README.md

April 9, 2026 ยท View on GitHub

Hack23 Logo

๐Ÿ” Hack23 AB โ€” Information Security Management System

Security Excellence Through Transparency
Enterprise-grade ISMS for Innovation-driven Security Consulting

Owner Version Effective Date Review Cycle

Document Owner: CEO | Version: 3.2 | Last Updated: 2026-01-25 (UTC)
๐Ÿ”„ Review Cycle: Quarterly | โฐ Next Review: 2026-04-25

Link Validation Documentation Validation CI


๐Ÿ† Phase 1 Foundation Excellence โ€” COMPLETE (November 2025)

Hack23 AB has achieved enterprise-grade security maturity through systematic implementation of ISO 27001:2022, NIST CSF 2.0, and CIS Controls v8.1. Our radical transparency approach โ€” publishing 70% of our ISMS publicly โ€” demonstrates that security through robust processes creates competitive advantages, not vulnerabilities.

Security Posture Summary

AchievementTargetActualStatus
OpenSSF Scorecard>8.5See live badges: CIA BT CM EP EPM RM๐ŸŸก Solid foundation for Phase 2 >9.0
Critical Vulnerabilities00โœ… Zero outstanding (Q4 2025)
Compliance Coverage95%100%โœ… ISO 27001, NIST CSF, CIS Controls
ISMS Documentation100%43/43 policiesโœ… 70% public transparency
System Availability>99.5%99.8%โœ… Zero critical incidents

Live Security Evidence:

CIA OpenSSF BT OpenSSF CM OpenSSF EP OpenSSF EPM OpenSSF RM OpenSSF

๐Ÿ“Š Real-Time Monitoring: ISMS Metrics Dashboard โ€ข Security Metrics


๐Ÿค Why Radical Transparency?

Hack23 AB's 70% public ISMS (only credentials, account numbers, and financial details redacted) represents a strategic competitive advantage:

๐Ÿ† For Clients:

  • Accelerated Trust: Self-service security validation eliminates lengthy diligence questionnaires
  • Proof of Expertise: Live demonstration of enterprise-grade security implementation
  • Transparency Accountability: Public commitment to security excellence drives continuous improvement

๐Ÿ›๏ธ For Auditors:

  • Audit Efficiency: Pre-packaged evidence is estimated to reduce audit preparation time by up to 60%
  • Framework Alignment: Clear ISO 27001, NIST CSF, CIS Controls mappings with live evidence
  • Continuous Validation: Real-time OpenSSF Scorecard, SonarCloud, FOSSA results

๐Ÿ’ผ Business Impact:

  • Target: compress sales cycles from 6 months โ†’ 3 months
  • Premium pricing justified by demonstrable security maturity
  • Competitive moat: transparency barrier competitors cannot replicate without similar investment

"True security comes from robust processes and continuous improvement, not from hiding our methodologies."
โ€” James Pether Sรถrling, CEO/CISO


๐ŸŽฏ Executive Statement

Welcome to Hack23 AB's comprehensive ISMS documentation. Founded in June 2025 (Organization Number: 559534-7807), Hack23 AB operates as a Swedish cybersecurity consulting company demonstrating radical transparency through our industry-first public ISMS.

๐Ÿข Single-Person Company: Hack23 AB is operated by CEO/Founder James Pether Sรถrling. Our ISMS demonstrates that enterprise-grade security is achievable through innovative compensating controls: temporal separation, automation, external validation, and audit trail preservation.

Note: The hack23.com website was registered in 2008 by the CEO, operating as an independent professional before formally establishing Hack23 AB in June 2025.

As CEO with CISM/CISSP certifications and three decades of experience, I've structured Hack23 AB around a fundamental principle: our Information Security Management System (ISMS) is not separate from our business - it IS our business model. This integration allows us to deliver security consulting services while simultaneously developing products that demonstrate these principles in action.

Our commitment to transparency extends beyond our open-source projects. This ISMS documentation itself serves as a testament to our belief that security through obscurity is a failed strategy. True security comes from robust processes, continuous improvement, and a culture where every decision considers security implications.

