@nice2dev/ui-tools 1.0.10

package/dist/audit-compliance.d.ts

@@ -0,0 +1,752 @@
+/**
+ * @file audit-compliance.ts
+ * @module @nice2dev/ui-tools/audit-compliance
+ * @description PRO-12.4 — Audit & Compliance types
+ *
+ * Comprehensive audit trail, compliance dashboards,
+ * SOC 2, GDPR, HIPAA, PCI DSS, ISO 27001 controls,
+ * evidence collection, policy management.
+ */
+/** Audit event */
+export interface AuditEvent {
+    readonly id: string;
+    readonly timestamp: Date;
+    readonly eventType: AuditEventType;
+    readonly category: AuditCategory;
+    readonly action: string;
+    readonly outcome: AuditOutcome;
+    readonly actor: AuditActor;
+    readonly target?: AuditTarget;
+    readonly request?: AuditRequest;
+    readonly response?: AuditResponse;
+    readonly context: AuditContext;
+    readonly changes?: readonly AuditChange[];
+    readonly risk: AuditRiskLevel;
+    readonly tags: readonly string[];
+    readonly correlationId?: string;
+    readonly sessionId?: string;
+}
+/** Audit event type */
+export type AuditEventType = 'authentication' | 'authorization' | 'data_access' | 'data_modification' | 'data_deletion' | 'configuration_change' | 'security_event' | 'admin_action' | 'system_event' | 'api_call' | 'export' | 'import';
+/** Audit category */
+export type AuditCategory = 'authentication' | 'authorization' | 'user_management' | 'role_management' | 'data_access' | 'configuration' | 'security' | 'system' | 'integration' | 'compliance';
+/** Audit outcome */
+export type AuditOutcome = 'success' | 'failure' | 'partial' | 'unknown';
+/** Audit actor */
+export interface AuditActor {
+    readonly type: ActorType;
+    readonly id: string;
+    readonly name?: string;
+    readonly email?: string;
+    readonly ipAddress?: string;
+    readonly userAgent?: string;
+    readonly sessionId?: string;
+    readonly roles?: readonly string[];
+    readonly onBehalfOf?: AuditActor;
+}
+/** Actor type */
+export type ActorType = 'user' | 'service' | 'system' | 'anonymous' | 'api_key';
+/** Audit target */
+export interface AuditTarget {
+    readonly type: string;
+    readonly id: string;
+    readonly name?: string;
+    readonly path?: string;
+    readonly attributes?: Record<string, unknown>;
+}
+/** Audit request */
+export interface AuditRequest {
+    readonly method?: string;
+    readonly path?: string;
+    readonly query?: Record<string, string>;
+    readonly headers?: Record<string, string>;
+    readonly body?: unknown;
+    readonly size?: number;
+}
+/** Audit response */
+export interface AuditResponse {
+    readonly statusCode?: number;
+    readonly body?: unknown;
+    readonly size?: number;
+    readonly duration?: number;
+    readonly error?: string;
+}
+/** Audit context */
+export interface AuditContext {
+    readonly location?: GeoContext;
+    readonly device?: DeviceContext;
+    readonly application?: ApplicationContext;
+    readonly tenant?: TenantContext;
+    readonly custom: Record<string, unknown>;
+}
+/** Geo context */
+export interface GeoContext {
+    readonly country?: string;
+    readonly region?: string;
+    readonly city?: string;
+    readonly latitude?: number;
+    readonly longitude?: number;
+}
+/** Device context */
+export interface DeviceContext {
+    readonly type?: string;
+    readonly os?: string;
+    readonly browser?: string;
+    readonly deviceId?: string;
+}
+/** Application context */
+export interface ApplicationContext {
+    readonly name: string;
+    readonly version?: string;
+    readonly environment?: string;
+}
+/** Tenant context */
+export interface TenantContext {
+    readonly id: string;
+    readonly name?: string;
+}
+/** Audit change */
+export interface AuditChange {
+    readonly field: string;
+    readonly oldValue?: unknown;
+    readonly newValue?: unknown;
+    readonly type: ChangeType;
+}
+/** Change type */
+export type ChangeType = 'created' | 'updated' | 'deleted' | 'added' | 'removed';
