@elnora-ai/linear 1.0.1 → 1.1.0

package/templates/AUD-CAP-corrective.md

@@ -0,0 +1,89 @@
+# AUD-CAP: Corrective Action Plan
+
+## Quick Reference
+- **SLA:** 5-30 days (severity-based)
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Corrective Actions
+
+## Required Labels
+- `Type: bug`
+- `Flag: compliance`
+- `Layer: [affected area]`
+- Severity: Major NC = High, Minor NC = Medium
+
+## Issue Template
+```markdown
+## Corrective Action Plan
+
+**CAP ID:** AUD-CAP-YYYY-XXX
+**Source:** [Internal Audit / External Audit / Incident / Management Review]
+**Source Reference:** [Audit report ID or incident ID]
+**Finding Date:** [YYYY-MM-DD]
+
+## Finding Details
+- **Finding Type:** [Major NC / Minor NC / Opportunity for Improvement]
+- **Control/Area:** [ISO 27001 control reference or ISMS area]
+- **Finding Description:** [Detailed description of the nonconformity]
+- **Evidence:** [What evidence demonstrated the NC]
+
+## Root Cause Analysis
+**Immediate Cause:**
+[What directly caused the NC]
+
+**Root Cause:**
+[Underlying reason - use 5 Whys if needed]
+
+**Contributing Factors:**
+[Other factors that contributed]
+
+## Corrective Action Plan
+
+### Immediate Actions (Containment)
+| Action | Owner | Deadline | Status |
+|--------|-------|----------|--------|
+| | | | |
+
+### Corrective Actions (Fix Root Cause)
+| Action | Owner | Deadline | Status |
+|--------|-------|----------|--------|
+| | | | |
+
+### Preventive Actions (Prevent Recurrence)
+| Action | Owner | Deadline | Status |
+|--------|-------|----------|--------|
+| | | | |
+
+## Resource Requirements
+- **Personnel:** [Time/effort needed]
+- **Budget:** [If applicable]
+- **Tools/Systems:** [If needed]
+
+## Documentation Updates Required
+- [ ] Policy update needed: [Which policy]
+- [ ] Procedure update needed: [Which procedure]
+- [ ] Training update needed: [Which training]
+- [ ] Risk register update needed
+
+## Effectiveness Verification
+**Verification Method:**
+[How will we verify the corrective action was effective?]
+
+**Verification Date:**
+[When will effectiveness be checked]
+
+**Verification Results:**
+[To be completed after verification]
+
+## Approvals
+- [ ] Action plan approved by: _________________ Date: _______
+- [ ] Implementation verified by: _________________ Date: _______
+- [ ] Effectiveness verified by: _________________ Date: _______
+
+## Closure
+- [ ] All actions completed
+- [ ] Effectiveness verified
+- [ ] Documentation updated
+- [ ] Finding closed
+
+Closure Date: _________________ Closed By: _________________
+```

