@elnora-ai/linear 1.0.1 → 2.0.0

package/templates/CHG-SIG-significant.md

@@ -0,0 +1,83 @@
+# CHG-SIG: ISMS Significant Change (Category 2)
+
+## Quick Reference
+- **SLA:** 5-10 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Significant Changes
+
+## Required Labels
+- `Type: improvement`
+- `Flag: compliance`
+- `Flag: security` (if security control affected)
+- `Layer: [affected layers]`
+
+## Issue Template
+```markdown
+## ISMS Significant Change Request
+
+**Change ID:** ISMS-YYYY-XXX
+**Category:** 2 - Significant Change
+**Requested By:** [Name]
+**Date Requested:** [YYYY-MM-DD]
+**Target Implementation:** [YYYY-MM-DD]
+
+## Change Description
+[Detailed description - affects existing security controls, procedures, risk treatment plans, or objectives]
+
+## Affected Areas
+- [ ] Security controls
+- [ ] Procedures
+- [ ] Risk treatment plans
+- [ ] ISMS objectives
+- [ ] Other: ___
+
+## Affected Documents
+| Document | Section | Type of Change |
+|----------|---------|----------------|
+| | | |
+
+## Justification
+[Business or security justification for this change]
+
+## Impact Assessment
+### Systems Affected
+[List systems or processes affected]
+
+### Stakeholders Affected
+[List roles or teams impacted]
+
+### Potential Risks
+[Describe potential negative impacts]
+
+### Mitigation Measures
+[How will risks be mitigated?]
+
+## Resource Requirements
+- **Personnel:** [Time/effort needed]
+- **Budget:** [If applicable]
+- **Training:** [If required]
+
+## Implementation Plan
+| Step | Action | Owner | Target Date |
+|------|--------|-------|-------------|
+| 1 | | | |
+| 2 | | | |
+
+## Rollback Plan
+[Describe how to revert if change causes issues]
+
+## Communication Requirements
+- [ ] Affected stakeholders notified
+- [ ] Training scheduled (if needed)
+
+## Approvals
+- [ ] Information Security Management Leader: _________________ Date: _______
+- [ ] ISMS Governance Council Member: _________________ Date: _______
+
+## Implementation Verification
+- [ ] Change implemented as planned
+- [ ] No deviations from plan (or deviations documented)
+- [ ] Affected documents updated
+- [ ] Change log updated
+- [ ] Post-implementation review completed
+```

package/templates/CHG-STD-standard.md

@@ -0,0 +1,47 @@
+# CHG-STD: ISMS Standard Change (Category 1)
+
+## Quick Reference
+- **SLA:** 1-2 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Standard Changes
+
+## Required Labels
+- `Type: improvement`
+- `Flag: compliance`
+- `Layer: [affected layer]`
+
+## Issue Template
+```markdown
+## ISMS Standard Change Request
+
+**Change ID:** ISMS-YYYY-XXX
+**Category:** 1 - Standard Change
+**Requested By:** [Name]
+**Date Requested:** [YYYY-MM-DD]
+
+## Change Description
+[Describe the change - should be minor documentation updates, clarifications, or non-intent-changing reviews]
+
+## Affected Documents
+- [ ] Document: [filename] - Section: [section]
+
+## Justification
+[Why is this change needed?]
+
+## Risk Assessment
+**Risk Level:** Minimal
+[Standard changes by definition have minimal risk - no changes to security controls or policy intent]
+
+## Implementation Plan
+1. [Step 1]
+2. [Step 2]
+
+## Approval
+- [ ] Information Security Management Leader: _________________ Date: _______
+
+## Verification Checklist
+- [ ] Change implemented as described
+- [ ] Document version updated
+- [ ] Change log updated
+- [ ] No unintended impacts observed
+```

package/templates/LRN-DOC-lessons.md

@@ -0,0 +1,75 @@
+# LRN-DOC: Lessons Learned
+
+## Quick Reference
+- **SLA:** 10-20 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Lessons Learned
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Layer: [affected area]`
+
+## Issue Template
+```markdown
+## Lessons Learned Review
+
+**Review ID:** LRN-YYYY-XXX
+**Incident Reference:** [Link to incident ticket]
+**RCA Reference:** [Link to RCA ticket]
+**Meeting Date:** [YYYY-MM-DD]
+
+## Meeting Details
+- **Facilitator:** [Name]
+- **Participants:** [List all participants]
+- **Duration:** [X hours]
+
+## Incident Recap
+[Brief summary of the incident - link to full RCA for details]
+
+## Discussion Topics
+
+### What Went Well
+| Item | Details | How to Reinforce |
+|------|---------|------------------|
+| | | |
+
+### What Could Be Improved
+| Item | Details | Proposed Improvement |
+|------|---------|---------------------|
+| | | |
+
+### What Was Confusing or Unclear
+| Item | Details | Clarification Needed |
+|------|---------|---------------------|
+| | | |
+
+## Key Learnings
+1. [Learning 1]
+2. [Learning 2]
+3. [Learning 3]
+
+## Action Items
+| Action | Owner | Target Date | Priority | Ticket |
+|--------|-------|-------------|----------|--------|
+| | | | | |
+
+## Process Improvements
+[Suggested changes to incident response or other processes]
+
+## Training Needs
+[Any training identified as needed]
+
+## Documentation Updates
+- [ ] Runbook updates needed
+- [ ] Procedure updates needed
+- [ ] Training material updates needed
+
+## Follow-up
+- [ ] Action items created in Linear
+- [ ] Next check-in date: [YYYY-MM-DD]
+
+## Sign-off
+- [ ] Facilitator: _________________ Date: _______
+- [ ] Team Lead: _________________ Date: _______
+```

package/templates/OPS-BCK-backup.md

@@ -0,0 +1,99 @@
+# OPS-BCK: Backup Restore Test
+
+## Quick Reference
+- **SLA:** RTO: 2 hours
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Backup & DR Testing
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Layer: devops`
+
+## Issue Template
+```markdown
+## Backup Restore Test
+
+**Test ID:** OPS-BCK-YYYY-QX
+**Test Date:** [YYYY-MM-DD]
+**Quarter:** Q[1-4] [YYYY]
+**Test Type:** [RDS Snapshot / RDS Point-in-Time / S3 Version / Full DR Simulation]
+
+## Recovery Objectives
+- **RTO (Recovery Time Objective):** 2 hours
+- **RPO (Recovery Point Objective):** 15 minutes
+
+## Test Scope
+- [ ] RDS PostgreSQL Database
+- [ ] S3 Production Bucket
+- [ ] ECR Container Images (Q4 only)
+- [ ] ECS Task Definitions (Q4 only)
+
+## Pre-Test Checklist
+- [ ] Test environment prepared
+- [ ] Backup source identified (snapshot ID or timestamp)
+- [ ] Test plan reviewed
+- [ ] Rollback plan ready
+
+## Test Execution
+
+### Test 1: [Test Type]
+**Start Time:** [HH:MM]
+**End Time:** [HH:MM]
+**Recovery Time:** [XX minutes]
+
+**Steps Performed:**
+1. [ ] [Step 1]
+2. [ ] [Step 2]
+3. [ ] [Step 3]
+
+**Validation Queries:**
+```sql
+-- Record counts
+SELECT COUNT(*) FROM [table];
+
+-- Recent data check
+SELECT * FROM [table] WHERE created_at > NOW() - INTERVAL '7 days' LIMIT 5;
+
+-- Data integrity
+[Specific integrity checks]
+```
+
+**Results:**
+| Check | Expected | Actual | Pass/Fail |
+|-------|----------|--------|-----------|
+| Recovery time | < 2 hours | | |
+| Data present | Yes | | |
+| No data loss beyond RPO | < 15 min | | |
+| Integrity checks | Pass | | |
+
+## Cleanup
+- [ ] Test instances terminated
+- [ ] Test data removed
+- [ ] Costs verified
+
+## Issues Encountered
+| Issue | Impact | Resolution | Follow-up Needed |
+|-------|--------|------------|------------------|
+| | | | |
+
+## Results Summary
+- **Overall Result:** [PASS / FAIL]
+- **Recovery Time Achieved:** [XX minutes]
+- **Data Loss:** [None / XX minutes]
+- **RTO Met:** [Yes / No]
+- **RPO Met:** [Yes / No]
+
+## Corrective Actions
+[Create linked tickets if any issues found]
+
+## Sign-off
+- [ ] Test performed by: _________________ Date: _______
+- [ ] Results verified by: _________________ Date: _______
+- [ ] CTO approval: _________________ Date: _______
+
+## Evidence
+- [ ] Screenshots captured
+- [ ] Logs preserved
+- [ ] Notion Restore Test Record updated
+```

package/templates/OPS-DAT-data-mod.md

@@ -0,0 +1,98 @@
+# OPS-DAT: Production Data Modification
+
+## Quick Reference
+- **SLA:** 1-2 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Data Modifications
+
+## Required Labels
+- `Type: bug`
+- `Flag: security`
+- `Layer: backend`
+
+## Issue Template
+```markdown
+## Production Data Modification Request
+
+**Request ID:** OPS-DAT-YYYY-XXX
+**Request Date:** [YYYY-MM-DD]
+**Requestor:** [Name]
+**Urgency:** [Emergency / Standard]
+
+## Modification Details
+- **Database:** [Production database name]
+- **Table(s):** [Affected tables]
+- **Record Count:** [Estimated number of records affected]
+- **Modification Type:** [UPDATE / DELETE / INSERT / Correction]
+
+## Business Justification
+[Explain why this modification is needed and why it cannot be done through the application]
+
+## Data Description
+**Records to be modified:**
+[Describe the specific records - criteria for selection]
+
+**Current State:**
+[What the data looks like now]
+
+**Desired State:**
+[What the data should look like after modification]
+
+## Pre-Modification Checklist
+- [ ] Recent backup verified (within last [X] hours)
+- [ ] Query tested on development database
+- [ ] Peer review completed
+- [ ] Rollback plan prepared
+
+## SQL Query
+```sql
+-- VERIFICATION: Check records before modification
+SELECT [columns]
+FROM [table]
+WHERE [conditions];
+
+-- Expected affected rows: [X]
+
+-- MODIFICATION (within transaction)
+BEGIN TRANSACTION;
+
+UPDATE/DELETE [table]
+SET [columns] = [values]
+WHERE [conditions];
+
+-- Verify changes
+SELECT [columns]
+FROM [table]
+WHERE [conditions];
+
+-- If correct: COMMIT;
+-- If incorrect: ROLLBACK;
+```
+
+## Rollback Plan
+```sql
+-- Rollback query if needed
+[Reverse operation SQL]
+```
+
+## Approvals
+- [ ] Peer review by: _________________ Date: _______
+- [ ] CTO approval: _________________ Date: _______ (required)
+- [ ] Data owner notification: _________________ Date: _______
+
+## Execution Log
+- **Executed by:** [Name]
+- **Execution time:** [YYYY-MM-DD HH:MM]
+- **Records affected:** [Actual count]
+- **Transaction status:** [COMMITTED / ROLLED BACK]
+
+## Verification
+- [ ] Post-modification query run
+- [ ] Results match expected outcome
+- [ ] Application functionality verified
+- [ ] No unintended side effects
+
+## Documentation
+- [ ] Change logged
+- [ ] Audit trail preserved
+```

package/templates/RCA-DOC-root-cause.md

@@ -0,0 +1,105 @@
+# RCA-DOC: Root Cause Analysis
+
+## Quick Reference
+- **SLA:** 3-20 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Root Cause Analysis
+
+## Timeline by Severity
+| Severity | RCA Deadline |
+|----------|--------------|
+| Sev 0 | 3 business days |
+| Sev 1 | 5 business days |
+| Sev 2 | 10 business days |
+| Sev 3 | 20 business days |
+
+## Required Labels
+- `Type: research`
+- `Flag: security` (if security incident)
+- `Flag: compliance`
+- `Layer: [affected area]`
+
+## Issue Template
+```markdown
+## Root Cause Analysis
+
+**RCA ID:** RCA-YYYY-XXX
+**Incident Reference:** [Link to incident ticket]
+**Incident Date:** [YYYY-MM-DD]
+**RCA Completion Deadline:** [YYYY-MM-DD]
+
+## Executive Summary
+[2-3 sentence summary of incident and root cause]
+
+## Incident Summary
+- **Incident Type:** [Type]
+- **Severity:** [Sev 0-3]
+- **Duration:** [X hours Y minutes]
+- **Impact:** [Summary of impact]
+
+## Timeline Reconstruction
+| Time | Event | Source |
+|------|-------|--------|
+| | | |
+
+## Problem Statement
+[Clear statement of what went wrong]
+
+## Root Cause Analysis
+
+### 5 Whys Analysis
+1. Why did [immediate cause] happen?
+   - Because [reason 1]
+2. Why did [reason 1] happen?
+   - Because [reason 2]
+3. Why did [reason 2] happen?
+   - Because [reason 3]
+4. Why did [reason 3] happen?
+   - Because [reason 4]
+5. Why did [reason 4] happen?
+   - Because [ROOT CAUSE]
+
+### Root Cause
+[Statement of the fundamental root cause]
+
+### Contributing Factors
+1. [Factor 1]
+2. [Factor 2]
+3. [Factor 3]
+
+## What Went Well
+- [Positive 1]
+- [Positive 2]
+
+## What Could Be Improved
+- [Improvement 1]
+- [Improvement 2]
+
+## Corrective Actions
+
+### Immediate Actions (Completed)
+| Action | Owner | Status |
+|--------|-------|--------|
+| | | Done |
+
+### Short-term Actions (1-2 weeks)
+| Action | Owner | Target Date | Ticket |
+|--------|-------|-------------|--------|
+| | | | |
+
+### Long-term Actions (1-3 months)
+| Action | Owner | Target Date | Ticket |
+|--------|-------|-------------|--------|
+| | | | |
+
+## Preventive Measures
+[How will we prevent similar incidents in the future?]
+
+## Lessons Learned
+[Key takeaways for the team]
+
+## Sign-off
+- [ ] RCA Author: _________________ Date: _______
+- [ ] Team Lead Review: _________________ Date: _______
+- [ ] Management Approval: _________________ Date: _______
+```

package/templates/RSK-ASS-assessment.md

@@ -0,0 +1,87 @@
+# RSK-ASS: Risk Assessment
+
+## Quick Reference
+- **SLA:** 30 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Risk Assessments
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Flag: security`
+- `Layer: devops`
+
+## Issue Template
+```markdown
+## Risk Assessment
+
+**Assessment ID:** RSK-ASS-YYYY-XXX
+**Assessment Date:** [YYYY-MM-DD]
+**Assessment Type:** [Annual / Triggered / Ad-hoc]
+**Trigger:** [Annual schedule / Organizational change / Technology change / Incident / Other]
+
+## Scope
+[Define what's being assessed - full ISMS, specific system, specific process]
+
+## Assessment Team
+- **Lead:** [Name]
+- **Participants:** [Names]
+
+## Methodology
+- Risk assessment framework: [e.g., ISO 27005]
+- Likelihood scale: [1-5 or Low/Medium/High]
+- Impact scale: [1-5 or Low/Medium/High]
+- Risk calculation: [Likelihood x Impact]
+
+## Asset Inventory
+| Asset | Type | Owner | Criticality |
+|-------|------|-------|-------------|
+| | | | |
+
+## Threat Identification
+| Threat | Source | Target Assets |
+|--------|--------|---------------|
+| | | |
+
+## Vulnerability Assessment
+| Vulnerability | Affected Assets | Current Controls |
+|---------------|-----------------|------------------|
+| | | |
+
+## Risk Register
+| Risk ID | Risk Description | Asset | Threat | Vulnerability | Likelihood | Impact | Risk Level | Treatment |
+|---------|------------------|-------|--------|---------------|------------|--------|------------|-----------|
+| | | | | | | | | |
+
+## Risk Evaluation
+
+### High Risks Requiring Treatment
+| Risk ID | Risk | Current Level | Treatment Decision |
+|---------|------|---------------|-------------------|
+| | | | |
+
+### Accepted Risks
+| Risk ID | Risk | Level | Justification for Acceptance |
+|---------|------|-------|------------------------------|
+| | | | |
+
+## Risk Treatment Plan
+[Create linked issues for each risk requiring treatment]
+
+| Risk ID | Treatment | Control(s) | Owner | Target Date | Status |
+|---------|-----------|------------|-------|-------------|--------|
+| | | | | | |
+
+## Residual Risk Assessment
+| Risk ID | Original Level | After Treatment | Acceptable? |
+|---------|----------------|-----------------|-------------|
+| | | | |
+
+## Statement of Applicability Impact
+[Document any changes needed to SoA based on this assessment]
+
+## Sign-off
+- [ ] Risk Assessment completed by: _________________ Date: _______
+- [ ] Reviewed by ISMS Governance Council: _________________ Date: _______
+- [ ] Risk Treatment Plan approved: _________________ Date: _______
+```

package/templates/RSK-VND-vendor.md

@@ -0,0 +1,113 @@
+# RSK-VND: Third-Party Vendor Assessment
+
+## Quick Reference
+- **SLA:** 30 days
+- **Team:** *the team that owns this workflow in your workspace*
+- **Project:** Vendor Assessments
+
+## Required Labels
+- `Type: research`
+- `Flag: compliance`
+- `Flag: security`
+- `Layer: devops`
+
+## Issue Template
+```markdown
+## Third-Party Vendor Assessment
+
+**Assessment ID:** RSK-VND-YYYY-XXX
+**Assessment Date:** [YYYY-MM-DD]
+**Assessment Type:** [New Vendor / Annual Review / Change Reassessment]
+
+## Vendor Information
+- **Vendor Name:** [Company name]
+- **Service Description:** [What service they provide]
+- **Contract Start Date:** [If known]
+- **Contract Value:** [Annual value if known]
+- **Primary Contact:** [Name, email]
+
+## Data Access Assessment
+### Data Types Accessed
+- [ ] Customer data
+- [ ] Employee data
+- [ ] Financial data
+- [ ] Intellectual property
+- [ ] Production systems access
+- [ ] No sensitive data access
+
+### Access Method
+- [ ] Direct system access
+- [ ] Data export/transfer
+- [ ] API integration
+- [ ] Physical access
+- [ ] No direct access
+
+## Security Assessment
+
+### Certifications and Audits
+| Certification | Status | Expiry Date | Verified |
+|---------------|--------|-------------|----------|
+| SOC 2 Type II | | | [ ] |
+| ISO 27001 | | | [ ] |
+| Other: | | | [ ] |
+
+### Security Controls Checklist
+| Control Area | Adequate? | Notes |
+|--------------|-----------|-------|
+| Information Security Policy | Yes/No/NA | |
+| Access Control | Yes/No/NA | |
+| Encryption (at rest and in transit) | Yes/No/NA | |
+| Incident Response | Yes/No/NA | |
+| Business Continuity | Yes/No/NA | |
+| Employee Background Checks | Yes/No/NA | |
+| Secure Development (if applicable) | Yes/No/NA | |
+| Vulnerability Management | Yes/No/NA | |
+
+### Documentation Reviewed
+- [ ] SOC 2 Type II report
+- [ ] ISO 27001 certificate
+- [ ] Security questionnaire response
+- [ ] Privacy policy
+- [ ] Terms of service
+- [ ] Data processing agreement
+
+## Risk Assessment
+
+### Identified Risks
+| Risk | Likelihood | Impact | Risk Level | Mitigation |
+|------|------------|--------|------------|------------|
+| | | | | |
+
+### Risk Level: [High / Medium / Low]
+
+## Contractual Requirements
+- [ ] NDA/CDA in place
+- [ ] Data processing agreement required
+- [ ] Security requirements in contract
+- [ ] SLA defined
+- [ ] Right to audit clause
+- [ ] Exit/transition clause
+
+## Decision
+
+### Recommendation
+- [ ] **Approve** - Vendor meets security requirements
+- [ ] **Approve with Conditions** - Requires additional controls (specify below)
+- [ ] **Reject** - Unacceptable security posture
+- [ ] **Defer** - Requires additional information
+
+### Conditions (if applicable)
+[List any conditions that must be met]
+
+### Risk Acceptance (if applicable)
+[Document any residual risks being accepted and justification]
+
+## Approvals
+- [ ] Assessment completed by: _________________ Date: _______
+- [ ] Security review by: _________________ Date: _______
+- [ ] Final approval by: _________________ Date: _______
+
+## Ongoing Monitoring
+- Annual review date: [YYYY-MM-DD]
+- Review trigger events: [List events that require reassessment]
+```