โ€” James Pether Sรถrling, CEO/Founder


๐Ÿ›๏ธ Quick Start for Auditors

Conducting ISO 27001, NIST CSF, or CIS Controls audit? Start here:

1. Framework Compliance Evidence

2. Security Architecture & Controls

3. Risk Management & Business Continuity

4. Operational Security

5. Real-Time Security Metrics

Audit Efficiency: All evidence pre-linked with real-time validation. Target average audit preparation time: <8 hours, estimated based on pre-packaged evidence and subject to validation through actual audit cycles.


๐Ÿš€ Quick Start for Clients

Evaluating Hack23 AB for cybersecurity consulting? Start here:

๐Ÿ” Core Security Policies

๐Ÿ“Š Risk & Compliance

๐Ÿ›ก๏ธ Operational Security

๐Ÿ—๏ธ Product Security

๐Ÿ“– Documentation Standards


๐ŸŽ–๏ธ Security & Compliance Posture

Security Certifications:

OpenSSF Scorecard CII Best Practices SLSA

Compliance Frameworks (100% Coverage):

ISO 27001 NIST CSF CIS Controls GDPR NIS2 EU CRA


๐Ÿš€ CI/CD Status

Validate Documentation

All ISMS documentation is continuously validated against:

  • โœ… Markdown linting standards
  • ๐Ÿ”— Link integrity checks
  • ๐Ÿ“‹ Document structure requirements
  • ๐Ÿ”’ Security and sensitive data scanning
  • ๐ŸŽจ STYLE_GUIDE.md v2.1 compliance (with documented exemptions for 12 legacy files)

๐Ÿค– GitHub Copilot Integration

AI-Powered ISMS Development: Hack23 AB leverages GitHub Copilot with 8 specialized custom agents and a comprehensive skills library for intelligent, security-by-design automation.

๐ŸŽฏ Custom Agents

We've developed 8 domain-expert agents that understand Hack23's ISMS framework and execute with minimal clarification:

AgentDomainKey Capabilities
๐Ÿ” security-documentation-specialistISMS DocumentationISO 27001 policies, security procedures, execution-first approach
๐Ÿ“‹ compliance-reviewerRegulatory ComplianceISO 27001, GDPR, NIS2 gap analysis, audit readiness
โš ๏ธ risk-assessment-specialistRisk ManagementISO 27005, NIST RMF, STRIDE threat modeling
๐Ÿ“ˆ business-development-specialistBusiness GrowthSales strategy, partnerships, market analysis
๐Ÿ“ข marketing-specialistMarketing StrategyDigital marketing, content strategy, brand positioning
๐ŸŒ political-analyst-intelligence-specialistIntelligence AnalysisOSINT, strategic communications, transparency platforms
๐ŸŽจ ui-enhancement-specialistUI/UX DevelopmentFrontend development, accessibility, responsive design
๐Ÿ“ฆ product-task-agentProduct QualityGitHub automation, AWS/Playwright integration, quality orchestration

๐Ÿ“– Full Agent Documentation โ†’

๐ŸŽ“ Skills Library

65+ enforceable rules across 5 strategic skills that guide all agent behavior:

SkillRulesCoverage
๐Ÿ” security-by-designR1-R13Security requirements, threat modeling, SAST/SCA/DAST, secure deployment
๐Ÿ“‹ isms-complianceR1-R10Policy awareness, classification, evidence generation, Risk Register integration
๐Ÿ—๏ธ architecture-documentationR1-R7C4 models, security architecture, 14-document portfolio requirement
๐Ÿ”„ devsecops-workflowR1-R20CI/CD security gates, pre-commit hooks, container scanning, monitoring
๐Ÿงช testing-strategyR1-R12Test pyramid, โ‰ฅ80% coverage, public evidence, WCAG 2.1 compliance

๐Ÿ” Skills Quick Reference โ†’ | ๐Ÿ“š Skills Library Overview โ†’

๐Ÿ’ก Key Features

  • Execution-First Approach: 80% reduction in clarifying questions through intelligent pattern recognition
  • Rule-Based Enforcement: Explicit, auditable rules ensure ISO 27001/NIST/CIS alignment
  • Skills-Based Architecture: Strategic rules separated from tactical agent implementation
  • Pattern Recognition: Agents learn from 3-5 similar files to infer structure and style automatically
  • Evidence Generation: All changes linked to ISMS policies and compliance frameworks

๐Ÿš€ Complete Implementation Summary โ†’


๐Ÿข About Hack23 AB

Hack23 AB is a Swedish innovation hub founded in 2025, specializing in creating immersive and precise game experiences alongside expert cybersecurity consulting. With a commitment to realism and authenticity, our flagship project, Black Trigram, combines traditional Korean martial arts with educational gameplay, while our information security services leverage advanced open-source tools and methodologies to protect digital integrity, confidentiality, and availability. At Hack23 AB, we're driven by a passion for precision, creativity, and uncompromising security.