+/** Audit risk level */
+export type AuditRiskLevel = 'critical' | 'high' | 'medium' | 'low' | 'info';
+/** Audit search query */
+export interface AuditSearchQuery {
+    readonly startTime: Date;
+    readonly endTime: Date;
+    readonly eventTypes?: readonly AuditEventType[];
+    readonly categories?: readonly AuditCategory[];
+    readonly outcomes?: readonly AuditOutcome[];
+    readonly actors?: readonly string[];
+    readonly actorTypes?: readonly ActorType[];
+    readonly targetTypes?: readonly string[];
+    readonly targetIds?: readonly string[];
+    readonly actions?: readonly string[];
+    readonly ipAddresses?: readonly string[];
+    readonly riskLevels?: readonly AuditRiskLevel[];
+    readonly tags?: readonly string[];
+    readonly correlationId?: string;
+    readonly sessionId?: string;
+    readonly searchText?: string;
+    readonly sortBy?: AuditSortField;
+    readonly sortOrder?: 'asc' | 'desc';
+    readonly page: number;
+    readonly pageSize: number;
+}
+/** Audit sort field */
+export type AuditSortField = 'timestamp' | 'eventType' | 'actor' | 'action' | 'outcome' | 'risk';
+/** Audit search result */
+export interface AuditSearchResult {
+    readonly events: readonly AuditEvent[];
+    readonly total: number;
+    readonly page: number;
+    readonly pageSize: number;
+    readonly hasMore: boolean;
+    readonly aggregations?: AuditAggregations;
+}
+/** Audit aggregations */
+export interface AuditAggregations {
+    readonly byEventType: Record<AuditEventType, number>;
+    readonly byCategory: Record<AuditCategory, number>;
+    readonly byOutcome: Record<AuditOutcome, number>;
+    readonly byRisk: Record<AuditRiskLevel, number>;
+    readonly byActor: readonly ActorCount[];
+    readonly byTime: readonly TimeCount[];
+}
+/** Actor count */
+export interface ActorCount {
+    readonly actorId: string;
+    readonly actorName?: string;
+    readonly count: number;
+}
+/** Time count */
+export interface TimeCount {
+    readonly timestamp: Date;
+    readonly count: number;
+}
+/** Audit export config */
+export interface AuditExportConfig {
+    readonly query: AuditSearchQuery;
+    readonly format: ExportFormat;
+    readonly fields: readonly string[];
+    readonly includeDetails: boolean;
+    readonly encryption?: ExportEncryption;
+}
+/** Export format */
+export type ExportFormat = 'json' | 'csv' | 'xml' | 'pdf';
+/** Export encryption */
+export interface ExportEncryption {
+    readonly enabled: boolean;
+    readonly algorithm: string;
+    readonly publicKey?: string;
+    readonly password?: string;
+}
+/** Audit export result */
+export interface AuditExportResult {
+    readonly id: string;
+    readonly status: ExportStatus;
+    readonly createdAt: Date;
+    readonly completedAt?: Date;
+    readonly totalRecords: number;
+    readonly exportedRecords: number;
+    readonly fileSize?: number;
+    readonly downloadUrl?: string;
+    readonly expiresAt?: Date;
+    readonly error?: string;
+}
+/** Export status */
+export type ExportStatus = 'pending' | 'processing' | 'completed' | 'failed' | 'expired';
+/** Compliance dashboard */
+export interface ComplianceDashboard {
+    readonly overallScore: number;
+    readonly frameworks: readonly FrameworkStatus[];
+    readonly recentAssessments: readonly AssessmentSummary[];
+    readonly upcomingReviews: readonly UpcomingReview[];
+    readonly openFindings: FindingsSummary;
+    readonly trends: ComplianceTrends;
+}
+/** Framework status */
+export interface FrameworkStatus {
+    readonly framework: ComplianceFrameworkType;
+    readonly name: string;
+    readonly version?: string;
+    readonly score: number;
+    readonly status: ComplianceStatus;
+    readonly controlsPassed: number;
+    readonly controlsFailed: number;
+    readonly controlsTotal: number;
+    readonly lastAssessment?: Date;
+    readonly nextAssessment?: Date;
+    readonly certificationExpiry?: Date;
+}