package/templates/AUD-INT-internal.md

@@ -0,0 +1,92 @@
+# AUD-INT: Internal Audit
+
+## Quick Reference
+- **SLA:** 60 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Internal Audits
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Layer: [scope-dependent]`
+
+## Issue Template
+```markdown
+## ISMS Internal Audit
+
+**Audit ID:** AUD-INT-YYYY-XXX
+**Audit Period:** [YYYY-MM-DD to YYYY-MM-DD]
+**Audit Type:** [Annual / Ad-hoc / Follow-up]
+
+## Audit Planning
+
+### Scope
+[Define audit scope - which ISMS areas, controls, processes]
+
+### Objectives
+1. [Objective 1]
+2. [Objective 2]
+3. [Objective 3]
+
+### Auditor Information
+- **Lead Auditor:** [Name]
+- **Auditor(s):** [Names]
+- **Independence Verification:** [Confirm auditors not implementing controls being audited]
+
+### Audit Schedule
+| Date | Activity | Area/Control | Interviewee |
+|------|----------|--------------|-------------|
+| | | | |
+
+## Audit Criteria
+- ISO 27001:2022 requirements
+- Statement of Applicability controls
+- Internal policies and procedures
+- Regulatory requirements
+
+## Documents to Review
+- [ ] Information Security Policy
+- [ ] Risk Assessment and Treatment Plan
+- [ ] Statement of Applicability
+- [ ] [Other relevant documents]
+
+## Audit Execution Checklist
+- [ ] Opening meeting conducted
+- [ ] Document review completed
+- [ ] Interviews conducted
+- [ ] Evidence collected
+- [ ] Control testing performed
+- [ ] Closing meeting conducted
+
+## Findings Summary
+
+### Major Nonconformities
+| Finding ID | Control/Area | Description | Evidence |
+|------------|--------------|-------------|----------|
+| | | | |
+
+### Minor Nonconformities
+| Finding ID | Control/Area | Description | Evidence |
+|------------|--------------|-------------|----------|
+| | | | |
+
+### Opportunities for Improvement
+| OFI ID | Area | Recommendation |
+|--------|------|----------------|
+| | | |
+
+### Conforming Controls
+[List controls found to be operating effectively]
+
+## Corrective Action Requirements
+[Create linked AUD-CAP tickets for each NC]
+
+## Report Distribution
+- [ ] Draft report to Information Security Leader
+- [ ] Final report to ISMS Governance Council
+- [ ] Highlights presented at Management Review
+
+## Sign-off
+- [ ] Lead Auditor: _________________ Date: _______
+- [ ] Information Security Leader Review: _________________ Date: _______
+```

package/templates/AUD-MGT-management.md

@@ -0,0 +1,110 @@
+# AUD-MGT: Management Review
+
+## Quick Reference
+- **SLA:** 30 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Management Reviews
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Layer: devops`
+
+## Issue Template
+```markdown
+## ISMS Management Review
+
+**Review ID:** AUD-MGT-YYYY-XXX
+**Review Date:** [YYYY-MM-DD]
+**Review Period:** [Period being reviewed]
+**Meeting Type:** [Annual / Quarterly / Ad-hoc]
+
+## Pre-Meeting Preparation
+
+### Required Inputs to Compile
+- [ ] Status of previous management review actions
+- [ ] Changes in external/internal context
+- [ ] Changes in interested parties' needs
+- [ ] ISMS performance metrics
+- [ ] Audit results (internal and external)
+- [ ] Nonconformity and corrective action status
+- [ ] Risk assessment status
+- [ ] Incident summary and trends
+- [ ] Security objectives progress
+- [ ] Feedback from stakeholders
+
+## Attendees (ISMS Governance Council)
+| Name | Role | Present |
+|------|------|---------|
+| | CEO | [ ] |
+| | CTO | [ ] |
+| | | [ ] |
+
+## Agenda
+
+### 1. Previous Review Actions Status
+| Action | Owner | Status | Notes |
+|--------|-------|--------|-------|
+| | | | |
+
+### 2. Context Changes
+**External Changes:**
+[Changes in regulatory, market, technology landscape]
+
+**Internal Changes:**
+[Organizational, process, technology changes]
+
+### 3. Performance Review
+**Security Metrics:**
+| Metric | Target | Actual | Status |
+|--------|--------|--------|--------|
+| | | | |
+
+**Objectives Progress:**
+| Objective | Progress | Status |
+|-----------|----------|--------|
+| | | |
+
+### 4. Audit Results Summary
+- Internal audit findings: [Summary]
+- External audit findings: [Summary]
+- Open nonconformities: [Count and summary]
+
+### 5. Risk Assessment Status
+- Risk register status: [Summary]
+- High risks: [List]
+- Risk treatment plan progress: [Summary]
+
+### 6. Incident Summary
+- Total incidents this period: [Count]
+- Incidents by severity: [Breakdown]
+- Key incident trends: [Summary]
+- Lessons learned implemented: [Summary]
+
+### 7. Resource Requirements
+[Budget, personnel, tool needs]
+
+## Decisions Made
+
+### ISMS Changes Approved
+| Change | Approved | Owner | Deadline |
+|--------|----------|-------|----------|
+| | Yes/No | | |
+
+### Actions Assigned
+| Action | Owner | Deadline | Priority |
+|--------|-------|----------|----------|
+| | | | |
+
+### Resource Approvals
+| Request | Approved | Amount | Notes |
+|---------|----------|--------|-------|
+| | Yes/No | | |
+
+## Sign-off
+All Governance Council members approve these minutes and decisions:
+
+| Name | Signature | Date |
+|------|-----------|------|
+| | | |
+```