๐Ÿ“Š Visual Guides & Diagrams

Hack23 ISMS includes comprehensive Mermaid diagrams for improved understanding and navigation:


๐Ÿ“Š ISMS Document Hierarchy

Hack23 AB's ISMS follows a structured hierarchy from strategic vision to operational templates, demonstrating enterprise-grade governance and systematic security management.

flowchart TD
    subgraph STRATEGIC["๐ŸŽฏ Strategic Level"]
        STRATEGY[Information Security Strategy<br/>3-year roadmap and vision]
        POLICY_ROOT[Information Security Policy<br/>Governance framework]
        CLASSIFICATION[Classification Framework<br/>CIA impact methodology]
    end
    
    subgraph GOVERNANCE["๐Ÿ“‹ Governance Policies"]
        RISK[Risk Register<br/>Risk identification & treatment]
        COMPLIANCE[Compliance Checklist<br/>Multi-framework alignment]
        METRICS[Security Metrics<br/>KPI measurement & reporting]
        TRANSPARENCY[ISMS Transparency Plan<br/>Public disclosure strategy]
    end
    
    subgraph OPERATIONAL["โš™๏ธ Operational Policies"]
        ACCESS[Access Control Policy<br/>IAM & authentication]
        CHANGE[Change Management<br/>Change control procedures]
        INCIDENT[Incident Response Plan<br/>Security incident handling]
        BCP[Business Continuity Plan<br/>Operational resilience]
        DRP[Disaster Recovery Plan<br/>Technical recovery]
        THIRD_PARTY[Third Party Management<br/>Vendor risk management]
    end
    
    subgraph TECHNICAL["๐Ÿ› ๏ธ Technical Policies"]
        SECURE_DEV[Secure Development Policy<br/>SDLC security requirements]
        CRYPTO[Cryptography Policy<br/>Encryption standards]
        NETWORK[Network Security Policy<br/>Network controls & segmentation]
        VULN[Vulnerability Management<br/>Security testing & patching]
        BACKUP[Backup & Recovery Policy<br/>Data protection procedures]
        DATA[Data Classification Policy<br/>Information handling]
    end
    
    subgraph SUPPORT["๐Ÿ“– Supporting Documents"]
        STYLE[Style Guide<br/>Documentation standards]
        QA[ISMS QA Checklist<br/>Quality assurance]
        TEMPLATES[Templates<br/>Policy & procedure templates]
        ASSET[Asset Register<br/>IT asset inventory]
    end
    
    STRATEGY --> POLICY_ROOT
    POLICY_ROOT --> GOVERNANCE
    POLICY_ROOT --> OPERATIONAL
    POLICY_ROOT --> TECHNICAL
    GOVERNANCE --> SUPPORT
    
    style STRATEGIC fill:#1565C0,color:#fff
    style GOVERNANCE fill:#4CAF50,color:#fff
    style OPERATIONAL fill:#FF9800,color:#fff
    style TECHNICAL fill:#D32F2F,color:#fff
    style SUPPORT fill:#7B1FA2,color:#fff

Key Takeaways:

  • ๐ŸŽฏ Strategic Level: Defines overarching security vision, governance framework, and impact classification methodology
  • ๐Ÿ“‹ Governance: Establishes risk management, compliance tracking, metrics, and transparency commitments
  • โš™๏ธ Operational: Implements day-to-day security operations including access control, incident response, and business continuity
  • ๐Ÿ› ๏ธ Technical: Specifies technical security controls for development, cryptography, network, vulnerability, and data protection
  • ๐Ÿ“– Support: Provides quality assurance, documentation standards, templates, and asset tracking

Related Documents:


๐Ÿ“Š ISMS Health Dashboard

๐Ÿ“ˆ View Live ISMS Metrics Dashboard - Real-time policy health monitoring with automated review tracking

Our ISMS Metrics Dashboard provides instant visibility into:

