STYLE_GUIDE.md

May 24, 2026 ยท View on GitHub

Hack23 Logo

๐ŸŽจ Hack23 AB โ€” ISMS Style Guide

Consistency and Clarity in Security Documentation
Ensuring Professional and Transparent ISMS Documentation

Owner Version Effective Date Review Cycle

๐Ÿ“‹ Document Owner: CEO | ๐Ÿ“„ Version: 2.3 | ๐Ÿ“… Last Updated: 2026-01-25 (UTC)
๐Ÿ”„ Review Cycle: Annual | โฐ Next Review: 2027-01-25


๐ŸŽฏ Purpose

This style guide establishes the standard format and structure for all Information Security Management System (ISMS) documents at Hack23 AB. Its purpose is to ensure consistency, clarity, and professionalism across all policies, procedures, and records.


๐Ÿ“„ Standard Document Structure

All ISMS documents MUST follow this structure to maintain uniformity.

1. Header Section

The header provides an at-a-glance overview of the document.

<p align="center">
  <img src="https://hack23.com/icon-192.png" alt="Hack23 Logo" width="192" height="192">
</p>

<h1 align="center">๐Ÿ”„ Hack23 AB โ€” [Document Title]</h1>

<p align="center">
  <strong>๐Ÿ›ก๏ธ Tagline for the document</strong><br>
  <em>๐ŸŽฏ Sub-tagline emphasizing security and transparency</em>
</p>

<p align="center">
  <a href="#"><img src="https://img.shields.io/badge/Owner-CEO-0A66C2?style=for-the-badge" alt="Owner"/></a>
  <a href="#"><img src="https://img.shields.io/badge/Version-1.0-555?style=for-the-badge" alt="Version"/></a>
  <a href="#"><img src="https://img.shields.io/badge/Effective-[DATE]-success?style=for-the-badge" alt="Effective Date"/></a>
  <a href="#"><img src="https://img.shields.io/badge/Review-[CYCLE]-orange?style=for-the-badge" alt="Review Cycle"/></a>
</p>

**๐Ÿ“‹ Document Owner:** CEO | **๐Ÿ“„ Version:** 1.0 | **๐Ÿ“… Last Updated:** 2025-11-17 (UTC)  
**๐Ÿ”„ Review Cycle:** Annual | **โฐ Next Review:** 2026-11-17

2. Purpose Statement

A section quoting the CEO that connects the document's purpose to Hack23's core principles of transparency and security excellence.

3. Main Content

The body of the document, organized with clear headings, tables, and diagrams (MermaidJS).

A section linking to other relevant ISMS documents.

Every ISMS document MUST end with this standardized footer. This section is critical for version control, accountability, and compliance.

---

**๐Ÿ“‹ Document Control:**  
**โœ… Approved by:** James Pether Sรถrling, CEO  
**๐Ÿ“ค Distribution:** [Audience - e.g., All Personnel, Key Suppliers]  
**๐Ÿท๏ธ Classification:** [![Confidentiality: Level](https://img.shields.io/badge/C-[Level]-[Color]?style=flat-square)](./CLASSIFICATION.md#confidentiality-levels)  
**๐Ÿ“… Effective Date:** 2025-11-17  
**โฐ Next Review:** 2026-11-17  
**๐ŸŽฏ Framework Compliance:** [![ISO 27001](https://img.shields.io/badge/ISO_27001-2022_Aligned-blue?style=flat-square&logo=iso&logoColor=white)](./CLASSIFICATION.md) [![NIST CSF 2.0](https://img.shields.io/badge/NIST_CSF-2.0_Aligned-green?style=flat-square&logo=nist&logoColor=white)](./CLASSIFICATION.md) [![CIS Controls](https://img.shields.io/badge/CIS_Controls-v8.1_Aligned-orange?style=flat-square&logo=cisecurity&logoColor=white)](./CLASSIFICATION.md) [![AWS Well-Architected](https://img.shields.io/badge/AWS-Well_Architected-orange?style=flat-square&logo=amazon-aws&logoColor=white)](./CLASSIFICATION.md)

๐Ÿ“˜ ISMS Markdown Style Essentials

1) Header and Badges (required, in this order)

  • Centered logo img (192x192), then H1 with leading emoji.
  • Subtitle line (bold + italic) with icons.
  • Shields badges (centered): Owner โ€ข Version โ€ข Effective โ€ข Review.
  • Document Owner/Version line below badges with icons.

Example:

<p align="center">
  <img src="https://hack23.com/icon-192.png" alt="Hack23 Logo" width="192" height="192">
</p>

<h1 align="center">๐Ÿ” Hack23 AB โ€” Information Security Policy</h1>

<p align="center">
  <strong>๐Ÿ›ก๏ธ Security Through Transparency and Excellence</strong><br>
  <em>๐ŸŽฏ Enterprise-grade Security for Innovation-driven Consulting</em>
</p>

<p align="center">
  <a href="#"><img src="https://img.shields.io/badge/Owner-CEO-0A66C2?style=for-the-badge" alt="Owner"/></a>
  <a href="#"><img src="https://img.shields.io/badge/Version-1.0-555?style=for-the-badge" alt="Version"/></a>
  <a href="#"><img src="https://img.shields.io/badge/Effective-2025--11--17-success?style=for-the-badge" alt="Effective Date"/></a>
  <a href="#"><img src="https://img.shields.io/badge/Review-Annual-orange?style=for-the-badge" alt="Review Cycle"/></a>
</p>

**๐Ÿ“‹ Document Owner:** CEO | **๐Ÿ“„ Version:** 1.0 | **๐Ÿ“… Last Updated:** 2025-11-17 (UTC)  
**๐Ÿ”„ Review Cycle:** Annual | **โฐ Next Review:** 2026-11-17
  • Title: โ€œ## ๐Ÿ“š Related Documentsโ€ (or โ€œ## ๐Ÿ“š Related Documentsโ€ retaining bold if used).
  • Each item must use an icon + linked filename + optional short descriptor.
  • Use relative links. Do not include self-references.

IMPORTANT: Since all ISMS policy documents are in the root directory, use ./ prefix for relative links (e.g., ./Information_Security_Policy.md), NOT ../ which would go to the parent directory.