+/** Compliance framework type */
+export type ComplianceFrameworkType = 'soc2_type1' | 'soc2_type2' | 'pci_dss_4' | 'hipaa' | 'gdpr' | 'iso27001' | 'nist_csf' | 'nist_800_53' | 'fedramp' | 'cis_controls' | 'ccpa' | 'sox' | 'custom';
+/** Compliance status */
+export type ComplianceStatus = 'compliant' | 'non_compliant' | 'partially_compliant' | 'not_assessed' | 'not_applicable';
+/** Assessment summary */
+export interface AssessmentSummary {
+    readonly id: string;
+    readonly framework: ComplianceFrameworkType;
+    readonly assessmentDate: Date;
+    readonly assessor: string;
+    readonly score: number;
+    readonly findings: number;
+    readonly status: AssessmentStatus;
+}
+/** Assessment status */
+export type AssessmentStatus = 'draft' | 'in_progress' | 'review' | 'completed' | 'archived';
+/** Upcoming review */
+export interface UpcomingReview {
+    readonly id: string;
+    readonly framework: ComplianceFrameworkType;
+    readonly dueDate: Date;
+    readonly type: ReviewType;
+    readonly assignee?: string;
+}
+/** Review type */
+export type ReviewType = 'self_assessment' | 'internal_audit' | 'external_audit' | 'certification';
+/** Findings summary */
+export interface FindingsSummary {
+    readonly total: number;
+    readonly critical: number;
+    readonly high: number;
+    readonly medium: number;
+    readonly low: number;
+    readonly overdue: number;
+}
+/** Compliance trends */
+export interface ComplianceTrends {
+    readonly scoreHistory: readonly ScorePoint[];
+    readonly findingsTrend: readonly FindingsPoint[];
+}
+/** Score point */
+export interface ScorePoint {
+    readonly date: Date;
+    readonly score: number;
+    readonly framework?: ComplianceFrameworkType;
+}
+/** Findings point */
+export interface FindingsPoint {
+    readonly date: Date;
+    readonly open: number;
+    readonly closed: number;
+    readonly new: number;
+}
+/** Compliance control */
+export interface ComplianceControl {
+    readonly id: string;
+    readonly framework: ComplianceFrameworkType;
+    readonly controlId: string;
+    readonly name: string;
+    readonly description: string;
+    readonly category: string;
+    readonly subcategory?: string;
+    readonly requirement: string;
+    readonly guidance?: string;
+    readonly status: ControlStatus;
+    readonly implementation: ControlImplementation;
+    readonly evidence: readonly EvidenceRef[];
+    readonly testingResults: readonly TestResult[];
+    readonly owner?: string;
+    readonly lastReviewed?: Date;
+    readonly nextReview?: Date;
+    readonly relatedControls: readonly string[];
+    readonly mappings: readonly ControlMapping[];
+}
+/** Control status */
+export type ControlStatus = 'implemented' | 'partially_implemented' | 'not_implemented' | 'not_applicable' | 'planned';
+/** Control implementation */
+export interface ControlImplementation {
+    readonly type: ImplementationType;
+    readonly description: string;
+    readonly automated: boolean;
+    readonly tools?: readonly string[];
+    readonly procedures?: readonly string[];
+    readonly frequency?: ControlFrequency;
+}
+/** Implementation type */
+export type ImplementationType = 'technical' | 'administrative' | 'physical' | 'hybrid';
+/** Control frequency */
+export type ControlFrequency = 'continuous' | 'daily' | 'weekly' | 'monthly' | 'quarterly' | 'annually' | 'on_demand';
+/** Evidence ref */
+export interface EvidenceRef {
+    readonly id: string;
+    readonly type: EvidenceType;
+    readonly name: string;
+    readonly description?: string;
+    readonly collectedAt: Date;
+}
+/** Evidence type */
+export type EvidenceType = 'screenshot' | 'document' | 'configuration' | 'report' | 'log' | 'ticket' | 'attestation' | 'policy' | 'procedure';
+/** Test result */
+export interface TestResult {
+    readonly id: string;
+    readonly testDate: Date;
+    readonly tester: string;
+    readonly result: TestOutcome;
+    readonly notes?: string;