  • ๐Ÿšฆ Review Status: Overdue, due soon, and current policy reviews
  • ๐Ÿ“… Upcoming Reviews: Next 90 days calendar view
  • ๐Ÿ“‹ Document Health Matrix: Complete status of all 40 ISMS documents
  • ๐Ÿ“Š Compliance Coverage: ISO 27001, NIST CSF, CIS Controls alignment
  • ๐Ÿ”„ Automated Updates: Weekly refresh via GitHub Actions

๐Ÿ“š ISMS Document Library

๐Ÿ” Security Policies & Controls

๐Ÿ“‹ Compliance & Frameworks

โšก Operations & Resilience

๐ŸŽฏ Strategy & Risk Management

๐Ÿ“Š Metrics & Reporting

๐Ÿ› ๏ธ Development & Technical

๐Ÿ“– Standards & Quality

๐Ÿ“– Full Document Index: Complete Policy List with review status


๐Ÿ“‹ ISMS Documentation Status

Last Updated: 2026-01-25 | Completion: 100% (45/45 policies)

Policy DocumentStatusVersionLast UpdatedSingle-Person AdaptedISO 27001NIST CSF 2.0CIS v8.1
๐Ÿ” Information Security Policyโœ… Complete2.02026-01-25โœ… Yesโœ… A.5.1โœ… GVโœ… IG1
๐ŸŽฏ Information Security Strategyโœ… Complete3.22026-01-25N/A (Strategy)โœ… Allโœ… Allโœ… All
๐Ÿ”‘ Access Control Policyโœ… Complete2.62026-01-25โœ… Yesโœ… A.5.15-18โœ… PR.ACโœ… IG1
โœ… Acceptable Use Policyโœ… Complete1.12026-01-25โœ… Yesโœ… A.6.2โœ… PR.ATโœ… IG1
๐Ÿค– AI Governance Policyโœ… Complete2.22026-01-25N/Aโœ… A.5.1โœ… GV.RRโœ… IG2
๐Ÿ’ป Asset Registerโœ… Complete1.52026-01-25โœ… Yesโœ… A.5.9โœ… ID.AMโœ… IG1
๐Ÿ’พ Backup & Recovery Policyโœ… Complete1.22026-01-25N/Aโœ… A.8.13โœ… PR.IPโœ… IG1
๐Ÿ”„ Business Continuity Planโœ… Complete1.32026-01-25โœ… Yesโœ… A.5.29-30โœ… RC.RPโœ… IG2
๐Ÿท๏ธ Classification Frameworkโœ… Complete1.32026-01-25N/Aโœ… A.5.12โœ… ID.AMโœ… IG1
๐Ÿ›ก๏ธ CRA Conformity Assessmentโœ… Complete1.32026-01-25N/Aโœ… A.5.1โœ… GV.SCโœ… IG2
๐Ÿ“ Change Managementโœ… Complete3.22026-01-25โœ… Yesโœ… A.8.32โœ… PR.IPโœ… IG2
โœ… Compliance Checklistโœ… Complete2.22026-01-25โœ… Yesโœ… A.5.1โœ… GV.OCโœ… IG1
๐Ÿ”’ Cryptography Policyโœ… Complete1.22026-01-25N/Aโœ… A.8.24โœ… PR.DSโœ… IG2
๐Ÿท๏ธ Data Classification Policyโœ… Complete2.32026-01-25N/Aโœ… A.5.12-13โœ… ID.AMโœ… IG1
๐Ÿ†˜ Disaster Recovery Planโœ… Complete2.32026-01-25N/Aโœ… A.5.29โœ… RC.RPโœ… IG2
๐Ÿค External Stakeholder Registryโœ… Complete1.42026-01-25N/Aโœ… A.5.19โœ… ID.BEโœ… IG1
๐Ÿšจ Incident Response Planโœ… Complete1.52026-01-25โœ… Yesโœ… A.5.24-28โœ… RS.ANโœ… IG1
๐Ÿ“ฑ Mobile Device Managementโœ… Complete1.12026-01-25โœ… Yesโœ… A.6.7โœ… PR.ACโœ… IG1
๐ŸŒ Network Security Policyโœ… Complete2.32026-01-25N/Aโœ… A.8.20-22โœ… PR.ACโœ… IG1
๐Ÿ›๏ธ NIS2 Compliance Serviceโœ… Complete1.22026-01-25N/Aโœ… A.5.1โœ… GV.OCโœ… IG2
๐Ÿ›ก๏ธ OWASP LLM Security Policyโœ… Complete1.32026-01-25N/Aโœ… A.8.16โœ… PR.DSโœ… IG3