package/templates/CHG-MAJ-major.md

@@ -0,0 +1,110 @@
+# CHG-MAJ: ISMS Major Change (Category 3)
+
+## Quick Reference
+- **SLA:** 15-30 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Major Changes
+
+## Required Labels
+- `Type: feature` or `Type: improvement`
+- `Flag: compliance`
+- `Flag: security`
+- `Layer: [all affected layers]`
+
+## Issue Template
+```markdown
+## ISMS Major Change Request
+
+**Change ID:** ISMS-YYYY-XXX
+**Category:** 3 - Major Change
+**Requested By:** [Name]
+**Date Requested:** [YYYY-MM-DD]
+**Target Implementation:** [YYYY-MM-DD] (minimum 30 days from request)
+
+## Change Description
+[Comprehensive description - affects ISMS scope/boundaries, security policy intent, organizational structure, introduces new technology, responds to regulatory changes, or post-incident modifications]
+
+## Change Type
+- [ ] ISMS scope or boundary change
+- [ ] Security policy intent change
+- [ ] Organizational structure change
+- [ ] New technology introduction
+- [ ] Regulatory/legal requirement change
+- [ ] Post-incident modification
+- [ ] Other: ___
+
+## Affected Areas
+### Documents
+| Document | Section | Type of Change |
+|----------|---------|----------------|
+| | | |
+
+### Systems
+[List all affected systems]
+
+### Processes
+[List all affected business processes]
+
+### Personnel/Roles
+[List affected roles and responsibilities]
+
+## Business Justification
+[Detailed justification including strategic alignment]
+
+## Comprehensive Risk Assessment
+### Identified Risks
+| Risk | Likelihood | Impact | Risk Level | Mitigation |
+|------|------------|--------|------------|------------|
+| | | | | |
+
+### Risk Treatment Decisions
+[Document risk treatment approach for each identified risk]
+
+## Resource Requirements
+- **Personnel:** [Detailed time/effort breakdown]
+- **Budget:** [Cost estimate with breakdown]
+- **Training:** [Training plan if required]
+- **External Support:** [Consultants/vendors if needed]
+
+## Implementation Plan
+| Phase | Milestone | Actions | Owner | Start | End |
+|-------|-----------|---------|-------|-------|-----|
+| 1 | | | | | |
+| 2 | | | | | |
+
+## Rollback Plan
+[Comprehensive rollback procedure]
+
+## Communication Plan
+| Audience | Message | Channel | Timing |
+|----------|---------|---------|--------|
+| | | | |
+
+## Training Plan
+[If applicable - training requirements and schedule]
+
+## Approvals (Full ISMS Governance Council)
+Management Review Meeting Date: [YYYY-MM-DD]
+
+| Council Member | Role | Signature | Date |
+|----------------|------|-----------|------|
+| | CEO | | |
+| | CTO | | |
+
+## Implementation Tracking
+- [ ] 30-day notice period completed
+- [ ] All approvals obtained
+- [ ] Implementation commenced
+- [ ] Milestone 1 complete
+- [ ] Milestone 2 complete
+- [ ] Full implementation complete
+- [ ] Post-implementation review scheduled
+
+## Verification Checklist
+- [ ] Change implemented per plan
+- [ ] All affected documents updated
+- [ ] Training completed (if required)
+- [ ] Change log updated
+- [ ] Effectiveness review scheduled
+- [ ] Lessons learned documented
+```

