Add missing _index.org files for 7 sections: stages, ai-agents-scoping, compliance, impact, social-protocol, verification, resources — rebuild clean after file reorganization

2026-06-03 21:50:01 +00:00
parent ac99eed182
commit 9b795df14e
79 changed files with 156 additions and 77 deletions
--- a/projects/passepartout/strategy/compliance/dora.org
+++ b/projects/passepartout/strategy/compliance/dora.org
@@ -1,30 +0,0 @@
-:PROPERTIES:
-:ID:       717ef2df-2a80-4362-b23a-5e7e12554251
-:ID:       auto-dora
-:CREATED:  [2026-05-23 Sat]
-:END:
-#+title: DORA (Digital Operational Resilience Act)
-#+filetags: :passepartout:compliance:framework:dora:
-
-** DORA (Digital Operational Resilience Act)
-
-EU regulation (effective January 2025) for the financial sector. Requires:
-ICT risk management, incident reporting, digital operational resilience testing,
-ICT third-party risk management (including contractual access and audit rights
-for critical ICT providers), information sharing, threat-led penetration testing
-(TLPT) for systemic institutions.
-
-Who must comply: 22,000+ financial entities in the EU (banks, investment firms,
-payment processors, crypto-asset providers, insurance companies). Also ICT
-third-party providers deemed critical.
-
-Penalties: Up to 2% of average daily turnover × number of days breached, or
-10M EUR for legal entities. Personal liability for management.
-
-Why it matters: DORA's third-party risk management requirement is a natural gate
-stack use case — every ICT provider access must be gated, logged, and auditable.
-TLPT (threat-led penetration testing) maps to the [[id:45258a2d-1675-562c-9024-5d1eb2f1ea56][evaluation harness]]. First-mover
-advantage is extremely time-sensitive: DORA is already in effect (January 2025).
-Financial institutions are scrambling for compliance tooling. A DORA gate package
-at $50K/yr with zero incremental cost per additional user is an immediate sale.
-