for the disposal and retention of information.", - "identifier": "CC2.1", - "createdAt": "2025-06-03 20:32:51.682", - "updatedAt": "2025-06-03 20:32:51.682" + "name": "For information requiring explicit consent, the entity communicates the need for such consent, as well as the consequences of a failure to provide consent for the request for personal information, and obtains the consent prior to the collection of the information to meet the entity‚Äôs objectives related to privacy.", + "description": "The organization has a documented Privacy Policy which meets all the regulatory requirements and is published on the company's website.", + "identifier": "P3.2", + "createdAt": "2025-06-03 23:20:36.920", + "updatedAt": "2025-06-03 23:20:36.920" }, { - "id": "frk_rq_683f5c2de17c4c845303afa7", + "id": "frk_rq_683f821f87cfa79d2b494f7c", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 13: The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.", - "description": "The organization displays the most current information about its services on its website, which is accessible to its customers.", - "identifier": "CC2.1", - "createdAt": "2025-06-03 20:33:49.325", - "updatedAt": "2025-06-03 20:33:49.325" + "name": "The entity implements policies and procedures over system inputs, including controls over completeness and accuracy, to result in products, services, and reporting to meet the entity‚Äôs objectives.", + "description": " The organization's software application ensures input values are limited to acceptable ranges.\r\nThe organization performs physical and/or logical labeling of information systems as per the guidelines documented policy defined for data classification\r\n", + "identifier": "PI1.2", + "createdAt": "2025-06-03 23:15:42.578", + "updatedAt": "2025-06-04 21:32:18.383" }, { - "id": "frk_rq_683f5c4db2e8d69c54ed6a17", + "id": "frk_rq_683f826c9b47fcf6bf49538c", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 13: The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.", - "description": "The organization makes all policies and procedures available to all staff members for their perusal.", - "identifier": "CC2.1", - "createdAt": "2025-06-03 20:34:20.587", - "updatedAt": "2025-06-03 20:34:20.587" + "name": "The entity implements policies and procedures to make available or deliver output completely, accurately, and timely in accordance with specifications to meet the entity‚Äôs objectives.", + "description": "The organization ensures that logical access provisioning to critical systems requires approval from authorized personnel on an individual need or for a predefined role.\r\nCompany does application regression testing to validate key processing for the application during the change management process.\r\nThe organization has established procedures for approval when implementing changes to the operating environment.", + "identifier": "PI1.4", + "createdAt": "2025-06-03 23:16:59.707", + "updatedAt": "2025-06-04 21:33:17.884" }, { - "id": "frk_rq_683f5c79f2d8475a502d481e", + "id": "frk_rq_683f82884d08489da196f990", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 13: The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.", - "description": "The organization has documented policy and procedures for physical and/or logical labeling of information via documented policy for data classification.", - "identifier": "CC2.1", - "createdAt": "2025-06-03 20:35:04.833", - "updatedAt": "2025-06-03 20:35:04.833" + "name": "The entity implements policies and procedures to store inputs, items in processing, and outputs completely, accurately, and timely in accordance with system specifications to meet the entity‚Äôs objectives.", + "description": "The organization has documented policies and procedures to manage Access Control and an accompanying process to register and authorize users for issuing system credentials which grant the ability to access the critical systems.\r\nThe organization has set up cryptographic mechanisms to encrypt all production database[s] that store customer data at rest.", + "identifier": "PI1.5", + "createdAt": "2025-06-03 23:17:28.011", + "updatedAt": "2025-06-04 21:33:42.555" }, { - "id": "frk_rq_683f5cad55f946163fa374d4", + "id": "frk_rq_683f83098dfd2e4ed385afd4", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 13: The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.", - "description": "The organization systems generate information that is reviewed and evaluated to determine impacts on the functioning of internal controls.", - "identifier": "CC2.1", - "createdAt": "2025-06-03 20:35:56.759", - "updatedAt": "2025-06-03 20:35:56.759" + "name": "For information requiring explicit consent, the entity communicates the need for such consent, as well as the consequences of a failure to provide consent for the request for personal information, and obtains the consent prior to the collection of the information to meet the entity‚Äôs objectives related to privacy.", + "description": "The organization maintains an inventory of categories of personal information collected along with its usage, sources and specific purposes for collection as per regulatory requirements (\"Record of Processing Activities\") and reviews it on an annual basis", + "identifier": "P3.2", + "createdAt": "2025-06-03 23:19:37.327", + "updatedAt": "2025-06-03 23:19:37.327" }, { - "id": "frk_rq_683f5d3bab237b17163a8a96", + "id": "frk_rq_683f833cb9cd7f024ff9535f", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.", - "description": "The organization has established procedures for staff to acknowledge applicable company policies periodically.", - "identifier": "CC2.2", - "createdAt": "2025-06-03 20:38:19.099", - "updatedAt": "2025-06-03 20:38:19.099" + "name": "For information requiring explicit consent, the entity communicates the need for such consent, as well as the consequences of a failure to provide consent for the request for personal information, and obtains the consent prior to the collection of the information to meet the entity‚Äôs objectives related to privacy.", + "description": "The organization ensures regulatory requirements regarding user consent are met prior to processing personal data", + "identifier": "P3.2", + "createdAt": "2025-06-03 23:20:28.009", + "updatedAt": "2025-06-03 23:20:28.009" }, { - "id": "frk_rq_683f5d83a84dab0e497cc8a6", + "id": "frk_rq_683f82f1c18e04fda2404acd", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.", - "description": "The organization has established procedures for new staff to acknowledge applicable company policies as a part of their onboarding.", - "identifier": "CC2.2", - "createdAt": "2025-06-03 20:39:31.347", - "updatedAt": "2025-06-03 20:39:31.347" + "name": "Personal information is collected consistent with the entity‚Entity objectives related to privacy.", + "description": "The organization has documented policies and procedures providing guidance on Data Protection and Privacy, including a Privacy Policy published on the company website that meets all regulatory requirements and defines staff responsibilities for handling personal data. It maintains a Record of Processing Activities—a comprehensive inventory of the categories of personal information collected, their sources, specific purposes, and usage—which is reviewed annually to ensure ongoing compliance. All forms that collect personal information include Privacy Act statements, either directly on the form or via a separate notice that individuals can retain, thereby ensuring transparency, informed consent, and adherence to regulatory obligations throughout the data lifecycle.", + "identifier": "P3.1", + "createdAt": "2025-06-03 23:19:12.956", + "updatedAt": "2025-06-04 21:37:02.911" }, { - "id": "frk_rq_683f5daecd5e3f57e3f2733c", + "id": "frk_rq_683f834daeb15e457c90c0ee", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.", - "description": "The organization has provided information to employees, via various Information Security Policies/procedures, on how to report failures, incidents, concerns, or other complaints related to the services or systems provided by the The organization in the event there are problems.", - "identifier": "CC2.2", - "createdAt": "2025-06-03 20:40:14.186", - "updatedAt": "2025-06-03 20:40:14.186" + "name": "For information requiring explicit consent, the entity communicates the need for such consent, as well as the consequences of a failure to provide consent for the request for personal information, and obtains the consent prior to the collection of the information to meet the entity‚Äôs objectives related to privacy.", + "description": "The organization includes Privacy Act statements on forms that collect information that will be maintained in a Privacy Act system of records, or provide Privacy Act statements on separate forms that can be retained by individuals.", + "identifier": "P3.2", + "createdAt": "2025-06-03 23:20:45.451", + "updatedAt": "2025-06-03 23:20:45.451" }, { - "id": "frk_rq_683f5dd45d0c3a5d87292db4", + "id": "frk_rq_683f8371847f5409c2e72347", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.", - "description": "The organization makes all policies and procedures available to all staff members for their perusal.", - "identifier": "CC2.2", - "createdAt": "2025-06-03 20:40:52.254", - "updatedAt": "2025-06-03 20:40:52.254" + "name": "The entity limits the use of personal information to the purposes identified in the entity‚Entity objectives related to privacy.", + "description": "The organization has documented a Privacy Policy and supporting procedures that establish expected behavior with regard to the Company, meet all regulatory requirements, and are published on the company website. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers by maintaining an annually reviewed Record of Processing Activities—an inventory of personal information categories collected, their sources, specific purposes, and usage—ensuring that all forms collecting personal data include a Privacy Act statement either on the form itself or via a separate notice for individuals, and enforcing logical access provisioning to critical systems only upon approval by authorized personnel based on individual need or predefined roles.", + "identifier": "P4.1", + "createdAt": "2025-06-03 23:21:20.968", + "updatedAt": "2025-06-04 21:38:42.939" }, { - "id": "frk_rq_683f5e0a2a1d7ae66d82f6df", + "id": "frk_rq_683f83834e536ba24d2f3bf1", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.", - "description": "The organization has a documented policy to define behavioral standards and acceptable business conduct.", - "identifier": "CC2.2", - "createdAt": "2025-06-03 20:41:45.965", - "updatedAt": "2025-06-03 20:41:45.965" + "name": "The entity retains personal information consistent with the entity‚Entity objectives related to privacy.", + "description": "The organization’s documented Privacy Policy meets all applicable regulatory requirements and is published on the company website. It also maintains a documented policy outlining guidelines for the disposal and retention of information. To ensure accountability and transparency, the organization compiles and annually reviews a Record of Processing Activities—a comprehensive inventory of personal information categories collected, their sources, usage, and specific purposes—and requires that every form collecting personal data include a Privacy Act statement, either directly on the form or via a separate notice that individuals can retain.", + "identifier": "P4.2", + "createdAt": "2025-06-03 23:21:38.685", + "updatedAt": "2025-06-04 21:39:54.273" }, { - "id": "frk_rq_683f5e3e316fa66736e2daf7", + "id": "frk_rq_683f83dea64e10cea3af908c", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.", - "description": "The organization has established procedures for new staff to complete security and privacy literacy training as a part of their onboarding.", - "identifier": "CC2.2", - "createdAt": "2025-06-03 20:42:38.312", - "updatedAt": "2025-06-03 20:42:38.312" + "name": "The entity grants identified and authenticated data subjects the ability to access their stored personal information for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity‚If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity.", + "description": "The organization has a documented Privacy Policy that meets all regulatory requirements and is published on the company website. This Privacy Policy requires that every form collecting personal information include a Privacy Act statement—either directly on the form or via a separate notice for individuals to retain—and mandates that all subject access requests be honored promptly and in accordance with the Policy, thereby ensuring transparency, informed consent, and full compliance throughout the data lifecycle.", + "identifier": "P5.1", + "createdAt": "2025-06-03 23:23:09.676", + "updatedAt": "2025-06-04 21:43:35.950" + }, + { + "id": "frk_rq_683f845ba4f5e3210df1a723", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity discloses personal information to third parties with the explicit consent of data subjects, and such consent is obtained prior to disclosure to meet the entity‚ objectives related to privacy.", + "description": "The organization has documented policies and procedures that establish guidelines for vendor management and personal data protection, requiring an annual formal vendor risk assessment to identify suppliers critical to its security commitments and mandating appropriate remediation measures—such as contractual safeguards and incident response protocols—whenever personal data is shared with third parties. It ensures all regulatory consent requirements are fulfilled before processing personal data and conducts periodic Data Protection Impact Assessments to evaluate and mitigate privacy and regulatory risks across its processing activities, thereby maintaining comprehensive oversight and compliance throughout the data lifecycle.", + "identifier": "P6.1", + "createdAt": "2025-06-03 23:25:14.675", + "updatedAt": "2025-06-04 21:46:06.793" + }, + { + "id": "frk_rq_683f847a3a8a886dc17fb349", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity creates and retains a complete, accurate, and timely record of authorized disclosures of personal information to meet the entity‚ objectives related to privacy.", + "description": "The organization has documented privacy policies and procedures that establish guidelines for the collection, processing, and protection of personal information. Senior Management appoints a Privacy Officer responsible for assessing and facilitating the organization’s compliance with all applicable privacy regulations. The organization maintains a Record of Processing Activities—a comprehensive inventory of the categories of personal information collected, their sources, usage, and specific purposes—which is reviewed and updated annually to ensure accuracy and regulatory alignment. In accordance with its Privacy Policy, the organization ensures that all Subject Access Requests are honored promptly and fully, thereby safeguarding individual rights and maintaining transparency across its data processing operations.", + "identifier": "P6.2", + "createdAt": "2025-06-03 23:25:46.170", + "updatedAt": "2025-06-04 21:46:59.315" + }, + { + "id": "frk_rq_683f84c464d2ea4f6e977429", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity creates and retains a complete, accurate, and timely record of detected or reported unauthorized disclosures (including breaches) of personal information to meet the entity‚objectives related to privacy.", + "description": "The organization has documented policies and procedures that define guidelines for notifying customers and other stakeholders—specifically addressing PII breaches—in the event of any information security incident. Senior Management appoints a Privacy Officer to assess and facilitate compliance with all relevant privacy regulations. The organization conducts risk assessments of suspected data breaches and, when a breach is deemed significant, notifies all affected parties without unreasonable delay. All security incidents are recorded along with their investigations and the response plans executed, in accordance with the incident reporting and management procedures.", + "identifier": "P6.3", + "createdAt": "2025-06-03 23:27:00.377", + "updatedAt": "2025-06-04 21:48:04.155" + }, + { + "id": "frk_rq_683f8546f29167cd7f16a8ed", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity provides notification of breaches and incidents to affected data subjects, regulators, and others to meet the entity‚objectives related to privacy.", + "description": "The organization has documented policies and procedures that establish expected behavior with regard to the Company, including guidelines for incident detection, reporting, notification, and remediation. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services by enforcing comprehensive incident management protocols. All employees receive Information Security policies and procedures detailing how to report operational failures, security incidents, concerns, or complaints related to services or systems. The organization conducts risk assessments of suspected data breaches, maintains a complete record of all security incidents, investigations, and executed response plans in accordance with its policies, and notifies customers and other stakeholders—particularly in the event of PII breaches—without unreasonable delay, thereby ensuring transparent communication and effective resolution.", + "identifier": "P6.6", + "createdAt": "2025-06-03 23:29:10.341", + "updatedAt": "2025-06-04 21:52:23.052" + }, + { + "id": "frk_rq_683f857249f025f86fcfcbcf", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity provides data subjects with an accounting of the personal information held and disclosure of the data subjects‚Äô personal information, upon the data subjects‚Äô request, to meet the entity‚Äôs objectives related to privacy.", + "description": "The organization ensures regulatory requirements regarding user consent are met prior to processing personal data.\r\nThe organization ensures that Subject Access Requests are being honored in accordance with the Privacy Policy", + "identifier": "P6.7", + "createdAt": "2025-06-03 23:29:53.607", + "updatedAt": "2025-06-04 21:52:36.984" + }, + { + "id": "frk_rq_683f85a54f4d8eb689efb5a3", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity collects and maintains accurate, up-to-date, complete, and relevant personal information to meet the entity‚objectives related to privacy.", + "description": "The organization has documented policies and procedures that establish expected behavior with regard to personal data, including a Privacy Policy published on the company website that meets all regulatory requirements and assigns a Privacy Officer to assess and facilitate compliance. It maintains a Record of Processing Activities—an annually reviewed inventory of the categories of personal information collected, their sources, specific purposes, and usage—and requires all forms that collect personal data to include a Privacy Act statement, either on the form itself or via a separate notice. In accordance with its Privacy Policy, the organization honors all Subject Access Requests promptly and fully, ensuring transparency, accountability, and protection of individual data rights.", + "identifier": "P7.1", + "createdAt": "2025-06-03 23:30:45.215", + "updatedAt": "2025-06-04 21:54:31.214" + }, + { + "id": "frk_rq_683f85dea375f4073836d53c", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries, complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity‚objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner.", + "description": "The organization maintains a documented Privacy Policy that meets all applicable regulatory requirements and is published on the company website. This Policy mandates that valid user consent be obtained before any personal data processing and clearly informs individuals of their rights. In accordance with both the Policy and regulatory obligations, the organization promptly and fully honors all Subject Access Requests, ensuring transparency, accountability, and respect for individual privacy throughout the data lifecycle.", + "identifier": "P8.1", + "createdAt": "2025-06-03 23:31:41.573", + "updatedAt": "2025-06-04 21:56:04.771" }, { - "id": "frk_rq_683f5e96f7b22acf54f4376f", + "id": "frk_rq_683f5daecd5e3f57e3f2733c", "frameworkId": "frk_683f377429b8408d1c85f9bd", "name": "COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.", - "description": "The organization documents, monitors, and retains individual training activities and records.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including behavioral standards, acceptable business conduct policies, and Information Security policies that provide guidance on reporting failures, incidents, concerns, and complaints related to organizational services and systems. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through comprehensive personnel governance and awareness programs, including: establishing procedures for new staff to acknowledge applicable company policies and complete security and privacy literacy training during onboarding; requiring periodic policy acknowledgment by all staff; making all policies and procedures available to staff members for reference; and documenting, monitoring, and retaining individual training activities and records to ensure ongoing compliance and competency in protecting customer service delivery.", "identifier": "CC2.2", - "createdAt": "2025-06-03 20:44:05.807", - "updatedAt": "2025-06-03 20:44:05.807" + "createdAt": "2025-06-03 20:40:14.186", + "updatedAt": "2025-06-04 20:21:13.905" }, { "id": "frk_rq_683f5ed1fb039b11269212c8", "frameworkId": "frk_683f377429b8408d1c85f9bd", "name": "COSO Principle 15: The entity communicates with external parties regarding matters affecting the functioning of internal control.", - "description": "The organization displays the most current information about its services on its website, which is accessible to its customers.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through transparent customer communication controls, including: displaying current information about services on the company website for customer accessibility; and providing customers with information on how to report failures, incidents, concerns, or other complaints related to organizational services and systems to ensure prompt issue resolution and continuous service improvement", "identifier": "CC2.3", "createdAt": "2025-06-03 20:45:04.736", - "updatedAt": "2025-06-03 20:45:04.736" + "updatedAt": "2025-06-04 20:24:23.191" }, { - "id": "frk_rq_683f5efbfcf289aa20945535", + "id": "frk_rq_6840a68d409f43b4d0efd3c1", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 15: The entity communicates with external parties regarding matters affecting the functioning of internal control.", - "description": "The organization has provided information to customers on how to report failures, incidents, concerns, or other complaints related to the services or systems provided by the The organization in the event there are problems.", - "identifier": "CC2.3", - "createdAt": "2025-06-03 20:45:46.920", - "updatedAt": "2025-06-03 20:45:46.920" + "name": "COSO Principle 11: The entity also selects and develops general control activities over technology to support the achievement of objectives.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company. Senior Management maintains segregated responsibilities and duties across the organization to mitigate risks to customer services through systematic oversight, including annual reviews and approvals of company policies, risk assessments, vendor assessments, and organizational structures. The organization conducts periodic evaluations of subservice organizations to ensure customer commitments are met, while the Information Security program undergoes planned reviews to ensure continuing effectiveness. Responsibilities are further segregated through the Information Security Officer's independent oversight of production access controls, supported by continuous monitoring systems that provide program health reporting to stakeholders", + "identifier": "CC5.2", + "createdAt": "2025-06-04 20:03:24.528", + "updatedAt": "2025-06-04 20:03:24.528" }, { - "id": "frk_rq_683f5f4d18de5fee7df6f15a", + "id": "frk_rq_683f598fc18a528adfcdd561", "frameworkId": "frk_683f377429b8408d1c85f9bd", - "name": "COSO Principle 6: The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.", - "description": "The organization performs a formal risk assessment exercise annually, as per documented guidelines and procedures, to identify threats that could impair systems' security commitments and requirements.", - "identifier": "CC3.1", - "createdAt": "2025-06-03 20:47:09.217", - "updatedAt": "2025-06-03 20:47:09.217" + "name": "COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through structured organizational governance, including: maintaining an organizational structure that defines authorities, facilitates information flow, and establishes clear responsibilities; appointing a People Operations Officer to develop personnel-related security strategies; assigning an Information Security Officer to centrally manage the enterprise-wide cybersecurity and privacy program; establishing procedures to communicate staff roles and responsibilities; and implementing mechanisms to assign asset ownership responsibilities with common understanding of protection requirements. Senior Management conducts planned interval reviews of the Information Security program, including policies, standards, and procedures, or when significant changes occur, to ensure continuing suitability, adequacy, and effectiveness in protecting customer services", + "identifier": "CC1.3", + "createdAt": "2025-06-03 20:22:39.029", + "updatedAt": "2025-06-04 20:12:56.746" + }, + { + "id": "frk_rq_683f5a7da5c95341a76298e5", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "COSO Principle 4: The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through structured personnel security controls, including established procedures to perform security risk screening of individuals before authorizing access and ensuring that all security-related positions are staffed by qualified individuals with the necessary skill sets to protect customer service delivery", + "identifier": "CC1.4", + "createdAt": "2025-06-03 20:26:36.583", + "updatedAt": "2025-06-04 20:14:57.733" }, { - "id": "frk_rq_683f5f6e645c88e762e959ee", + "id": "frk_rq_683f5fbd7ac16777b257da6b", "frameworkId": "frk_683f377429b8408d1c85f9bd", "name": "COSO Principle 7: The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.", - "description": "The organization has established procedures for new staff to acknowledge applicable company policies as a part of their onboarding.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including documented guidelines and procedures for formal risk assessment exercises. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through systematic risk management practices, including: establishing procedures for new staff to acknowledge applicable company policies during onboarding; performing annual formal risk assessment exercises to identify threats that could impair systems' security commitments and requirements; conducting annual vendor risk assessments to identify vendors critical to systems' security commitments; and assessing each identified risk with scoring based on likelihood of occurrence and potential impact on security, availability, and confidentiality of the Company platform, with risks mapped to mitigating factors that address some or all of the identified risk to protect customer service delivery", "identifier": "CC3.2", - "createdAt": "2025-06-03 20:47:41.534", - "updatedAt": "2025-06-03 20:47:41.534" + "createdAt": "2025-06-03 20:49:01.092", + "updatedAt": "2025-06-04 20:26:42.272" + }, + { + "id": "frk_rq_683f62e98eedc19fdd008d99", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "COSO Principle 17: The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including Information Security policies that provide employees with guidance on reporting failures, incidents, concerns, or other complaints related to organizational services and systems. Senior Management segregates responsibilities and duties across the organization to mitigate risks to customer services through systematic program oversight, including: conducting annual reviews and approvals of all company policies; performing planned interval reviews of the Information Security program including policies, standards, and procedures, or when significant changes occur, to ensure their continuing suitability, adequacy, and effectiveness; and implementing continuous monitoring systems to track and report the health of the information security program to the Information Security Officer and other stakeholders, ensuring comprehensive protection of customer service delivery", + "identifier": "CC4.2", + "createdAt": "2025-06-03 21:02:32.708", + "updatedAt": "2025-06-04 20:33:35.624" + }, + { + "id": "frk_rq_683f63eb915fb5c5e9666793", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "COSO Principle 10: The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including guidelines for acceptable and unacceptable technology usage behaviors with outlined consequences for unacceptable actions. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through structured governance and behavioral standards that ensure proper technology usage and overall organizational conduct to protect customer service delivery", + "identifier": "CC5.1", + "createdAt": "2025-06-03 21:06:50.715", + "updatedAt": "2025-06-04 20:36:09.752" + }, + { + "id": "frk_rq_683f65a946002d573103c9de", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "COSO Principle 12: The entity deploys control activities through policies that establish what is expected and in procedures that put policies into action.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through structured policy governance, including: making all policies and procedures available to all staff members for reference; establishing procedures for new staff to acknowledge applicable company policies during onboarding; and requiring periodic acknowledgment of applicable company policies by all staff to ensure ongoing awareness and compliance in protecting customer service delivery.", + "identifier": "CC5.3", + "createdAt": "2025-06-03 21:14:16.735", + "updatedAt": "2025-06-04 20:38:16.743" + }, + { + "id": "frk_rq_683f66cebc1688607d297b48", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including Access Control policies and procedures for user registration and authorization, physical and environmental security policies, and password and secure login mechanism guidelines made available to all staff members. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through comprehensive access management controls, including: ensuring production databases and Secure Shell access to infrastructure entities are protected from public internet access; requiring Senior Management or the Information Security Officer to periodically review and ensure that administrative and critical system access is restricted to only those individuals who require such access to perform their job functions; implementing logical access provisioning to critical systems that requires approval from authorized personnel on an individual need or predefined role basis; and utilizing continuous monitoring systems to alert security teams to update access levels of team members whose roles have changed, ensuring systematic protection of customer service delivery through proper access governance", + "identifier": "CC6.1", + "createdAt": "2025-06-03 21:19:09.801", + "updatedAt": "2025-06-04 20:40:54.041" + }, + { + "id": "frk_rq_683f759f885e5b093b3c36d6", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity implements logical access security measures to protect against threats from sources outside its system boundaries.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including endpoint security policies and procedures, guidelines for communications protections and network security of critical systems, and documented procedures for endpoint security and related controls. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through comprehensive endpoint and network security controls, including: developing, documenting, and maintaining an inventory of organizational endpoint systems with necessary accountability information; ensuring endpoints with access to critical servers or data are configured to auto-screen-lock after 15 minutes of inactivity and are encrypted to protect from unauthorized access; requiring malware protection software on endpoints accessing critical servers or data; protecting production databases and Secure Shell access to infrastructure entities from public internet access; implementing firewall protection on every production host with deny-by-default rules; performing security and privacy compliance checks on software versions and patches of remote devices prior to establishing internal connections; requiring multifactor authentication for all staff members with access to critical systems; and maintaining systematic endpoint security governance to ensure comprehensive protection of customer service delivery.", + "identifier": "CC6.6", + "createdAt": "2025-06-03 22:22:23.193", + "updatedAt": "2025-06-04 20:49:37.100" + }, + { + "id": "frk_rq_683f76a572050393764a447d", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity‚Äôs objectives.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including a documented policy to manage encryption and cryptographic protection controls. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through comprehensive encryption and data protection controls, including: developing, documenting, and maintaining an inventory of organizational infrastructure systems with necessary accountability information; utilizing standard encryption methods including HTTPS with TLS algorithm to keep transmitted data confidential; implementing cryptographic mechanisms to encrypt all production databases that store customer data at rest; ensuring that endpoints and critical endpoints with access to critical servers or data are encrypted to protect from unauthorized access; and requiring that customer data used in non-production environments receives the same level of protection as the production environment, thereby maintaining systematic encryption governance to ensure comprehensive protection of customer service delivery through cryptographic controls.", + "identifier": "CC6.7", + "createdAt": "2025-06-03 22:26:45.409", + "updatedAt": "2025-06-04 20:51:47.026" + }, + { + "id": "frk_rq_683f778c138349f90d26fee2", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including policies and procedures for vulnerability management. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through comprehensive monitoring and threat detection controls, including: implementing methods to continuously monitor critical assets to generate capacity alerts ensuring optimal performance, meeting future capacity requirements, and protecting against denial-of-service attacks; identifying vulnerabilities on the Company platform through regular vulnerability scan execution; configuring infrastructure to generate audit events for security-related actions of interest on all critical systems and to review and analyze audit events to detect anomalous or suspicious activity and threats; and tracking all vulnerabilities with remediation according to defined vulnerability management policies and procedures, thereby maintaining systematic security monitoring governance to ensure comprehensive protection of customer service delivery through proactive threat detection and response capabilities.", + "identifier": "CC7.1", + "createdAt": "2025-06-03 22:30:36.377", + "updatedAt": "2025-06-04 20:59:55.401" + }, + { + "id": "frk_rq_683f7a455a617028f7cd888f", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including established policies and procedures with guidelines to be undertaken in response to information security incidents and policies and procedures to report and manage incidents. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through comprehensive incident management controls, including: maintaining records of information security incidents, their investigations, and the response plans executed in accordance with defined incident reporting and management policies and procedures; and utilizing continuous monitoring systems to track and report the health of the information security program to the Information Security Officer and other stakeholders, thereby maintaining systematic incident response governance to ensure comprehensive protection of customer service delivery through structured incident detection, response, and documentation capabilities", + "identifier": "CC7.4", + "createdAt": "2025-06-03 22:42:12.507", + "updatedAt": "2025-06-04 21:05:11.565" + }, + { + "id": "frk_rq_683f804dde7ce3212d036b3e", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity identifies, develops, and implements activities to recover from identified security incidents.", + "description": "The organization has documented a set of policies and procedures that establish expected behavior with regard to the Company, including documented policies and procedures that establish guidelines for continuing business operations and facilitate the application of contingency planning controls, a documented policy on managing Data Backups made available to all relevant staff, and documented guidelines to manage Disaster Recovery. Senior Management segregates responsibilities and duties across the organization to mitigate risks to the services provided to its customers through comprehensive business continuity and disaster recovery controls, including: establishing guidelines and procedures for continuing business operations in case of a disruption or security incident; implementing data backup management policies accessible to relevant staff through the company employee portal; and maintaining disaster recovery guidelines that ensure business operations continuity during disruptive events, thereby maintaining systematic business continuity governance to ensure comprehensive protection and uninterrupted delivery of customer services through proactive contingency planning and recovery capabilities.", + "identifier": "CC7.5", + "createdAt": "2025-06-03 23:07:56.828", + "updatedAt": "2025-06-04 21:06:47.396" + }, + { + "id": "frk_rq_683f82b7e3624d113096e13c", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity provides notice to data subjects about its privacy practices to meet the entity‚entity objectives related to privacy. The notice is updated and communicated to data subjects in a timely manner for changes to the entity‚entity privacy practices, including changes in the use of personal information, to meet the entity,entity objectives related to privacy.", + "description": "The organization has documented a comprehensive Privacy Policy and supporting procedures that embed privacy-by-design principles into all systems and processes to ensure ongoing compliance with applicable privacy regulations. This Privacy Policy meets all regulatory requirements and is published on the company website. In addition, every form that collects personal information—whether part of a Privacy Act system of records or not—carries a Privacy Act statement, either directly on the form or on a separate notice provided to individuals, thereby ensuring transparency, informed consent, and full regulatory compliance across the data lifecycle.", + "identifier": "P1.1", + "createdAt": "2025-06-03 23:18:14.833", + "updatedAt": "2025-06-04 21:29:10.974" + }, + { + "id": "frk_rq_683f82c47ddda8414a018a93", + "frameworkId": "frk_683f377429b8408d1c85f9bd", + "name": "The entity communicates choices available regarding the collection, use, retention, disclosure, and disposal of personal information to the data subjects and the consequences, if any, of each choice. Explicit consent for the collection, use, retention, disclosure, and disposal of personal information is obtained from data subjects or other authorized persons, if required. Such consent is obtained only for the intended purpose of the information to meet the entity‚Äôs objectives related to privacy. The entity‚Äôs basis for determining implicit consent for the collection, use, retention, disclosure, and disposal of personal information is documented.", + "description": "The organization maintains an inventory of categories of personal information collected along with its usage, sources and specific purposes for collection as per regulatory requirements (\"Record of Processing Activities\") and reviews it on an annual basis\r\nThe organization maintains a list of all contractual obligations based on customer contracts.\r\nThe organization ensures regulatory requirements regarding user consent are met prior to processing personal data\r\n", + "identifier": "P2.1", + "createdAt": "2025-06-03 23:18:27.903", + "updatedAt": "2025-06-04 21:34:40.204" } ] \ No newline at end of file diff --git a/packages/db/prisma/seed/primitives/FrameworkEditorTaskTemplate.json b/packages/db/prisma/seed/primitives/FrameworkEditorTaskTemplate.json index 8525bbc205..3921dbf16e 100644 --- a/packages/db/prisma/seed/primitives/FrameworkEditorTaskTemplate.json +++ b/packages/db/prisma/seed/primitives/FrameworkEditorTaskTemplate.json @@ -1,1496 +1,308 @@ [ { - "id": "frk_tt_681e8514d7af582ead600966", - "name": "Old_Access Control Records", - "description": "Access control configurations, firewall logs, and system access review reports. Provide Access Management Procedures document that outlines granting, monitoring, and revoking system access including access logging and periodic reviews.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:36:12.691" - }, - { - "id": "frk_tt_681e85141b853e39a571bfd1", - "name": "Old_Access Logs", - "description": "System and application access logs showing user authentication and authorization activities.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:36:18.507" - }, - { - "id": "frk_tt_681e8514048b68c1ba899bdd", - "name": "Old_Access Removal Records", - "description": "Documentation of access removal for terminated employees or role changes.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:36:25.531" - }, - { - "id": "frk_tt_681e8514479897345cc0ba4c", - "name": "Old_Access Review Records", - "description": "Documentation of periodic access reviews and approvals.