isms-classification-adaptation.md
March 26, 2026 ยท View on GitHub
๐๏ธ ISMS Classification โ Political Intelligence Adaptation
๐ Mapping ISMS Classification Framework to Political Sensitivity Levels
๐ฏ Confidentiality ยท Integrity ยท Availability โ Sensitivity ยท Accuracy ยท Urgency
๐ Document Owner: CEO | ๐ Version: 1.0 | ๐
Last Updated: 2026-03-26 (UTC)
๐ Review Cycle: Quarterly | โฐ Next Review: 2026-06-26
๐ข Owner: Hack23 AB (Org.nr 5595347807) | ๐ท๏ธ Classification: Public
๐ฏ Purpose
This reference document explains how Hack23 ISMS CLASSIFICATION.md has been adapted for political intelligence classification in Riksdagsmonitor. It provides the authoritative mapping between ISMS security classification concepts and political intelligence classification concepts, enabling consistent analytical reasoning across both domains.
๐ Confidentiality Levels โ Political Sensitivity Levels
The ISMS defines three confidentiality levels (Public, Internal, Confidential). These map directly to Riksdagsmonitor's three political sensitivity levels:
| ISMS Confidentiality Level | ISMS Definition | Political Sensitivity Level | Political Definition |
|---|---|---|---|
| Public | Information that can be freely shared with anyone without risk | ๐ข PUBLIC | Routine parliamentary activity; freely publishable |
| Internal | Information for internal stakeholders; limited external distribution | ๐ก SENSITIVE | Politically charged; requires careful framing before publication |
| Confidential | Information with legal, competitive, or safety restrictions | ๐ด RESTRICTED | Legal sensitivity or acute political risk; editorial review mandatory |
Adaptation Rationale
The ISMS confidentiality framework is primarily designed to protect organisational secrets. The political intelligence adaptation inverts this orientation: the goal is maximum transparency rather than restriction. Therefore:
- PUBLIC is the default and desirable state โ unlike ISMS where most data is Internal
- RESTRICTED indicates a journalistic caution, not organisational secrecy
- The handling controls differ: ISMS Confidential restricts distribution; RESTRICTED in political context requires verification and framing, not suppression
โ Integrity Levels โ Political Accuracy Requirements
The ISMS defines integrity in terms of data accuracy and modification controls. Political accuracy requirements adapt this to the journalistic verification context:
| ISMS Integrity Level | ISMS Control | Political Accuracy Requirement | Verification Method |
|---|---|---|---|
| High Integrity | Cryptographic signing; audit trails; no modification without approval | Verified โ multiple primary sources; official Riksdag document | Cross-reference via get_dokument + search_voteringar |
| Medium Integrity | Access controls; version tracking; change logging | Corroborated โ single primary source + secondary confirmation | search_anforanden + media verification |
| Low Integrity | Basic controls; review recommended | Unverified โ single source; flag with [LOW confidence] | Explicit confidence notation required |
Accuracy Degradation
Just as ISMS data integrity can be compromised over time, political accuracy degrades temporally:
- Information verified against a 2025 proposition remains HIGH accuracy
- The same information applied to a 2026 policy context becomes MEDIUM (policy may have changed)
- Information older than 180 days requires re-verification before inclusion in analysis
โก Availability Levels โ Political Urgency Levels
The ISMS defines availability in terms of system uptime and data accessibility. Political urgency adapts this to publication timing requirements:
| ISMS Availability | ISMS SLA | Political Urgency Level | Publication Deadline |
|---|---|---|---|
| Critical (99.99% uptime) | Near-zero tolerance for downtime | ๐ด CRITICAL | Immediate publication; all-language deployment within 2 hours |
| High (99.9% uptime) | Maximum 8.7 hours downtime/year | ๐ URGENT | Publish within 4โ8 hours; priority placement |
| Medium (99% uptime) | Maximum 3.65 days downtime/year | ๐ต ELEVATED | Include in next scheduled news cycle |
| Low (best-effort) | No SLA | โช ROUTINE | Publish in standard workflow; 24โ48 hours acceptable |
๐ ISMS Impact Analysis Matrix โ Political Impact Matrix
The ISMS uses an impact matrix to assess security incident consequences. The political adaptation scores consequences for democratic process disruption:
| ISMS Impact Category | ISMS Consequence | Political Impact Category | Political Consequence |
|---|---|---|---|
| Reputational | Brand/credibility damage to Hack23 | Democratic Credibility | Damage to trust in Swedish democratic institutions |
| Financial | Revenue loss, fines, remediation cost | Economic Impact | Policy cost to Swedish taxpayers or GDP impact |
| Legal/Regulatory | Fines, sanctions, legal proceedings | Constitutional Impact | Breach of Riksdag procedures or constitutional norms |
| Operational | Service disruption, productivity loss | Governance Impact | Disruption to government's ability to function |
| Safety | Physical harm to persons | Social Cohesion | Harm to Swedish social fabric or minority rights |
Political Impact Score Calibration
The ISMS 1โ5 impact scale maps to political impact:
| Score | ISMS Consequence | Political Equivalent |
|---|---|---|
| 1 | Minor operational inconvenience | Routine committee delay |
| 2 | Limited reputational concern | Single bill rejection; government resubmits |
| 3 | Moderate financial/legal exposure | Major budget amendment forced |
| 4 | Severe reputational or operational harm | Minister resignation or major policy reversal |
| 5 | Existential threat to organisation | Government collapse; extraordinary election |
๐ Implementation Reference
This adaptation is implemented in:
- methodologies/political-classification-guide.md โ Full classification guide
- templates/political-classification.md โ Classification template
scripts/analysis-framework/types.tsโ TypeScript classification typesscripts/analysis-framework/lenses/โ Automated classification lenses
Document Control:
- Path:
/analysis/reference/isms-classification-adaptation.md - Source ISMS Doc: CLASSIFICATION.md
- Classification: Public
- Next Review: 2026-06-26