๐Ÿ”“ Open Source Policyโœ… Complete2.32026-01-25N/Aโœ… A.5.23โœ… ID.SCโœ… IG2
๐Ÿค Partnership Frameworkโœ… Complete1.12026-01-25โœ… Yesโœ… A.5.19โœ… ID.BEโœ… IG2
๐Ÿ  Physical Security Policyโœ… Complete1.12026-01-25โœ… Yesโœ… A.7.1-4โœ… PR.ACโœ… IG1
๐Ÿ” Privacy Policyโœ… Complete1.12026-01-25N/Aโœ… A.5.34โœ… PR.IPโœ… IG2
๐Ÿ“Š Risk Assessment Methodologyโœ… Complete2.12026-01-25N/Aโœ… A.5.7โœ… ID.RMโœ… IG1
โš ๏ธ Risk Registerโœ… Complete3.52026-01-25โœ… Yesโœ… A.5.7โœ… ID.RMโœ… IG1
๐Ÿ—๏ธ Security Architectureโœ… Complete1.22026-01-25N/Aโœ… A.8.1โœ… PR.ACโœ… IG2
๐Ÿ“ Style Guideโœ… Complete2.42026-01-25โœ… YesN/AN/AN/A
๐Ÿข Supplier Security Postureโœ… Complete1.22026-01-25N/Aโœ… A.5.19-23โœ… ID.SCโœ… IG2
๐Ÿ“Š SWOT Analysisโœ… Complete1.32026-01-25โœ… YesN/AN/AN/A
๐Ÿ› ๏ธ Secure Development Policyโœ… Complete2.12026-01-25N/Aโœ… A.8.25-31โœ… PR.DSโœ… IG2
๐Ÿ“Š Security Metricsโœ… Complete3.32026-01-25N/Aโœ… A.5.8โœ… GV.OVโœ… IG2
๐Ÿšซ Segregation of Dutiesโœ… Complete2.12026-01-25โœ… Yesโœ… A.5.3โœ… PR.ACโœ… IG2
๐Ÿ‘ฅ Third Party Managementโœ… Complete2.22026-01-25N/Aโœ… A.5.19-23โœ… ID.SCโœ… IG2
๐ŸŽฏ Threat Modelingโœ… Complete1.32026-01-25N/Aโœ… A.8.25โœ… ID.RAโœ… IG2
๐Ÿ” Vulnerability Managementโœ… Complete2.22026-01-25N/Aโœ… A.8.8โœ… DE.CMโœ… IG1
๐Ÿ“Š ISMS Metrics Dashboardโœ… Complete1.32026-01-25N/Aโœ… A.5.8โœ… GV.OVโœ… IG2
๐Ÿ“‹ ISMS QA Checklistโœ… Complete1.22026-01-25N/Aโœ… A.5.8โœ… GV.OVโœ… IG2
๐ŸŒ ISMS Transparency Planโœ… Complete2.32026-01-25N/Aโœ… A.5.1โœ… GV.OCโœ… IG1
๐Ÿ”„ ISMS Workflowsโœ… Complete2.32026-01-25N/Aโœ… A.5.1โœ… GV.OCโœ… IG2
๐Ÿš€ Future Workflowsโœ… Complete2.22026-01-25N/Aโœ… A.5.1โœ… GV.OCโœ… IG2

๐Ÿ“Š Completion Status

  • โœ… Complete: 45 documents (100%)
  • โณ In Progress: 0 documents
  • ๐Ÿ“… Planned: 0 documents
  • Total: 45 core documents
  • Completion Rate: 100%

๐Ÿข Single-Person Adaptations

  • โœ… Adapted Policies: 15 policies include single-person company compensating controls
  • ๐Ÿ” Temporal Separation: Time-based role separation for conflicting duties
  • ๐Ÿค– Automation Controls: Tool-based enforcement and validation
  • ๐Ÿ“œ Audit Trail Preservation: Immutable logging and external validation
  • ๐Ÿค External Validation: Partnership framework for capacity overflow

๐ŸŽ‰ ISMS Implementation Complete

Hack23 AB's Information Security Management System is now fully documented and operational. This comprehensive ISMS demonstrates enterprise-grade security practices while supporting our dual mission of cybersecurity consulting excellence and innovative product development.