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:36:32.843" - }, - { - "id": "frk_tt_681e85140fbc89846e51815c", - "name": "Old_Account Management Records", - "description": "Records of account creation, modification, and deletion activities.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:36:40.055" - }, - { - "id": "frk_tt_681e8514cae7734e136f689c", - "name": "Old_Authentication Records", - "description": "Authentication system logs and configuration documentation.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:36:44.554" - }, - { - "id": "frk_tt_681e8514e8bdffe08194931f", - "name": "Old_Board Meeting Documentation", - "description": "Minutes and documentation from board meetings discussing security and compliance matters.", - "frequency": "quarterly", - "department": "gov", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:36:48.419" - }, - { - "id": "frk_tt_681e85149594483ba3e98a58", - "name": "Old_Business Continuity and Disaster Recovery Testing Records", - "description": "Documentation of BCDR testing activities and results.", - "frequency": "yearly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:36:54.780" - }, - { - "id": "frk_tt_681e851485b83055bf0a685f", - "name": "Old_Business Continuity Plans", - "description": "Documentation of business continuity and disaster recovery plans.", - "frequency": "yearly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:03.214" - }, - { - "id": "frk_tt_681e85142bcb74942ee95994", - "name": "Old_Capacity Reports", - "description": "System capacity planning and monitoring reports.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:08.354" - }, - { - "id": "frk_tt_681e8514f1aa978fa0df1bcd", - "name": "Old_Change Management Records", - "description": "Documentation of system changes and approvals.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:12.123" - }, - { - "id": "frk_tt_681e8514d9bd9d9da3cd6d80", - "name": "Old_Change Request Logs", - "description": "Logs of system change requests and their status.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:18.645" - }, - { - "id": "frk_tt_681e85147fd8009762a6f0e0", - "name": "Old_Change Risk Documentation", - "description": "Risk assessment documentation for system changes.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:28.942" - }, - { - "id": "frk_tt_681e8514b19250f7726e0ea2", - "name": "Old_Communication Records", - "description": "Documentation of internal and external security communications.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:34.551" - }, - { - "id": "frk_tt_681e8514f2a015c698b3d458", - "name": "Old_Consent Records", - "description": "Records of user consent for data processing activities.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:40.200" - }, - { - "id": "frk_tt_681e8514498999a1f315a415", - "name": "Old_Control Implementation Records", - "description": "Documentation of control implementation and effectiveness.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:45.788" - }, - { - "id": "frk_tt_681e85146dd689eb3de04af3", - "name": "Old_Control Testing Documentation", - "description": "Documentation of control testing activities and results.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:49.780" - }, - { - "id": "frk_tt_681e85149022de8376a6d103", - "name": "Old_Data Classification Records", - "description": "Documentation of data classification and handling procedures.", + "id": "frk_tt_6840672484e8bf8f9cf8f2fe", + "name": "Security Policy Acknowledgment and Availability", + "description": "Develop procedures for all staff to periodically acknowledge and review the company’s security policies, including as part of onboarding. Ensure all security policies are accessible to staff at any time. Document and maintain an Information Security Policy that defines the organization’s approach to ensuring the confidentiality, integrity, and availability of its information systems.", "frequency": "yearly", "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:37:56.399" - }, - { - "id": "frk_tt_681e851476a3ebe8aa77b2d5", - "name": "Old_Data Processing Logs", - "description": "Logs of data processing activities and transactions.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:38:01.216" - }, - { - "id": "frk_tt_681e85143c1a4bd85c70d365", - "name": "Old_Data Quality Documentation", - "description": "Documentation of data quality controls and monitoring.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:38:07.006" - }, - { - "id": "frk_tt_681e8514ca48b77ef7fc7d83", - "name": "Old_Data Validation Records", - "description": "Records of data validation and verification activities.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:38:16.085" - }, - { - "id": "frk_tt_681e8514d1c939616c3e0951", - "name": "Old_Deficiency Management Records", - "description": "Documentation of control deficiencies and remediation activities.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:38:28.928" + "createdAt": "2025-06-04 15:32:52.138", + "updatedAt": "2025-06-05 00:20:39.062" }, { - "id": "frk_tt_681e8514c64ee74e19ebf5e4", - "name": "Old_Disposal Records", - "description": "Documentation of secure data and asset disposal activities.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:38:34.048" - }, - { - "id": "frk_tt_681e85144fc85e074719756d", - "name": "Old_Ethics Compliance Documentation", - "description": "Documentation of ethics training and compliance activities.", - "frequency": "yearly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:39:01.606" - }, - { - "id": "frk_tt_681e851485f28df39db0cf99", - "name": "Old_Exception Logs", - "description": "Logs of security control exceptions and approvals.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:39:05.423" - }, - { - "id": "frk_tt_681e8514d362ed5f66e72fde", - "name": "Old_Fraud Risk Documentation", - "description": "Documentation of fraud risk assessment and mitigation activities.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:39:16.256" - }, - { - "id": "frk_tt_681e8514fc009ceb3c693964", - "name": "Old_HR Documentation", - "description": "Documentation of HR security policies and procedures.", + "id": "frk_tt_68406951bd282273ebe286cc", + "name": "Secure Staff Screening and Training", + "description": "Implement security risk screening of all individuals before granting access to company systems or sensitive information. Ensure that staff in security-related roles have the appropriate qualifications and skills. Provide information security and privacy training relevant to job functions, including onboarding training for new hires. Maintain accurate documentation and monitoring of individual training activities and records to ensure compliance and readiness.", "frequency": "yearly", "department": "hr", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:39:22.621" - }, - { - "id": "frk_tt_681e8514a931d9d0ce6a4168", - "name": "Old_Incident Analysis Records", - "description": "Documentation of security incident analysis and findings.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:39:28.801" - }, - { - "id": "frk_tt_681e851467074fc0123938fb", - "name": "Old_Incident Communication Records", - "description": "Documentation of incident-related communications.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:39:47.306" - }, - { - "id": "frk_tt_681e8514c09859731d925893", - "name": "Old_Incident Recovery Records", - "description": "Documentation of incident recovery activities and lessons learned.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:00.122" - }, - { - "id": "frk_tt_681e851456a5d73e6ba55a0a", - "name": "Old_Incident Response Records", - "description": "Documentation of security incident response activities.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:09.598" + "createdAt": "2025-06-04 15:42:08.603", + "updatedAt": "2025-06-05 00:20:39.762" }, { - "id": "frk_tt_681e85143332324f91416be7", - "name": "Old_Infrastructure Monitoring Records", - "description": "Documentation of infrastructure monitoring and alerting activities.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:13.749" - }, - { - "id": "frk_tt_681e851453c84dda25ce83b5", - "name": "Old_Management Structure Documentation", - "description": "Documentation of organizational structure and reporting relationships.", + "id": "frk_tt_684069a3a0dd8322b2ac3f03", + "name": "Security Responsibility Evaluations", + "description": "Periodically evaluate all employees in client-serving, IT Engineering, and Information Security roles to ensure they understand and fulfill their job responsibilities, including adherence to security policies and procedures. Incorporate these evaluations into the overall disciplinary process for managing security violations.", "frequency": "yearly", "department": "hr", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:22.989" - }, - { - "id": "frk_tt_681e851406b67dee8b177b18", - "name": "Old_Personnel Compliance Documentation", - "description": "Documentation of personnel compliance with security policies.", - "frequency": "quarterly", - "department": "hr", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:27.114" - }, - { - "id": "frk_tt_681e85149d8cd93986494190", - "name": "Old_Physical Access Records", - "description": "Documentation of physical access control activities.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:32.741" - }, - { - "id": "frk_tt_681e8514c263729c554d7a7e", - "name": "Old_Policy Implementation Records", - "description": "Documentation of security policy implementation activities.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:39.886" + "createdAt": "2025-06-04 15:43:30.893", + "updatedAt": "2025-06-05 00:20:39.920" }, { - "id": "frk_tt_681e8514cf759d2af506ba5a", - "name": "Old_Privacy Notice", - "description": "Current privacy notice and related documentation.", + "id": "frk_tt_684069f039a8802920361d55", + "name": "Information Retention and Secure Disposal", + "description": "Develop and document policies for the retention and secure disposal of information, including processes for decommissioning information assets containing classified or confidential data. Ensure these policies meet confidentiality objectives and are applied consistently to protect sensitive information throughout its lifecycle.", "frequency": "yearly", "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:43.819" + "createdAt": "2025-06-04 15:44:48.172", + "updatedAt": "2025-06-05 00:20:40.144" }, { - "id": "frk_tt_681e8514196ef04c487a619c", - "name": "Old_Recovery Records", - "description": "Documentation of system recovery activities and testing.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:47.370" - }, - { - "id": "frk_tt_681e85145177e1b436e5e678", - "name": "Old_Retention Schedules", - "description": "Documentation of data retention policies and schedules.", + "id": "frk_tt_68406a514e90bb6e32e0b107", + "name": "Contact Information and Incident Reporting", + "description": "Maintain and display up-to-date information on your website about the services offered, and provide clear guidance for customers on how to report failures, incidents, concerns, or complaints. Ensure that these processes facilitate ongoing communication and transparency with customers.", "frequency": "yearly", "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:51.080" - }, - { - "id": "frk_tt_681e851425166ba986da0b88", - "name": "Old_Risk Assessment Documentation", - "description": "Documentation of risk assessment activities and findings.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:55.361" - }, - { - "id": "frk_tt_681e8514807768436251ddb1", - "name": "Old_Technology Control Records", - "description": "Documentation of technology control implementation and monitoring.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:41:04.144" - }, - { - "id": "frk_tt_681e851451a09ed772b67358", - "name": "Old_Uptime Reports", - "description": "System uptime and availability reports.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:41:08.079" - }, - { - "id": "frk_tt_681e851458d9791786ea6e67", - "name": "Old_Vendor Risk Assessment Records", - "description": "Documentation of vendor risk assessment activities.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:41:13.867" - }, - { - "id": "frk_tt_681e8514b471bb89952116c0", - "name": "Old_External Communication Records", - "description": "Documentation of external security communications and notifications.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:39:09.540" - }, - { - "id": "frk_tt_681e8514a9ab8c08054f6657", - "name": "Old_Malware Prevention Records", - "description": "Documentation of malware prevention and detection activities.", - "frequency": "monthly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:40:18.304" - }, - { - "id": "frk_tt_681e85146dfc52a06b6069d1", - "name": "Old_Risk Identification Records", - "description": "Documentation of risk identification activities.", - "frequency": "quarterly", - "department": "it", - "createdAt": "2025-05-14 19:20:44.920", - "updatedAt": "2025-05-15 06:41:00.165" - }, - { - "id": "frk_tt_68259a74a644e1e362069d36", - "name": "Fill ISMS scope field", - "description": "Fill ISMS scope field; export scope PDF.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:40:35.761", - "updatedAt": "2025-05-15 07:40:35.761" - }, - { - "id": "frk_tt_68259a7c61351ccd0145eb7f", - "name": "Publish ISMS policy", - "description": "Publish ISMS policy; export signed copy with approval log.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:40:43.900", - "updatedAt": "2025-05-15 07:40:43.900" - }, - { - "id": "frk_tt_68259a8610a52d9eb1523b37", - "name": "Board-approved policy uploaded", - "description": "Board-approved policy uploaded; export PDF.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:40:53.807", - "updatedAt": "2025-05-15 07:40:53.807" - }, - { - "id": "frk_tt_68259a92538962de57d13169", - "name": "Employee attestations auto-logged", - "description": "Employee attestations auto-logged; export attestation report.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:41:05.793", - "updatedAt": "2025-05-15 07:41:05.793" - }, - { - "id": "frk_tt_68259aa7fe2e2dd041eab2ac", - "name": "Maintain RACI", - "description": "Maintain RACI; export CSV of role–responsibility map.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:41:26.912", - "updatedAt": "2025-05-15 07:41:26.912" - }, - { - "id": "frk_tt_68259aafda60c2d81f7dc7de", - "name": "Record actions to address risk/opportunity", - "description": "Record actions to address risk/opportunity; export treatment plan.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:41:34.988", - "updatedAt": "2025-05-15 07:41:34.988" - }, - { - "id": "frk_tt_68259ab98292fc335ff15442", - "name": "Run assessment wizard", - "description": "Run assessment wizard; export ISO-formatted report.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:41:44.837", - "updatedAt": "2025-05-15 07:41:44.837" - }, - { - "id": "frk_tt_68259ac26d4c50c3479b4aa5", - "name": "Generate treatment tasks", - "description": "Generate treatment tasks; export approval record.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:41:54.150", - "updatedAt": "2025-05-15 07:41:54.150" - }, - { - "id": "frk_tt_68259acb7a97a24e7aa1586f", - "name": "Set measurable IS objectives", - "description": "Set measurable IS objectives; export KPI dashboard.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:42:03.006", - "updatedAt": "2025-05-15 07:42:03.006" - }, - { - "id": "frk_tt_68259ad3f3100f4080245512", - "name": "Attach budget sheet", - "description": "Attach budget sheet; export version-controlled file.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:42:11.109", - "updatedAt": "2025-05-15 07:42:11.109" - }, - { - "id": "frk_tt_68259ade566f513a3efce677", - "name": "Store certs/training logs", - "description": "Store certs/training logs; export CSV.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:42:21.674", - "updatedAt": "2025-05-15 07:42:21.674" - }, - { - "id": "frk_tt_68259ae8b8e41d0a19a6b865", - "name": "Export training‑completion logs (annual summary)", - "description": "Export training‑completion logs (annual summary).\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 07:42:31.819", - "updatedAt": "2025-05-15 07:42:31.819" - }, - { - "id": "frk_tt_68259af33831f5a08f50f179", - "name": "Export incident response or continuity plan and broadcast logs (Slack/email)", - "description": "Export incident response or continuity plan and broadcast logs (Slack/email).\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:42:42.744", - "updatedAt": "2025-05-15 07:42:42.744" - }, - { - "id": "frk_tt_68259b02124ba8f3cf7e6175", - "name": "Export document inventory", - "description": "Export document inventory.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:42:57.776", - "updatedAt": "2025-05-15 07:42:57.776" - }, - { - "id": "frk_tt_68259b0afde095e3e14778cf", - "name": "Version history auto-stored", - "description": "Version history auto-stored; export diff log.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:43:05.989", - "updatedAt": "2025-05-15 07:43:05.989" - }, - { - "id": "frk_tt_68259b14a6da7fd507acced0", - "name": "Export controlled-document list with permission audit", - "description": "Export controlled-document list with permission audit.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:43:15.855", - "updatedAt": "2025-05-15 07:43:15.855" - }, - { - "id": "frk_tt_68259b23619ef41c9cbdb00f", - "name": "Run assessment", - "description": "Run assessment; export report.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:43:30.537", - "updatedAt": "2025-05-15 07:43:30.537" - }, - { - "id": "frk_tt_68259b2c77a5c1fc26da9255", - "name": "Export mitigation-status report", - "description": "Export mitigation-status report.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:43:39.751", - "updatedAt": "2025-05-15 07:43:39.751" - }, - { - "id": "frk_tt_68259b3546c6f743ee25eb47", - "name": "Export monitoring dashboard PDF", - "description": "Export monitoring dashboard PDF.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:43:48.562", - "updatedAt": "2025-05-15 07:43:48.562" - }, - { - "id": "frk_tt_68259b3f2b9751f53148d84a", - "name": "Export compliance-coverage report", - "description": "Export compliance-coverage report.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:43:58.958", - "updatedAt": "2025-05-15 07:43:58.958" - }, - { - "id": "frk_tt_68259b48a77d342a7a46b3a5", - "name": "Upload audit results", - "description": "Upload audit results; export signed report.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:44:08.010", - "updatedAt": "2025-05-15 07:44:08.010" - }, - { - "id": "frk_tt_68259b514f833c945b0f661d", - "name": "Store minutes", - "description": "Store minutes; export review pack.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:44:17.349", - "updatedAt": "2025-05-15 07:44:17.349" - }, - { - "id": "frk_tt_68259b5986e28b036c26f4b9", - "name": "Export non-conformity list with status", - "description": "Export non-conformity list with status.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:44:25.060", - "updatedAt": "2025-05-15 07:44:25.060" - }, - { - "id": "frk_tt_68259b60b258c452036a5408", - "name": "Export continuous-improvement backlog", - "description": "Export continuous-improvement backlog.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:44:32.485", - "updatedAt": "2025-05-15 07:44:32.485" - }, - { - "id": "frk_tt_68259b6975353ae6ff7ae62f", - "name": "A.5.1 Publish master policy", - "description": "Publish master policy; export signed copy.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:44:40.822", - "updatedAt": "2025-05-15 07:48:03.448" - }, - { - "id": "frk_tt_6825a32fc2118282f9ea7a92", - "name": "A.5.8 Export security checklist evidence", - "description": "Provide the completed security checklist from a recent project.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:17:50.615", - "updatedAt": "2025-05-15 08:17:50.615" - }, - { - "id": "frk_tt_68259b74534fbfee74689262", - "name": "A.5.2 Export matrix of control owners", - "description": "Export matrix of control owners.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:44:52.466", - "updatedAt": "2025-05-15 07:52:35.983" - }, - { - "id": "frk_tt_68259b80789a2e3db2e53abf", - "name": "A.5.3 Run SoD review", - "description": "Run SoD review; export results.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:45:04.266", - "updatedAt": "2025-05-15 07:52:50.003" - }, - { - "id": "frk_tt_68259b8e24d87df277d47344", - "name": "A.5.4 Upload accountability statement", - "description": "Upload accountability statement; export.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:45:17.848", - "updatedAt": "2025-05-15 07:53:06.821" - }, - { - "id": "frk_tt_6825a33e64a58b0ad1a99cf5", - "name": "A.5.9 Export asset register", - "description": "Export the full asset register with owners and classifications.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:18:05.890", - "updatedAt": "2025-05-15 08:18:05.890" - }, - { - "id": "frk_tt_68259bb937eb6db1e0e80633", - "name": "A.5.6 Record memberships", - "description": "Record memberships; export register.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 07:46:00.693", - "updatedAt": "2025-05-15 07:53:45.334" - }, - { - "id": "frk_tt_68259baca7a9cfffe11835f4", - "name": "A.5.5 Upload list", - "description": "Export the up-to-date list of regulatory and law-enforcement contacts.