package/templates/CHG-SIG-significant.md

@@ -0,0 +1,83 @@
+# CHG-SIG: ISMS Significant Change (Category 2)
+
+## Quick Reference
+- **SLA:** 5-10 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Significant Changes
+
+## Required Labels
+- `Type: improvement`
+- `Flag: compliance`
+- `Flag: security` (if security control affected)
+- `Layer: [affected layers]`
+
+## Issue Template
+```markdown
+## ISMS Significant Change Request
+
+**Change ID:** ISMS-YYYY-XXX
+**Category:** 2 - Significant Change
+**Requested By:** [Name]
+**Date Requested:** [YYYY-MM-DD]
+**Target Implementation:** [YYYY-MM-DD]
+
+## Change Description
+[Detailed description - affects existing security controls, procedures, risk treatment plans, or objectives]
+
+## Affected Areas
+- [ ] Security controls
+- [ ] Procedures
+- [ ] Risk treatment plans
+- [ ] ISMS objectives
+- [ ] Other: ___
+
+## Affected Documents
+| Document | Section | Type of Change |
+|----------|---------|----------------|
+| | | |
+
+## Justification
+[Business or security justification for this change]
+
+## Impact Assessment
+### Systems Affected
+[List systems or processes affected]
+
+### Stakeholders Affected
+[List roles or teams impacted]
+
+### Potential Risks
+[Describe potential negative impacts]
+
+### Mitigation Measures
+[How will risks be mitigated?]
+
+## Resource Requirements
+- **Personnel:** [Time/effort needed]
+- **Budget:** [If applicable]
+- **Training:** [If required]
+
+## Implementation Plan
+| Step | Action | Owner | Target Date |
+|------|--------|-------|-------------|
+| 1 | | | |
+| 2 | | | |
+
+## Rollback Plan
+[Describe how to revert if change causes issues]
+
+## Communication Requirements
+- [ ] Affected stakeholders notified
+- [ ] Training scheduled (if needed)
+
+## Approvals
+- [ ] Information Security Management Leader: _________________ Date: _______
+- [ ] ISMS Governance Council Member: _________________ Date: _______
+
+## Implementation Verification
+- [ ] Change implemented as planned
+- [ ] No deviations from plan (or deviations documented)
+- [ ] Affected documents updated
+- [ ] Change log updated
+- [ ] Post-implementation review completed
+```

package/templates/CHG-STD-standard.md

@@ -0,0 +1,47 @@
+# CHG-STD: ISMS Standard Change (Category 1)
+
+## Quick Reference
+- **SLA:** 1-2 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Standard Changes
+
+## Required Labels
+- `Type: improvement`
+- `Flag: compliance`
+- `Layer: [affected layer]`
+
+## Issue Template
+```markdown
+## ISMS Standard Change Request
+
+**Change ID:** ISMS-YYYY-XXX
+**Category:** 1 - Standard Change
+**Requested By:** [Name]
+**Date Requested:** [YYYY-MM-DD]
+
+## Change Description
+[Describe the change - should be minor documentation updates, clarifications, or non-intent-changing reviews]
+
+## Affected Documents
+- [ ] Document: [filename] - Section: [section]
+
+## Justification
+[Why is this change needed?]
+
+## Risk Assessment
+**Risk Level:** Minimal
+[Standard changes by definition have minimal risk - no changes to security controls or policy intent]
+
+## Implementation Plan
+1. [Step 1]
+2. [Step 2]
+
+## Approval
+- [ ] Information Security Management Leader: _________________ Date: _______
+
+## Verification Checklist
+- [ ] Change implemented as described
+- [ ] Document version updated
+- [ ] Change log updated
+- [ ] No unintended impacts observed
+```

package/templates/LRN-DOC-lessons.md

@@ -0,0 +1,75 @@
+# LRN-DOC: Lessons Learned
+
+## Quick Reference
+- **SLA:** 10-20 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Lessons Learned
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Layer: [affected area]`
+
+## Issue Template
+```markdown
+## Lessons Learned Review
+
+**Review ID:** LRN-YYYY-XXX
+**Incident Reference:** [Link to incident ticket]
+**RCA Reference:** [Link to RCA ticket]
+**Meeting Date:** [YYYY-MM-DD]
+
+## Meeting Details
+- **Facilitator:** [Name]
+- **Participants:** [List all participants]
+- **Duration:** [X hours]
+
+## Incident Recap
+[Brief summary of the incident - link to full RCA for details]
+
+## Discussion Topics
+
+### What Went Well
+| Item | Details | How to Reinforce |
+|------|---------|------------------|
+| | | |
+
+### What Could Be Improved
+| Item | Details | Proposed Improvement |
+|------|---------|---------------------|
+| | | |
+
+### What Was Confusing or Unclear
+| Item | Details | Clarification Needed |
+|------|---------|---------------------|
+| | | |
+
+## Key Learnings
+1. [Learning 1]
+2. [Learning 2]
+3. [Learning 3]
+
+## Action Items
+| Action | Owner | Target Date | Priority | Ticket |
+|--------|-------|-------------|----------|--------|
+| | | | | |
+
+## Process Improvements
+[Suggested changes to incident response or other processes]
+
+## Training Needs
+[Any training identified as needed]
+
+## Documentation Updates
+- [ ] Runbook updates needed
+- [ ] Procedure updates needed
+- [ ] Training material updates needed
+
+## Follow-up
+- [ ] Action items created in Linear
+- [ ] Next check-in date: [YYYY-MM-DD]
+
+## Sign-off
+- [ ] Facilitator: _________________ Date: _______
+- [ ] Team Lead: _________________ Date: _______
+```

package/templates/OPS-BCK-backup.md

@@ -0,0 +1,99 @@
+# OPS-BCK: Backup Restore Test
+
+## Quick Reference
+- **SLA:** RTO: 2 hours
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Backup & DR Testing
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Layer: devops`
+
+## Issue Template
+```markdown
+## Backup Restore Test
+
+**Test ID:** OPS-BCK-YYYY-QX
+**Test Date:** [YYYY-MM-DD]
+**Quarter:** Q[1-4] [YYYY]
+**Test Type:** [RDS Snapshot / RDS Point-in-Time / S3 Version / Full DR Simulation]
+
+## Recovery Objectives
+- **RTO (Recovery Time Objective):** 2 hours
+- **RPO (Recovery Point Objective):** 15 minutes
+
+## Test Scope
+- [ ] RDS PostgreSQL Database
+- [ ] S3 Production Bucket
+- [ ] ECR Container Images (Q4 only)
+- [ ] ECS Task Definitions (Q4 only)
+
+## Pre-Test Checklist
+- [ ] Test environment prepared
+- [ ] Backup source identified (snapshot ID or timestamp)
+- [ ] Test plan reviewed
+- [ ] Rollback plan ready
+
+## Test Execution
+
+### Test 1: [Test Type]
+**Start Time:** [HH:MM]
+**End Time:** [HH:MM]
+**Recovery Time:** [XX minutes]
+
+**Steps Performed:**
+1. [ ] [Step 1]
+2. [ ] [Step 2]
+3. [ ] [Step 3]
+
+**Validation Queries:**
+```sql
+-- Record counts
+SELECT COUNT(*) FROM [table];
+
+-- Recent data check
+SELECT * FROM [table] WHERE created_at > NOW() - INTERVAL '7 days' LIMIT 5;
+
+-- Data integrity
+[Specific integrity checks]
+```
+
+**Results:**
+| Check | Expected | Actual | Pass/Fail |
+|-------|----------|--------|-----------|
+| Recovery time | < 2 hours | | |
+| Data present | Yes | | |
+| No data loss beyond RPO | < 15 min | | |
+| Integrity checks | Pass | | |
+
+## Cleanup
+- [ ] Test instances terminated
+- [ ] Test data removed
+- [ ] Costs verified
+
+## Issues Encountered
+| Issue | Impact | Resolution | Follow-up Needed |
+|-------|--------|------------|------------------|
+| | | | |
+
+## Results Summary
+- **Overall Result:** [PASS / FAIL]
+- **Recovery Time Achieved:** [XX minutes]
+- **Data Loss:** [None / XX minutes]
+- **RTO Met:** [Yes / No]
+- **RPO Met:** [Yes / No]
+
+## Corrective Actions
+[Create linked tickets if any issues found]
+
+## Sign-off
+- [ ] Test performed by: _________________ Date: _______
+- [ ] Results verified by: _________________ Date: _______
+- [ ] CTO approval: _________________ Date: _______
+
+## Evidence
+- [ ] Screenshots captured
+- [ ] Logs preserved
+- [ ] Notion Restore Test Record updated
+```