+    readonly evidenceIds: readonly string[];
+    readonly findings: readonly ControlFinding[];
+}
+/** Test outcome */
+export type TestOutcome = 'pass' | 'fail' | 'partial' | 'not_tested';
+/** Control finding */
+export interface ControlFinding {
+    readonly id: string;
+    readonly severity: FindingSeverity;
+    readonly description: string;
+    readonly recommendation: string;
+    readonly status: FindingStatus;
+    readonly dueDate?: Date;
+    readonly remediatedAt?: Date;
+}
+/** Finding severity */
+export type FindingSeverity = 'critical' | 'high' | 'medium' | 'low' | 'informational';
+/** Finding status */
+export type FindingStatus = 'open' | 'in_progress' | 'remediated' | 'accepted' | 'closed';
+/** Control mapping */
+export interface ControlMapping {
+    readonly targetFramework: ComplianceFrameworkType;
+    readonly controlId: string;
+    readonly mappingType: MappingType;
+}
+/** Mapping type */
+export type MappingType = 'equivalent' | 'subset' | 'superset' | 'related';
+/** SOC 2 control */
+export interface Soc2Control extends ComplianceControl {
+    readonly trustServiceCriteria: Soc2TrustServiceCriteria;
+    readonly pointsOfFocus: readonly string[];
+}
+/** SOC 2 Trust Service Criteria */
+export type Soc2TrustServiceCriteria = 'CC' | 'A' | 'C' | 'PI' | 'P';
+/** GDPR control */
+export interface GdprControl extends ComplianceControl {
+    readonly article: string;
+    readonly dataSubjectRights: readonly GdprRight[];
+    readonly lawfulBasis: readonly GdprLawfulBasis[];
+}
+/** GDPR right */
+export type GdprRight = 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection' | 'automated_decision';
+/** GDPR lawful basis */
+export type GdprLawfulBasis = 'consent' | 'contract' | 'legal_obligation' | 'vital_interests' | 'public_task' | 'legitimate_interests';
+/** HIPAA control */
+export interface HipaaControl extends ComplianceControl {
+    readonly standard: HipaaStandard;
+    readonly safeguardType: HipaaSafeguardType;
+    readonly specification: HipaaSpecification;
+}
+/** HIPAA standard */
+export type HipaaStandard = 'privacy_rule' | 'security_rule' | 'breach_notification';
+/** HIPAA safeguard type */
+export type HipaaSafeguardType = 'administrative' | 'physical' | 'technical';
+/** HIPAA specification */
+export type HipaaSpecification = 'required' | 'addressable';
+/** PCI DSS control */
+export interface PciDssControl extends ComplianceControl {
+    readonly requirement: string;
+    readonly testingProcedure: string;
+    readonly reportingInstruction?: string;
+    readonly applicability: PciApplicability;
+}
+/** PCI applicability */
+export interface PciApplicability {
+    readonly merchants: boolean;
+    readonly serviceProviders: boolean;
+    readonly saqTypes: readonly string[];
+}
+/** ISO 27001 control */
+export interface Iso27001Control extends ComplianceControl {
+    readonly annex: string;
+    readonly controlObjective: string;
+    readonly attributeTypes: readonly Iso27001Attribute[];
+}
+/** ISO 27001 attribute */
+export type Iso27001Attribute = 'preventive' | 'detective' | 'corrective';
+/** Evidence */
+export interface Evidence {
+    readonly id: string;
+    readonly name: string;
+    readonly description?: string;
+    readonly type: EvidenceType;
+    readonly source: EvidenceSource;
+    readonly collectedAt: Date;
+    readonly collectedBy: string;
+    readonly validFrom: Date;
+    readonly validTo?: Date;
+    readonly controls: readonly string[];
+    readonly frameworks: readonly ComplianceFrameworkType[];
+    readonly files: readonly EvidenceFile[];
+    readonly metadata: Record<string, unknown>;
+    readonly status: EvidenceStatus;
+    readonly verifiedBy?: string;
+    readonly verifiedAt?: Date;
+}
+/** Evidence source */
+export interface EvidenceSource {
+    readonly type: EvidenceSourceType;
+    readonly system?: string;
+    readonly url?: string;
+    readonly automated: boolean;
+}
+/** Evidence source type */
+export type EvidenceSourceType = 'manual_upload' | 'api_integration' | 'screenshot_capture' | 'log_export' | 'configuration_export' | 'third_party';
+/** Evidence file */
+export interface EvidenceFile {
+    readonly id: string;
+    readonly filename: string;
+    readonly mimeType: string;
+    readonly size: number;
+    readonly hash: string;
+    readonly uploadedAt: Date;
+    readonly storageUrl: string;
+}
+/** Evidence status */
+export type EvidenceStatus = 'pending_review' | 'approved' | 'rejected' | 'expired';
+/** Evidence collection task */
+export interface EvidenceCollectionTask {
+    readonly id: string;
+    readonly name: string;
+    readonly description?: string;
+    readonly controls: readonly string[];
+    readonly frequency: ControlFrequency;
+    readonly collectionMethod: CollectionMethod;
+    readonly assignee?: string;
+    readonly dueDate: Date;
+    readonly status: TaskStatus;
+    readonly lastCollected?: Date;
+    readonly nextDue?: Date;
+}
+/** Collection method */
+export interface CollectionMethod {
+    readonly type: EvidenceSourceType;
+    readonly automated: boolean;
+    readonly config?: Record<string, unknown>;
+}
+/** Task status */
+export type TaskStatus = 'pending' | 'in_progress' | 'completed' | 'overdue' | 'blocked';
+/** Security policy */
+export interface SecurityPolicy {
+    readonly id: string;
+    readonly name: string;
+    readonly type: PolicyType;
+    readonly version: string;
+    readonly status: PolicyStatus;
+    readonly effectiveDate: Date;
+    readonly expiryDate?: Date;
+    readonly owner: string;
+    readonly approvers: readonly string[];
+    readonly scope: PolicyScope;
+    readonly content: PolicyContent;
+    readonly relatedControls: readonly string[];
+    readonly acknowledgments: readonly PolicyAcknowledgment[];
+    readonly revisions: readonly PolicyRevision[];
+    readonly createdAt: Date;
+    readonly updatedAt: Date;
+}
+/** Policy type */
+export type PolicyType = 'information_security' | 'acceptable_use' | 'data_classification' | 'access_control' | 'password' | 'incident_response' | 'business_continuity' | 'privacy' | 'vendor_management' | 'change_management' | 'code_of_conduct';
+/** Policy status */
+export type PolicyStatus = 'draft' | 'pending_approval' | 'approved' | 'published' | 'archived' | 'superseded';
+/** Policy scope */
+export interface PolicyScope {
+    readonly applicableTo: readonly PolicyApplicability[];
+    readonly departments?: readonly string[];
+    readonly locations?: readonly string[];
+    readonly systems?: readonly string[];
+}
+/** Policy applicability */
+export type PolicyApplicability = 'all_employees' | 'contractors' | 'vendors' | 'executives' | 'it_staff' | 'developers' | 'specific_roles';
+/** Policy content */
+export interface PolicyContent {
+    readonly purpose: string;
+    readonly scope: string;
+    readonly policy: string;
+    readonly definitions?: string;
+    readonly responsibilities?: string;
+    readonly enforcement?: string;
+    readonly exceptions?: string;
+    readonly relatedDocuments?: readonly string[];
+}
+/** Policy acknowledgment */
+export interface PolicyAcknowledgment {
+    readonly userId: string;
+    readonly userName: string;
+    readonly acknowledgedAt: Date;
+    readonly version: string;
+    readonly ipAddress?: string;
+}
+/** Policy revision */
+export interface PolicyRevision {
+    readonly version: string;
+    readonly date: Date;
+    readonly author: string;
+    readonly changes: string;
+    readonly approved: boolean;
+    readonly approvedBy?: string;
+    readonly approvedAt?: Date;
+}
+/** Compliance report */
+export interface ComplianceReport {
+    readonly id: string;
+    readonly name: string;
+    readonly type: ComplianceReportType;
+    readonly framework?: ComplianceFrameworkType;
+    readonly period: ReportPeriod;
+    readonly generatedAt: Date;
+    readonly generatedBy: string;
+    readonly status: ReportStatus;
+    readonly sections: readonly ReportSection[];
+    readonly summary: ReportSummary;
+    readonly distribution: readonly ReportRecipient[];
+}
+/** Compliance report type */
+export type ComplianceReportType = 'self_assessment' | 'internal_audit' | 'external_audit' | 'management_review' | 'board_report' | 'regulatory_filing' | 'custom';
+/** Report period */
+export interface ReportPeriod {
+    readonly startDate: Date;
+    readonly endDate: Date;
+    readonly periodType: 'monthly' | 'quarterly' | 'annual' | 'custom';
+}
+/** Report status */
+export type ReportStatus = 'draft' | 'review' | 'approved' | 'published' | 'distributed';
+/** Report section */
+export interface ReportSection {
+    readonly id: string;
+    readonly title: string;
+    readonly order: number;
+    readonly content: string;
+    readonly charts?: readonly ReportChart[];
+    readonly tables?: readonly ReportTable[];
+}
+/** Report chart */
+export interface ReportChart {
+    readonly id: string;
+    readonly type: ChartType;
+    readonly title: string;
+    readonly data: unknown;
+}
+/** Chart type */
+export type ChartType = 'pie' | 'bar' | 'line' | 'gauge' | 'table';
+/** Report table */
+export interface ReportTable {
+    readonly id: string;
+    readonly title: string;
+    readonly columns: readonly string[];
+    readonly rows: readonly unknown[];
+}
+/** Report summary */
+export interface ReportSummary {
+    readonly overallScore?: number;
+    readonly totalControls?: number;
+    readonly passedControls?: number;
+    readonly failedControls?: number;
+    readonly openFindings?: number;
+    readonly recommendations?: readonly string[];
+}
+/** Report recipient */
+export interface ReportRecipient {
+    readonly email: string;
+    readonly name?: string;
+    readonly sentAt?: Date;
+    readonly viewedAt?: Date;
+}
+/** Risk assessment */
+export interface RiskAssessment {
+    readonly id: string;
+    readonly name: string;
+    readonly type: RiskAssessmentType;
+    readonly scope: RiskScope;
+    readonly methodology: string;
+    readonly status: AssessmentStatus;
+    readonly assessmentDate: Date;
+    readonly assessor: string;
+    readonly risks: readonly Risk[];
+    readonly summary: RiskSummary;
+    readonly createdAt: Date;
+    readonly updatedAt: Date;
+}
+/** Risk assessment type */
+export type RiskAssessmentType = 'information_security' | 'privacy' | 'operational' | 'vendor' | 'project' | 'change';
+/** Risk scope */
+export interface RiskScope {
+    readonly systems: readonly string[];
+    readonly processes?: readonly string[];
+    readonly dataTypes?: readonly string[];
+    readonly vendors?: readonly string[];
+}
+/** Risk */
+export interface Risk {
+    readonly id: string;
+    readonly name: string;
+    readonly description: string;
+    readonly category: RiskCategory;
+    readonly threat: string;
+    readonly vulnerability: string;
+    readonly impact: RiskImpact;
+    readonly likelihood: RiskLikelihood;
+    readonly inherentRisk: RiskLevel;
+    readonly controls: readonly string[];
+    readonly residualRisk: RiskLevel;
+    readonly riskOwner?: string;
+    readonly treatmentPlan?: RiskTreatment;
+    readonly status: RiskStatus;
+}
+/** Risk category */
+export type RiskCategory = 'strategic' | 'operational' | 'financial' | 'compliance' | 'reputational' | 'technology' | 'security' | 'privacy';
+/** Risk impact */
+export type RiskImpact = 'catastrophic' | 'major' | 'moderate' | 'minor' | 'negligible';
+/** Risk likelihood */
+export type RiskLikelihood = 'almost_certain' | 'likely' | 'possible' | 'unlikely' | 'rare';
+/** Risk level */
+export type RiskLevel = 'critical' | 'high' | 'medium' | 'low' | 'very_low';
+/** Risk treatment */
+export interface RiskTreatment {
+    readonly strategy: TreatmentStrategy;
+    readonly description: string;
+    readonly actions: readonly TreatmentAction[];