Cross-Reference Validation: All internal markdown links are automatically validated by CI/CD to ensure:

  • โœ… Target files exist in the repository
  • โœ… Relative paths are correctly formed
  • โœ… No self-references in Related Documents sections
  • โœ… Links point to actual markdown files

Canonical list (pick items relevant to the document):

## ๐Ÿ“š Related Documents
- [๐Ÿ” Information Security Policy](./Information_Security_Policy.md)
- [๐Ÿ”‘ Access Control Policy](./Access_Control_Policy.md)
- [๐ŸŒ Network Security Policy](./Network_Security_Policy.md)
- [๐Ÿ“ Change Management Policy](./Change_Management.md)
- [๐Ÿ’พ Backup & Recovery Policy](./Backup_Recovery_Policy.md)
- [๐Ÿ†˜ Disaster Recovery Plan](./Disaster_Recovery_Plan.md)
- [๐Ÿ”„ Business Continuity Plan](./Business_Continuity_Plan.md)
- [๐Ÿ’ป Asset Register](./Asset_Register.md)
- [๐Ÿ“‰ Risk Register](./Risk_Register.md)
- [๐Ÿค Third-Party Management](./Third_Party_Management.md)
- [๐Ÿท๏ธ Data Classification Policy](./Data_Classification_Policy.md)
- [๐Ÿ”’ Cryptography Policy](./Cryptography_Policy.md)
- [๐Ÿ› ๏ธ Secure Development Policy](./Secure_Development_Policy.md)
- [๐Ÿ“Š Security Metrics](./Security_Metrics.md)
- [๐ŸŒ ISMS Transparency Plan](./ISMS_Transparency_Plan.md)
  • Always include Approval/Distribution/Classification/Effective/Next Review with icons.
  • Classification badge must link to the anchor in CLASSIFICATION.md.

Example:

**๐Ÿ“‹ Document Control:**  
**โœ… Approved by:** James Pether Sรถrling, CEO  
**๐Ÿ“ค Distribution:** All Personnel  
**๐Ÿท๏ธ Classification:** [![Confidentiality: High](https://img.shields.io/badge/C-High-blue?style=flat-square)](./CLASSIFICATION.md#confidentiality-levels)  
**๐Ÿ“… Effective Date:** 2025-11-17  
**โฐ Next Review:** 2026-11-17  
**๐ŸŽฏ Framework Compliance:** [![ISO 27001](https://img.shields.io/badge/ISO_27001-2022_Aligned-blue?style=flat-square&logo=iso&logoColor=white)](./CLASSIFICATION.md) [![NIST CSF 2.0](https://img.shields.io/badge/NIST_CSF-2.0_Aligned-green?style=flat-square&logo=nist&logoColor=white)](./CLASSIFICATION.md) [![CIS Controls](https://img.shields.io/badge/CIS_Controls-v8.1_Aligned-orange?style=flat-square&logo=cisecurity&logoColor=white)](./CLASSIFICATION.md)
  • Use consistent icons:
    • ๐Ÿ” InfoSec โ€ข ๐Ÿ”‘ Access โ€ข ๐ŸŒ Network โ€ข ๐Ÿ“ Change โ€ข ๐Ÿ’พ Backup โ€ข ๐Ÿ†˜ DRP โ€ข ๐Ÿ”„ BCP
    • ๐Ÿ’ป Asset โ€ข ๐Ÿ“‰ Risk โ€ข ๐Ÿค Third-Party โ€ข ๐Ÿท๏ธ Data Class โ€ข ๐Ÿ”’ Crypto โ€ข ๐Ÿ› ๏ธ SDLC โ€ข ๐Ÿ“Š Metrics โ€ข ๐ŸŒ Transparency
  • Avoid linking to the current document in Related Documents.
  • Keep short descriptors after a hyphen where helpful.

๐ŸŽจ Icon Reference Guide

๐Ÿ“‹ Document Type Icons

Based on analysis of all ISMS documentation:

Document TypePrimary IconAlternative IconsUsage Examples
Policies๐Ÿ”๐Ÿ›ก๏ธ ๐Ÿ“œInformation Security Policy, Access Control Policy
Plans๐Ÿ“‹๐Ÿ—“๏ธ ๐Ÿ“…Business Continuity Plan, Disaster Recovery Plan
Proceduresโš™๏ธ๐Ÿ”ง ๐Ÿ› ๏ธChange Management, Vulnerability Management
Registers๐Ÿ“Š๐Ÿ’ป ๐Ÿ“‰Asset Register, Risk Register
Frameworks๐Ÿท๏ธ๐Ÿ“Š ๐ŸŽฏClassification Framework, Security Metrics
Assessments๐Ÿ“๐Ÿ” ๐Ÿ“‹Risk Assessment Methodology, CRA Conformity
Business Docs๐Ÿ“ˆ๐Ÿ’ผ ๐ŸขBusiness Strategy, Marketing Strategy
Legal Docs๐Ÿ“‘โš–๏ธ ๐Ÿ“œArticles of Association, Annual Accounts

๐Ÿ” Security Domain Icons

Security DomainIconUsage ContextExamples
Information Security๐Ÿ”Overall security policiesInformation Security Policy
Access Control๐Ÿ”‘Identity and access managementAccess Control Policy
Network Security๐ŸŒNetwork protection and monitoringNetwork Security Policy
Cryptography๐Ÿ”’Encryption and key managementCryptography Policy
Data Protection๐Ÿท๏ธData classification and handlingData Classification Policy
Application Security๐Ÿ› ๏ธSecure development practicesSecure Development Policy
Physical Security๐ŸขPhysical access and protectionOffice security references
Incident Response๐ŸšจSecurity incident managementIncident Response Plan
Vulnerability Management๐Ÿ”Vulnerability assessmentVulnerability Management
Backup & Recovery๐Ÿ’พData protection and recoveryBackup Recovery Policy

๐Ÿข Business Process Icons

Process TypeIconBadge ReferenceUsage
Finance๐Ÿ’ฐ[Finance]Financial operations
Operationsโš™๏ธ[Operations]Business operations
Legalโš–๏ธ[Legal]Legal compliance
Sales๐Ÿค[Sales]Customer relations
Marketing๐Ÿ“ข[Marketing]Brand management
Human Resources๐Ÿ‘ฅ[HR]Employee management
Executive๐Ÿ›๏ธ[Executive]Strategic planning