Key Achievements

  • 45 complete policy documents covering all aspects of information security
  • Q1 2026 refresh complete with all documents updated to 2026-01-25
  • Strategic Partnership Framework addressing single-person dependency risk (R-FOUNDER-001) with capacity overflow procedures
  • NIS2 Compliance Service Package with โ‚ฌ2.6M 3-year revenue projection
  • 7 NIS2 client templates (scoping, gap analysis, incident reporting, risk register, supply chain, checklist, management reporting)
  • Security Architecture Documentation demonstrating ISMS repository security controls and GitHub-based security
  • Acceptable Use Policy establishing clear behavioral expectations and professional standards
  • Physical Security Policy demonstrating home office security for remote operations
  • Mobile Device Management Policy demonstrating pragmatic endpoint security for single-person operations
  • OWASP LLM Top 10 2025 alignment with comprehensive AI security controls
  • GDPR-compliant privacy framework with comprehensive Privacy Policy for user-facing applications
  • 6-level privacy classification system from Special Category data to Anonymized/NA
  • Comprehensive risk assessment with 23 identified and managed risks
  • Full supplier security posture analysis across 18 active services
  • Enterprise-grade AWS security with 27 active services and 8 dedicated security tools
  • Complete business continuity planning with defined RTO/RPO objectives
  • Transparent documentation approach showcasing security expertise to potential clients

Business Value Delivered

  • Client Demonstration Platform: Live ISMS serves as proof of our cybersecurity consulting capabilities
  • Operational Excellence: Systematic approach to security enables business growth and innovation
  • Compliance Readiness: Framework supports ISO 27001, GDPR, NIS2, and other regulatory requirements
  • Risk Management: Proactive identification and treatment of business and security risks
  • Stakeholder Confidence: Transparent security posture builds trust with clients, partners, and investors

This ISMS implementation validates our core principle: enterprise-grade security expertise directly enables innovation rather than constraining it.


๐Ÿ” Security Services Overview

Service AreaOfferingsTarget MarketDelivery Model
Security ArchitectureEnterprise design, risk assessment, strategyLarge enterprisesRemote/On-site
Cloud SecurityAWS security, DevSecOps, IaC securityTech companiesRemote
NIS2 ComplianceNIS2 assessment & implementation (4 packages)Essential/Important entitiesHybrid
ComplianceGDPR, ISO 27001, SOC 2 implementationRegulated industriesHybrid
Open Source SecurityOSPO setup, vulnerability managementSoftware companiesRemote
Security TrainingDeveloper education, executive briefingsAll organizationsVirtual/Physical

๐ŸŽ–๏ธ Security Badge Health Status

Our ISMS documentation maintains transparent security posture through public evidence badges. The badge monitoring system validates badge accessibility and security scores across all documentation.

Badge Health Metrics

MetricStatusTargetDescription
Total Badges47+N/ASecurity, quality, compliance, and build status badges
Health Score95%+95%Percentage of accessible badges
Security Badgesโœ… Active100%OpenSSF Scorecard, SLSA, FOSSA
Quality Badgesโœ… Active100%SonarCloud, code coverage
Compliance Badgesโœ… Active100%ISO 27001, NIST CSF, CIS Controls
Monitoringโœ… AutomatedContinuousOn Push/PR + on-demand checks

Badge Categories

๐Ÿ” Security Badges (Critical)

  • OpenSSF Scorecard: Supply chain security assessment for all repositories (live badges)
  • SLSA Provenance: Build provenance and integrity verification (Level 3)
  • FOSSA License: Open source license compliance and vulnerability detection

๐Ÿ“Š Quality Badges (High Priority)

  • SonarCloud Quality Gate: Code quality and security scanning (Target: Passed)
  • Security Rating: Vulnerability detection and analysis (Target: A rating)
  • Code Coverage: Test coverage metrics (Target: 80%+)

โœ… Compliance Badges (Documentation)

  • ISO 27001 Aligned: Information security management framework
  • NIST CSF 2.0 Aligned: Cybersecurity framework compliance
  • CIS Controls v8.1 Aligned: Security control implementation
  • AWS Well-Architected: Cloud security best practices

๐Ÿ”จ Build Status Badges (Operational)

  • GitHub Actions CI: Continuous integration pipeline status
  • Release Workflows: Automated release and deployment status

Reference Implementations

Our badge standards are demonstrated across Hack23 projects:

ProjectSecurity BadgesQuality BadgesStatus
๐Ÿ›๏ธ CIAOpenSSF, SLSA, FOSSASonarCloud, Coverageโœ… Complete
๐ŸŽฎ Black TrigramOpenSSF, SLSA, FOSSASonarCloud, Lighthouseโœ… Complete
๐Ÿ“Š CIA ComplianceOpenSSF, SLSA, FOSSASonarCloud, Coverageโœ… Complete
๐Ÿ‡ช๐Ÿ‡บ EP MCP ServerOpenSSF, SLSAVitest, E2E Testsโœ… Complete
๐Ÿ‡ช๐Ÿ‡บ EU Parliament MonitorOpenSSF, SLSANews Generationโœ… Complete
๐Ÿ—ณ๏ธ RiksdagsmonitorOpenSSFQuality Checksโœ… Complete

For detailed badge requirements and standards, see the ๐ŸŽจ Style Guide - Security Badge Standards.


๐Ÿค Community & Transparency

Hack23 AB's ISMS is open for community review and feedback. We believe security through transparency creates stronger security than security through obscurity.

How to Contribute:

  • ๐Ÿ“ Feedback: Contact us with suggestions, questions, or corrections
  • ๐Ÿ” Security Research: Review our documentation for security insights you can apply to your organization
  • ๐ŸŽ“ Educational Use: Our ISMS is freely available for educational and research purposes
  • ๐Ÿ† Best Practices: Learn from our single-person company adaptations and compensating controls

Community Guidelines:

  • Be respectful and professional in all interactions
  • Protect sensitive information (even though we publish 70%, some values remain confidential)
  • Report security issues responsibly via our Incident Response Plan

Recognition: Thank you to the open-source security community, OpenSSF Scorecard, CII Best Practices, and all contributors to the frameworks we align with.


๐Ÿ“… Recent Updates

  • 2026-01-25: Q1 2026 ISMS refresh โ€” All 45 documents updated with AI Policy references, categorized Related Documents, and version bumps
  • 2025-12-26: README.md enhanced with Phase 1 narrative, auditor quick start, and reorganized navigation
  • 2025-11-25: README.md updated with Phase 1 achievements and accurate policy status table
  • 2025-11-24: Phase 1 Foundation Excellence complete โ€” 100% ISMS documentation
  • 2025-11-24: Segregation of Duties Policy v2.0 published with comprehensive compensating controls
  • 2025-11-19: Partnership Framework published addressing founder dependency risk
  • 2025-11-18: NIS2 Compliance Service package complete with revenue projections
  • 2025-11-17: Multiple policy updates with single-person adaptations
  • 2025-11-10: Information Security Strategy v3.0 updated with Phase 1 achievements
  • 2025-06-17: Hack23 AB founded (Organization Number: 559534-7807)

๐Ÿ”— Key Resources


๐Ÿ“œ License & Usage

ISMS Documentation License: Creative Commons Attribution 4.0 International (CC BY 4.0)
You are free to share and adapt this ISMS documentation for any purpose, even commercially, under the following terms:

  • Attribution: You must give appropriate credit to Hack23 AB and link to this repository
  • No Endorsement: You may not imply Hack23 AB endorses your use of this material

Disclaimer: This ISMS is tailored for Hack23 AB's specific risk profile and operational model. Organizations adopting these policies should perform their own risk assessments and customize policies to their context.


๐Ÿ“‹ Document Control:
โœ… Approved by: James Pether Sรถrling, CEO
๐Ÿ“ค Distribution: Public
๐Ÿท๏ธ Classification: Confidentiality: Public
๐Ÿ“… Effective Date: 2026-01-25
โฐ Next Review: 2026-04-25
๐Ÿ”„ Last Major Update: 2026-01-25 (Q1 2026 ISMS refresh)
๐Ÿ“Š ISMS Policies: 45/45 documented | ๐ŸŒ Public Transparency: 70%
๐ŸŽฏ Framework Compliance: ISO 27001 NIST CSF 2.0 CIS Controls


ยฉ 2025 Hack23 AB (559534-7807) โ€” Stockholm, Sweden
Transparency in Security. Security through Transparency.