+    readonly targetDate?: Date;
+    readonly targetRiskLevel?: RiskLevel;
+}
+/** Treatment strategy */
+export type TreatmentStrategy = 'accept' | 'mitigate' | 'transfer' | 'avoid';
+/** Treatment action */
+export interface TreatmentAction {
+    readonly id: string;
+    readonly description: string;
+    readonly assignee?: string;
+    readonly dueDate?: Date;
+    readonly status: TaskStatus;
+    readonly completedAt?: Date;
+}
+/** Risk status */
+export type RiskStatus = 'identified' | 'assessed' | 'treating' | 'monitoring' | 'closed';
+/** Risk summary */
+export interface RiskSummary {
+    readonly totalRisks: number;
+    readonly byLevel: Record<RiskLevel, number>;
+    readonly byCategory: Record<RiskCategory, number>;
+    readonly byStatus: Record<RiskStatus, number>;
+    readonly averageInherentRisk: number;
+    readonly averageResidualRisk: number;
+}
+/** Data processing activity */
+export interface DataProcessingActivity {
+    readonly id: string;
+    readonly name: string;
+    readonly purpose: readonly string[];
+    readonly lawfulBasis: GdprLawfulBasis;
+    readonly dataCategories: readonly DataCategory[];
+    readonly dataSubjects: readonly DataSubjectType[];
+    readonly recipients: readonly DataRecipient[];
+    readonly retentionPeriod: string;
+    readonly crossBorderTransfers: readonly CrossBorderTransfer[];
+    readonly securityMeasures: readonly string[];
+    readonly dpiaConducted: boolean;
+    readonly dpiaReference?: string;
+    readonly dataController: DataController;
+    readonly dataProcessor?: DataProcessor;
+    readonly createdAt: Date;
+    readonly updatedAt: Date;
+}
+/** Data category */
+export type DataCategory = 'personal_data' | 'sensitive_personal_data' | 'biometric' | 'genetic' | 'health' | 'racial_ethnic' | 'political_opinions' | 'religious_beliefs' | 'trade_union' | 'sexual_orientation' | 'criminal_convictions';
+/** Data subject type */
+export type DataSubjectType = 'customers' | 'employees' | 'contractors' | 'prospects' | 'website_visitors' | 'vendors' | 'partners';
+/** Data recipient */
+export interface DataRecipient {
+    readonly name: string;
+    readonly type: RecipientType;
+    readonly country?: string;
+    readonly purpose: string;
+}
+/** Recipient type */
+export type RecipientType = 'internal' | 'processor' | 'joint_controller' | 'third_party' | 'public_authority';
+/** Cross border transfer */
+export interface CrossBorderTransfer {
+    readonly country: string;
+    readonly mechanism: TransferMechanism;
+    readonly safeguards?: string;
+}
+/** Transfer mechanism */
+export type TransferMechanism = 'adequacy_decision' | 'standard_contractual_clauses' | 'binding_corporate_rules' | 'derogation' | 'other';
+/** Data controller */
+export interface DataController {
+    readonly name: string;
+    readonly address: string;
+    readonly contact: string;
+    readonly dpoContact?: string;
+}
+/** Data processor */
+export interface DataProcessor {
+    readonly name: string;
+    readonly address: string;
+    readonly contact: string;
+    readonly contractDate: Date;
+    readonly subProcessors?: readonly DataProcessor[];
+}
+/** Data subject request */
+export interface DataSubjectRequest {
+    readonly id: string;
+    readonly type: DataSubjectRequestType;
+    readonly subjectEmail: string;
+    readonly subjectName?: string;
+    readonly requestedAt: Date;
+    readonly verifiedAt?: Date;
+    readonly status: DsrStatus;
+    readonly dueDate: Date;
+    readonly completedAt?: Date;
+    readonly assignee?: string;
+    readonly notes?: string;
+    readonly responseProvided?: string;
+}
+/** Data subject request type */
+export type DataSubjectRequestType = 'access' | 'rectification' | 'erasure' | 'restriction' | 'portability' | 'objection';
+/** DSR status */
+export type DsrStatus = 'received' | 'verifying' | 'processing' | 'completed' | 'denied' | 'extended';
+//# sourceMappingURL=audit-compliance.d.ts.map