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 07:45:48.321", - "updatedAt": "2025-05-15 08:16:26.680" - }, - { - "id": "frk_tt_6825a2f990a2bc3e3b96e116", - "name": "A.5.6 Record memberships", - "description": "Export the register of all threat-intel or industry-group memberships.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:16:56.653", - "updatedAt": "2025-05-15 08:16:56.653" - }, - { - "id": "frk_tt_6825a30c4082d5fa13f2d51f", - "name": "A.5.7 Export review log", - "description": "Export the last year’s threat-intel review activity log.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:17:16.258", - "updatedAt": "2025-05-15 08:17:16.258" - }, - { - "id": "frk_tt_6825a34e51503f05847ec2bb", - "name": "A.5.10 Publish acceptable-use policy", - "description": "Export the employee attestation report for the acceptable-use policy.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:18:21.596", - "updatedAt": "2025-05-15 08:18:21.596" - }, - { - "id": "frk_tt_6825a3622983c9c134ddac9e", - "name": "A.5.11 Export termination checklist", - "description": "Provide a completed off-boarding checklist for a recent exit.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:18:42.222", - "updatedAt": "2025-05-15 08:18:42.222" - }, - { - "id": "frk_tt_6825a37262f35b049b21eb91", - "name": "A.5.12 Export data-classification policy", - "description": "Export the signed data-classification and handling standard.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:18:57.548", - "updatedAt": "2025-05-15 08:18:57.548" - }, - { - "id": "frk_tt_6825a381ccf90148f9216830", - "name": "A.5.13 Export labelling examples", - "description": "Provide sample documents or screens that show applied labels.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:19:13.485", - "updatedAt": "2025-05-15 08:19:13.485" - }, - { - "id": "frk_tt_6825a3b038b48f58938303fe", - "name": "A.5.14 Export secure-transfer config", - "description": "Export a summary of current secure-transfer / encrypted-channel settings.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:19:59.870", - "updatedAt": "2025-05-15 08:19:59.870" - }, - { - "id": "frk_tt_6825a3be25da491ba7f20837", - "name": "A.5.15 Export policy and sample encrypted-mail header", - "description": "Provide the email-encryption policy and one encrypted-mail header sample.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:20:14.086", - "updatedAt": "2025-05-15 08:20:14.086" - }, - { - "id": "frk_tt_6825a3d0707be41e0aacf7e9", - "name": "A.5.16 Export IAM logs", - "description": "Export recent provisioning and de-provisioning logs.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:20:32.296", - "updatedAt": "2025-05-15 08:20:32.296" - }, - { - "id": "frk_tt_6825a3e0d1fb49af731ef234", - "name": "A.5.17 Export MFA configuration", - "description": "Export a summary of multi-factor-authentication enforcement settings.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:20:48.373", - "updatedAt": "2025-05-15 08:20:48.373" - }, - { - "id": "frk_tt_6825a3f1c8954bab19bd69f7", - "name": "A.5.18 Export quarterly access-review report", - "description": "Provide the most recent access-review summary.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:21:05.272", - "updatedAt": "2025-05-15 08:21:05.272" - }, - { - "id": "frk_tt_6825a4081918b88502cd53b7", - "name": "A.5.19 Export vendor assessment PDFs", - "description": "Export completed security questionnaires for all critical vendors.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:21:28.380", - "updatedAt": "2025-05-15 08:21:28.380" - }, - { - "id": "frk_tt_6825a417eeaaeb09f90a8834", - "name": "A.5.20 Export signed contracts", - "description": "Provide executed supplier contracts that include security clauses.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:21:43.041", - "updatedAt": "2025-05-15 08:21:43.041" - }, - { - "id": "frk_tt_6825a42d75f4aed8bf7c734d", - "name": "A.5.21 Export supply-chain monitoring log", - "description": "Export the ongoing supply-chain security monitoring log.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:22:04.845", - "updatedAt": "2025-05-15 08:22:04.845" - }, - { - "id": "frk_tt_6825a44f0d157113db678c81", - "name": "A.5.22 Export vendor-performance review minutes", - "description": "Provide minutes from the latest vendor-performance review.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:22:38.606", - "updatedAt": "2025-05-15 08:22:38.606" - }, - { - "id": "frk_tt_6825a45f3167dc6bd84b59b8", - "name": "A.5.23 Export cloud CIS-benchmark report", - "description": "Export the latest cloud-configuration benchmark report.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:22:55.015", - "updatedAt": "2025-05-15 08:22:55.015" + "createdAt": "2025-06-04 15:46:24.989", + "updatedAt": "2025-06-05 00:20:40.314" }, { - "id": "frk_tt_6825a472fb2b4aa84664a5f7", - "name": "A.5.24 Export signed incident-response plan", - "description": "Export the current signed incident-response plan.\r\n", + "id": "frk_tt_68406a9d44fc335ab8a26554", + "name": "Information Classification and Labeling", + "description": "Develop and implement a policy and procedures for classifying information by sensitivity, including confidential and critical information. Apply appropriate physical and/or logical labels to information systems to support confidentiality, data integrity, and processing integrity. Ensure system inputs are properly labeled to meet processing integrity objectives and data definitions.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:23:14.374", - "updatedAt": "2025-05-15 08:23:14.374" - }, - { - "id": "frk_tt_6825a484226862c4edaa475c", - "name": "A.5.25 Export SIEM ticket examples", - "description": "Provide two recent high-severity security-event tickets with notes.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:23:31.502", - "updatedAt": "2025-05-15 08:23:31.502" - }, - { - "id": "frk_tt_6825a4980736d070c655d4d5", - "name": "A.5.26 Export executed runbook", - "description": "Provide evidence that an incident-response runbook was executed.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:23:51.715", - "updatedAt": "2025-05-15 08:23:51.715" - }, - { - "id": "frk_tt_6825a4a84fcec21fb2476842", - "name": "A.5.27 Export RCA document", - "description": "Export the most recent root-cause-analysis document.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:24:07.786", - "updatedAt": "2025-05-15 08:24:07.786" - }, - { - "id": "frk_tt_6825a4bbf183fc47fc05ebcc", - "name": "A.5.28 Export chain-of-custody form", - "description": "Provide a completed chain-of-custody form from a forensic case.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:24:27.401", - "updatedAt": "2025-05-15 08:24:27.401" - }, - { - "id": "frk_tt_6825a4ceb8a0aaba82205824", - "name": "A.5.29 Export BCP & last test results", - "description": "Export the business-continuity plan and latest test results.\r\n", - "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:24:45.933", - "updatedAt": "2025-05-15 08:24:45.933" + "department": "gov", + "createdAt": "2025-06-04 15:47:40.857", + "updatedAt": "2025-06-05 00:20:40.539" }, { - "id": "frk_tt_6825a4e318e3a8ff90cab144", - "name": "A.5.30 Export DR test evidence", - "description": "Provide evidence from the most recent disaster-recovery test.\r\n", + "id": "frk_tt_68406af04a4acb93083413b9", + "name": "Centralized SIEM and Continuous Monitoring", + "description": "Implement and maintain a centralized Security Information and Event Management (SIEM) system with alerting capabilities to monitor and evaluate information system events. Use this system to identify and communicate internal control deficiencies, track security incidents, and report the health of the information security program to stakeholders. Establish general control activities through continuous monitoring to support technology and security objectives.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:25:07.052", - "updatedAt": "2025-05-15 08:25:07.052" + "department": "itsm", + "createdAt": "2025-06-04 15:49:03.955", + "updatedAt": "2025-06-05 00:20:40.711" }, { - "id": "frk_tt_6825a4f70069723b83789d2b", - "name": "A.5.31 Export compliance matrix", - "description": "Export the legal- and regulatory-compliance matrix.\r\n", + "id": "frk_tt_68406b4f40c87c12ae0479ce", + "name": "Incident Management Policy and Procedures", + "description": "Develop and document an incident management policy and supporting procedures that include guidance on reporting failures, incidents, concerns, or complaints; employee reporting mechanisms for internal control deficiencies; and notifying customers and other stakeholders in the event of a breach. Maintain records of security incidents, investigations, and response plans to ensure effective management and resolution.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:25:27.014", - "updatedAt": "2025-05-15 08:25:27.014" + "department": "itsm", + "createdAt": "2025-06-04 15:50:38.678", + "updatedAt": "2025-06-05 00:20:40.908" }, { - "id": "frk_tt_6825a5692d628e27d5a550ec", - "name": "A.5.32 Export NDA samples", - "description": "Provide several signed non-disclosure agreements as examples.\r\n", + "id": "frk_tt_6840681b6dfa62a119d6dca3", + "name": "Define and Communicate Security Roles", + "description": "Define and document the cybersecurity responsibilities for all personnel. Establish a process to clearly communicate these roles and responsibilities to staff. Maintain an organizational structure that clarifies authority, facilitates information flow, and establishes accountability. Appoint key roles, including a Compliance Program Manager to oversee internal controls, an Information Security Officer to lead the enterprise-wide security and privacy program, and a People Operations Officer to manage personnel-related security strategies.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:27:21.123", - "updatedAt": "2025-05-15 08:27:21.123" + "department": "gov", + "createdAt": "2025-06-04 15:36:59.274", + "updatedAt": "2025-06-05 00:20:39.237" }, { - "id": "frk_tt_6825a579280cfed6caee39c2", - "name": "A.5.33 Export log-retention config", - "description": "Export settings that show current log-retention period/location.\r\n", + "id": "frk_tt_68406903839203801ac8041a", + "name": "Manage and Maintain Asset Inventory", + "description": "Develop, document, and maintain an inventory of all organizational infrastructure and information systems. Assign asset ownership responsibilities to ensure accountability and establish common asset protection requirements. Periodically update and review the inventory as part of ongoing evaluations to ensure accurate asset tracking and compliance with security standards.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:27:36.829", - "updatedAt": "2025-05-15 08:27:36.829" + "department": "admin", + "createdAt": "2025-06-04 15:40:51.392", + "updatedAt": "2025-06-05 00:20:39.601" }, { - "id": "frk_tt_6825a5898fccd361bcf0741e", - "name": "A.5.34 Export privacy-policy PDF", - "description": "Export the current published privacy policy.\r\n", + "id": "frk_tt_68406cd9dde2d8cd4c463fe0", + "name": "Secure Authentication Management", + "description": "Document and share guidelines for managing passwords and secure login mechanisms with all staff. Require all users with access to critical systems to use secure login mechanisms, including multi-factor authentication, to protect authentication information.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:27:53.285", - "updatedAt": "2025-05-15 08:27:53.285" + "department": "itsm", + "createdAt": "2025-06-04 15:57:13.287", + "updatedAt": "2025-06-05 00:20:41.703" }, { - "id": "frk_tt_6825a59694c520ccb4982909", - "name": "A.5.35 Export internal-audit report", - "description": "Provide the latest internal ISMS audit report.\r\n", + "id": "frk_tt_68406d2e86acc048d1774ea6", + "name": "Capacity Monitoring and Alerts", + "description": "Implement continuous monitoring of critical assets to detect vulnerabilities, anomalies, and security events. Generate capacity alerts to protect against denial-of-service attacks and ensure optimal performance, enabling the organization to meet current and future capacity requirements.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:28:06.401", - "updatedAt": "2025-05-15 08:28:06.401" - }, - { - "id": "frk_tt_6825a5b3aa8d8bcdc24bca39", - "name": "A.5.36 Export compliance dashboard", - "description": "Export a snapshot of the control-status dashboard.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:28:35.366", - "updatedAt": "2025-05-15 08:28:35.366" + "department": "it", + "createdAt": "2025-06-04 15:58:37.662", + "updatedAt": "2025-06-05 00:20:41.871" }, { - "id": "frk_tt_6825a5c49645fecc94498b24", - "name": "A.5.37 Export SOP list", - "description": "Export the index of standard operating procedures.\r\n", + "id": "frk_tt_68406d64f09f13271c14dd01", + "name": "Change Management for Information Systems", + "description": "Document and implement policies and procedures to govern changes to the operating environment, including approval processes. Conduct application regression testing to ensure key processing and output delivery remain accurate and timely, supporting processing integrity.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:28:51.796", - "updatedAt": "2025-05-15 08:28:51.796" - }, - { - "id": "frk_tt_6825a5d871291aca8800df9d", - "name": "A.6.1 Export screening certificates", - "description": "Provide background-check confirmations for recent hires.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:29:11.893", - "updatedAt": "2025-05-15 08:29:11.893" + "department": "gov", + "createdAt": "2025-06-04 15:59:31.795", + "updatedAt": "2025-06-05 00:20:42.021" }, { - "id": "frk_tt_6825a5eff52854e030459810", - "name": "A.6.2 Export signed contracts", - "description": "Export an employment contract template showing security terms.\r\n", + "id": "frk_tt_68406df8fe190156f79afc5f", + "name": "Secure Configuration Management", + "description": "Document and implement policies and procedures to manage and govern configuration changes to the operating environment. Ensure all configuration changes receive proper approval before implementation to maintain a secure and controlled environment.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:29:35.284", - "updatedAt": "2025-05-15 08:29:35.284" - }, - { - "id": "frk_tt_6825a60719c56d22937b938b", - "name": "A.6.3 Export training completion report", - "description": "Export completion data for the security-awareness course.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:29:58.699", - "updatedAt": "2025-05-15 08:29:58.699" - }, - { - "id": "frk_tt_6825a614d82335e90afc6bd9", - "name": "A.6.4 Export disciplinary log", - "description": "Provide the log of security-related disciplinary actions.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:30:11.803", - "updatedAt": "2025-05-15 08:30:11.803" + "department": "it", + "createdAt": "2025-06-04 16:01:59.882", + "updatedAt": "2025-06-05 00:20:42.177" }, { - "id": "frk_tt_6825a6336a04a18a84b9c350", - "name": "A.6.5 Export off-boarding record", - "description": "Export a recent off-boarding record that shows access removal.\r\n", + "id": "frk_tt_68406e353df3bc002994acef", + "name": "Vulnerability Management and Triage", + "description": "Establish policies and procedures to identify, track, and remediate technical vulnerabilities through regular vulnerability scans, system component monitoring, and annual penetration testing. Maintain guidelines for managing vulnerabilities, evaluating security events, and preventing incidents.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:30:42.795", - "updatedAt": "2025-05-15 08:30:42.795" + "department": "itsm", + "createdAt": "2025-06-04 16:03:00.858", + "updatedAt": "2025-06-05 00:20:42.330" }, { - "id": "frk_tt_6825a641fdf43ebc8f23f879", - "name": "A.6.6 Export signed NDA archive", - "description": "Export a set of recently signed employee NDAs.\r\n", + "id": "frk_tt_68406eedf0f0ddd220ea19c2", + "name": "Secure Application Input Controls", + "description": "Implement software application controls to ensure that input values are limited to acceptable ranges and that mandatory fields are completed before records are accepted. These controls help maintain processing integrity and ensure system input requirements are met.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:30:56.618", - "updatedAt": "2025-05-15 08:30:56.618" - }, - { - "id": "frk_tt_6825a64fe4d9716d9afa93b5", - "name": "A.6.7 Export VPN & MDM logs", - "description": "Provide remote-access and device-compliance logs.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:31:11.346", - "updatedAt": "2025-05-15 08:31:11.346" - }, - { - "id": "frk_tt_6825a65d5ac875e308d86a68", - "name": "A.6.8 Export incident-ticket samples", - "description": "Provide examples of employee-reported security incidents.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:31:24.580", - "updatedAt": "2025-05-15 08:31:24.580" + "department": "it", + "createdAt": "2025-06-04 16:06:05.042", + "updatedAt": "2025-06-05 00:20:42.670" }, { - "id": "frk_tt_6825a66ced55990a1a85ead0", - "name": "A.7.1 Export site-plan photos", - "description": "Provide photos or diagrams showing physical security perimeters.\r\n", + "id": "frk_tt_68406f411fe27e47a0d6d5f3", + "name": "Secure Data Encryption", + "description": "Implement cryptographic controls to encrypt all production databases storing customer data at rest and ensure consistent protection in non-production environments. Use standard encryption protocols, such as HTTPS with TLS, to secure data in transit and maintain confidentiality across all stages of data processing, including inputs, items in processing, and outputs.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:31:40.362", - "updatedAt": "2025-05-15 08:31:40.362" + "department": "itsm", + "createdAt": "2025-06-04 16:07:28.979", + "updatedAt": "2025-06-05 00:20:42.825" }, { - "id": "frk_tt_6825a67de8e27262c84c1d72", - "name": "A.7.2 Export badge logs", - "description": "Export entry and exit badge logs for the last 30 days.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:31:57.256", - "updatedAt": "2025-05-15 08:31:57.256" - }, - { - "id": "frk_tt_6825a68e7c9681d83f689e12", - "name": "A.7.3 Export lock-audit report", - "description": "Provide the latest audit trail from electronic door locks.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:32:13.568", - "updatedAt": "2025-05-15 08:32:13.568" - }, - { - "id": "frk_tt_6825a6aa0ce543e8d938239b", - "name": "A.7.4 Export CCTV review log", - "description": "Export the log confirming periodic CCTV footage reviews.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:32:42.446", - "updatedAt": "2025-05-15 08:32:42.446" - }, - { - "id": "frk_tt_6825a6cb8e3442ae37dc1ab6", - "name": "A.7.5 Export test certificates", - "description": "Provide inspection certificates for fire, power, or HVAC systems.\r\n", + "id": "frk_tt_68406c5fff783844f31941e2", + "name": "Vendor Risk Management Program", + "description": "Conduct a formal vendor risk assessment annually to identify and evaluate vendors critical to meeting security commitments and system requirements. Regularly review and assess all subservice organizations to ensure they meet customer commitments. Develop and maintain documented policies and procedures to manage vendor relationships, including risk assessment, mitigation, and alignment with service commitments and system requirements.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:33:14.569", - "updatedAt": "2025-05-15 08:33:14.569" - }, - { - "id": "frk_tt_6825a6d892202b9d1dbb7cbd", - "name": "A.7.6 Export visitor-escort log", - "description": "Export the visitor register that shows escort information.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:33:27.720", - "updatedAt": "2025-05-15 08:33:27.720" - }, - { - "id": "frk_tt_6825a6fa9cec386b8bbbb76f", - "name": "A.7.7 Export spot-check report", - "description": "Provide the latest clear-desk / clear-screen spot-check results.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:34:02.052", - "updatedAt": "2025-05-15 08:34:02.052" + "department": "gov", + "createdAt": "2025-06-04 15:55:11.286", + "updatedAt": "2025-06-05 00:20:41.327" }, { - "id": "frk_tt_6825a7164431946c19f43114", - "name": "A.7.8 Export rack-layout photos", - "description": "Provide photos or diagrams showing secure equipment placement.\r\n", + "id": "frk_tt_68407759cc3a434f9f0e7ced", + "name": "Security Event Logging and Monitoring", + "description": "Implement procedures to detect and monitor system configurations and vulnerabilities, identify anomalies, and evaluate security events to determine their potential impact on organizational objectives.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:34:30.188", - "updatedAt": "2025-05-15 08:34:30.188" + "department": "itsm", + "createdAt": "2025-06-04 16:42:00.668", + "updatedAt": "2025-06-05 00:20:43.172" }, { - "id": "frk_tt_6825a76518f0fbf4e3844bff", - "name": "A.7.9 Export asset-tracking report", - "description": "Export the off-site asset-tracking report (e.g., laptops).\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:35:48.841", - "updatedAt": "2025-05-15 08:35:48.841" - }, - { - "id": "frk_tt_6825a7740ac4e1c13d7dc080", - "name": "A.7.10 Export destruction certificates", - "description": "Provide certificates for recent media or device destruction.