๐Ÿ—๏ธ Technical Project Icons

Project TypeIconBadge ReferenceUsage
Core Infrastructure๐Ÿ—๏ธ[Core]Critical systems
Security Tools๐Ÿ›ก๏ธ[Security]Security assessment
Compliance Platform๐Ÿ“‹[Compliance]Regulatory systems
Data Analytics๐Ÿ“Š[Analytics]Data processing
API Services๐Ÿ”Œ[API]Backend services
Frontend Apps๐Ÿ–ฅ๏ธ[Frontend]User interfaces
Development Tools๐Ÿ› ๏ธ[DevTools]Development utilities

๐Ÿ“Š Operational Icons

FunctionIconUsage ContextExamples
Monitoring๐Ÿ“ˆPerformance trackingSecurity Metrics, KPIs
Reporting๐Ÿ“‹Status and compliance reportingCompliance Checklist
Assessment๐Ÿ”Evaluation and analysisRisk Assessment
Documentation๐Ÿ“šKnowledge managementRelated Documents
Communication๐Ÿ“ขNotifications and alertsIncident communications
Training๐ŸŽ“Education and awarenessSecurity training
Testing๐ŸงชValidation and verificationRecovery testing
Automation๐Ÿค–Process automationCI/CD, automated controls

โฑ๏ธ Time and Priority Icons

ConceptIconUsageExamples
ImmediateโšกUrgent actionsIncident response
Critical๐Ÿ”ดHigh priorityCritical vulnerabilities
High๐ŸŸ ImportantHigh-priority risks
Medium๐ŸŸกStandardMedium-priority tasks
Low๐ŸŸขLower priorityLow-impact issues
Scheduled๐Ÿ“…Planned activitiesReview schedules
Continuous๐Ÿ”„Ongoing processesMonitoring activities
DeadlineโฐTime-sensitiveCompliance deadlines

๐ŸŽฏ Status and Quality Icons

StatusIconUsageContext
Approvedโœ…Completed/approved itemsDocument approval
In Progress๐Ÿš€Active workProject status
Plannedโญ๏ธFuture activitiesRoadmap items
Warningโš ๏ธCaution neededRisk warnings
ErrorโŒProblems/failuresFailed tests
Success๐Ÿ†AchievementsSuccessful implementations
Review๐Ÿ”Needs reviewPending reviews
Update๐Ÿ”„Needs updatingDocument updates

๐ŸŒ Geographic and Scope Icons

ScopeIconUsageExamples
Global๐ŸŒWorldwide scopeGlobal policies
Regional๐ŸŒRegional implementationEU regulations
National๐Ÿ‡ธ๐Ÿ‡ชCountry-specificSwedish compliance
Local๐ŸขOrganization-specificInternal policies
Personal๐Ÿ‘คIndividual levelPersonal data
Public๐ŸŒŸPublic informationOpen source
Internal๐Ÿ”’Internal useConfidential docs
External๐Ÿ”“External sharingPublic policies

๐Ÿ’ผ Business Value Icons

Value TypeIconUsageContext
Revenue๐Ÿ’ฐFinancial benefitsRevenue impact
Cost Savings๐Ÿ’ธEfficiency gainsCost optimization
Risk Reduction๐Ÿ›ก๏ธSecurity benefitsRisk mitigation
Competitive Advantage๐Ÿ†Market positionDifferentiation
Trust Enhancement๐ŸคStakeholder confidenceTrust building
Innovation๐Ÿ’กNew capabilitiesInnovation enablement
Efficiencyโš™๏ธProcess improvementOperational efficiency
Quality๐Ÿ“ŠDecision supportData quality

๐ŸŽจ Product and Service Icons

Product/ServiceIconUsageExamples
Consulting๐ŸคAdvisory servicesCybersecurity consulting
Gaming๐ŸŽฎGaming productsBlack Trigram
Government๐Ÿ›๏ธPublic sectorCitizen Intelligence Agency
Compliance๐Ÿ“‹Compliance toolsCIA Compliance Manager
Open Source๐Ÿ”“OSS projectsGitHub repositories
Education๐ŸŽ“Training/learningEducational content
Security๐Ÿ›ก๏ธSecurity productsSecurity tools
Analytics๐Ÿ“ŠData analysisBusiness intelligence

๐Ÿ“ Icon Usage Guidelines

โœ… Do's

  • Use consistent icons across related documents
  • Match icons to the primary function or purpose
  • Combine icons logically (e.g., ๐Ÿ”๐Ÿ“‹ for security policies)
  • Use established badge patterns for classifications
  • Include icons in headings for better navigation
  • Use status icons to show progress and priorities

โŒ Don'ts

  • Mix similar icons for the same concept
  • Overuse icons that reduce readability
  • Use ambiguous icons without context
  • Change established icon meanings mid-document
  • Use conflicting color schemes with classification badges
  • Forget icons in document control sections

๐ŸŽฏ Icon Selection Priority

  1. Document Type - Primary classification icon
  2. Security Domain - Specific security area
  3. Business Process - Related business function
  4. Status/Priority - Current state indication
  5. Value/Benefit - Business impact representation

๐Ÿ“Š Badge Integration

When using classification badges, ensure icons complement rather than compete:

  • Use small icons (emoji) alongside badges
  • Position icons before text, badges after
  • Maintain color harmony between icons and badges
  • Use consistent sizing across similar elements

๐ŸŽจ Mermaid Diagram Guidelines

๐ŸŽฏ Diagram Standards

All ISMS documents MUST use consistent Mermaid diagrams with standardized color coding and styling for professional presentation and accessibility.

๐Ÿ“‹ Diagram Types & Usage

Diagram TypeUse CaseColor ThemeExamples
FlowchartProcesses, decision treesBlue-green gradientRisk assessment, incident response
GraphRelationships, dependenciesMulti-color categoricalStakeholder mapping, architecture
PieDistributions, allocationsCategorical colorsBudget allocation, risk distribution
GanttTimelines, project planningStatus-based colorsImplementation roadmaps
MindmapConcepts, frameworksHierarchical colorsStrategic planning, classification
SequenceInteractions, workflowsActor-based colorsCommunication flows

๐ŸŽจ Color Palette Standards

Primary Color Scheme (Classification-Aligned)

Critical/Extreme:  #D32F2F  # Red
High/Very High:    #FF9800  # Orange  
Medium/Moderate:   #FFC107  # Amber
Low/Standard:      #4CAF50  # Green
Public/Minimal:    #9E9E9E  # Grey

Secondary Color Scheme (Process Types)

Finance:     #1565C0  # Dark Blue
Operations:  #8D6E63  # Brown
Legal:       #C62828  # Dark Red
Sales:       #2E7D32  # Dark Green
Marketing:   #7B1FA2  # Purple
Security:    #D32F2F  # Red
Technical:   #455A64  # Blue Grey

Status Color Scheme

Active/Success:    #4CAF50  # Green
Warning/Pending:   #FF9800  # Orange
Error/Critical:    #D32F2F  # Red
Info/Neutral:      #2196F3  # Blue
Disabled/N/A:      #9E9E9E  # Grey

๐Ÿ“Š Diagram Examples

Stakeholder Mapping (Quadrant Format)

%%{init: {
  "theme": "dark",
  "themeVariables": {
    "quadrant1Fill": "#1565C0",
    "quadrant2Fill": "#2E7D32",
    "quadrant3Fill": "#FF9800", 
    "quadrant4Fill": "#D32F2F",
    "quadrantTitleFill": "#ffffff",
    "quadrantPointFill": "#ffffff",
    "quadrantPointTextFill": "#ffffff",
    "quadrantXAxisTextFill": "#ffffff",
    "quadrantYAxisTextFill": "#ffffff"
  },
  "quadrantChart": {
    "chartWidth": 700,
    "chartHeight": 700,
    "pointLabelFontSize": 14,
    "titleFontSize": 22,
    "quadrantLabelFontSize": 18,
    "xAxisLabelFontSize": 16,
    "yAxisLabelFontSize": 16
  }
}}%%
quadrantChart
    title ๐Ÿค HACK23 AB STAKEHOLDER INFLUENCE-INVOLVEMENT MATRIX
    x-axis Low Involvement --> High Involvement
    y-axis Low Influence --> High Influence
    quadrant-1 MANAGE CLOSELY
    quadrant-2 KEY PLAYERS
    quadrant-3 MONITOR
    quadrant-4 KEEP INFORMED
    "๐Ÿฆ SEB Bank": [0.45, 0.75]
    "๐Ÿ“Š Bokio Accounting": [0.50, 0.70]
    "๐Ÿ›ก๏ธ Insurance Provider": [0.35, 0.80]
    "โ˜๏ธ AWS Platform": [0.85, 0.90]
    "๐Ÿ“ GitHub Services": [0.80, 0.75]
    "๐Ÿ’ณ Stripe Payment": [0.60, 0.65]
    "๐Ÿค Consulting Clients": [0.90, 0.95]
    "๐ŸŒ OSS Community": [0.75, 0.40]
    "๐ŸŽฏ Prospects": [0.85, 0.60]
    "๐Ÿ›๏ธ Bolagsverket": [0.25, 0.85]
    "๐Ÿ’ฐ Skatteverket": [0.30, 0.90]
    "๐Ÿ”’ GDPR Authorities": [0.20, 0.95]
    "โš–๏ธ Legal Counsel": [0.40, 0.85]
    "๐ŸŽฎ Game Players": [0.70, 0.25]
    "๐Ÿ‘จโ€๐Ÿ’ผ CEO (Self)": [0.95, 0.98]

Strategic SWOT Analysis (Quadrant Format)

%%{init: {
  "theme": "neutral",
  "themeVariables": {
    "quadrant1Fill": "#2E7D32",
    "quadrant2Fill": "#D32F2F", 
    "quadrant3Fill": "#1565C0",
    "quadrant4Fill": "#FF9800",
    "quadrantTitleFill": "#ffffff",
    "quadrantPointFill": "#ffffff",
    "quadrantPointTextFill": "#000000",
    "quadrantXAxisTextFill": "#000000",
    "quadrantYAxisTextFill": "#000000"
  },
  "quadrantChart": {
    "chartWidth": 700,
    "chartHeight": 700,
    "pointLabelFontSize": 12,
    "titleFontSize": 20,
    "quadrantLabelFontSize": 16,
    "xAxisLabelFontSize": 14,
    "yAxisLabelFontSize": 14
  }
}}%%
quadrantChart
    title ๐ŸŽฏ HACK23 AB STRATEGIC SWOT ANALYSIS
    x-axis Internal Factors --> External Factors
    y-axis Threats --> Opportunities
    quadrant-1 STRENGTHS
    quadrant-2 WEAKNESSES
    quadrant-3 OPPORTUNITIES
    quadrant-4 THREATS
    "๐Ÿ” Deep Cybersecurity Expertise": [0.15, 0.85]
    "๐ŸŽฏ Unique Market Position": [0.25, 0.90]
    "โ˜๏ธ Cloud-Native Architecture": [0.30, 0.80]
    "๐ŸŒŸ Open Source Leadership": [0.20, 0.75]
    "๐Ÿ›ก๏ธ Transparent Security Posture": [0.10, 0.70]
    "๐Ÿ† Enterprise-Grade Standards": [0.25, 0.85]
    "๐Ÿ‘ค Single-Person Dependency": [0.25, 0.20]
    "๐Ÿ’ฐ Limited Financial Resources": [0.35, 0.25]
    "๐Ÿ“ข Brand Recognition Gap": [0.20, 0.15]
    "๐Ÿค Customer Acquisition Challenges": [0.30, 0.30]
    "โฑ๏ธ Time Resource Constraints": [0.15, 0.10]
    "๐Ÿ”ง Technical Scaling Limitations": [0.25, 0.35]
    "๐Ÿ“ˆ Growing Cybersecurity Market": [0.75, 0.85]
    "๐Ÿ›๏ธ Government Digitalization": [0.85, 0.90]
    "๐ŸŽฎ Educational Gaming Growth": [0.70, 0.80]
    "๐Ÿค Partnership Potential": [0.80, 0.75]
    "โš–๏ธ NIS2 Implementation Wave": [0.90, 0.85]
    "๐ŸŒ Remote Work Security Demand": [0.65, 0.70]
    "๐Ÿข Large Competitor Entry": [0.75, 0.25]
    "๐Ÿ“‰ Economic Downturn Impact": [0.85, 0.30]
    "โš–๏ธ Regulatory Changes": [0.70, 0.15]
    "๐Ÿ”’ Security Incident Risk": [0.80, 0.20]
    "๐Ÿ’ผ Enterprise Vendor Expansion": [0.90, 0.25]
    "๐ŸŽฏ Market Commoditization": [0.65, 0.10]

Process Flow (Risk Assessment Pattern)

flowchart TD
    START["๐Ÿ“‹ Risk Identification"] --> ASSESS["๐Ÿ” Risk Assessment"]
    ASSESS --> CLASSIFY{"๐Ÿท๏ธ Classification<br/>Decision"}
    
    CLASSIFY -->|๐Ÿ”ด Critical| CRITICAL["โšก Immediate Action"]
    CLASSIFY -->|๐ŸŸ  High| HIGH["๐Ÿ“… Planned Response"]
    CLASSIFY -->|๐ŸŸก Medium| MEDIUM["๐Ÿ“Š Monitoring"]
    CLASSIFY -->|๐ŸŸข Low| LOW["๐Ÿ“ Documented"]
    
    CRITICAL --> IMPLEMENT["๐Ÿš€ Implementation"]
    HIGH --> IMPLEMENT
    MEDIUM --> IMPLEMENT
    LOW --> IMPLEMENT
    
    IMPLEMENT --> MONITOR["๐Ÿ“ˆ Monitor & Review"]
    MONITOR --> ASSESS
    
    classDef start fill:#2196F3,stroke:#1565C0,stroke-width:2px,color:#ffffff
    classDef process fill:#4CAF50,stroke:#2E7D32,stroke-width:2px,color:#ffffff
    classDef decision fill:#FF9800,stroke:#F57C00,stroke-width:2px,color:#ffffff
    classDef critical fill:#D32F2F,stroke:#B71C1C,stroke-width:2px,color:#ffffff
    classDef high fill:#FF9800,stroke:#F57C00,stroke-width:2px,color:#ffffff
    classDef medium fill:#FFC107,stroke:#FFA000,stroke-width:2px,color:#000000
    classDef low fill:#4CAF50,stroke:#2E7D32,stroke-width:2px,color:#ffffff
    classDef action fill:#7B1FA2,stroke:#4A148C,stroke-width:2px,color:#ffffff
    
    class START start
    class ASSESS,MONITOR process
    class CLASSIFY decision
    class CRITICAL critical
    class HIGH high
    class MEDIUM medium
    class LOW low
    class IMPLEMENT action

Sequence Diagram (Incident Response Communications)

sequenceDiagram
    participant CEO as ๐Ÿ‘จโ€๐Ÿ’ผ CEO
    participant Systems as ๐Ÿ’ป Systems
    participant Insurance as ๐Ÿ›ก๏ธ Insurance
    participant Legal as โš–๏ธ Legal
    participant Customers as ๐Ÿค Customers
    
    Systems->>CEO: ๐Ÿšจ Security Alert Detected
    CEO->>CEO: ๐Ÿ“Š Assess Impact Level
    
    alt High/Critical Impact
        CEO->>Insurance: ๐Ÿ“ž Immediate Notification
        CEO->>Legal: ๐Ÿ“ž Legal Assessment Request
        
        Insurance-->>CEO: ๐Ÿ“‹ Claim Process Guidance
        Legal-->>CEO: โš–๏ธ Regulatory Requirements
        
        CEO->>Customers: ๐Ÿ“ง Transparent Communication
        CEO->>Systems: ๐Ÿ”ง Initiate Recovery
        
        Systems-->>CEO: โœ… Recovery Complete
        CEO->>Insurance: ๐Ÿ“„ Final Report
        CEO->>Legal: ๐Ÿ“‘ Compliance Documentation
    else Low/Medium Impact
        CEO->>Systems: ๐Ÿ”ง Standard Recovery
        CEO->>CEO: ๐Ÿ“ Document Lessons
    end

Timeline/Gantt (Implementation Pattern)

gantt
    title ๐Ÿ—“๏ธ ISMS Implementation Timeline
    dateFormat YYYY-MM-DD
    section Foundation
    Policy Framework           :done, foundation, 2025-01-01, 2025-03-31
    Risk Assessment           :done, risk, 2025-02-01, 2025-04-30
    
    section Implementation
    Access Controls           :active, access, 2025-03-01, 2025-06-30
    Security Monitoring       :monitor, 2025-04-01, 2025-07-31
    Incident Response         :incident, 2025-05-01, 2025-08-31
    
    section Validation
    Internal Audit           :audit, 2025-07-01, 2025-09-30
    Certification Prep      :cert, 2025-08-01, 2025-11-30
    External Assessment     :external, 2025-10-01, 2025-12-31

Mindmap (Security Framework)

mindmap
  root)๐Ÿ” ISMS Framework(
    (๐ŸŽฏ Governance)
      ๐Ÿ›๏ธ Executive Leadership
      ๐Ÿ“‹ Policy Framework
      โš–๏ธ Compliance Management
      ๐Ÿ“Š Risk Management
    (๐Ÿ›ก๏ธ Protection)
      ๐Ÿ”‘ Access Control
      ๐Ÿ”’ Cryptography
      ๐ŸŒ Network Security
      ๐Ÿท๏ธ Data Classification
    (๐Ÿ” Detection)
      ๐Ÿ“ˆ Monitoring
      ๐Ÿšจ Alerting
      ๐Ÿ” Vulnerability Mgmt
      ๐Ÿ“Š Security Metrics
    (๐Ÿš€ Response)
      ๐Ÿšจ Incident Response
      ๐Ÿ”„ Business Continuity
      ๐Ÿ†˜ Disaster Recovery
      ๐Ÿ“š Lessons Learned
    (๐Ÿ”„ Recovery)
      ๐Ÿ’พ Backup Systems
      ๐Ÿ”ง System Recovery
      ๐Ÿ“ˆ Performance Restore
      ๐Ÿค Stakeholder Comms

Entity Relationship (Asset Management)

erDiagram
    ASSET {
        string id PK
        string name
        string classification
        string owner
        date created
    }
    
    RISK {
        string id PK
        string description
        string likelihood
        string impact
        string status
    }
    
    CONTROL {
        string id PK
        string name
        string type
        string status
        string framework
    }
    
    INCIDENT {
        string id PK
        string description
        datetime occurred
        string severity
        string status
    }
    
    ASSET ||--o{ RISK : "has"
    RISK ||--o{ CONTROL : "mitigated-by"
    ASSET ||--o{ INCIDENT : "affected-by"
    CONTROL ||--o{ INCIDENT : "failed-during"

Pie Chart (Budget Allocation)

pie title ๐Ÿ’ฐ Security Budget Allocation 2025
    "Infrastructure Security" : 40
    "Compliance & Audit" : 25
    "Incident Response" : 15
    "Training & Awareness" : 10
    "Tools & Software" : 10

User Journey (Customer Onboarding)

journey
    title ๐Ÿค Customer Security Assessment Journey
    section Discovery
      Initial Contact: 5: Customer
      Security Questionnaire: 3: Customer
      Requirements Analysis: 4: Customer, Hack23
    section Assessment
      Current State Review: 2: Customer
      Gap Analysis: 4: Hack23
      Risk Assessment: 3: Customer, Hack23
    section Proposal
      Solution Design: 5: Hack23
      Security Architecture: 5: Hack23
      Implementation Plan: 4: Customer, Hack23
    section Engagement
      Contract Signing: 5: Customer, Hack23
      Project Kickoff: 5: Customer, Hack23
      Security Implementation: 4: Customer, Hack23

๐ŸŽจ Template Library

Basic Process Flow Template

flowchart TD
    START["๐Ÿš€ Start Process"] --> STEP1["๐Ÿ“‹ Step 1"]
    STEP1 --> DECISION{"๐Ÿค” Decision Point"}
    DECISION -->|โœ… Yes| SUCCESS["โœ… Success Path"]
    DECISION -->|โŒ No| FAILURE["โŒ Failure Path"]
    SUCCESS --> FINISH["๐Ÿ End"]
    FAILURE --> FINISH
    
    classDef start fill:#2196F3,stroke:#1565C0,stroke-width:2px,color:#ffffff
    classDef process fill:#4CAF50,stroke:#2E7D32,stroke-width:2px,color:#ffffff
    classDef decision fill:#FF9800,stroke:#F57C00,stroke-width:2px,color:#ffffff
    classDef success fill:#4CAF50,stroke:#2E7D32,stroke-width:2px,color:#ffffff
    classDef failure fill:#D32F2F,stroke:#B71C1C,stroke-width:2px,color:#ffffff
    classDef finish fill:#9E9E9E,stroke:#616161,stroke-width:2px,color:#ffffff
    
    class START start
    class STEP1 process
    class DECISION decision
    class SUCCESS success
    class FAILURE failure
    class FINISH finish

Stakeholder Relationship Template

graph LR
    CENTER["๐ŸŽฏ Central Entity"] --> STAKE1["๐Ÿ‘ค Stakeholder 1"]
    CENTER --> STAKE2["๐Ÿข Stakeholder 2"]
    CENTER --> STAKE3["โš–๏ธ Stakeholder 3"]
    
    classDef center fill:#1565C0,stroke:#0D47A1,stroke-width:3px,color:#ffffff
    classDef stakeholder fill:#4CAF50,stroke:#2E7D32,stroke-width:2px,color:#ffffff
    
    class CENTER center
    class STAKE1,STAKE2,STAKE3 stakeholder

๐Ÿ“‹ Quality Checklist

Before publishing any Mermaid diagram, verify:

  • Color Consistency: Matches ISMS color standards
  • Icon Usage: Relevant and consistent emoji/symbols
  • Accessibility: Sufficient contrast and alt text
  • Semantic Flow: Logical information progression
  • Professional Appearance: Clean, organized layout
  • Classification Alignment: Colors match data classification
  • Documentation Link: References to related policies
  • Mobile Responsive: Readable on smaller screens

For comprehensive quality assurance across all document aspects (header, content, footer, links, etc.), use the ๐Ÿ“‹ ISMS QA Checklist.


๐Ÿ“Š Diagram Type Selection Guide

Choose the right diagram type based on what you're communicating:

Information TypeRecommended DiagramUse WhenExample Documents
Process Flow / Decision Logicflowchart TDShowing sequential steps, decision points, branching logicIncident_Response_Plan.md, Risk_Assessment_Methodology.md
Strategic PositioningquadrantChartComparing items across two dimensions (e.g., impact vs likelihood, internal vs external)SWOT.md, Risk_Register.md
System InteractionssequenceDiagramShowing communication between actors/systems over timeIncident_Response_Plan.md, Information_Security_Strategy.md
Project TimelineganttDisplaying schedules, milestones, and dependenciesInformation_Security_Strategy.md (roadmap)
Concept HierarchymindmapOrganizing related concepts, frameworks, or taxonomiesAsset_Register.md, SECURITY_ARCHITECTURE.md
Data RelationshipserDiagramShowing entity relationships and data modelsAsset_Register.md, Risk_Register.md
Distribution / ProportionspieShowing percentage breakdown or allocationBudget, resource allocation sections
User ExperiencejourneyMapping user/stakeholder experience through a processCustomer onboarding, compliance assessment

Selection Principles:

  • Simplicity First: Choose the simplest diagram type that conveys your message
  • Audience Alignment: Match diagram complexity to stakeholder technical level
  • Cross-Reference Consistency: Use same diagram type for similar concepts across documents
  • Accessibility: Ensure diagrams are understandable without color (use labels, shapes, patterns)

๐Ÿ“ Diagram Complexity Guidelines

Maximum Complexity Targets:

Diagram TypeMax Nodes/ElementsMax Nesting LevelsMax Width (chars)When to Split
Flowchart15-20 nodes3 levels100 chars>20 nodes or >3 decision branches
Sequence6-8 participants15-20 interactions80 chars>8 actors or >20 messages
Quadrant25-30 pointsN/AChart-specific>30 points becomes unreadable
Mindmap20-25 nodes4 levels60 chars per node>4 levels deep
Gantt15-20 tasks3 levels100 chars>20 tasks

Splitting Strategies:

  • Hierarchical: Create overview diagram linking to detailed sub-diagrams
  • Sequential: Split into phases (e.g., "Incident Detection" โ†’ "Incident Response" โ†’ "Incident Recovery")
  • Categorical: Group by domain (e.g., separate diagrams for "Network Security" vs "Application Security")

Example: Splitting an Overloaded Flowchart

Instead of one 30-node diagram, create:

## Overview: Risk Management Workflow (High-Level)
[Simple 10-node diagram showing: Identify โ†’ Assess โ†’ Treat โ†’ Monitor]

## Detail: Risk Assessment Process
[15-node flowchart showing detailed assessment steps]

## Detail: Risk Treatment Options
[12-node flowchart showing treatment selection logic]

๐Ÿ”— Cross-Document Diagram References

Linking Strategy:

When diagrams span multiple documents, use consistent linking patterns:

See [Risk Management Workflow](#-risk-management-workflow) below for detailed process.

2. Cross-Document Mermaid References

For risk scoring methodology, see the [Risk Assessment Process in Risk_Assessment_Methodology.md](./Risk_Assessment_Methodology.md#-risk-assessment-process).

3. Narrative Transitions Between Diagrams

This strategic framework (diagram above) is implemented through the [Product Security Architecture in Information_Security_Strategy.md](./Information_Security_Strategy.md#๏ธ-product-security-architecture-comparison).

Consistency Rules:

  • Use same node IDs for same concepts across documents (e.g., RISK_ASSESS, INCIDENT, CEO)
  • Maintain consistent color schemes per STYLE_GUIDE.md standards
  • Reference diagrams by section header, not "above" or "below" (for portability)

โ™ฟ Diagram Accessibility

Color-Blind Considerations:

  • Don't rely solely on color to convey information (use shapes, labels, patterns)
  • Test with color-blind simulators (e.g., Coblis Color Blindness Simulator)
  • Provide text alternatives in surrounding paragraphs

Example: Accessible Status Indicators

<!-- โŒ Bad: Color-only status -->
node1[Task] --> node2[Complete]:::green
node2 --> node3[Failed]:::red

<!-- โœ… Good: Color + Symbol + Label -->
node1[๐Ÿ“‹ Task] --> node2[โœ… Complete: Task A]:::green
node2 --> node3[โŒ Failed: Task B]:::red

Alt-Text Best Practices:

  • Always provide narrative description of diagram content after the diagram
  • Format: "Key Takeaways: - [Bullet list of main points]"
  • Recommended format example:
\```mermaid
[Quadrant diagram showing SWOT analysis]
\```

**Key Takeaways:**

- **Strengths:** Deep cybersecurity expertise, transparent ISMS, cloud-native architecture
- **Weaknesses:** Single-person dependency, limited financial resources
- **Opportunities:** NIS2 implementation wave, EU CRA compliance demand
- **Threats:** Large competitor entry, economic downturn

๐Ÿ”„ Diagram Versioning and Evolution

When to Update Diagrams:

  • Process changes (add/remove steps)
  • New framework integration (add compliance mappings)
  • Stakeholder feedback (clarity improvements)
  • Quarterly/annual policy reviews

Update Strategy:

  1. Preserve Anchors: Don't change diagram section header anchors (breaks external links)
  2. Document Changes: Add version note in surrounding text
  3. Maintain Backward Compatibility: If removing nodes, add "deprecated" note

Example: Evolving a Diagram

<!-- Version 1.0 (2025-01-01) -->

## ๐Ÿ”„ Risk Management Workflow

\```mermaid
flowchart TD
    IDENTIFY --> ASSESS
    ASSESS --> TREAT
    TREAT --> MONITOR
\```

<!-- Version 1.1 (2025-06-01) - Added AI agent triage -->

## ๐Ÿ”„ Risk Management Workflow

**Updated 2025-06-01:** Added AI agent triage step between Identify and Assess phases.

\```mermaid
flowchart TD
    IDENTIFY --> AI_TRIAGE[๐Ÿค– AI Agent Triage]
    AI_TRIAGE --> ASSESS
    ASSESS --> TREAT
    TREAT --> MONITOR
\```

Diagram Naming Conventions:

  • Node IDs: Use UPPERCASE_UNDERSCORE format (e.g., RISK_ASSESS, CEO_APPROVAL)
  • Class Names: Use lowercase hyphen format (e.g., high-priority, approved-status)
  • Section Anchors: Keep stable over time; use descriptive names (e.g., #-risk-management-workflow)

โŒ Diagram Anti-Patterns (What NOT to Do)

Anti-PatternProblemSolution
Color-Only DifferentiationInaccessible to color-blind usersAdd icons, labels, patterns
Too Many Decision BranchesAnalysis paralysisConsolidate similar branches, split diagram
Inconsistent Node IDsConfusion across documentsUse standard IDs (e.g., CEO, RISK_ASSESS)
Overly Abstract LabelsUnclear meaningUse descriptive, action-oriented labels
Missing ContextDiagram stands aloneProvide narrative introduction and key takeaways
Unlinked ReferencesDead endsEvery referenced diagram should be linkable
Diagram-in-DiagramMermaid limitationsSplit into separate diagrams with cross-links
Temporal References"Above" or "below" breaks portabilityReference by section header or anchor
Excessive NestingReadability issuesFlatten structure or split into multiple diagrams
Generic Node NamesLacks specificityUse domain-specific, meaningful names

Example: Avoiding Over-Complexity

<!-- โŒ Bad: 40-node monolithic flowchart -->
\```mermaid
flowchart TD
    [... 40 nodes in single diagram ...]
\```

<!-- โœ… Good: Split into focused diagrams -->

## Overview: Risk Management

\```mermaid
flowchart TD
    [... 10-node high-level view ...]
\```

## Detail: Risk Assessment

\```mermaid
flowchart TD
    [... 15-node assessment detail ...]
\```

๐Ÿ“ฑ Mobile Responsiveness Guidelines

Diagram Sizing for Small Screens:

  • Max Width: Keep diagrams under 800px width for mobile readability
  • Orientation: Prefer vertical (TD) over horizontal (LR) layouts for mobile
  • Font Size: Use minimum 12px font size in Mermaid config
  • Touch Targets: Ensure clickable elements are at least 44x44px

Responsive Diagram Patterns:

Device TypeRecommended ApproachExample
Desktop (>1024px)Full complexity allowedQuadrant chart with 25+ points
Tablet (768-1024px)Moderate complexityFlowchart with 15 nodes
Mobile (<768px)Minimal complexitySimplified 5-8 node flowchart

Mobile-Friendly Example

<!-- Desktop: Full detail -->

## Risk Assessment Workflow (Full)

\```mermaid
flowchart TD
    [... 20-node detailed diagram ...]
\```

<!-- Mobile: Simplified -->

## Risk Assessment Workflow (Simplified)

\```mermaid
flowchart TD
    START[๐Ÿ“‹ Identify] --> ASSESS[๐Ÿ” Assess]
    ASSESS --> TREAT[๐Ÿ›ก๏ธ Treat]
    TREAT --> MONITOR[๐Ÿ“ˆ Monitor]
\```

Configuration for Mobile:

%%{init: {
  "theme": "default",
  "themeVariables": {
    "fontSize": "14px"
  },
  "flowchart": {
    "nodeSpacing": 50,
    "rankSpacing": 50,
    "curve": "basis"
  }
}}%%

๐ŸŽ–๏ธ Security Badge Standards

Overview

Per the Secure Development Policy, all project documentation MUST include public evidence badges demonstrating continuous security validation. These badges provide transparent, verifiable proof of security posture and compliance.

Required Security Badges

๐Ÿ” Core Security Badges (Required for All Projects)

Badge TypeServicePurposeURL PatternStatus Check
OpenSSF Scorecardsecurityscorecards.devSupply chain security assessmenthttps://api.securityscorecards.dev/projects/github.com/{owner}/{repo}/badgeScore 7.0+ recommended
SLSA Provenanceslsa.devBuild provenance and integrityhttps://slsa.dev/images/gh-badge-level3.svgLevel 3 recommended
FOSSA Licenseapp.fossa.ioOpen source license compliancehttps://app.fossa.io/api/projects/git%2Bgithub.com%2F{owner}%2F{repo}.svg?type=shieldNo violations
Badge TypeServicePurposeURL PatternTarget
SonarCloud Quality Gatesonarcloud.ioCode quality and securityhttps://sonarcloud.io/api/project_badges/measure?project={key}&metric=alert_statusPassed
SonarCloud Security Ratingsonarcloud.ioSecurity vulnerability detectionhttps://sonarcloud.io/api/project_badges/measure?project={key}&metric=security_ratingA rating
Code Coveragecodecov.io / coveralls.ioTest coverage metricsVaries by service80%+ recommended

โœ… Compliance Badges (Required for ISMS Documentation)

Badge TypePurposeURL PatternUsage
ISO 27001 AlignedFramework compliancehttps://img.shields.io/badge/ISO_27001-2022_Aligned-blue?style=flat-squarePolicy documents
NIST CSF AlignedFramework compliancehttps://img.shields.io/badge/NIST_CSF-2.0_Aligned-green?style=flat-squareSecurity controls
CIS Controls AlignedFramework compliancehttps://img.shields.io/badge/CIS_Controls-v8.1_Aligned-orange?style=flat-squareControl implementation
AWS Well-ArchitectedCloud securityhttps://img.shields.io/badge/AWS-Well_Architected-orange?style=flat-squareAWS projects
Badge TypeServicePurposeURL Pattern
GitHub Actionsgithub.comCI/CD pipeline statushttps://github.com/{owner}/{repo}/workflows/{workflow}/badge.svg
Release Statusgithub.comLatest release workflowhttps://github.com/{owner}/{repo}/actions/workflows/release.yml/badge.svg

Badge Validation Requirements

Automated Monitoring

The badge monitoring system (.github/scripts/monitor-security-badges.sh) performs:

  1. URL Accessibility Check: Validates all badge URLs return HTTP 200/301/302
  2. Badge Categorization: Classifies badges by type (security, quality, compliance, build)
  3. Health Reporting: Generates comprehensive badge health reports
  4. Broken Badge Detection: Identifies and alerts on inaccessible badges
  5. Trend Analysis: Tracks badge health over time

Health Metrics

Badge health is measured by:

  • Total Badges: Count of all badges across documentation
  • Accessible Rate: Percentage of badges returning successful HTTP responses
  • Category Distribution: Breakdown by badge type
  • Health Score: Overall accessibility percentage (Target: 95%+)

Monitoring Schedule

Badge monitoring runs:

  • On Documentation Changes: Automatically validates badges in modified files
  • On Demand: Manual workflow dispatch available

Badge Placement Guidelines

In Project README.md

Place badges prominently at the top of README.md files:

# ๐ŸŽฎ Project Name

[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Hack23/repo/badge)](https://scorecard.dev/viewer/?uri=github.com/Hack23/repo)
[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://github.com/Hack23/repo/attestations)
[![Quality Gate](https://sonarcloud.io/api/project_badges/measure?project=key&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=key)
[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FHack23%2Frepo.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2FHack23%2Frepo)

In Policy Documents

Include compliance badges in the document control footer:

**๐ŸŽฏ Framework Compliance:** 
[![ISO 27001](https://img.shields.io/badge/ISO_27001-2022_Aligned-blue?style=flat-square)](./CLASSIFICATION.md) 
[![NIST CSF 2.0](https://img.shields.io/badge/NIST_CSF-2.0_Aligned-green?style=flat-square)](./CLASSIFICATION.md)

In Architecture Documentation

Embed security badges in technical documentation:

### Security Posture

**Security Scanning:**
[![SAST](https://img.shields.io/badge/SAST-SonarCloud-success?style=flat-square)](https://sonarcloud.io/project/overview?id=key)
[![ZAP Scan](https://img.shields.io/badge/ZAP-Baseline_Scan-success?style=flat-square)](https://github.com/owner/repo/security/code-scanning)

Reference Implementations

Examples of proper badge usage across Hack23 projects:

  • ๐Ÿ›๏ธ Citizen Intelligence Agency: README.md
  • ๐ŸŽฎ Black Trigram: README.md
  • ๐Ÿ“Š CIA Compliance Manager: README.md
  • ๐Ÿ‡ช๐Ÿ‡บ European Parliament MCP Server: README.md
  • ๐Ÿ‡ช๐Ÿ‡บ EU Parliament Monitor: README.md
  • ๐Ÿ—ณ๏ธ Riksdagsmonitor: README.md

Badge Troubleshooting

Common Issues

ProblemCauseSolution
Badge returns 404Incorrect project key or URLVerify project ID in service console
Badge shows "unknown"Project not configuredComplete service setup and initial scan
Badge not updatingCache issueClear browser cache or add cache-busting parameter
Connection timeoutService unavailableCheck service status page, retry later

Support Resources


๐ŸŽฏ Strategic & Governance

๐Ÿ” Security Policies & Controls

โš™๏ธ Operational Integration


๐Ÿ“‹ Document Control:
โœ… Approved by: James Pether Sรถrling, CEO
๐Ÿ“ค Distribution: Public
๐Ÿท๏ธ Classification: Confidentiality: Public
๐Ÿ“… Effective Date: 2025-11-17
โฐ Next Review: 2026-11-17
๐ŸŽฏ Framework Compliance: ISO 27001 NIST CSF 2.0 CIS Controls