isms-classification-adaptation.md

March 26, 2026 ยท View on GitHub

Hack23 Logo

๐Ÿ—‚๏ธ ISMS Classification โ†’ Political Intelligence Adaptation

๐Ÿ“Š Mapping ISMS Classification Framework to Political Sensitivity Levels
๐ŸŽฏ Confidentiality ยท Integrity ยท Availability โ†’ Sensitivity ยท Accuracy ยท Urgency

Owner Version Effective Date Classification

๐Ÿ“‹ Document Owner: CEO | ๐Ÿ“„ Version: 1.0 | ๐Ÿ“… Last Updated: 2026-03-26 (UTC)
๐Ÿ”„ Review Cycle: Quarterly | โฐ Next Review: 2026-06-26
๐Ÿข Owner: Hack23 AB (Org.nr 5595347807) | ๐Ÿท๏ธ Classification: Public


๐ŸŽฏ Purpose

This reference document explains how Hack23 ISMS CLASSIFICATION.md has been adapted for political intelligence classification in Riksdagsmonitor. It provides the authoritative mapping between ISMS security classification concepts and political intelligence classification concepts, enabling consistent analytical reasoning across both domains.


๐Ÿ”’ Confidentiality Levels โ†’ Political Sensitivity Levels

The ISMS defines three confidentiality levels (Public, Internal, Confidential). These map directly to Riksdagsmonitor's three political sensitivity levels:

ISMS Confidentiality LevelISMS DefinitionPolitical Sensitivity LevelPolitical Definition
PublicInformation that can be freely shared with anyone without risk๐ŸŸข PUBLICRoutine parliamentary activity; freely publishable
InternalInformation for internal stakeholders; limited external distribution๐ŸŸก SENSITIVEPolitically charged; requires careful framing before publication
ConfidentialInformation with legal, competitive, or safety restrictions๐Ÿ”ด RESTRICTEDLegal sensitivity or acute political risk; editorial review mandatory

Adaptation Rationale

The ISMS confidentiality framework is primarily designed to protect organisational secrets. The political intelligence adaptation inverts this orientation: the goal is maximum transparency rather than restriction. Therefore:

  • PUBLIC is the default and desirable state โ€” unlike ISMS where most data is Internal
  • RESTRICTED indicates a journalistic caution, not organisational secrecy
  • The handling controls differ: ISMS Confidential restricts distribution; RESTRICTED in political context requires verification and framing, not suppression

โœ… Integrity Levels โ†’ Political Accuracy Requirements

The ISMS defines integrity in terms of data accuracy and modification controls. Political accuracy requirements adapt this to the journalistic verification context:

ISMS Integrity LevelISMS ControlPolitical Accuracy RequirementVerification Method
High IntegrityCryptographic signing; audit trails; no modification without approvalVerified โ€” multiple primary sources; official Riksdag documentCross-reference via get_dokument + search_voteringar
Medium IntegrityAccess controls; version tracking; change loggingCorroborated โ€” single primary source + secondary confirmationsearch_anforanden + media verification
Low IntegrityBasic controls; review recommendedUnverified โ€” single source; flag with [LOW confidence]Explicit confidence notation required

Accuracy Degradation

Just as ISMS data integrity can be compromised over time, political accuracy degrades temporally:

  • Information verified against a 2025 proposition remains HIGH accuracy
  • The same information applied to a 2026 policy context becomes MEDIUM (policy may have changed)
  • Information older than 180 days requires re-verification before inclusion in analysis

โšก Availability Levels โ†’ Political Urgency Levels

The ISMS defines availability in terms of system uptime and data accessibility. Political urgency adapts this to publication timing requirements:

ISMS AvailabilityISMS SLAPolitical Urgency LevelPublication Deadline
Critical (99.99% uptime)Near-zero tolerance for downtime๐Ÿ”ด CRITICALImmediate publication; all-language deployment within 2 hours
High (99.9% uptime)Maximum 8.7 hours downtime/year๐ŸŸ  URGENTPublish within 4โ€“8 hours; priority placement
Medium (99% uptime)Maximum 3.65 days downtime/year๐Ÿ”ต ELEVATEDInclude in next scheduled news cycle
Low (best-effort)No SLAโšช ROUTINEPublish in standard workflow; 24โ€“48 hours acceptable

๐Ÿ“Š ISMS Impact Analysis Matrix โ†’ Political Impact Matrix

The ISMS uses an impact matrix to assess security incident consequences. The political adaptation scores consequences for democratic process disruption:

ISMS Impact CategoryISMS ConsequencePolitical Impact CategoryPolitical Consequence
ReputationalBrand/credibility damage to Hack23Democratic CredibilityDamage to trust in Swedish democratic institutions
FinancialRevenue loss, fines, remediation costEconomic ImpactPolicy cost to Swedish taxpayers or GDP impact
Legal/RegulatoryFines, sanctions, legal proceedingsConstitutional ImpactBreach of Riksdag procedures or constitutional norms
OperationalService disruption, productivity lossGovernance ImpactDisruption to government's ability to function
SafetyPhysical harm to personsSocial CohesionHarm to Swedish social fabric or minority rights

Political Impact Score Calibration

The ISMS 1โ€“5 impact scale maps to political impact:

ScoreISMS ConsequencePolitical Equivalent
1Minor operational inconvenienceRoutine committee delay
2Limited reputational concernSingle bill rejection; government resubmits
3Moderate financial/legal exposureMajor budget amendment forced
4Severe reputational or operational harmMinister resignation or major policy reversal
5Existential threat to organisationGovernment collapse; extraordinary election

๐Ÿ”— Implementation Reference

This adaptation is implemented in:


Document Control:

  • Path: /analysis/reference/isms-classification-adaptation.md
  • Source ISMS Doc: CLASSIFICATION.md
  • Classification: Public
  • Next Review: 2026-06-26