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:36:03.996", - "updatedAt": "2025-05-15 08:36:03.996" - }, - { - "id": "frk_tt_6825a781477d7861f9edc038", - "name": "A.7.11 Export maintenance log", - "description": "Export maintenance records for UPS, generators, or HVAC.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:36:16.673", - "updatedAt": "2025-05-15 08:36:16.673" - }, - { - "id": "frk_tt_6825a794eef9643387890f35", - "name": "A.7.12 Export cabling photos", - "description": "Provide photos showing protected or concealed network cabling.\r\n", + "id": "frk_tt_684077bdcc601f30e0a1640c", + "name": "Network Segmentation and Firewall Protection", + "description": "Restrict public internet access to production databases and secure infrastructure entities. Protect every production host with a firewall configured with a deny-by-default rule. Document guidelines for managing communication protections and network security for critical systems.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:36:36.478", - "updatedAt": "2025-05-15 08:36:36.478" - }, - { - "id": "frk_tt_6825a7a6e06101f458060d52", - "name": "A.7.13 Export maintenance tickets", - "description": "Export recent equipment-maintenance work orders.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:36:53.736", - "updatedAt": "2025-05-15 08:36:53.736" - }, - { - "id": "frk_tt_6825a7bd96163185eee070b5", - "name": "A.7.14 Export wipe logs", - "description": "Provide logs confirming secure wiping of retired equipment.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:37:17.004", - "updatedAt": "2025-05-15 08:37:17.004" - }, - { - "id": "frk_tt_6825a7cec19d730962dc0260", - "name": "A.8.1 Export MDM compliance report", - "description": "Export the device-compliance summary from the MDM system.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:37:34.226", - "updatedAt": "2025-05-15 08:37:34.226" - }, - { - "id": "frk_tt_6825a7e17f16562b90d38b4b", - "name": "A.8.2 Export admin-audit logs", - "description": "Provide privileged-activity audit logs for the last month.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:37:52.732", - "updatedAt": "2025-05-15 08:37:52.732" + "department": "it", + "createdAt": "2025-06-04 16:43:41.481", + "updatedAt": "2025-06-05 00:20:43.333" }, { - "id": "frk_tt_6825a7fe800c9eae973b67d9", - "name": "A.8.3 Export ACL screenshots", - "description": "Provide screenshots or exports of key application ACLs.\r\n", + "id": "frk_tt_6840780693a81cc2f8071ca9", + "name": "Physical and Environmental Security", + "description": "Document policies and procedures to manage physical and environmental security, ensuring that access to facilities is properly controlled and monitored.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:38:21.970", - "updatedAt": "2025-05-15 08:38:21.970" - }, - { - "id": "frk_tt_6825a80ca27c555bced9de21", - "name": "A.8.4 Export repo-permissions CSV", - "description": "Export current user-permission lists for source-code repositories.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:38:36.443", - "updatedAt": "2025-05-15 08:38:36.443" - }, - { - "id": "frk_tt_6825a82186c5cd9ee055d4e6", - "name": "A.8.5 Export MFA report", - "description": "Export a summary showing multi-factor authentication coverage.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:38:56.782", - "updatedAt": "2025-05-15 08:38:56.782" - }, - { - "id": "frk_tt_6825a82d6f64b0c8f3a03644", - "name": "A.8.6 Export capacity dashboard", - "description": "Provide a capacity or utilization report for critical systems.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:39:08.685", - "updatedAt": "2025-05-15 08:39:08.685" - }, - { - "id": "frk_tt_6825a83af8be7e7ce785c2d6", - "name": "A.8.7 Export anti-malware scan report", - "description": "Export results of the most recent anti-malware scan.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:39:21.952", - "updatedAt": "2025-05-15 08:39:21.952" - }, - { - "id": "frk_tt_6825a84aae33ff9bb18cb6f8", - "name": "A.8.8 Export patch report", - "description": "Export the latest patch-compliance report.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:39:37.698", - "updatedAt": "2025-05-15 08:39:37.698" - }, - { - "id": "frk_tt_6825a857f5382677b6f7e514", - "name": "A.8.9 Export baseline check", - "description": "Provide results of the latest secure-configuration benchmark scan.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:39:51.242", - "updatedAt": "2025-05-15 08:39:51.242" - }, - { - "id": "frk_tt_6825a864377e06a7880ac368", - "name": "A.8.10 Export deletion logs", - "description": "Export logs confirming secure data deletion or sanitization.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:40:03.658", - "updatedAt": "2025-05-15 08:40:03.658" + "department": "gov", + "createdAt": "2025-06-04 16:44:53.895", + "updatedAt": "2025-06-05 00:20:44.282" }, { - "id": "frk_tt_6825a8730065637a784689be", - "name": "A.8.11 Export masking evidence", - "description": "Provide evidence that sensitive data is masked or tokenized in reports or test environments.\r\n", + "id": "frk_tt_6840791cac0a7b780dbaf932", + "name": "Privacy and Data Protection", + "description": "Develop and implement a comprehensive privacy and data protection program. Document and maintain policies, procedures, and guidelines for integrating privacy principles into system design, ensuring regulatory compliance, managing consent, safeguarding personal information, and handling privacy incidents. Appoint a Privacy Officer, maintain an inventory of personal data, and establish processes for data subject access, vendor management, breach notification, and compliance monitoring.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:40:18.605", - "updatedAt": "2025-05-15 08:40:18.605" - }, - { - "id": "frk_tt_6825a882a170a86880b1c9cb", - "name": "A.8.12 Export DLP incident log", - "description": "Export the last 30 days of data-loss-prevention incidents.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:40:33.502", - "updatedAt": "2025-05-15 08:40:33.502" - }, - { - "id": "frk_tt_6825a88fda9c1a6285a10dcf", - "name": "A.8.13 Export backup logs", - "description": "Provide backup job logs showing successful daily backups.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:40:46.795", - "updatedAt": "2025-05-15 08:40:46.795" - }, - { - "id": "frk_tt_6825a89c4de529327c536f96", - "name": "A.8.14 Export HA test results", - "description": "Export the most recent high-availability or failover test report.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:41:00.124", - "updatedAt": "2025-05-15 08:41:00.124" - }, - { - "id": "frk_tt_6825a8a98515f934ac31d76d", - "name": "A.8.15 Export 30-day log sample", - "description": "Provide a 30-day sample of centrally aggregated security logs.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:41:12.586", - "updatedAt": "2025-05-15 08:41:12.586" - }, - { - "id": "frk_tt_6825a8bf9d584986e557df30", - "name": "A.8.16 Export alert log", - "description": "Export a summary of security alerts and dispositions for the past month.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:41:34.875", - "updatedAt": "2025-05-15 08:41:34.875" + "department": "it", + "createdAt": "2025-06-04 16:49:31.599", + "updatedAt": "2025-06-05 00:20:44.838" }, { - "id": "frk_tt_6825a8cc2438f55dd3f2a3bf", - "name": "A.8.17 Export config and sync check", - "description": "Provide evidence systems are synchronized to an authoritative time source.\r\n", + "id": "frk_tt_68407a449efc782c44549c91", + "name": "Segregation of Duties", + "description": "Establish and enforce segregation of responsibilities across the organization to reduce risks and protect the services provided to customers", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:41:48.089", - "updatedAt": "2025-05-15 08:41:48.089" - }, - { - "id": "frk_tt_6825a8d93a85c4562c411f03", - "name": "A.8.18 Export whitelist & access logs", - "description": "Export the current application-whitelist policy and related execution logs.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:42:01.132", - "updatedAt": "2025-05-15 08:42:01.132" + "department": "admin", + "createdAt": "2025-06-04 16:54:28.427", + "updatedAt": "2025-06-05 00:20:45.602" }, { - "id": "frk_tt_6825a8e85e216004a70edd05", - "name": "A.8.19 Export deployment ticket sample", - "description": "Provide an approved change or deployment ticket that went to production.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:42:16.305", - "updatedAt": "2025-05-15 08:42:16.305" - }, - { - "id": "frk_tt_6825a8f65e867a536f4ae094", - "name": "A.8.20 Export findings report", - "description": "Export the most recent vulnerability-scan findings report.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:42:30.022", - "updatedAt": "2025-05-15 08:42:30.022" - }, - { - "id": "frk_tt_6825a9123e200270616530e7", - "name": "A.8.21 Export provider-assessment PDF", - "description": "Provide the latest security assessment for a network-service provider.\r\n", + "id": "frk_tt_68407a881a0cffa5d779fa46", + "name": "Secure Endpoints and Data Transfers", + "description": "Implement logical access security measures on endpoint devices to protect against external threats. Restrict the transmission, movement, and removal of information to authorized users, ensuring that data is protected during transmission.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:42:57.906", - "updatedAt": "2025-05-15 08:42:57.906" + "department": "itsm", + "createdAt": "2025-06-04 16:55:36.308", + "updatedAt": "2025-06-05 00:20:45.771" }, { - "id": "frk_tt_6825a920a187c4d3227df2fc", - "name": "A.8.22 Export VLAN diagram", - "description": "Export a diagram that shows network segmentation or VLAN separations.\r\n", + "id": "frk_tt_68407ae5274a64092c305104", + "name": "Cryptographic Key Management", + "description": "Document and implement a policy to manage encryption and cryptographic protection controls, ensuring secure handling of cryptographic keys throughout their lifecycle.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:43:11.922", - "updatedAt": "2025-05-15 08:43:11.922" - }, - { - "id": "frk_tt_6825a932cbae556a003b4826", - "name": "A.8.23 Export proxy logs", - "description": "Provide a recent web-proxy or URL-filtering activity log.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:43:29.711", - "updatedAt": "2025-05-15 08:43:29.711" + "department": "itsm", + "createdAt": "2025-06-04 16:57:08.693", + "updatedAt": "2025-06-05 00:20:45.944" }, { - "id": "frk_tt_6825a9456a4d64fc4219ab67", - "name": "A.8.24 Export KMS rotation log", - "description": "Export key-management logs showing regular key rotation.\r\n", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-15 08:43:48.615", - "updatedAt": "2025-05-15 08:43:48.615" - }, - { - "id": "frk_tt_6825a957a4f9edc3f612aa7e", - "name": "A.8.25 Export design-review sample", - "description": "Provide a completed security design-review checklist or record.\r\n", + "id": "frk_tt_68403fe29097e661ba06a035", + "name": "Acceptable Use Policy Implementation", + "description": "Create and document a policy outlining acceptable use of company technology, setting clear behavioral standards and expected conduct for all users. Define what is considered acceptable and unacceptable technology usage, including consequences for misuse. Establish a process for staff to acknowledge these policies periodically (to support confidentiality), and ensure new hires acknowledge them during onboarding.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:44:07.281", - "updatedAt": "2025-05-15 08:44:07.281" + "department": "it", + "createdAt": "2025-06-04 12:45:21.910", + "updatedAt": "2025-06-05 00:20:38.906" }, { - "id": "frk_tt_6825a9651f44eb570ff40d83", - "name": "A.8.26 Export requirements doc", - "description": "Export documented security requirements for a recent application or project.\r\n", + "id": "frk_tt_68406bae3b18802df42e4965", + "name": "Risk Management Program", + "description": "Conduct a formal risk assessment annually to identify threats that may impact security, availability, and confidentiality. Assess each risk, assign a risk score based on likelihood and impact, and map risks to mitigating factors. Consider the potential for fraud in the risk matrix. Develop and maintain documented policies and procedures to identify, assess, and mitigate risks, ensuring alignment with service commitments and system requirements.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:44:21.107", - "updatedAt": "2025-05-15 08:44:21.107" + "department": "it", + "createdAt": "2025-06-04 15:52:14.245", + "updatedAt": "2025-06-05 00:20:41.149" }, { - "id": "frk_tt_6825a977b4c7092933439624", - "name": "A.8.27 Export architecture diagram", - "description": "Provide the approved security or system architecture diagram.\r\n", + "id": "frk_tt_68406ca292d9fffb264991b9", + "name": "User Access Management", + "description": "Maintain an access management program that includes annual reviews of who has access to production consoles, critical systems, and databases. Require authorized approvals for access based on roles, and remove access promptly when no longer needed. Use continuous monitoring to update access levels as roles change, and document policies governing user registration, credentialing, and management of system inputs, items in process, and outputs.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:44:38.560", - "updatedAt": "2025-05-15 08:44:38.560" + "department": "it", + "createdAt": "2025-06-04 15:56:18.236", + "updatedAt": "2025-06-05 00:20:41.537" }, { - "id": "frk_tt_6825a98464e17ef26b4a7fac", - "name": "A.8.28 Export developer-training roster", - "description": "Export attendance records for secure-coding or developer security training.\r\n", + "id": "frk_tt_684076a02261faf3d331289d", + "name": "Operational Procedures Documentation", + "description": "Develop and document policies and procedures that define expected behavior for the control environment. Ensure these documents support general control activities over technology and enable consistent deployment of control activities across the organization.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:44:52.030", - "updatedAt": "2025-05-15 08:44:52.030" + "department": "gov", + "createdAt": "2025-06-04 16:38:56.293", + "updatedAt": "2025-06-05 00:20:42.980" }, { - "id": "frk_tt_6825a991bf6c915a22de2043", - "name": "A.8.29 Export pen-test report", - "description": "Provide the latest penetration-test report.\r\n", + "id": "frk_tt_6840796f77d8a0dff53f947a", + "name": "Endpoint Malware Protection", + "description": "Ensure that all endpoints accessing critical servers or data are protected by up-to-date malware protection software.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:45:05.207", - "updatedAt": "2025-05-15 08:45:05.207" + "department": "itsm", + "createdAt": "2025-06-04 16:50:54.671", + "updatedAt": "2025-06-05 00:20:45.022" }, { - "id": "frk_tt_6825a9a18305ba445c68b3dc", - "name": "A.8.30 Export contract with security clauses", - "description": "Export the outsourcing or development contract that includes security obligations.\r\n", + "id": "frk_tt_68407a05d2b9cc29a0c57b12", + "name": "System Hardening and Patching", + "description": "Conduct security and privacy compliance checks on software versions and patches for all remote devices before they connect internally. Perform regular checks to support security event evaluation and prevent incidents.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:45:21.442", - "updatedAt": "2025-05-15 08:45:21.442" + "department": "it", + "createdAt": "2025-06-04 16:53:24.991", + "updatedAt": "2025-06-05 00:20:45.431" }, { - "id": "frk_tt_6825a9b305ab7a8ac3d98128", - "name": "A.8.31 Export Terraform/VPC evidence", - "description": "Provide evidence showing separation of development, test, and production environments.\r\n", + "id": "frk_tt_6840688c2faba1517eee62e7", + "name": "Senior Management Security Oversight", + "description": "Ensure that senior management annually reviews and approves key documents and processes, including company policies, the organizational chart, risk assessments, the Information Security program, and vendor risk assessments. Develop and implement general control activities through these reviews, and conduct ongoing evaluations of policy compliance and the overall security program. Communicate the status of the Information Security program and policy compliance to senior management, and facilitate corrective actions as needed.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:45:39.097", - "updatedAt": "2025-05-15 08:45:39.097" - }, - { - "id": "frk_tt_6825a9c1f2a1974c4478ae35", - "name": "A.8.32 Export approval log", - "description": "Export the change-approval log for recent production changes.\r\n", - "frequency": "monthly", - "department": "none", - "createdAt": "2025-05-15 08:45:53.399", - "updatedAt": "2025-05-15 08:45:53.399" + "department": "gov", + "createdAt": "2025-06-04 15:38:51.705", + "updatedAt": "2025-06-05 00:20:39.397" }, { - "id": "frk_tt_6825a9cf8e50a9f35f6d3d7d", - "name": "A.8.33 Export masking evidence", - "description": "Provide proof that test data is masked or anonymized.\r\n", + "id": "frk_tt_68406e7abae2a9b16c2cc197", + "name": "Disaster Recovery and Business Continuity", + "description": "Document and implement policies and procedures for data backups, disaster recovery, and business continuity to ensure ongoing operations during security incidents and environmental disruptions. Establish processes for regular backups, periodic integrity tests, and consistent recovery plan testing to meet recovery time and point objectives (RTO/RPO). Include guidelines to manage environmental protection and support contingency planning, ensuring readiness to execute recovery plans when needed.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:46:06.975", - "updatedAt": "2025-05-15 08:46:06.975" + "department": "gov", + "createdAt": "2025-06-04 16:04:09.896", + "updatedAt": "2025-06-05 00:20:42.497" }, { - "id": "frk_tt_6825a9dc5ef6496a16ab1c51", - "name": "A.8.34 Export read-only audit config screenshots", - "description": "Provide screenshots showing auditors have read-only access to production systems.\r\n", + "id": "frk_tt_684079ba137c4e7727ae8859", + "name": "Secure Remote Working", + "description": "Establish measures to perform security and privacy compliance checks on software versions and patches of remote devices before they connect internally. Ensure all remote endpoints with access to critical systems auto-lock after 15 minutes of inactivity, and conduct ongoing compliance checks to support security event evaluation.", "frequency": "yearly", - "department": "none", - "createdAt": "2025-05-15 08:46:19.600", - "updatedAt": "2025-05-15 08:46:19.600" - }, - { - "id": "frk_tt_683378414cb0b89faac9b317", - "name": "Risk Review", - "description": "Review risks in Risk Register", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-05-25 20:06:24.825", - "updatedAt": "2025-05-25 20:06:24.825" - }, - { - "id": "frk_tt_683f31e48e93acfc25a7f070", - "name": "SDLC Task", - "description": "Upload evidence of code scanning. Additional requirements for ISO 27001: library scanning and web app scanning.", - "frequency": "quarterly", - "department": "none", - "createdAt": "2025-06-03 17:33:24.084", - "updatedAt": "2025-06-03 17:33:24.084" + "department": "itsm", + "createdAt": "2025-06-04 16:52:10.234", + "updatedAt": "2025-06-05 00:20:45.227" } ] \ No newline at end of file diff --git a/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorPolicyTemplate.json b/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorPolicyTemplate.json index 0dc3c78229..d91292eafe 100644 --- a/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorPolicyTemplate.json +++ b/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorPolicyTemplate.json @@ -1,168 +1,4 @@ [ - { - "A": "frk_ct_681e851466129df67f4481ec", - "B": "frk_pt_681e8514ad468431b62a04bf" - }, - { - "A": "frk_ct_681e8514da133b59ed163e38", - "B": "frk_pt_681e8514ad468431b62a04bf" - }, - { - "A": "frk_ct_681e851496e2129f1e601aeb", - "B": "frk_pt_681e8514c347be33fc7e30eb" - }, - { - "A": "frk_ct_681e8514a7b04dc9afb04450", - "B": "frk_pt_681e8514c347be33fc7e30eb" - }, - { - "A": "frk_ct_681e85147e23e534c2e14497", - "B": "frk_pt_681e851474b8d8dcd4ecc52d" - }, - { - "A": "frk_ct_681e851437b51ff9d2530a93", - "B": "frk_pt_681e8514fd94abd1ded805aa" - }, - { - "A": "frk_ct_681e85145da70d329ead9847", - "B": "frk_pt_681e8514ad468431b62a04bf" - }, - { - "A": "frk_ct_681e851430aafd56ca35b17e", - "B": "frk_pt_681e8514ad468431b62a04bf" - }, - { - "A": "frk_ct_681e8514fa7c5b1be482ea51", - "B": "frk_pt_681e851431b4692f3f69ca29" - }, - { - "A": "frk_ct_681e8514c174835611412d50", - "B": "frk_pt_681e851431b4692f3f69ca29" - }, - { - "A": "frk_ct_681e8514f6b0535abf7e7d44", - "B": "frk_pt_681e851431b4692f3f69ca29" - }, - { - "A": "frk_ct_681e8514bffbbb8e9c4f6fda", - "B": "frk_pt_681e8514ba0cf2deb9ef66c0" - }, - { - "A": "frk_ct_681e85142aac5b23b3091fa5", - "B": "frk_pt_681e8514fd94abd1ded805aa" - }, - { - "A": "frk_ct_681e851408bb32ca1c2da5ea", - "B": "frk_pt_681e851431b4692f3f69ca29" - }, - { - "A": "frk_ct_681e8514e2439f12eafde3a2", - "B": "frk_pt_681e8514fd94abd1ded805aa" - }, - { - "A": "frk_ct_681e85145a1d98ea616c4416", - "B": "frk_pt_681e8514fd94abd1ded805aa" - }, - { - "A": "frk_ct_681e851476e511b965e59e0f", - "B": "frk_pt_681e8514ad468431b62a04bf" - }, - { - "A": "frk_ct_681e85142c97b81474dc630c", - "B": "frk_pt_681e851422bde5d0dd74a186" - }, - { - "A": "frk_ct_681e8514bc4bb3ff18c84494", - "B": "frk_pt_681e851422bde5d0dd74a186" - }, - { - "A": "frk_ct_681e8514a373bb4d6ffdd8bd", - "B": "frk_pt_681e851422bde5d0dd74a186" - }, - { - "A": "frk_ct_681e8514799c91072234149a", - "B": "frk_pt_681e851422bde5d0dd74a186" - }, - { - "A": "frk_ct_681e8514c3d2d7dbdf65c35c", - "B": "frk_pt_681e851422bde5d0dd74a186" - }, - { - "A": "frk_ct_681e8514f0cedff5d5c6d6fe", - "B": "frk_pt_681e8514ba0cf2deb9ef66c0" - }, - { - "A": "frk_ct_681e8514f4f781c28a94d38d", - "B": "frk_pt_681e8514fd94abd1ded805aa" - }, - { - "A": "frk_ct_681e85148a9aa81d180fbcb7", - "B": "frk_pt_681e8514fd94abd1ded805aa" - }, - { - "A": "frk_ct_681e851422534191fa248b63", - "B": "frk_pt_681e8514dd1b9d1effbac601" - }, - { - "A": "frk_ct_681e851469d12bf0ee92a7d3", - "B": "frk_pt_681e85144a0a9cfbe7465490" - }, - { - "A": "frk_ct_681e8514abc48665a93d48f2", - "B": "frk_pt_681e8514dd1b9d1effbac601" - }, - { - "A": "frk_ct_681e85144d8b8603133c0716", - "B": "frk_pt_681e8514dd1b9d1effbac601" - }, - { - "A": "frk_ct_681e85140a71eafd9d02b25c", - "B": "frk_pt_681e8514cdc55480f813f41b" - }, - { - "A": "frk_ct_681e8514f36c111cd881ae0e", - "B": "frk_pt_681e8514cdc55480f813f41b" - }, - { - "A": "frk_ct_681e85145ecc47d27590ec9c", - "B": "frk_pt_681e8514cdc55480f813f41b" - }, - { - "A": "frk_ct_681e8514e701e9552fd8d47b", - "B": "frk_pt_681e8514fd94abd1ded805aa" - }, - { - "A": "frk_ct_681e85147213fe34d0f8610c", - "B": "frk_pt_681e8514fd94abd1ded805aa" - }, - { - "A": "frk_ct_681e85147ea2be07c072b766", - "B": "frk_pt_681e8514fd94abd1ded805aa" - }, - { - "A": "frk_ct_681e8514580b64dea8512c50", - "B": "frk_pt_681e85147720a7016af7fc98" - }, - { - "A": "frk_ct_681e85142e0ecc2db0148239", - "B": "frk_pt_681e85147720a7016af7fc98" - }, - { - "A": "frk_ct_681e8514b92fc9083b53e382", - "B": "frk_pt_681e85147720a7016af7fc98" - }, - { - "A": "frk_ct_681e85144bc39c5a684c95e0", - "B": "frk_pt_681e851422bde5d0dd74a186" - }, - { - "A": "frk_ct_683f3b6cfc5f200113d2972f", - "B": "frk_pt_683d2865c3f65743f7c7a350" - }, - { - "A": "frk_ct_683f3b6cfc5f200113d2972f", - "B": "frk_pt_683d27517ca91b1c3c748256" - }, { "A": "frk_ct_683f3ecd42e62fde624c59c1", "B": "frk_pt_683d2315c8fc7f97a083081c" @@ -262,5 +98,81 @@ { "A": "frk_ct_683f50aae46f5e4e096e6bb3", "B": "frk_pt_683d2fbdba5115ed83c6652f" + }, + { + "A": "frk_ct_68406fc94e08f884cc085ded", + "B": "frk_pt_683d2f8cfdf08987e67a2dff" + }, + { + "A": "frk_ct_68406fc94e08f884cc085ded", + "B": "frk_pt_683d3302c5965789e22c8d7d" + }, + { + "A": "frk_ct_6840705b6dcee0506dabacfb", + "B": "frk_pt_683d2315c8fc7f97a083081c" + }, + { + "A": "frk_ct_684070831cc83c4ab4c2c4d8", + "B": "frk_pt_683d2de2d5691a4ba424edff" + }, + { + "A": "frk_ct_684070c1f0091d850df02e59", + "B": "frk_pt_683d2b1405adc4b3773db2c6" + }, + { + "A": "frk_ct_684070f0b4f6c2036306e23c", + "B": "frk_pt_683d2f8cfdf08987e67a2dff" + }, + { + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_pt_683d352ed697c40275349026" + }, + { + "A": "frk_ct_684072e06f4a49ee669076cc", + "B": "frk_pt_683d2b1405adc4b3773db2c6" + }, + { + "A": "frk_ct_6840731ae0b857152b35ca8f", + "B": "frk_pt_683d2375aef9512864fe62bb" + }, + { + "A": "frk_ct_684073617d0706858cceb8c7", + "B": "frk_pt_683d23ceaf2c5e4e8933b0ae" + }, + { + "A": "frk_ct_6840738800f98fa3c0f3a3ae", + "B": "frk_pt_683d3362f2059bd8f1d493bd" + }, + { + "A": "frk_ct_684073ba24475a83ba048022", + "B": "frk_pt_683d2375aef9512864fe62bb" + }, + { + "A": "frk_ct_684073d541bfb8b8b777e529", + "B": "frk_pt_683d3362f2059bd8f1d493bd" + }, + { + "A": "frk_ct_68407406644c56d42eac3295", + "B": "frk_pt_683d2b1405adc4b3773db2c6" + }, + { + "A": "frk_ct_68407429371f33886d8ab80d", + "B": "frk_pt_683d3302c5965789e22c8d7d" + }, + { + "A": "frk_ct_684075c692439e38c753c95d", + "B": "frk_pt_6840747d5056e2862c94d0f5" + }, + { + "A": "frk_ct_68407c9513000617776104c7", + "B": "frk_pt_683d2865c3f65743f7c7a350" + }, + { + "A": "frk_ct_68407c9513000617776104c7", + "B": "frk_pt_683d27517ca91b1c3c748256" + }, + { + "A": "frk_ct_68407122565b1968676d93db", + "B": "frk_pt_6840747d5056e2862c94d0f5" } ] \ No newline at end of file diff --git a/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorRequirement.json b/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorRequirement.json index f8efb63882..adf6591227 100644 --- a/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorRequirement.json +++ b/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorRequirement.json @@ -1,1026 +1,470 @@ [ { - "A": "frk_ct_681e851466129df67f4481ec", - "B": "frk_rq_681e8514b7a9c5278ada8527" + "A": "frk_ct_68407c9513000617776104c7", + "B": "frk_rq_683f81d974beae08683f7c65" }, { - "A": "frk_ct_681e8514da133b59ed163e38", - "B": "frk_rq_681e8514778fd2238a33c121" - }, - { - "A": "frk_ct_681e851496e2129f1e601aeb", - "B": "frk_rq_681e8514778fd2238a33c121" - }, - { - "A": "frk_ct_681e8514a7b04dc9afb04450", - "B": "frk_rq_681e8514778fd2238a33c121" - }, - { - "A": "frk_ct_681e85147e23e534c2e14497", - "B": "frk_rq_681e8514778fd2238a33c121" - }, - { - "A": "frk_ct_681e851437b51ff9d2530a93", - "B": "frk_rq_681e85140854c64019d53422" - }, - { - "A": "frk_ct_681e85145da70d329ead9847", - "B": "frk_rq_681e85140854c64019d53422" - }, - { - "A": "frk_ct_681e851430aafd56ca35b17e", - "B": "frk_rq_681e85140854c64019d53422" - }, - { - "A": "frk_ct_681e8514fa7c5b1be482ea51", - "B": "frk_rq_681e8514f62bb35319068677" - }, - { - "A": "frk_ct_681e8514c174835611412d50", - "B": "frk_rq_681e8514f62bb35319068677" - }, - { - "A": "frk_ct_681e8514f6b0535abf7e7d44", - "B": "frk_rq_681e8514f62bb35319068677" - }, - { - "A": "frk_ct_681e8514bffbbb8e9c4f6fda", - "B": "frk_rq_681e8514f62bb35319068677" - }, - { - "A": "frk_ct_681e85142aac5b23b3091fa5", - "B": "frk_rq_681e8514cba3ce1991f9d6c8" - }, - { - "A": "frk_ct_681e851408bb32ca1c2da5ea", - "B": "frk_rq_681e8514cba3ce1991f9d6c8" - }, - { - "A": "frk_ct_681e8514e2439f12eafde3a2", - "B": "frk_rq_681e85140e8b698d7154d43e" - }, - { - "A": "frk_ct_681e85145a1d98ea616c4416", - "B": "frk_rq_681e85140e8b698d7154d43e" - }, - { - "A": "frk_ct_681e851476e511b965e59e0f", - "B": "frk_rq_681e85140e8b698d7154d43e" - }, - { - "A": "frk_ct_681e85142c97b81474dc630c", - "B": "frk_rq_681e8514753b4054f1a632e7" - }, - { - "A": "frk_ct_681e8514bc4bb3ff18c84494", - "B": "frk_rq_681e8514753b4054f1a632e7" - }, - { - "A": "frk_ct_681e85144bc39c5a684c95e0", - "B": "frk_rq_681e8514753b4054f1a632e7" - }, - { - "A": "frk_ct_681e8514a373bb4d6ffdd8bd", - "B": "frk_rq_681e8514753b4054f1a632e7" - }, - { - "A": "frk_ct_681e8514799c91072234149a", - "B": "frk_rq_681e8514753b4054f1a632e7" - }, - { - "A": "frk_ct_681e8514c3d2d7dbdf65c35c", - "B": "frk_rq_681e8514753b4054f1a632e7" - }, - { - "A": "frk_ct_681e8514f0cedff5d5c6d6fe", - "B": "frk_rq_681e8514753b4054f1a632e7" - }, - { - "A": "frk_ct_681e8514f4f781c28a94d38d", - "B": "frk_rq_681e8514753b4054f1a632e7" - }, - { - "A": "frk_ct_681e85148a9aa81d180fbcb7", - "B": "frk_rq_681e851403a5c3114dc746ba" - }, - { - "A": "frk_ct_681e851422534191fa248b63", - "B": "frk_rq_681e851403a5c3114dc746ba" - }, - { - "A": "frk_ct_681e851469d12bf0ee92a7d3", - "B": "frk_rq_681e851403a5c3114dc746ba" - }, - { - "A": "frk_ct_681e8514abc48665a93d48f2", - "B": "frk_rq_681e851403a5c3114dc746ba" - }, - { - "A": "frk_ct_681e85144d8b8603133c0716", - "B": "frk_rq_681e851403a5c3114dc746ba" - }, - { - "A": "frk_ct_681e85140a71eafd9d02b25c", - "B": "frk_rq_681e8514ae9bac0ace4829ae" - }, - { - "A": "frk_ct_681e8514f36c111cd881ae0e", - "B": "frk_rq_681e8514ae9bac0ace4829ae" - }, - { - "A": "frk_ct_681e85145ecc47d27590ec9c", - "B": "frk_rq_681e8514ae9bac0ace4829ae" - }, - { - "A": "frk_ct_681e8514e701e9552fd8d47b", - "B": "frk_rq_681e85145df1606ef144c69c" - }, - { - "A": "frk_ct_681e85147213fe34d0f8610c", - "B": "frk_rq_681e85145df1606ef144c69c" - }, - { - "A": "frk_ct_681e85147ea2be07c072b766", - "B": "frk_rq_681e85145df1606ef144c69c" - }, - { - "A": "frk_ct_681e8514580b64dea8512c50", - "B": "frk_rq_681e8514e2ebc08069c2c862" - }, - { - "A": "frk_ct_681e85142e0ecc2db0148239", - "B": "frk_rq_681e8514e2ebc08069c2c862" - }, - { - "A": "frk_ct_681e8514b92fc9083b53e382", - "B": "frk_rq_681e8514e2ebc08069c2c862" - }, - { - "A": "frk_ct_681e85144bc39c5a684c95e0", - "B": "frk_rq_681e8514cba3ce1991f9d6c8" - }, - { - "A": "frk_ct_681e85144bc39c5a684c95e0", - "B": "frk_rq_681e851403a5c3114dc746ba" - }, - { - "A": "frk_ct_6825756149eb59b2b58fa856", - "B": "frk_rq_681ed173c4617d8242804d37" - }, - { - "A": "frk_ct_6825762fad109b79022e8b41", - "B": "frk_rq_681ed17f36423e887ec130f6" - }, - { - "A": "frk_ct_6825768e443b998bb7d8aa66", - "B": "frk_rq_681ed1946de8b1beb5d5b987" - }, - { - "A": "frk_ct_6825768ee413fe50e00d4965", - "B": "frk_rq_681ed1ac19e3e7e1aef48517" - }, - { - "A": "frk_ct_6825768e84effc0e1b08dc17", - "B": "frk_rq_681ed1d5f29a33fa8735d51c" - }, - { - "A": "frk_ct_6825768e84effc0e1b08dc17", - "B": "frk_rq_681ed1e1ad96b7f5e1659cab" - }, - { - "A": "frk_ct_6825768ee6fd1e6272a9946e", - "B": "frk_rq_681ed1e1ad96b7f5e1659cab" - }, - { - "A": "frk_ct_682578588017390bf8d08c95", - "B": "frk_rq_681ed1f09741eeebee147fcb" - }, - { - "A": "frk_ct_6825785885a5e65dd48a940d", - "B": "frk_rq_681ed1fe624cd14c34876ee8" - }, - { - "A": "frk_ct_68257895edfaca1cae34a7c2", - "B": "frk_rq_681ed20a3f7335dd1ec64b6c" - }, - { - "A": "frk_ct_682578959c5e0c6a1e92728d", - "B": "frk_rq_681ed2170cb1b15f842b6f6d" - }, - { - "A": "frk_ct_682578c1a2732658c259c33d", - "B": "frk_rq_681ed2229fa221e338501d51" - }, - { - "A": "frk_ct_682578c13517578300ab86c6", - "B": "frk_rq_681ed2314f568a3e5c3f1fbf" - }, - { - "A": "frk_ct_6825790ac77f9110f7f7bda3", - "B": "frk_rq_681ed23c61c97af7967b50c2" - }, - { - "A": "frk_ct_6825790ab98dc177efb6cb3d", - "B": "frk_rq_681ed24aa0809f09c4d22256" - }, - { - "A": "frk_ct_6825790aa95036379a57f580", - "B": "frk_rq_681ed261918bb47df6590dac" - }, - { - "A": "frk_ct_6825790a77268ca155ee76c7", - "B": "frk_rq_681ed277348377c5b5f81649" - }, - { - "A": "frk_ct_68257a1bb4433e0a9a268b30", - "B": "frk_rq_681ed2893326942f0ac88d81" - }, - { - "A": "frk_ct_68257a1ba4e5ef9da219c322", - "B": "frk_rq_681ed29613b703c7f368ffdc" - }, - { - "A": "frk_ct_68257a1bbbb14da3e91c6f7d", - "B": "frk_rq_681ed2a8bda2e236fbc46492" - }, - { - "A": "frk_ct_68257a1cbbb440415393e176", - "B": "frk_rq_681ed2be08112d94334bd319" - }, - { - "A": "frk_ct_68257a1c39f66a3ad98b6478", - "B": "frk_rq_681ed2c844494f7d1b01fa45" - }, - { - "A": "frk_ct_68257a1cb27eeefba4e726f1", - "B": "frk_rq_681ed2e32d00654588c5103f" - }, - { - "A": "frk_ct_68257a1c6f95e597e8de389d", - "B": "frk_rq_681ed2f378d4fbe2e39f5f76" - }, - { - "A": "frk_ct_68257a1c1dc57ad73c143841", - "B": "frk_rq_681ed30003a95e3808397d6d" - }, - { - "A": "frk_ct_68257a1c480068bdb0e616e7", - "B": "frk_rq_681ed3455f6b6695283a7c72" - }, - { - "A": "frk_ct_68257a1d3fb5e8d0604dfbb4", - "B": "frk_rq_681ed35d6330398a089100c1" - }, - { - "A": "frk_ct_68257a1d57962f8da93b415f", - "B": "frk_rq_681ed36f9d1446b067a4990d" - }, - { - "A": "frk_ct_68257a1db9ff4c891fa87264", - "B": "frk_rq_681ed37df872af70c5430e7f" - }, - { - "A": "frk_ct_68257a91ec53ef3d17957782", - "B": "frk_rq_681ed38c0abdd2731880fa6e" - }, - { - "A": "frk_ct_68257a912373223d5eb6da0f", - "B": "frk_rq_681ed39e1c2f759d433992a7" - }, - { - "A": "frk_ct_68257a921c9496ee45a290e5", - "B": "frk_rq_681ed3ad17d5f7844774977a" - }, - { - "A": "frk_ct_68257a928f88817150a5f53d", - "B": "frk_rq_681ed3b87e88e0a249c2098a" - }, - { - "A": "frk_ct_68257a92901f419b109e5ce6", - "B": "frk_rq_681ed3c23adb2d4461dc09da" - }, - { - "A": "frk_ct_68257a92c75b0c04afc66fc1", - "B": "frk_rq_681ed3d0342b5d531935cd62" - }, - { - "A": "frk_ct_68257a92051ac16b6f2206e4", - "B": "frk_rq_681ed3dc1663fa62052ef548" - }, - { - "A": "frk_ct_68257a9220efb5df901a3929", - "B": "frk_rq_681ed3e78e9b73cb6b279906" - }, - { - "A": "frk_ct_68257b4042dbb83b90c1d7b4", - "B": "frk_rq_681ed3f78f28fba67dedc302" - }, - { - "A": "frk_ct_68257b4096e29810708e8f47", - "B": "frk_rq_681ed4019aa553be924ee291" - }, - { - "A": "frk_ct_68257b40873b0900545905b2", - "B": "frk_rq_681ed40ec3b505552b76ce5f" - }, - { - "A": "frk_ct_68257b416a92884774d39139", - "B": "frk_rq_681ed417c678d6e4a72ecc21" - }, - { - "A": "frk_ct_68257b41bffad919f3ac218a", - "B": "frk_rq_681ed423b43ec990bbd5f3b5" - }, - { - "A": "frk_ct_68257b414291d08ae512724d", - "B": "frk_rq_681ed4316c72a80ff5d1fdc6" - }, - { - "A": "frk_ct_68257b41f0a2fbb9d620aa64", - "B": "frk_rq_681ed43f84399c54accb82b9" - }, - { - "A": "frk_ct_68257b4155976970e8c51279", - "B": "frk_rq_681ed448a7cfe00afd2b0a19" - }, - { - "A": "frk_ct_68257b4196a28f5afe9cd387", - "B": "frk_rq_681ed45b92c3b3f329d3858f" - }, - { - "A": "frk_ct_68257b42ba09c901c6ac1671", - "B": "frk_rq_681ed46ff23ef8614d7f3042" - }, - { - "A": "frk_ct_68257b42917c238c02fba2f6", - "B": "frk_rq_681ed47bac3dee3588290b04" - }, - { - "A": "frk_ct_68257b42723da9e329282499", - "B": "frk_rq_681ed48f152068a490f317ac" - }, - { - "A": "frk_ct_68257b42ac201a974487d069", - "B": "frk_rq_681ed61f357c7bf776300aa7" - }, - { - "A": "frk_ct_68257b4289478514ffb16b82", - "B": "frk_rq_681ed62a1ad145f4554d4068" - }, - { - "A": "frk_ct_68257b79f55f03b23a05d978", - "B": "frk_rq_681ed6347b1e6eea717482ca" - }, - { - "A": "frk_ct_68257b7999c5acaee8d923bd", - "B": "frk_rq_681ed6497c1e390fe89f0dfa" - }, - { - "A": "frk_ct_68257b79b9b4d6e65b0e79f0", - "B": "frk_rq_681ed651d81e6c51934134bc" - }, - { - "A": "frk_ct_68257b79a261d4cc28a016c4", - "B": "frk_rq_681ed65bb490440ea4f3b552" - }, - { - "A": "frk_ct_68257c823279785197bfa39c", - "B": "frk_rq_681ed663b850258024b0b236" - }, - { - "A": "frk_ct_68257c83bc2103d487f9cb07", - "B": "frk_rq_681ed66d77af963d9763adeb" - }, - { - "A": "frk_ct_68257c832d300691420aa693", - "B": "frk_rq_681ed6761e8f45c900e60be3" - }, - { - "A": "frk_ct_68257c8391427752506791b8", - "B": "frk_rq_681ed686b626f985dac54c52" - }, - { - "A": "frk_ct_68257c832c83f97420cb2397", - "B": "frk_rq_681ed69ce5f84cf315240f7a" - }, - { - "A": "frk_ct_68257c83ce6c664bb55a5eaa", - "B": "frk_rq_681ed6a5d1683d54c08f7084" - }, - { - "A": "frk_ct_68257c83575a9e4cd0609e57", - "B": "frk_rq_681ed6afecd253fe6c3c060a" - }, - { - "A": "frk_ct_68257c84b9312c2a755e9856", - "B": "frk_rq_681ed6ba79910ff5b9c7d76f" - }, - { - "A": "frk_ct_68257c843eb14ca0fd67c607", - "B": "frk_rq_681ed6c7eee985561d1f4d9b" - }, - { - "A": "frk_ct_68257c84c5f7dde7ca228077", - "B": "frk_rq_681ed6d277a609269207598d" - }, - { - "A": "frk_ct_68257c84882e85fdec96c586", - "B": "frk_rq_681ed6dc2a941d8ed887fa01" - }, - { - "A": "frk_ct_68257c846d813b307758bbde", - "B": "frk_rq_681ed6eab8348ae42e9622d2" - }, - { - "A": "frk_ct_68257c84ddf1e2b8f0d8e748", - "B": "frk_rq_681ed6f360678a6cf25345b2" - }, - { - "A": "frk_ct_68257c854a920c4f48efaec1", - "B": "frk_rq_681ed6fbb7447647d630bfac" - }, - { - "A": "frk_ct_68257c85630ac98cafc8ffe7", - "B": "frk_rq_681ed70245119fe4e1943d4a" - }, - { - "A": "frk_ct_68257c85254d22991b9359ad", - "B": "frk_rq_681ed70cd5e3fc570dd75770" - }, - { - "A": "frk_ct_68257c8579b8506457ba5792", - "B": "frk_rq_681ed713c378baffc34d25f5" - }, - { - "A": "frk_ct_68257c85e28246dc477a2f9d", - "B": "frk_rq_681ed71f9deddd61109308dd" - }, - { - "A": "frk_ct_68257c8522174d14596e4f02", - "B": "frk_rq_681ed7326db82252ea6faa67" - }, - { - "A": "frk_ct_68257c85125fbb0cd22580df", - "B": "frk_rq_681ed739dc6d14f4ad5d95d2" - }, - { - "A": "frk_ct_68257d3deaa6d3b47bdf4581", - "B": "frk_rq_681ed74124bbe51a72d0c154" - }, - { - "A": "frk_ct_68257d3d1cf492b6b94c23c0", - "B": "frk_rq_681ed748dab9fd6d58f20964" - }, - { - "A": "frk_ct_68257d3eac14828df9620637", - "B": "frk_rq_681ed7532959ec62c8ae815c" - }, - { - "A": "frk_ct_68257d3e78de01a147544960", - "B": "frk_rq_681ed76e19cca49a6ac49bf8" - }, - { - "A": "frk_ct_68257d3ed093e55a2dd23b78", - "B": "frk_rq_681ed7794b363009725bab5b" - }, - { - "A": "frk_ct_68257d3ea6662c7087f59ad0", - "B": "frk_rq_681ed781b79f824466be5394" - }, - { - "A": "frk_ct_68257d3e450af8736b49e858", - "B": "frk_rq_681ed789b359f075b12e20c0" - }, - { - "A": "frk_ct_68257d3e66e2445f216f0622", - "B": "frk_rq_681ed7901ab04aa5a1d27890" - }, - { - "A": "frk_ct_68257d3ffa46ae099f302d7c", - "B": "frk_rq_681ed799ca7b40e2d8ed55ba" - }, - { - "A": "frk_ct_68257d3f9c52019e6454d2f7", - "B": "frk_rq_681ed7b407395dfc68ff955d" - }, - { - "A": "frk_ct_68257d3f503d4f4ff6104c0d", - "B": "frk_rq_681ed7c75e421b346480e046" - }, - { - "A": "frk_ct_68257d3fcdb52d79e5eae03c", - "B": "frk_rq_681ed7ce83ab2029a9dc414c" - }, - { - "A": "frk_ct_68257d3f826abe8ce6f97aa9", - "B": "frk_rq_681ed7d719388daff946a68d" - }, - { - "A": "frk_ct_68257d3fdc7108cc189ba8b9", - "B": "frk_rq_681ed7de305465fe226fc39d" - }, - { - "A": "frk_ct_68257d3fc71567322c285ed9", - "B": "frk_rq_681ed7e50f718eb161dd5605" - }, - { - "A": "frk_ct_68257d40cc4edb6308b9e6e6", - "B": "frk_rq_681ed80ab572359972e06ace" - }, - { - "A": "frk_ct_68257d40fcac4d36fddb6e7a", - "B": "frk_rq_681ed813388d3297b3ed3e73" - }, - { - "A": "frk_ct_68257d40d8112e98abab1d21", - "B": "frk_rq_681ed81d5e01d43ada52ffae" - }, - { - "A": "frk_ct_6825756149eb59b2b58fa856", - "B": "frk_rq_681ebbc3efb5a2e1ef0ab09c" - }, - { - "A": "frk_ct_6825762fad109b79022e8b41", - "B": "frk_rq_681ebcf14b5cb5842b2af09b" - }, - { - "A": "frk_ct_6825768e443b998bb7d8aa66", - "B": "frk_rq_681ebba6f55e177eef990bf7" - }, - { - "A": "frk_ct_6825768ee413fe50e00d4965", - "B": "frk_rq_681ebc435c7f4032133c00ff" - }, - { - "A": "frk_ct_6825768ee6fd1e6272a9946e", - "B": "frk_rq_681ebf578f2bc13a797afac9" - }, - { - "A": "frk_ct_682578588017390bf8d08c95", - "B": "frk_rq_681ebf82fb04727c9ac5b60f" - }, - { - "A": "frk_ct_6825785885a5e65dd48a940d", - "B": "frk_rq_681ebea89e8e99701b8e01f9" + "A": "frk_ct_683f4036b541126388e2989a", + "B": "frk_rq_683f598fc18a528adfcdd561" }, { - "A": "frk_ct_68257895edfaca1cae34a7c2", - "B": "frk_rq_681ebc3664f286e865b059c2" + "A": "frk_ct_683f4036b541126388e2989a", + "B": "frk_rq_683f6118bf597bc269ad5d22" }, { - "A": "frk_ct_682578959c5e0c6a1e92728d", - "B": "frk_rq_681ebecd241790316926f987" + "A": "frk_ct_683f41e775f4ca03d8f6bae2", + "B": "frk_rq_683f56e9693dbfc43020b888" }, { - "A": "frk_ct_682578c1a2732658c259c33d", - "B": "frk_rq_681ebc1cc593f19b23a68a02" + "A": "frk_ct_683f41e775f4ca03d8f6bae2", + "B": "frk_rq_683f62e98eedc19fdd008d99" }, { - "A": "frk_ct_6825790ac77f9110f7f7bda3", - "B": "frk_rq_681ebeef4c1a070eee80d1c2" + "A": "frk_ct_683f42c71eea99f22f9df060", + "B": "frk_rq_683f6118bf597bc269ad5d22" }, { - "A": "frk_ct_6825790a77268ca155ee76c7", - "B": "frk_rq_681ebedccee9ea5fa8c02a65" + "A": "frk_ct_683f43a65de3b6044e63220f", + "B": "frk_rq_683f5b8241dbd32ac2c6ad2b" }, { - "A": "frk_ct_68257a1bb4433e0a9a268b30", - "B": "frk_rq_681ebeb66c09c92d0a3aa9a4" + "A": "frk_ct_683f4457b14856e700c8c25b", + "B": "frk_rq_683f5b8241dbd32ac2c6ad2b" }, { - "A": "frk_ct_68257a1ba4e5ef9da219c322", - "B": "frk_rq_681ebf963f7055627c5e9d06" + "A": "frk_ct_683f464bec8bea67de7b9c31", + "B": "frk_rq_683f81d974beae08683f7c65" }, { - "A": "frk_ct_68257a1c6f95e597e8de389d", - "B": "frk_rq_681ebf6c0027c27141a8a960" + "A": "frk_ct_683f46f3f181af3f93773c1d", + "B": "frk_rq_683f6118bf597bc269ad5d22" }, { - "A": "frk_ct_68257a1db9ff4c891fa87264", - "B": "frk_rq_681ebfa0fbd5040239459dea" + "A": "frk_ct_683f47cc2faa426603d6bee8", + "B": "frk_rq_683f5daecd5e3f57e3f2733c" }, { - "A": "frk_ct_68257a912373223d5eb6da0f", - "B": "frk_rq_681ebb934dd08b250907c515" + "A": "frk_ct_683f47cc2faa426603d6bee8", + "B": "frk_rq_683f78ea0fa2580304e11a1e" }, { - "A": "frk_ct_68257a92901f419b109e5ce6", - "B": "frk_rq_681ec1a899a2a887571df4aa" + "A": "frk_ct_683f47cc2faa426603d6bee8", + "B": "frk_rq_683f7a455a617028f7cd888f" }, { - "A": "frk_ct_68257a92c75b0c04afc66fc1", - "B": "frk_rq_681ebcc6bf10668a7b6e4da1" + "A": "frk_ct_683f484fc7b5506ab97c26af", + "B": "frk_rq_683f5f4d18de5fee7df6f15a" }, { - "A": "frk_ct_68257a92051ac16b6f2206e4", - "B": "frk_rq_681ebce6a256e65326eb21b2" + "A": "frk_ct_683f484fc7b5506ab97c26af", + "B": "frk_rq_683f5fbd7ac16777b257da6b" }, { - "A": "frk_ct_68257a9220efb5df901a3929", - "B": "frk_rq_681ebd110860fdae08078d1e" + "A": "frk_ct_683f484fc7b5506ab97c26af", + "B": "frk_rq_683f80e6ec8d4803595647a9" }, { - "A": "frk_ct_68257b4042dbb83b90c1d7b4", - "B": "frk_rq_681ebbd6d5b5789fb766bb2c" + "A": "frk_ct_68407c9513000617776104c7", + "B": "frk_rq_683f5daecd5e3f57e3f2733c" }, { - "A": "frk_ct_68257b416a92884774d39139", - "B": "frk_rq_681ebbfb12867521d3d28cde" + "A": "frk_ct_683f3ecd42e62fde624c59c1", + "B": "frk_rq_683f5c2de17c4c845303afa7" }, { - "A": "frk_ct_68257b41f0a2fbb9d620aa64", - "B": "frk_rq_681ebf0e253b7574744e1e31" + "A": "frk_ct_683f3ecd42e62fde624c59c1", + "B": "frk_rq_683f5fbd7ac16777b257da6b" }, { - "A": "frk_ct_68257b42ba09c901c6ac1671", - "B": "frk_rq_681ebefe089b8d0483e0759b" + "A": "frk_ct_683f3ecd42e62fde624c59c1", + "B": "frk_rq_683f65a946002d573103c9de" }, { - "A": "frk_ct_68257c84c5f7dde7ca228077", - "B": "frk_rq_681ebd036f42d17b6e1ad003" + "A": "frk_ct_683f3ecd42e62fde624c59c1", + "B": "frk_rq_683f81d974beae08683f7c65" }, { - "A": "frk_ct_68257c84882e85fdec96c586", - "B": "frk_rq_681ebf4568696287ad0b6f90" + "A": "frk_ct_683f41e775f4ca03d8f6bae2", + "B": "frk_rq_683f598fc18a528adfcdd561" }, { - "A": "frk_ct_68257c84ddf1e2b8f0d8e748", - "B": "frk_rq_681ebd036f42d17b6e1ad003" + "A": "frk_ct_683f42c71eea99f22f9df060", + "B": "frk_rq_683f598fc18a528adfcdd561" }, { - "A": "frk_ct_6825756149eb59b2b58fa856", - "B": "frk_rq_681ebc6f2c5620696001f688" + "A": "frk_ct_683f44c8074680be528353c1", + "B": "frk_rq_683f5c2de17c4c845303afa7" }, { - "A": "frk_ct_6826d559729899533d6448ad", - "B": "frk_rq_681ebc8489a15319d49a13d3" + "A": "frk_ct_683f44c8074680be528353c1", + "B": "frk_