gbrain: sync converted org-mode brain files

2026-05-23 06:35:21 +00:00
parent 3f38e87f4f
commit 44299599f9
38 changed files with 1248 additions and 856 deletions
--- a/ideas/compliance/iso-27001.org
+++ b/ideas/compliance/iso-27001.org
@@ -0,0 +1,31 @@
+:PROPERTIES:
+:ID:       auto-iso-27001
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: 
+#+filetags: :passepartout:compliance:framework:iso:
+
+
+International standard for information security management systems (ISMS).
+The most widely adopted security certification globally — ~60,000 certified
+organizations. Requires: risk assessment, security controls (Annex A, 93
+controls across 4 domains), continuous improvement (Plan-Do-Check-Act),
+management review, internal audit.
+
+Who must comply: Self-selected — enterprises pursue ISO 27001 certification
+because supply chain partners and regulators require it. Increasingly mandatory
+for: cloud providers, government contractors, critical infrastructure, and
+regulated financial institutions in multiple jurisdictions.
+
+Penalties: No direct fines. Losing certification means losing business.
+
+Why it matters: ISO 27001 is the universal baseline. It is the entry-level
+certification that opens every other regulated market. The gate stack maps
+to Annex A controls directly (A.9 access control, A.12 operations security,
+A.16 incident management, A.18 compliance). First-mover advantage: the ISO
+27001 audit market is mature ($68B) and entirely manual (auditors flip through
+binders). A gate stack that produces audit evidence automatically is not
+competing with other software — it is competing with binders.
+
+** ISO 27701 (Privacy Information Management — PIMS extension to ISO 27001)
+