rq_683f56e9693dbfc43020b888" }, { - "A": "frk_ct_6826d559729899533d6448ad", - "B": "frk_rq_681ebc97bfb5120143dabe4e" + "A": "frk_ct_683f45c5058c486f3fa5b7bc", + "B": "frk_rq_683f5c2de17c4c845303afa7" }, { - "A": "frk_ct_68257d40cc4edb6308b9e6e6", - "B": "frk_rq_681ebd2e5fcf443f7d40fd3d" + "A": "frk_ct_683f45c5058c486f3fa5b7bc", + "B": "frk_rq_683f5ed1fb039b11269212c8" }, { - "A": "frk_ct_6825790a77268ca155ee76c7", - "B": "frk_rq_681ebec24cb46deef1c353ad" + "A": "frk_ct_683f464bec8bea67de7b9c31", + "B": "frk_rq_683f5c2de17c4c845303afa7" }, { - "A": "frk_ct_68257c84882e85fdec96c586", - "B": "frk_rq_681ebf2048100b3f122547ad" + "A": "frk_ct_683f464bec8bea67de7b9c31", + "B": "frk_rq_683f8206ed8b866232b554dd" }, { - "A": "frk_ct_68257c8522174d14596e4f02", - "B": "frk_rq_681ebf76b9fc70d3b1c208cf" + "A": "frk_ct_683f46f3f181af3f93773c1d", + "B": "frk_rq_683f5c2de17c4c845303afa7" }, { - "A": "frk_ct_68257d40cc4edb6308b9e6e6", - "B": "frk_rq_681ebf8c217dab3507c2184d" + "A": "frk_ct_683f46f3f181af3f93773c1d", + "B": "frk_rq_683f7a455a617028f7cd888f" }, { - "A": "frk_ct_6825790ac77f9110f7f7bda3", - "B": "frk_rq_681edde91036dc41934ae86c" + "A": "frk_ct_68407c9513000617776104c7", + "B": "frk_rq_683f63eb915fb5c5e9666793" }, { - "A": "frk_ct_6826d559729899533d6448ad", - "B": "frk_rq_681ebcafedeabed06a31d782" + "A": "frk_ct_683f3ecd42e62fde624c59c1", + "B": "frk_rq_683f5b8241dbd32ac2c6ad2b" }, { - "A": "frk_ct_6825756149eb59b2b58fa856", - "B": "frk_rq_681ebc52d1ea4fe58854791a" + "A": "frk_ct_683f3ecd42e62fde624c59c1", + "B": "frk_rq_683f5daecd5e3f57e3f2733c" }, { - "A": "frk_ct_68257c832c83f97420cb2397", - "B": "frk_rq_681ebd3ae3397498f9ec9f66" + "A": "frk_ct_683f41e775f4ca03d8f6bae2", + "B": "frk_rq_683f6118bf597bc269ad5d22" }, { - "A": "frk_ct_683f318e767647a9309edbe9", - "B": "frk_rq_683f3179d3ba9393821ad7a4" + "A": "frk_ct_683f42c71eea99f22f9df060", + "B": "frk_rq_683f76a572050393764a447d" }, { - "A": "frk_ct_683f318e767647a9309edbe9", - "B": "frk_rq_683f316954a237019ca60e26" + "A": "frk_ct_683f42c71eea99f22f9df060", + "B": "frk_rq_683f7d89ddcefa3b73fb2a0c" }, { - "A": "frk_ct_683f3b6cfc5f200113d2972f", - "B": "frk_rq_683f3a1f08cc55cacec20739" + "A": "frk_ct_683f43a65de3b6044e63220f", + "B": "frk_rq_683f5a7da5c95341a76298e5" }, { - "A": "frk_ct_683f3ecd42e62fde624c59c1", - "B": "frk_rq_683f3a1f08cc55cacec20739" + "A": "frk_ct_683f43a65de3b6044e63220f", + "B": "frk_rq_683f5daecd5e3f57e3f2733c" }, { - "A": "frk_ct_683f3ecd42e62fde624c59c1", - "B": "frk_rq_681ebbfb12867521d3d28cde" + "A": "frk_ct_683f44c8074680be528353c1", + "B": "frk_rq_683f72b90ef35d871333a776" }, { - "A": "frk_ct_683f3ecd42e62fde624c59c1", - "B": "frk_rq_681ebc1cc593f19b23a68a02" + "A": "frk_ct_683f464bec8bea67de7b9c31", + "B": "frk_rq_683f821f87cfa79d2b494f7c" }, { - "A": "frk_ct_683f3ecd42e62fde624c59c1", - "B": "frk_rq_681ebc3664f286e865b059c2" + "A": "frk_ct_683f46f3f181af3f93773c1d", + "B": "frk_rq_683f62e98eedc19fdd008d99" }, { - "A": "frk_ct_683f3ecd42e62fde624c59c1", - "B": "frk_rq_681ebc8489a15319d49a13d3" + "A": "frk_ct_683f46f3f181af3f93773c1d", + "B": "frk_rq_683f78ea0fa2580304e11a1e" }, { - "A": "frk_ct_683f3ecd42e62fde624c59c1", - "B": "frk_rq_681ebd110860fdae08078d1e" + "A": "frk_ct_683f47cc2faa426603d6bee8", + "B": "frk_rq_683f62e98eedc19fdd008d99" }, { - "A": "frk_ct_683f3ecd42e62fde624c59c1", - "B": "frk_rq_681ec07bfd2183e3ae0c67ed" + "A": "frk_ct_683f484fc7b5506ab97c26af", + "B": "frk_rq_683f6001b56cab9a3247d87b" }, { - "A": "frk_ct_683f4036b541126388e2989a", - "B": "frk_rq_683f3a1f08cc55cacec20739" + "A": "frk_ct_683f484fc7b5506ab97c26af", + "B": "frk_rq_683f60819f8e5af7b509af44" }, { - "A": "frk_ct_683f4036b541126388e2989a", - "B": "frk_rq_681ebbc3efb5a2e1ef0ab09c" + "A": "frk_ct_683f48ee9534e1e0a088e922", + "B": "frk_rq_683f5fbd7ac16777b257da6b" }, { - "A": "frk_ct_683f4036b541126388e2989a", - "B": "frk_rq_681ebcc6bf10668a7b6e4da1" + "A": "frk_ct_683f48ee9534e1e0a088e922", + "B": "frk_rq_683f60819f8e5af7b509af44" }, { - "A": "frk_ct_683f41e775f4ca03d8f6bae2", - "B": "frk_rq_681ebba6f55e177eef990bf7" + "A": "frk_ct_683f48ee9534e1e0a088e922", + "B": "frk_rq_683f6118bf597bc269ad5d22" }, { - "A": "frk_ct_683f41e775f4ca03d8f6bae2", - "B": "frk_rq_681ebbc3efb5a2e1ef0ab09c" + "A": "frk_ct_683f48ee9534e1e0a088e922", + "B": "frk_rq_683f80f8a30b8d35d65617d3" }, { - "A": "frk_ct_683f41e775f4ca03d8f6bae2", - "B": "frk_rq_681ebcc6bf10668a7b6e4da1" + "A": "frk_ct_683f4a410cf5bf6d40bf3583", + "B": "frk_rq_683f66cebc1688607d297b48" }, { - "A": "frk_ct_683f41e775f4ca03d8f6bae2", - "B": "frk_rq_681ebce6a256e65326eb21b2" + "A": "frk_ct_683f4a410cf5bf6d40bf3583", + "B": "frk_rq_683f679780b75c3b865095c9" }, { - "A": "frk_ct_683f41e775f4ca03d8f6bae2", - "B": "frk_rq_681ebd036f42d17b6e1ad003" + "A": "frk_ct_683f4a410cf5bf6d40bf3583", + "B": "frk_rq_683f6827c11ca1796928001c" }, { - "A": "frk_ct_683f42c71eea99f22f9df060", - "B": "frk_rq_681ebbc3efb5a2e1ef0ab09c" + "A": "frk_ct_683f4a410cf5bf6d40bf3583", + "B": "frk_rq_683f826c9b47fcf6bf49538c" }, { - "A": "frk_ct_683f42c71eea99f22f9df060", - "B": "frk_rq_681ebcc6bf10668a7b6e4da1" + "A": "frk_ct_683f4a410cf5bf6d40bf3583", + "B": "frk_rq_683f82884d08489da196f990" }, { - "A": "frk_ct_683f42c71eea99f22f9df060", - "B": "frk_rq_681ebefe089b8d0483e0759b" + "A": "frk_ct_683f4ae4acbd63d0e558a6f5", + "B": "frk_rq_683f66cebc1688607d297b48" }, { - "A": "frk_ct_683f42c71eea99f22f9df060", - "B": "frk_rq_681ebf82fb04727c9ac5b60f" + "A": "frk_ct_683f4ae4acbd63d0e558a6f5", + "B": "frk_rq_683f759f885e5b093b3c36d6" }, { - "A": "frk_ct_683f43a65de3b6044e63220f", - "B": "frk_rq_681ebbd6d5b5789fb766bb2c" + "A": "frk_ct_683f4b7614d209f8b6ffd477", + "B": "frk_rq_683f778c138349f90d26fee2" }, { - "A": "frk_ct_683f43a65de3b6044e63220f", - "B": "frk_rq_681ebbfb12867521d3d28cde" + "A": "frk_ct_683f4b7614d209f8b6ffd477", + "B": "frk_rq_683f781a00e52dcf0143af5d" }, { - "A": "frk_ct_683f43a65de3b6044e63220f", - "B": "frk_rq_681ebc3664f286e865b059c2" + "A": "frk_ct_683f4b7614d209f8b6ffd477", + "B": "frk_rq_683f78ea0fa2580304e11a1e" }, { - "A": "frk_ct_683f4457b14856e700c8c25b", - "B": "frk_rq_681ebbfb12867521d3d28cde" + "A": "frk_ct_683f4c30e2d3f1117fa58e13", + "B": "frk_rq_683f82394fcb1c573b1fdc2a" }, { - "A": "frk_ct_683f44c8074680be528353c1", - "B": "frk_rq_681ebc1cc593f19b23a68a02" + "A": "frk_ct_683f4b7614d209f8b6ffd477", + "B": "frk_rq_683f810113cc5e7ecf329428" }, { - "A": "frk_ct_683f44c8074680be528353c1", - "B": "frk_rq_681ebedccee9ea5fa8c02a65" + "A": "frk_ct_683f4d7360a876b972aba39a", + "B": "frk_rq_683f778c138349f90d26fee2" }, { - "A": "frk_ct_683f44c8074680be528353c1", - "B": "frk_rq_681ec08948b2d4f23b730dd4" + "A": "frk_ct_683f4c30e2d3f1117fa58e13", + "B": "frk_rq_683f7d89ddcefa3b73fb2a0c" }, { - "A": "frk_ct_683f44c8074680be528353c1", - "B": "frk_rq_681ebba6f55e177eef990bf7" + "A": "frk_ct_683f4c30e2d3f1117fa58e13", + "B": "frk_rq_683f826c9b47fcf6bf49538c" }, { - "A": "frk_ct_683f45c5058c486f3fa5b7bc", - "B": "frk_rq_681ebc1cc593f19b23a68a02" + "A": "frk_ct_683f4cf6afd7a19be2d4432c", + "B": "frk_rq_683f7d89ddcefa3b73fb2a0c" }, { - "A": "frk_ct_683f45c5058c486f3fa5b7bc", - "B": "frk_rq_681ebc435c7f4032133c00ff" + "A": "frk_ct_683f4d7360a876b972aba39a", + "B": "frk_rq_683f781a00e52dcf0143af5d" }, { - "A": "frk_ct_683f464bec8bea67de7b9c31", - "B": "frk_rq_681ebc1cc593f19b23a68a02" + "A": "frk_ct_683f4d7360a876b972aba39a", + "B": "frk_rq_683f78ea0fa2580304e11a1e" }, { - "A": "frk_ct_683f464bec8bea67de7b9c31", - "B": "frk_rq_683f3a1f08cc55cacec20739" + "A": "frk_ct_683f4dd564057a97ae323c9f", + "B": "frk_rq_683f804dde7ce3212d036b3e" }, { - "A": "frk_ct_683f464bec8bea67de7b9c31", - "B": "frk_rq_681ec1a899a2a887571df4aa" + "A": "frk_ct_683f4dd564057a97ae323c9f", + "B": "frk_rq_683f8141c8854481f15006a2" }, { - "A": "frk_ct_683f464bec8bea67de7b9c31", - "B": "frk_rq_681ec1b6069818f03f2d825b" + "A": "frk_ct_683f4dd564057a97ae323c9f", + "B": "frk_rq_683f81a18cfc6660bdb1acea" }, { - "A": "frk_ct_683f46f3f181af3f93773c1d", - "B": "frk_rq_681ebc1cc593f19b23a68a02" + "A": "frk_ct_683f4ef6c6a5481a377be413", + "B": "frk_rq_683f63eb915fb5c5e9666793" }, { - "A": "frk_ct_683f46f3f181af3f93773c1d", - "B": "frk_rq_681ebcc6bf10668a7b6e4da1" + "A": "frk_ct_683f4ef6c6a5481a377be413", + "B": "frk_rq_683f65a946002d573103c9de" }, { - "A": "frk_ct_683f46f3f181af3f93773c1d", - "B": "frk_rq_681ebce6a256e65326eb21b2" + "A": "frk_ct_683f50aae46f5e4e096e6bb3", + "B": "frk_rq_683f8206ed8b866232b554dd" }, { - "A": "frk_ct_683f46f3f181af3f93773c1d", - "B": "frk_rq_681ebd036f42d17b6e1ad003" + "A": "frk_ct_683f50aae46f5e4e096e6bb3", + "B": "frk_rq_683f821f87cfa79d2b494f7c" }, { - "A": "frk_ct_683f46f3f181af3f93773c1d", - "B": "frk_rq_681ebf6c0027c27141a8a960" + "A": "frk_ct_68406fc94e08f884cc085ded", + "B": "frk_rq_683f76a572050393764a447d" }, { - "A": "frk_ct_683f46f3f181af3f93773c1d", - "B": "frk_rq_681ebf76b9fc70d3b1c208cf" + "A": "frk_ct_68406fc94e08f884cc085ded", + "B": "frk_rq_683f81d974beae08683f7c65" }, { - "A": "frk_ct_683f47cc2faa426603d6bee8", - "B": "frk_rq_681ebc3664f286e865b059c2" + "A": "frk_ct_68406fc94e08f884cc085ded", + "B": "frk_rq_683f82884d08489da196f990" }, { - "A": "frk_ct_683f47cc2faa426603d6bee8", - "B": "frk_rq_681ebf6c0027c27141a8a960" + "A": "frk_ct_684070831cc83c4ab4c2c4d8", + "B": "frk_rq_683f778c138349f90d26fee2" }, { - "A": "frk_ct_683f484fc7b5506ab97c26af", - "B": "frk_rq_681ebc8489a15319d49a13d3" + "A": "frk_ct_684070831cc83c4ab4c2c4d8", + "B": "frk_rq_683f781a00e52dcf0143af5d" }, { - "A": "frk_ct_683f47cc2faa426603d6bee8", - "B": "frk_rq_681ebce6a256e65326eb21b2" + "A": "frk_ct_684070831cc83c4ab4c2c4d8", + "B": "frk_rq_683f78ea0fa2580304e11a1e" }, { - "A": "frk_ct_683f47cc2faa426603d6bee8", - "B": "frk_rq_681ebf76b9fc70d3b1c208cf" + "A": "frk_ct_684070f0b4f6c2036306e23c", + "B": "frk_rq_683f66cebc1688607d297b48" }, { - "A": "frk_ct_683f484fc7b5506ab97c26af", - "B": "frk_rq_681ebc6f2c5620696001f688" + "A": "frk_ct_684070f0b4f6c2036306e23c", + "B": "frk_rq_683f76c4fcd357257a5e58cb" }, { - "A": "frk_ct_683f484fc7b5506ab97c26af", - "B": "frk_rq_681ebc97bfb5120143dabe4e" + "A": "frk_ct_68407122565b1968676d93db", + "B": "frk_rq_683f66cebc1688607d297b48" }, { - "A": "frk_ct_683f484fc7b5506ab97c26af", - "B": "frk_rq_681ebcafedeabed06a31d782" + "A": "frk_ct_68407122565b1968676d93db", + "B": "frk_rq_683f728e5b99238031db8c10" }, { - "A": "frk_ct_683f484fc7b5506ab97c26af", - "B": "frk_rq_681ebf963f7055627c5e9d06" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f82b7e3624d113096e13c" }, { - "A": "frk_ct_683f48ee9534e1e0a088e922", - "B": "frk_rq_681ebc8489a15319d49a13d3" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f82c47ddda8414a018a93" }, { - "A": "frk_ct_683f48ee9534e1e0a088e922", - "B": "frk_rq_681ebcafedeabed06a31d782" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f82f1c18e04fda2404acd" }, { - "A": "frk_ct_683f48ee9534e1e0a088e922", - "B": "frk_rq_681ebcc6bf10668a7b6e4da1" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f8345a76125f5c3a71d5c" }, { - "A": "frk_ct_683f48ee9534e1e0a088e922", - "B": "frk_rq_681ebd036f42d17b6e1ad003" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f83098dfd2e4ed385afd4" }, { - "A": "frk_ct_683f48ee9534e1e0a088e922", - "B": "frk_rq_681ebfa0fbd5040239459dea" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f833cb9cd7f024ff9535f" }, { - "A": "frk_ct_683f4a410cf5bf6d40bf3583", - "B": "frk_rq_681ebd036f42d17b6e1ad003" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f834daeb15e457c90c0ee" }, { - "A": "frk_ct_683f4a410cf5bf6d40bf3583", - "B": "frk_rq_681ebea89e8e99701b8e01f9" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f8371847f5409c2e72347" }, { - "A": "frk_ct_683f4a410cf5bf6d40bf3583", - "B": "frk_rq_681ebeb66c09c92d0a3aa9a4" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f83834e536ba24d2f3bf1" }, { - "A": "frk_ct_683f4a410cf5bf6d40bf3583", - "B": "frk_rq_681ebec24cb46deef1c353ad" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f83a86dd03eded4fbc480" }, { - "A": "frk_ct_683f4a410cf5bf6d40bf3583", - "B": "frk_rq_681ec1cef77f1e699b977397" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f83dea64e10cea3af908c" }, { - "A": "frk_ct_683f4a410cf5bf6d40bf3583", - "B": "frk_rq_681ec1dd70d211c500bb5c1d" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f8435fe070a53cd9784dd" }, { - "A": "frk_ct_683f4ae4acbd63d0e558a6f5", - "B": "frk_rq_681ebea89e8e99701b8e01f9" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f845ba4f5e3210df1a723" }, { - "A": "frk_ct_683f4ae4acbd63d0e558a6f5", - "B": "frk_rq_681ebeef4c1a070eee80d1c2" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f847a3a8a886dc17fb349" }, { - "A": "frk_ct_683f4b7614d209f8b6ffd477", - "B": "frk_rq_681ebf4568696287ad0b6f90" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f84c464d2ea4f6e977429" }, { - "A": "frk_ct_683f4b7614d209f8b6ffd477", - "B": "frk_rq_681ebf578f2bc13a797afac9" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f85a54f4d8eb689efb5a3" }, { - "A": "frk_ct_683f4b7614d209f8b6ffd477", - "B": "frk_rq_681ebf6c0027c27141a8a960" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f85dea375f4073836d53c" }, { - "A": "frk_ct_683f4b7614d209f8b6ffd477", - "B": "frk_rq_681ec0361397c7584c25cfd8" + "A": "frk_ct_684072e06f4a49ee669076cc", + "B": "frk_rq_683f759f885e5b093b3c36d6" }, { - "A": "frk_ct_683f4c30e2d3f1117fa58e13", - "B": "frk_rq_681ebf82fb04727c9ac5b60f" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f84cffe92068d1ed9c723" }, { - "A": "frk_ct_683f4c30e2d3f1117fa58e13", - "B": "frk_rq_681ec1c23827a73da573301b" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f850f11a550572b3bd0bf" }, { - "A": "frk_ct_683f4c30e2d3f1117fa58e13", - "B": "frk_rq_681ec1cef77f1e699b977397" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f8546f29167cd7f16a8ed" }, { - "A": "frk_ct_683f4cf6afd7a19be2d4432c", - "B": "frk_rq_681ebf82fb04727c9ac5b60f" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_rq_683f857249f025f86fcfcbcf" }, { - "A": "frk_ct_683f4d7360a876b972aba39a", - "B": "frk_rq_681ebf4568696287ad0b6f90" + "A": "frk_ct_6840731ae0b857152b35ca8f", + "B": "frk_rq_683f759f885e5b093b3c36d6" }, { - "A": "frk_ct_683f4d7360a876b972aba39a", - "B": "frk_rq_681ebf578f2bc13a797afac9" + "A": "frk_ct_6840731ae0b857152b35ca8f", + "B": "frk_rq_683f78ea0fa2580304e11a1e" }, { - "A": "frk_ct_683f4d7360a876b972aba39a", - "B": "frk_rq_681ebf6c0027c27141a8a960" + "A": "frk_ct_6840738800f98fa3c0f3a3ae", + "B": "frk_rq_683f76c4fcd357257a5e58cb" }, { - "A": "frk_ct_683f4dd564057a97ae323c9f", - "B": "frk_rq_681ec056ca6c6a446a9592b5" + "A": "frk_ct_6840738800f98fa3c0f3a3ae", + "B": "frk_rq_683f78ea0fa2580304e11a1e" }, { - "A": "frk_ct_683f4dd564057a97ae323c9f", - "B": "frk_rq_681ec06748e853260b8b3c7e" + "A": "frk_ct_684073ba24475a83ba048022", + "B": "frk_rq_683f63eb915fb5c5e9666793" }, { - "A": "frk_ct_683f4ef6c6a5481a377be413", - "B": "frk_rq_681ebcf14b5cb5842b2af09b" + "A": "frk_ct_68407406644c56d42eac3295", + "B": "frk_rq_683f759f885e5b093b3c36d6" }, { - "A": "frk_ct_683f4ef6c6a5481a377be413", - "B": "frk_rq_681ebd036f42d17b6e1ad003" + "A": "frk_ct_68407406644c56d42eac3295", + "B": "frk_rq_683f76a572050393764a447d" }, { - "A": "frk_ct_683f4ef6c6a5481a377be413", - "B": "frk_rq_681ebd110860fdae08078d1e" + "A": "frk_ct_68407406644c56d42eac3295", + "B": "frk_rq_683f81d974beae08683f7c65" }, { - "A": "frk_ct_683f50aae46f5e4e096e6bb3", - "B": "frk_rq_681ec1a899a2a887571df4aa" + "A": "frk_ct_68407429371f33886d8ab80d", + "B": "frk_rq_683f76a572050393764a447d" }, { - "A": "frk_ct_683f50aae46f5e4e096e6bb3", - "B": "frk_rq_681ede37505bc1a997f77dc5" + "A": "frk_ct_684075c692439e38c753c95d", + "B": "frk_rq_683f66cebc1688607d297b48" } ] \ No newline at end of file diff --git a/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorTaskTemplate.json b/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorTaskTemplate.json index 51cae34809..4b01b01d3a 100644 --- a/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorTaskTemplate.json +++ b/packages/db/prisma/seed/relations/_FrameworkEditorControlTemplateToFrameworkEditorTaskTemplate.json @@ -1,542 +1,142 @@ [ { - "A": "frk_ct_681e851466129df67f4481ec", - "B": "frk_tt_681e8514e8bdffe08194931f" + "A": "frk_ct_683f42c71eea99f22f9df060", + "B": "frk_tt_68406903839203801ac8041a" }, { - "A": "frk_ct_681e8514da133b59ed163e38", - "B": "frk_tt_681e851453c84dda25ce83b5" + "A": "frk_ct_683f41e775f4ca03d8f6bae2", + "B": "frk_tt_6840688c2faba1517eee62e7" }, { - "A": "frk_ct_681e851496e2129f1e601aeb", - "B": "frk_tt_681e8514fc009ceb3c693964" + "A": "frk_ct_683f43a65de3b6044e63220f", + "B": "frk_tt_68406951bd282273ebe286cc" }, { - "A": "frk_ct_681e8514a7b04dc9afb04450", - "B": "frk_tt_681e851406b67dee8b177b18" + "A": "frk_ct_683f464bec8bea67de7b9c31", + "B": "frk_tt_68406a9d44fc335ab8a26554" }, { - "A": "frk_ct_681e85147e23e534c2e14497", - "B": "frk_tt_681e85144fc85e074719756d" + "A": "frk_ct_683f46f3f181af3f93773c1d", + "B": "frk_tt_68406af04a4acb93083413b9" }, { - "A": "frk_ct_681e851437b51ff9d2530a93", - "B": "frk_tt_681e85143c1a4bd85c70d365" + "A": "frk_ct_683f48ee9534e1e0a088e922", + "B": "frk_tt_68406c5fff783844f31941e2" }, { - "A": "frk_ct_681e85145da70d329ead9847", - "B": "frk_tt_681e8514b19250f7726e0ea2" + "A": "frk_ct_683f4a410cf5bf6d40bf3583", + "B": "frk_tt_68406ca292d9fffb264991b9" }, { - "A": "frk_ct_681e851430aafd56ca35b17e", - "B": "frk_tt_681e8514b471bb89952116c0" + "A": "frk_ct_683f4b7614d209f8b6ffd477", + "B": "frk_tt_68406d2e86acc048d1774ea6" }, { - "A": "frk_ct_681e8514fa7c5b1be482ea51", - "B": "frk_tt_681e851425166ba986da0b88" + "A": "frk_ct_683f4c30e2d3f1117fa58e13", + "B": "frk_tt_68406d64f09f13271c14dd01" }, { - "A": "frk_ct_681e8514c174835611412d50", - "B": "frk_tt_681e85146dfc52a06b6069d1" + "A": "frk_ct_683f4dd564057a97ae323c9f", + "B": "frk_tt_68406e7abae2a9b16c2cc197" }, { - "A": "frk_ct_681e8514f6b0535abf7e7d44", - "B": "frk_tt_681e8514d362ed5f66e72fde" + "A": "frk_ct_683f4ef6c6a5481a377be413", + "B": "frk_tt_684076a02261faf3d331289d" }, { - "A": "frk_ct_681e8514bffbbb8e9c4f6fda", - "B": "frk_tt_681e85147fd8009762a6f0e0" + "A": "frk_ct_684070831cc83c4ab4c2c4d8", + "B": "frk_tt_68407759cc3a434f9f0e7ced" }, { - "A": "frk_ct_681e85142aac5b23b3091fa5", - "B": "frk_tt_681e85146dd689eb3de04af3" + "A": "frk_ct_684070f0b4f6c2036306e23c", + "B": "frk_tt_684077bdcc601f30e0a1640c" }, { - "A": "frk_ct_681e851408bb32ca1c2da5ea", - "B": "frk_tt_681e8514d1c939616c3e0951" + "A": "frk_ct_684075c692439e38c753c95d", + "B": "frk_tt_6840780693a81cc2f8071ca9" }, { - "A": "frk_ct_681e8514e2439f12eafde3a2", - "B": "frk_tt_681e8514498999a1f315a415" + "A": "frk_ct_684071e280c4e0f777b957f7", + "B": "frk_tt_6840791cac0a7b780dbaf932" }, { - "A": "frk_ct_681e85145a1d98ea616c4416", - "B": "frk_tt_681e8514807768436251ddb1" + "A": "frk_ct_6840738800f98fa3c0f3a3ae", + "B": "frk_tt_68407a05d2b9cc29a0c57b12" }, { - "A": "frk_ct_681e851476e511b965e59e0f", - "B": "frk_tt_681e8514c263729c554d7a7e" + "A": "frk_ct_68407406644c56d42eac3295", + "B": "frk_tt_68407a881a0cffa5d779fa46" }, { - "A": "frk_ct_681e85142c97b81474dc630c", - "B": "frk_tt_681e8514d7af582ead600966" + "A": "frk_ct_68407c9513000617776104c7", + "B": "frk_tt_68403fe29097e661ba06a035" }, { - "A": "frk_ct_681e8514bc4bb3ff18c84494", - "B": "frk_tt_681e8514cae7734e136f689c" + "A": "frk_ct_683f4457b14856e700c8c25b", + "B": "frk_tt_684069a3a0dd8322b2ac3f03" }, { - "A": "frk_ct_681e85144bc39c5a684c95e0", - "B": "frk_tt_681e8514048b68c1ba899bdd" + "A": "frk_ct_683f44c8074680be528353c1", + "B": "frk_tt_684069f039a8802920361d55" }, { - "A": "frk_ct_681e8514a373bb4d6ffdd8bd", - "B": "frk_tt_681e8514479897345cc0ba4c" + "A": "frk_ct_683f45c5058c486f3fa5b7bc", + "B": "frk_tt_68406a514e90bb6e32e0b107" }, { - "A": "frk_ct_681e8514799c91072234149a", - "B": "frk_tt_681e85140fbc89846e51815c" + "A": "frk_ct_683f47cc2faa426603d6bee8", + "B": "frk_tt_68406b4f40c87c12ae0479ce" }, { - "A": "frk_ct_681e8514c3d2d7dbdf65c35c", - "B": "frk_tt_681e85149d8cd93986494190" + "A": "frk_ct_683f484fc7b5506ab97c26af", + "B": "frk_tt_68406bae3b18802df42e4965" }, { - "A": "frk_ct_681e8514f0cedff5d5c6d6fe", - "B": "frk_tt_681e8514f1aa978fa0df1bcd" + "A": "frk_ct_683f4ae4acbd63d0e558a6f5", + "B": "frk_tt_68406cd9dde2d8cd4c463fe0" }, { - "A": "frk_ct_681e8514f4f781c28a94d38d", - "B": "frk_tt_681e8514a9ab8c08054f6657" + "A": "frk_ct_683f4cf6afd7a19be2d4432c", + "B": "frk_tt_68406df8fe190156f79afc5f" }, { - "A": "frk_ct_681e85148a9aa81d180fbcb7", - "B": "frk_tt_681e85143332324f91416be7" + "A": "frk_ct_683f4d7360a876b972aba39a", + "B": "frk_tt_68406e353df3bc002994acef" }, { - "A": "frk_ct_681e851422534191fa248b63", - "B": "frk_tt_681e851456a5d73e6ba55a0a" + "A": "frk_ct_683f50aae46f5e4e096e6bb3", + "B": "frk_tt_68406eedf0f0ddd220ea19c2" }, { - "A": "frk_ct_681e851469d12bf0ee92a7d3", - "B": "frk_tt_681e8514196ef04c487a619c" + "A": "frk_ct_68406fc94e08f884cc085ded", + "B": "frk_tt_68406f411fe27e47a0d6d5f3" }, { - "A": "frk_ct_681e8514abc48665a93d48f2", - "B": "frk_tt_681e8514a931d9d0ce6a4168" + "A": "frk_ct_68407122565b1968676d93db", + "B": "frk_tt_6840780693a81cc2f8071ca9" }, { - "A": "frk_ct_681e85144d8b8603133c0716", - "B": "frk_tt_681e851467074fc0123938fb" + "A": "frk_ct_684072e06f4a49ee669076cc", + "B": "frk_tt_6840796f77d8a0dff53f947a" }, { - "A": "frk_ct_681e85140a71eafd9d02b25c", - "B": "frk_tt_681e85149022de8376a6d103" + "A": "frk_ct_6840731ae0b857152b35ca8f", + "B": "frk_tt_684079ba137c4e7727ae8859" }, { - "A": "frk_ct_681e8514f36c111cd881ae0e", - "B": "frk_tt_681e85141b853e39a571bfd1" + "A": "frk_ct_684073ba24475a83ba048022", + "B": "frk_tt_68407a449efc782c44549c91" }, { - "A": "frk_ct_681e85145ecc47d27590ec9c", - "B": "frk_tt_681e8514c64ee74e19ebf5e4" + "A": "frk_ct_68407429371f33886d8ab80d", + "B": "frk_tt_68407ae5274a64092c305104" }, { - "A": "frk_ct_681e8514e701e9552fd8d47b", - "B": "frk_tt_681e8514ca48b77ef7fc7d83" + "A": "frk_ct_683f3ecd42e62fde624c59c1", + "B": "frk_tt_6840672484e8bf8f9cf8f2fe" }, { - "A": "frk_ct_681e85147213fe34d0f8610c", - "B": "frk_tt_681e851476a3ebe8aa77b2d5" - }, - { - "A": "frk_ct_681e85147ea2be07c072b766", - "B": "frk_tt_681e851485f28df39db0cf99" - }, - { - "A": "frk_ct_681e8514580b64dea8512c50", - "B": "frk_tt_681e8514cf759d2af506ba5a" - }, - { - "A": "frk_ct_681e85142e0ecc2db0148239", - "B": "frk_tt_681e8514f2a015c698b3d458" - }, - { - "A": "frk_ct_681e8514b92fc9083b53e382", - "B": "frk_tt_681e85145177e1b436e5e678" - }, - { - "A": "frk_ct_681e85144bc39c5a684c95e0", - "B": "frk_tt_681e85141b853e39a571bfd1" - }, - { - "A": "frk_ct_681e85144bc39c5a684c95e0", - "B": "frk_tt_681e85140fbc89846e51815c" - }, - { - "A": "frk_ct_6825756149eb59b2b58fa856", - "B": "frk_tt_68259b74534fbfee74689262" - }, - { - "A": "frk_ct_6825762fad109b79022e8b41", - "B": "frk_tt_68259b80789a2e3db2e53abf" - }, - { - "A": "frk_ct_6825768e443b998bb7d8aa66", - "B": "frk_tt_68259b8e24d87df277d47344" - }, - { - "A": "frk_ct_6825768ee413fe50e00d4965", - "B": "frk_tt_68259baca7a9cfffe11835f4" - }, - { - "A": "frk_ct_6825768e84effc0e1b08dc17", - "B": "frk_tt_6825a2f990a2bc3e3b96e116" - }, - { - "A": "frk_ct_6825768ee6fd1e6272a9946e", - "B": "frk_tt_6825a30c4082d5fa13f2d51f" - }, - { - "A": "frk_ct_682578588017390bf8d08c95", - "B": "frk_tt_6825a32fc2118282f9ea7a92" - }, - { - "A": "frk_ct_6825785885a5e65dd48a940d", - "B": "frk_tt_6825a33e64a58b0ad1a99cf5" - }, - { - "A": "frk_ct_68257895edfaca1cae34a7c2", - "B": "frk_tt_6825a34e51503f05847ec2bb" - }, - { - "A": "frk_ct_682578959c5e0c6a1e92728d", - "B": "frk_tt_6825a3622983c9c134ddac9e" - }, - { - "A": "frk_ct_682578c1a2732658c259c33d", - "B": "frk_tt_6825a37262f35b049b21eb91" - }, - { - "A": "frk_ct_682578c13517578300ab86c6", - "B": "frk_tt_6825a381ccf90148f9216830" - }, - { - "A": "frk_ct_6825790ac77f9110f7f7bda3", - "B": "frk_tt_6825a3b038b48f58938303fe" - }, - { - "A": "frk_ct_6825790ab98dc177efb6cb3d", - "B": "frk_tt_6825a3be25da491ba7f20837" - }, - { - "A": "frk_ct_6825790aa95036379a57f580", - "B": "frk_tt_6825a3d0707be41e0aacf7e9" - }, - { - "A": "frk_ct_6825790a77268ca155ee76c7", - "B": "frk_tt_6825a3e0d1fb49af731ef234" - }, - { - "A": "frk_ct_68257a1bb4433e0a9a268b30", - "B": "frk_tt_6825a3f1c8954bab19bd69f7" - }, - { - "A": "frk_ct_68257a1ba4e5ef9da219c322", - "B": "frk_tt_6825a4081918b88502cd53b7" - }, - { - "A": "frk_ct_68257a1bbbb14da3e91c6f7d", - "B": "frk_tt_6825a417eeaaeb09f90a8834" - }, - { - "A": "frk_ct_68257a1cbbb440415393e176", - "B": "frk_tt_6825a42d75f4aed8bf7c734d" - }, - { - "A": "frk_ct_68257a1c39f66a3ad98b6478", - "B": "frk_tt_6825a44f0d157113db678c81" - }, - { - "A": "frk_ct_68257a1cb27eeefba4e726f1", - "B": "frk_tt_6825a45f3167dc6bd84b59b8" - }, - { - "A": "frk_ct_68257a1c6f95e597e8de389d", - "B": "frk_tt_6825a472fb2b4aa84664a5f7" - }, - { - "A": "frk_ct_68257a1c1dc57ad73c143841", - "B": "frk_tt_6825a484226862c4edaa475c" - }, - { - "A": "frk_ct_68257a1c480068bdb0e616e7", - "B": "frk_tt_6825a4980736d070c655d4d5" - }, - { - "A": "frk_ct_68257a1d3fb5e8d0604dfbb4", - "B": "frk_tt_6825a4a84fcec21fb2476842" - }, - { - "A": "frk_ct_68257a1d57962f8da93b415f", - "B": "frk_tt_6825a4bbf183fc47fc05ebcc" - }, - { - "A": "frk_ct_68257a1db9ff4c891fa87264", - "B": "frk_tt_6825a4ceb8a0aaba82205824" - }, - { - "A": "frk_ct_68257a91ec53ef3d17957782", - "B": "frk_tt_6825a4e318e3a8ff90cab144" - }, - { - "A": "frk_ct_68257a912373223d5eb6da0f", - "B": "frk_tt_6825a4f70069723b83789d2b" - }, - { - "A": "frk_ct_68257a921c9496ee45a290e5", - "B": "frk_tt_6825a5692d628e27d5a550ec" - }, - { - "A": "frk_ct_68257a928f88817150a5f53d", - "B": "frk_tt_6825a579280cfed6caee39c2" - }, - { - "A": "frk_ct_68257a92901f419b109e5ce6", - "B": "frk_tt_6825a5898fccd361bcf0741e" - }, - { - "A": "frk_ct_68257a92c75b0c04afc66fc1", - "B": "frk_tt_6825a59694c520ccb4982909" - }, - { - "A": "frk_ct_68257a92051ac16b6f2206e4", - "B": "frk_tt_6825a5b3aa8d8bcdc24bca39" - }, - { - "A": "frk_ct_68257a9220efb5df901a3929", - "B": "frk_tt_6825a5c49645fecc94498b24" - }, - { - "A": "frk_ct_68257b4042dbb83b90c1d7b4", - "B": "frk_tt_6825a5d871291aca8800df9d" - }, - { - "A": "frk_ct_68257b4096e29810708e8f47", - "B": "frk_tt_6825a5eff52854e030459810" - }, - { - "A": "frk_ct_68257b40873b0900545905b2", - "B": "frk_tt_6825a60719c56d22937b938b" - }, - { - "A": "frk_ct_68257b416a92884774d39139", - "B": "frk_tt_6825a614d82335e90afc6bd9" - }, - { - "A": "frk_ct_68257b41bffad919f3ac218a", - "B": "frk_tt_6825a6336a04a18a84b9c350" - }, - { - "A": "frk_ct_68257b414291d08ae512724d", - "B": "frk_tt_6825a641fdf43ebc8f23f879" - }, - { - "A": "frk_ct_68257b41f0a2fbb9d620aa64", - "B": "frk_tt_6825a64fe4d9716d9afa93b5" - }, - { - "A": "frk_ct_68257b4155976970e8c51279", - "B": "frk_tt_6825a65d5ac875e308d86a68" - }, - { - "A": "frk_ct_68257b4196a28f5afe9cd387", - "B": "frk_tt_6825a66ced55990a1a85ead0" - }, - { - "A": "frk_ct_68257b42ba09c901c6ac1671", - "B": "frk_tt_6825a67de8e27262c84c1d72" - }, - { - "A": "frk_ct_68257b42917c238c02fba2f6", - "B": "frk_tt_6825a68e7c9681d83f689e12" - }, - { - "A": "frk_ct_68257b42723da9e329282499", - "B": "frk_tt_6825a6aa0ce543e8d938239b" - }, - { - "A": "frk_ct_68257b42ac201a974487d069", - "B": "frk_tt_6825a6cb8e3442ae37dc1ab6" - }, - { - "A": "frk_ct_68257b4289478514ffb16b82", - "B": "frk_tt_6825a6d892202b9d1dbb7cbd" - }, - { - "A": "frk_ct_68257b79f55f03b23a05d978", - "B": "frk_tt_6825a6fa9cec386b8bbbb76f" - }, - { - "A": "frk_ct_68257b7999c5acaee8d923bd", - "B": "frk_tt_6825a7164431946c19f43114" - }, - { - "A": "frk_ct_68257b79b9b4d6e65b0e79f0", - "B": "frk_tt_6825a76518f0fbf4e3844bff" - }, - { - "A": "frk_ct_68257b79a261d4cc28a016c4", - "B": "frk_tt_6825a7740ac4e1c13d7dc080" - }, - { - "A": "frk_ct_68257c823279785197bfa39c", - "B": "frk_tt_6825a781477d7861f9edc038" - }, - { - "A": "frk_ct_68257c83bc2103d487f9cb07", - "B": "frk_tt_6825a794eef9643387890f35" - }, - { - "A": "frk_ct_68257c832d300691420aa693", - "B": "frk_tt_6825a7a6e06101f458060d52" - }, - { - "A": "frk_ct_68257c8391427752506791b8", - "B": "frk_tt_6825a7bd96163185eee070b5" - }, - { - "A": "frk_ct_68257c832c83f97420cb2397", - "B": "frk_tt_6825a7cec19d730962dc0260" - }, - { - "A": "frk_ct_68257c83ce6c664bb55a5eaa", - "B": "frk_tt_6825a7e17f16562b90d38b4b" - }, - { - "A": "frk_ct_68257c83575a9e4cd0609e57", - "B": "frk_tt_6825a7fe800c9eae973b67d9" - }, - { - "A": "frk_ct_68257c84b9312c2a755e9856", - "B": "frk_tt_6825a80ca27c555bced9de21" - }, - { - "A": "frk_ct_68257c843eb14ca0fd67c607", - "B": "frk_tt_6825a82186c5cd9ee055d4e6" - }, - { - "A": "frk_ct_68257c84c5f7dde7ca228077", - "B": "frk_tt_6825a82d6f64b0c8f3a03644" - }, - { - "A": "frk_ct_68257c84882e85fdec96c586", - "B": "frk_tt_6825a83af8be7e7ce785c2d6" - }, - { - "A": "frk_ct_68257c846d813b307758bbde", - "B": "frk_tt_6825a84aae33ff9bb18cb6f8" - }, - { - "A": "frk_ct_68257c84ddf1e2b8f0d8e748", - "B": "frk_tt_6825a857f5382677b6f7e514" - }, - { - "A": "frk_ct_68257c854a920c4f48efaec1", - "B": "frk_tt_6825a864377e06a7880ac368" - }, - { - "A": "frk_ct_68257c85630ac98cafc8ffe7", - "B": "frk_tt_6825a8730065637a784689be" - }, - { - "A": "frk_ct_68257c85254d22991b9359ad", - "B": "frk_tt_6825a882a170a86880b1c9cb" - }, - { - "A": "frk_ct_68257c8579b8506457ba5792", - "B": "frk_tt_6825a88fda9c1a6285a10dcf" - }, - { - "A": "frk_ct_68257c85e28246dc477a2f9d", - "B": "frk_tt_6825a89c4de529327c536f96" - }, - { - "A": "frk_ct_68257c8522174d14596e4f02", - "B": "frk_tt_6825a8a98515f934ac31d76d" - }, - { - "A": "frk_ct_68257c85125fbb0cd22580df", - "B": "frk_tt_6825a8bf9d584986e557df30" - }, - { - "A": "frk_ct_68257d3deaa6d3b47bdf4581", - "B": "frk_tt_6825a8cc2438f55dd3f2a3bf" - }, - { - "A": "frk_ct_68257d3e78de01a147544960", - "B": "frk_tt_6825a8f65e867a536f4ae094" - }, - { - "A": "frk_ct_68257d3eac14828df9620637", - "B": "frk_tt_6825a8e85e216004a70edd05" - }, - { - "A": "frk_ct_68257d3e66e2445f216f0622", - "B": "frk_tt_6825a9456a4d64fc4219ab67" - }, - { - "A": "frk_ct_68257d3d1cf492b6b94c23c0", - "B": "frk_tt_6825a8d93a85c4562c411f03" - }, - { - "A": "frk_ct_68257d3ed093e55a2dd23b78", - "B": "frk_tt_6825a9123e200270616530e7" - }, - { - "A": "frk_ct_68257d3e450af8736b49e858", - "B": "frk_tt_6825a932cbae556a003b4826" - }, - { - "A": "frk_ct_68257d3ea6662c7087f59ad0", - "B": "frk_tt_6825a920a187c4d3227df2fc" - }, - { - "A": "frk_ct_68257d3ffa46ae099f302d7c", - "B": "frk_tt_6825a957a4f9edc3f612aa7e" - }, - { - "A": "frk_ct_68257d3fdc7108cc189ba8b9", - "B": "frk_tt_6825a9a18305ba445c68b3dc" - }, - { - "A": "frk_ct_68257d3f9c52019e6454d2f7", - "B": "frk_tt_6825a9651f44eb570ff40d83" - }, - { - "A": "frk_ct_68257d3f826abe8ce6f97aa9", - "B": "frk_tt_6825a991bf6c915a22de2043" - }, - { - "A": "frk_ct_68257d3f503d4f4ff6104c0d", - "B": "frk_tt_6825a977b4c7092933439624" - }, - { - "A": "frk_ct_68257d3fc71567322c285ed9", - "B": "frk_tt_6825a9b305ab7a8ac3d98128" - }, - { - "A": "frk_ct_68257d3fcdb52d79e5eae03c", - "B": "frk_tt_6825a98464e17ef26b4a7fac" - }, - { - "A": "frk_ct_68257d40cc4edb6308b9e6e6", - "B": "frk_tt_6825a9c1f2a1974c4478ae35" - }, - { - "A": "frk_ct_68257d40d8112e98abab1d21", - "B": "frk_tt_6825a9dc5ef6496a16ab1c51" - }, - { - "A": "frk_ct_68257d40fcac4d36fddb6e7a", - "B": "frk_tt_6825a9cf8e50a9f35f6d3d7d" - }, - { - "A": "frk_ct_6826d559729899533d6448ad", - "B": "frk_tt_683378414cb0b89faac9b317" - }, - { - "A": "frk_ct_683f318e767647a9309edbe9", - "B": "frk_tt_683f31e48e93acfc25a7f070" + "A": "frk_ct_683f4036b541126388e2989a", + "B": "frk_tt_6840681b6dfa62a119d6dca3" } ] \ No newline at end of file From 3b4f7b536483c4b22601206704d548654df3e281 Mon Sep 17 00:00:00 2001 From: Claudio Fuentes Date: Thu, 5 Jun 2025 11:19:00 -0400 Subject: [PATCH 3/6] chore: update FrameworkEditorFramework model to set default visibility to false - Added a new migration to alter the "visible" column in the FrameworkEditorFramework table to have a default value of false. - Updated the Prisma schema to reflect the change in default visibility for the "visible" field. - Modified seed schemas to make the "visible" field optional, aligning with the new default behavior. - Changed the seeding logic to use upsert for better handling of existing records. --- .../migration.sql | 2 ++ packages/db/prisma/schema/framework-editor.prisma | 2 +- packages/db/prisma/seed/frameworkEditorSchemas.js | 1 + packages/db/prisma/seed/frameworkEditorSchemas.ts | 1 + packages/db/prisma/seed/seed.ts | 12 ++++++++---- 5 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 packages/db/prisma/migrations/20250605151521_make_framework_visibility_false/migration.sql diff --git a/packages/db/prisma/migrations/20250605151521_make_framework_visibility_false/migration.sql b/packages/db/prisma/migrations/20250605151521_make_framework_visibility_false/migration.sql new file mode 100644 index 0000000000..7dd34ae525 --- /dev/null +++ b/packages/db/prisma/migrations/20250605151521_make_framework_visibility_false/migration.sql @@ -0,0 +1,2 @@ +-- AlterTable +ALTER TABLE "FrameworkEditorFramework" ALTER COLUMN "visible" SET DEFAULT false; diff --git a/packages/db/prisma/schema/framework-editor.prisma b/packages/db/prisma/schema/framework-editor.prisma index 80623de8ac..250691531c 100644 --- a/packages/db/prisma/schema/framework-editor.prisma +++ b/packages/db/prisma/schema/framework-editor.prisma @@ -16,7 +16,7 @@ model FrameworkEditorFramework { name String // e.g., "soc2", "iso27001" version String description String - visible Boolean @default(true) + visible Boolean @default(false) requirements FrameworkEditorRequirement[] frameworkInstances FrameworkInstance[] diff --git a/packages/db/prisma/seed/frameworkEditorSchemas.js b/packages/db/prisma/seed/frameworkEditorSchemas.js index 1ce41edcab..8ce9339e17 100644 --- a/packages/db/prisma/seed/frameworkEditorSchemas.js +++ b/packages/db/prisma/seed/frameworkEditorSchemas.js @@ -25,6 +25,7 @@ exports.FrameworkEditorFrameworkSchema = zod_1.z.object({ name: zod_1.z.string(), version: zod_1.z.string(), description: zod_1.z.string(), + visible: zod_1.z.boolean().optional(), // @default(true) // requirements: FrameworkEditorRequirement[] - relational, omitted // frameworkInstances: FrameworkInstance[] - relational, omitted createdAt: zod_1.z.preprocess(datePreprocess, zod_1.z.string().datetime({ message: "Invalid datetime string for createdAt. Expected ISO 8601 format." })).optional(), // @default(now()) diff --git a/packages/db/prisma/seed/frameworkEditorSchemas.ts b/packages/db/prisma/seed/frameworkEditorSchemas.ts index 08fedc7b34..4c452a3dd8 100644 --- a/packages/db/prisma/seed/frameworkEditorSchemas.ts +++ b/packages/db/prisma/seed/frameworkEditorSchemas.ts @@ -26,6 +26,7 @@ export const FrameworkEditorFrameworkSchema = z.object({ name: z.string(), version: z.string(), description: z.string(), + visible: z.boolean().optional(), // @default(true) // requirements: FrameworkEditorRequirement[] - relational, omitted // frameworkInstances: FrameworkInstance[] - relational, omitted createdAt: z.preprocess(datePreprocess, z.string().datetime({ message: "Invalid datetime string for createdAt. Expected ISO 8601 format." })).optional(), // @default(now()) diff --git a/packages/db/prisma/seed/seed.ts b/packages/db/prisma/seed/seed.ts index 2da4098e90..314308e19b 100644 --- a/packages/db/prisma/seed/seed.ts +++ b/packages/db/prisma/seed/seed.ts @@ -91,10 +91,14 @@ async function seedJsonFiles(subDirectory: string) { `Seeding ${processedData.length} records from ${jsonFile} into ${prismaModelKey}...`, ); - await prismaAny[prismaModelKey].createMany({ - data: processedData, - skipDuplicates: true, - }); + // Use upsert to update existing records instead of skipping them + for (const record of processedData) { + await prismaAny[prismaModelKey].upsert({ + where: { id: record.id }, + create: record, + update: record, + }); + } console.log(`Finished seeding ${jsonFile} from primitives.`); } else if (subDirectory === "relations") { From 88a8b71dd2d84bf49175f6ecbcc3454d7271f2e4 Mon Sep 17 00:00:00 2001 From: claudio Date: Thu, 5 Jun 2025 11:19:22 -0400 Subject: [PATCH 4/6] fix: enable organization search --- apps/app/src/components/organization-switcher.tsx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/apps/app/src/components/organization-switcher.tsx b/apps/app/src/components/organization-switcher.tsx index 85e8e94bd8..7221e076f7 100644 --- a/apps/app/src/components/organization-switcher.tsx +++ b/apps/app/src/components/organization-switcher.tsx @@ -252,13 +252,13 @@ export function OrganizationSwitcher({ {t("common.table.no_results")} - {organizations.map((org) => ( - { - if ( - org.id !== + {organizations.map((org) => ( + { + if ( + org.id !== currentOrganization?.id ) { handleOrgChange(org); From 319747381a73725dc22b07c3e7d63783cce1e5fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Jun 2025 15:21:31 +0000 Subject: [PATCH 5/6] chore(deps): bump @tiptap/extension-bold from 2.11.5 to 2.13.0 Bumps [@tiptap/extension-bold](https://github.com/ueberdosis/tiptap/tree/HEAD/packages/extension-bold) from 2.11.5 to 2.13.0. - [Release notes](https://github.com/ueberdosis/tiptap/releases) - [Changelog](https://github.com/ueberdosis/tiptap/blob/next/packages/extension-bold/CHANGELOG.md) - [Commits](https://github.com/ueberdosis/tiptap/commits/HEAD/packages/extension-bold) --- updated-dependencies: - dependency-name: "@tiptap/extension-bold" dependency-version: 2.13.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- packages/ui/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ui/package.json b/packages/ui/package.json index 2d0138d178..a8c20a5e10 100644 --- a/packages/ui/package.json +++ b/packages/ui/package.json @@ -124,7 +124,7 @@ "@radix-ui/react-tooltip": "^1.1.3", "@radix-ui/react-use-is-hydrated": "^0.1.0", "@tailwindcss/typography": "^0.5.16", - "@tiptap/extension-bold": "2.11.5", + "@tiptap/extension-bold": "2.13.0", "@tiptap/extension-link": "^2.9.1", "@tiptap/extension-placeholder": "^2.9.1", "@tiptap/extension-underline": "^2.9.1", From 7bd520a2eff81d75c33ee7a2b01f6274a662fd24 Mon Sep 17 00:00:00 2001 From: Claudio Fuentes Date: Thu, 5 Jun 2025 11:24:26 -0400 Subject: [PATCH 6/6] chore(deps): update @tiptap/extension-bold to version 2.13.0 in lock files --- bun.lock | 4 ++-- yarn.lock | 21 +++++++++++---------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/bun.lock b/bun.lock index 8733bb2336..ee7504e838 100644 --- a/bun.lock +++ b/bun.lock @@ -461,7 +461,7 @@ "@radix-ui/react-tooltip": "^1.1.3", "@radix-ui/react-use-is-hydrated": "^0.1.0", "@tailwindcss/typography": "^0.5.16", - "@tiptap/extension-bold": "2.11.5", + "@tiptap/extension-bold": "2.13.0", "@tiptap/extension-link": "^2.9.1", "@tiptap/extension-placeholder": "^2.9.1", "@tiptap/extension-underline": "^2.9.1", @@ -1686,7 +1686,7 @@ "@tiptap/extension-blockquote": ["@tiptap/extension-blockquote@2.12.0", "", { "peerDependencies": { "@tiptap/core": "^2.7.0" } }, "sha512-XUC2A77YAPMJS2SqZ2S62IGcUH8gZ7cdhoWlYQb1pR4ZzXFByeKDJPxfYeAePSiuI01YGrlzgY2c6Ncx/DtO0A=="], - "@tiptap/extension-bold": ["@tiptap/extension-bold@2.11.5", "", { "peerDependencies": { "@tiptap/core": "^2.7.0" } }, "sha512-OAq03MHEbl7MtYCUzGuwb0VpOPnM0k5ekMbEaRILFU5ZC7cEAQ36XmPIw1dQayrcuE8GZL35BKub2qtRxyC9iA=="], + "@tiptap/extension-bold": ["@tiptap/extension-bold@2.13.0", "", { "peerDependencies": { "@tiptap/core": "^2.7.0" } }, "sha512-q/Kqo1HXas+dUevP/Qice+nbxXue8ZpmYBniw9zt/JHbgwH1b6Rw7lIjLxYerdaPWj305h9ZHxLqmzDOEcQRPw=="], "@tiptap/extension-bubble-menu": ["@tiptap/extension-bubble-menu@2.12.0", "", { "dependencies": { "tippy.js": "^6.3.7" }, "peerDependencies": { "@tiptap/core": "^2.7.0", "@tiptap/pm": "^2.7.0" } }, "sha512-DYijoE0igV0Oi+ZppFsp2UrQsM/4HZtmmpD78BJM9zfCbd1YvAUIxmzmXr8uqU18OHd1uQy+/zvuNoUNYyw67g=="], diff --git a/yarn.lock b/yarn.lock index 855e529d11..e5dd59581f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1746,6 +1746,7 @@ resolved "workspace:packages/db" devDependencies: "@comp/tsconfig" "workspace:*" + devDependencies: typescript "^5.8.3" dependencies: "@prisma/client" "6.9.0" @@ -2017,7 +2018,7 @@ "@radix-ui/react-tooltip" "^1.1.3" "@radix-ui/react-use-is-hydrated" "^0.1.0" "@tailwindcss/typography" "^0.5.16" - "@tiptap/extension-bold" "2.11.5" + "@tiptap/extension-bold" "2.13.0" "@tiptap/extension-link" "^2.9.1" "@tiptap/extension-placeholder" "^2.9.1" "@tiptap/extension-underline" "^2.9.1" @@ -4026,9 +4027,9 @@ integrity sha512-im0X0bwDLA0244CDf8fuvnLuCQcBBdAGgr+ByvGfQY9wWl6EA+kRGwVk8ZIpG65rnlOwtaWIr/ZcEU5pNVvq9g== dependencies: "@prisma/debug" "6.9.0" + "@prisma/engines-version" "6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e" "@prisma/fetch-engine" "6.9.0" "@prisma/get-platform" "6.9.0" - "@prisma/engines-version" "6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e" "@prisma/engines-version@6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e": version "6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e" @@ -4041,8 +4042,8 @@ integrity sha512-PMKhJdl4fOdeE3J3NkcWZ+tf3W6rx3ht/rLU8w4SXFRcLhd5+3VcqY4Kslpdm8osca4ej3gTfB3+cSk5pGxgFg== dependencies: "@prisma/debug" "6.9.0" - "@prisma/get-platform" "6.9.0" "@prisma/engines-version" "6.9.0-10.81e4af48011447c3cc503a190e86995b66d2a28e" + "@prisma/get-platform" "6.9.0" "@prisma/get-platform@6.9.0": version "6.9.0" @@ -6352,16 +6353,16 @@ resolved "https://registry.npmjs.org/@tiptap/extension-blockquote/-/extension-blockquote-2.12.0.tgz" integrity sha512-XUC2A77YAPMJS2SqZ2S62IGcUH8gZ7cdhoWlYQb1pR4ZzXFByeKDJPxfYeAePSiuI01YGrlzgY2c6Ncx/DtO0A== -"@tiptap/extension-bold@2.11.5": - version "2.11.5" - resolved "https://registry.npmjs.org/@tiptap/extension-bold/-/extension-bold-2.11.5.tgz" - integrity sha512-OAq03MHEbl7MtYCUzGuwb0VpOPnM0k5ekMbEaRILFU5ZC7cEAQ36XmPIw1dQayrcuE8GZL35BKub2qtRxyC9iA== - "@tiptap/extension-bold@^2.12.0": version "2.12.0" resolved "https://registry.npmjs.org/@tiptap/extension-bold/-/extension-bold-2.12.0.tgz" integrity sha512-lAUtoLDLRc5ofD2I9MFY6MQ7d1qBLLqS1rvpwaPjOaoQb/GPVnaHj9qXYG0SY9K3erMtto48bMFpAcscjZHzZQ== +"@tiptap/extension-bold@2.13.0": + version "2.13.0" + resolved "https://registry.npmjs.org/@tiptap/extension-bold/-/extension-bold-2.13.0.tgz" + integrity sha512-q/Kqo1HXas+dUevP/Qice+nbxXue8ZpmYBniw9zt/JHbgwH1b6Rw7lIjLxYerdaPWj305h9ZHxLqmzDOEcQRPw== + "@tiptap/extension-bubble-menu@^2.12.0": version "2.12.0" resolved "https://registry.npmjs.org/@tiptap/extension-bubble-menu/-/extension-bubble-menu-2.12.0.tgz" @@ -15238,7 +15239,7 @@ pretty-ms@^9.2.0: dependencies: parse-ms "^4.0.0" -prisma@^6.9.0: +prisma@*, prisma@^6.9.0: version "6.9.0" resolved "https://registry.npmjs.org/prisma/-/prisma-6.9.0.tgz" integrity sha512-resJAwMyZREC/I40LF6FZ6rZTnlrlrYrb63oW37Gq+U+9xHwbyMSPJjKtM7VZf3gTO86t/Oyz+YeSXr3CmAY1Q== @@ -18174,7 +18175,7 @@ typedarray-to-buffer@^3.1.5: dependencies: is-typedarray "^1.0.0" -typescript@*, typescript@>=2.7, typescript@>=4.5.0, typescript@>=4.9.5, typescript@>=5, typescript@>=5.4.5, typescript@>=5.7.2, typescript@^5, typescript@^5.8.2, typescript@^5.8.3: +typescript@*, typescript@>=2.7, typescript@>=4.5.0, typescript@>=4.9.5, typescript@>=5, typescript@>=5.1.0, typescript@>=5.4.5, typescript@>=5.7.2, typescript@^5, typescript@^5.8.2, typescript@^5.8.3: version "5.8.3" resolved "https://registry.npmjs.org/typescript/-/typescript-5.8.3.tgz" integrity sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ==