bmad-plus 0.7.4 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (294) hide show
  1. package/CHANGELOG.md +450 -407
  2. package/LICENSE +21 -0
  3. package/README.md +555 -446
  4. package/osint-agent-package/README.md +88 -88
  5. package/osint-agent-package/SETUP_KEYS.md +108 -108
  6. package/osint-agent-package/agents/osint-investigator.md +80 -80
  7. package/osint-agent-package/install.ps1 +87 -87
  8. package/osint-agent-package/install.sh +76 -76
  9. package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
  10. package/osint-agent-package/skills/bmad-osint-investigate/osint/SKILL.md +452 -452
  11. package/osint-agent-package/skills/bmad-osint-investigate/osint/assets/dossier-template.md +116 -116
  12. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/content-extraction.md +100 -100
  13. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
  14. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/platforms.md +130 -130
  15. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/psychoprofile.md +69 -69
  16. package/osint-agent-package/skills/bmad-osint-investigate/osint/references/tools.md +281 -281
  17. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
  18. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -260
  19. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
  20. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
  21. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
  22. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
  23. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/mcp-client.py +136 -136
  24. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
  25. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
  26. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
  27. package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
  28. package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
  29. package/package.json +62 -57
  30. package/readme-international/README.de.md +576 -426
  31. package/readme-international/README.es.md +578 -518
  32. package/readme-international/README.fr.md +576 -516
  33. package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
  34. package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
  35. package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
  36. package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
  37. package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
  38. package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
  39. package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
  40. package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
  41. package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
  42. package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
  43. package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
  44. package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
  45. package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +325 -325
  46. package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +55 -55
  47. package/src/bmad-plus/agents/pack-backup/backup-agent.md +71 -71
  48. package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +51 -51
  49. package/src/bmad-plus/agents/pack-seo/SKILL.md +171 -171
  50. package/src/bmad-plus/agents/pack-seo/checklist.md +140 -140
  51. package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +320 -320
  52. package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +187 -187
  53. package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +87 -87
  54. package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +123 -123
  55. package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +167 -167
  56. package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +153 -153
  57. package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +133 -133
  58. package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +91 -91
  59. package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +356 -356
  60. package/src/bmad-plus/agents/pack-seo/seo-chief.md +294 -294
  61. package/src/bmad-plus/agents/pack-seo/seo-judge.md +241 -241
  62. package/src/bmad-plus/agents/pack-seo/seo-scout.md +171 -171
  63. package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +241 -241
  64. package/src/bmad-plus/data/role-triggers.yaml +209 -209
  65. package/src/bmad-plus/module-help.csv +10 -10
  66. package/src/bmad-plus/module.yaml +283 -280
  67. package/src/bmad-plus/packs/pack-animated/animated-website-agent.md +325 -0
  68. package/src/bmad-plus/packs/pack-animated/templates/animated-website-workflow.md +55 -0
  69. package/src/bmad-plus/packs/pack-backup/backup-agent.md +71 -0
  70. package/src/bmad-plus/packs/pack-backup/templates/backup-workflow.md +51 -0
  71. package/src/bmad-plus/packs/pack-dev-studio/README.md +162 -162
  72. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/analyst-agent.md +73 -73
  73. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/document-project.md +61 -61
  74. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/domain-research.md +95 -95
  75. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/market-research.md +95 -95
  76. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/prfaq.md +134 -134
  77. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/product-brief.md +80 -80
  78. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/tech-writer-agent.md +73 -73
  79. package/src/bmad-plus/packs/pack-dev-studio/categories/analysis/technical-research.md +95 -95
  80. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/architect-agent.md +73 -73
  81. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-architecture.md +73 -73
  82. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/create-epics-stories.md +92 -92
  83. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/generate-project-context.md +80 -80
  84. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/implementation-readiness.md +90 -90
  85. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01-init.md +153 -153
  86. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-01b-continue.md +173 -173
  87. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-02-context.md +224 -224
  88. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-03-starter.md +329 -329
  89. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-04-decisions.md +318 -318
  90. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-05-patterns.md +359 -359
  91. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-06-structure.md +379 -379
  92. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-07-validation.md +361 -361
  93. package/src/bmad-plus/packs/pack-dev-studio/categories/architecture/steps/step-08-complete.md +81 -81
  94. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/checkpoint-preview.md +67 -67
  95. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-01-gather-context.md +85 -85
  96. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-02-review.md +35 -35
  97. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-03-triage.md +49 -49
  98. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review-steps/step-04-present.md +131 -131
  99. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/code-review.md +89 -89
  100. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/correct-course.md +300 -300
  101. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/create-story.md +428 -428
  102. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-agent.md +73 -73
  103. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story-checklist.md +80 -80
  104. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/dev-story.md +484 -484
  105. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/investigate.md +193 -193
  106. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/qa-e2e-tests.md +175 -175
  107. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/quick-dev.md +110 -110
  108. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/retrospective.md +1511 -1511
  109. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-planning.md +298 -298
  110. package/src/bmad-plus/packs/pack-dev-studio/categories/implementation/sprint-status.md +296 -296
  111. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-prd.md +29 -29
  112. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/create-ux-design.md +74 -74
  113. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/edit-prd.md +29 -29
  114. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/pm-agent.md +73 -73
  115. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/prd.md +89 -89
  116. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/ux-designer-agent.md +73 -73
  117. package/src/bmad-plus/packs/pack-dev-studio/categories/planning/validate-prd.md +29 -29
  118. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/advanced-elicitation.md +141 -141
  119. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/adversarial-review.md +37 -37
  120. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/bmad-help.md +75 -75
  121. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/brainstorming.md +6 -6
  122. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/customize.md +110 -110
  123. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/distillator.md +176 -176
  124. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/edge-case-hunter.md +67 -67
  125. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-prose.md +86 -86
  126. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/editorial-review-structure.md +179 -179
  127. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/index-docs.md +66 -66
  128. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/party-mode.md +127 -127
  129. package/src/bmad-plus/packs/pack-dev-studio/categories/utilities/shard-doc.md +105 -105
  130. package/src/bmad-plus/packs/pack-dev-studio/dev-studio-orchestrator.md +120 -120
  131. package/src/bmad-plus/packs/pack-dev-studio/shared/architecture-decision-template.md +12 -12
  132. package/src/bmad-plus/packs/pack-dev-studio/shared/bwml-spec.md +328 -328
  133. package/src/bmad-plus/packs/pack-dev-studio/shared/module-help.csv +32 -32
  134. package/src/bmad-plus/packs/pack-dev-studio/upstream-sync.yaml +81 -81
  135. package/src/bmad-plus/packs/pack-memory/README.md +106 -106
  136. package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
  137. package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
  138. package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
  139. package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
  140. package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
  141. package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
  142. package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
  143. package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
  144. package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
  145. package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
  146. package/src/bmad-plus/packs/pack-seo/SKILL.md +171 -0
  147. package/src/bmad-plus/packs/pack-seo/checklist.md +140 -0
  148. package/src/bmad-plus/packs/pack-seo/pagespeed-playbook.md +320 -0
  149. package/src/bmad-plus/packs/pack-seo/ref/audit-schema.json +187 -0
  150. package/src/bmad-plus/packs/pack-seo/ref/cwv-thresholds.md +87 -0
  151. package/src/bmad-plus/packs/pack-seo/ref/eeat-criteria.md +123 -0
  152. package/src/bmad-plus/packs/pack-seo/ref/geo-signals.md +167 -0
  153. package/src/bmad-plus/packs/pack-seo/ref/hreflang-rules.md +153 -0
  154. package/src/bmad-plus/packs/pack-seo/ref/quality-gates.md +133 -0
  155. package/src/bmad-plus/packs/pack-seo/ref/schema-catalog.md +91 -0
  156. package/src/bmad-plus/packs/pack-seo/ref/schema-templates.json +356 -0
  157. package/src/bmad-plus/packs/pack-seo/seo-chief.md +294 -0
  158. package/src/bmad-plus/packs/pack-seo/seo-judge.md +241 -0
  159. package/src/bmad-plus/packs/pack-seo/seo-scout.md +171 -0
  160. package/src/bmad-plus/packs/pack-seo/templates/seo-audit-workflow.md +241 -0
  161. package/src/bmad-plus/packs/pack-shield/README.md +110 -110
  162. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +262 -262
  163. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +179 -179
  164. package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +201 -201
  165. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +97 -97
  166. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +251 -251
  167. package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +133 -133
  168. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +221 -221
  169. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +150 -150
  170. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +167 -167
  171. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +83 -83
  172. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +250 -250
  173. package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +218 -218
  174. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
  175. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
  176. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
  177. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
  178. package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
  179. package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +127 -127
  180. package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +272 -272
  181. package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +202 -202
  182. package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +367 -367
  183. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +510 -510
  184. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +247 -247
  185. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +173 -173
  186. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +239 -239
  187. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +266 -266
  188. package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +164 -164
  189. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
  190. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
  191. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
  192. package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
  193. package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
  194. package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
  195. package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
  196. package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
  197. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
  198. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
  199. package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
  200. package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
  201. package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
  202. package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
  203. package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
  204. package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
  205. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
  206. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
  207. package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
  208. package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
  209. package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
  210. package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
  211. package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
  212. package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
  213. package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
  214. package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
  215. package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
  216. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
  217. package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
  218. package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
  219. package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
  220. package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
  221. package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
  222. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
  223. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
  224. package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
  225. package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
  226. package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
  227. package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
  228. package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
  229. package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
  230. package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
  231. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
  232. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
  233. package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
  234. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
  235. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
  236. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
  237. package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
  238. package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
  239. package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
  240. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
  241. package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
  242. package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
  243. package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
  244. package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
  245. package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
  246. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
  247. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
  248. package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
  249. package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
  250. package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
  251. package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
  252. package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
  253. package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
  254. package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
  255. package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
  256. package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
  257. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
  258. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
  259. package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
  260. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
  261. package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
  262. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
  263. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
  264. package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
  265. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
  266. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
  267. package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
  268. package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
  269. package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
  270. package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
  271. package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
  272. package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
  273. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
  274. package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
  275. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
  276. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
  277. package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
  278. package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
  279. package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
  280. package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
  281. package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
  282. package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
  283. package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
  284. package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
  285. package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
  286. package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
  287. package/tools/cli/commands/autoconfig.js +498 -489
  288. package/tools/cli/commands/doctor.js +222 -175
  289. package/tools/cli/commands/install.js +739 -739
  290. package/tools/cli/commands/memory.js +194 -194
  291. package/tools/cli/commands/scan.js +360 -350
  292. package/tools/cli/commands/uninstall.js +96 -96
  293. package/tools/cli/commands/update.js +174 -174
  294. package/tools/cli/i18n.js +763 -763
@@ -1,253 +1,253 @@
1
- # Double Materiality Assessment (DMA) — Methodology and Templates
2
-
3
- ## Overview
4
-
5
- The Double Materiality Assessment is the mandatory first step in CSRD compliance (ESRS 1, paras. 19–56). Every in-scope company must complete a DMA before deciding which ESRS topical standards to report on. The DMA determines what is reported; it cannot be completed retrospectively.
6
-
7
- ---
8
-
9
- ## Two Perspectives Explained
10
-
11
- ### 1. Impact Materiality (Inside-Out)
12
- *Does the company have actual or potential impacts on people or the environment?*
13
-
14
- **Scope:** Own operations + upstream and downstream value chain
15
-
16
- **Actual impacts:** Currently occurring
17
- **Potential impacts:** Could occur in the future (assess likelihood)
18
-
19
- **Positive impacts:** Benefits to people or environment (e.g., jobs created, carbon sequestration)
20
- **Negative impacts:** Harm to people or environment (e.g., pollution, unsafe working conditions)
21
-
22
- **Significance assessment formula:**
23
- - *Negative actual impacts:* Scale × Scope × Irremediability
24
- - *Negative potential impacts:* Scale × Scope × Irremediability × Likelihood
25
- - *Positive actual impacts:* Scale × Scope
26
- - *Positive potential impacts:* Scale × Scope × Likelihood
27
-
28
- **Definitions:**
29
- | Criterion | Definition |
30
- |-----------|-----------|
31
- | Scale | Severity of the impact on people or environment |
32
- | Scope | How widespread (number of people affected / geographic area) |
33
- | Irremediability | Difficulty of restoring pre-impact state |
34
- | Likelihood | Probability of potential impact occurring |
35
-
36
- ### 2. Financial Materiality (Outside-In)
37
- *Does the sustainability matter create risks or opportunities affecting the company's finances?*
38
-
39
- **Financial effects include:** Revenue, costs, assets, liabilities, cash flows, access to finance, cost of capital
40
-
41
- **Time horizons:** Short-term (<1 year), medium-term (1–5 years), long-term (>5 years)
42
-
43
- **Assessment criteria:**
44
- - Magnitude: How large could the financial effect be? (quantify where possible)
45
- - Likelihood: How probable is the financial effect?
46
-
47
- **Sources of financial risks and opportunities:**
48
- - Physical risks (acute: extreme weather; chronic: temperature, sea-level)
49
- - Transition risks (policy/regulation, technology, market, reputational)
50
- - Opportunities (energy efficiency, new markets, brand value, talent attraction)
51
-
52
- ### The Materiality Threshold
53
- A topic is **material** if it meets EITHER the impact materiality threshold OR the financial materiality threshold (or both).
54
-
55
- There is no prescribed numerical threshold — companies set their own thresholds, which must be justified and disclosed (ESRS 2 IRO-1).
56
-
57
- ---
58
-
59
- ## DMA Process — Step by Step
60
-
61
- ### Step 1: Understand the Context (ESRS 1, para. 45)
62
-
63
- **Activities:**
64
- 1. Map the business model: products/services, markets, geographies
65
- 2. Map the value chain: key suppliers (tier 1 and beyond), distribution, customers, end-users
66
- 3. Identify the company's key activities, assets, and relationships
67
- 4. Identify sector-specific sustainability risks using industry references (ESRS sector standards when published, SASB, GRI sector standards)
68
-
69
- **Output:** Business context document / value chain map
70
-
71
- ---
72
-
73
- ### Step 2: Identify Actual and Potential Impacts (ESRS 1, paras. 46–48)
74
-
75
- **Sources of impact identification:**
76
- - Internal: operations review, incident data, management interviews
77
- - External: stakeholder engagement, industry benchmarks, peer analysis, ESG ratings
78
-
79
- **Stakeholder engagement (ESRS 1, para. 22):**
80
- ESRS requires meaningful engagement with affected stakeholders and users of sustainability reporting. Stakeholders to engage:
81
- - Workers (own and value chain)
82
- - Local communities
83
- - Customers / consumers
84
- - NGOs and civil society
85
- - Investors and financial institutions
86
- - Regulators
87
-
88
- **Output:** Long list of potential impacts per ESRS topic area
89
-
90
- ---
91
-
92
- ### Step 3: Assess Significance of Impacts
93
-
94
- Rate each identified impact on each criterion using a 1–5 scale (or equivalent):
95
-
96
- **Impact Scoring Matrix:**
97
-
98
- | Score | Scale | Scope | Irremediability | Likelihood |
99
- |-------|-------|-------|----------------|-----------|
100
- | 1 | Minimal | Very local / few individuals | Easily remediable | Very unlikely (<5%) |
101
- | 2 | Low | Local / small group | Mostly remediable | Unlikely (5–25%) |
102
- | 3 | Moderate | Regional / significant group | Partially remediable | Possible (25–50%) |
103
- | 4 | High | National / large group | Mostly irreversible | Likely (50–75%) |
104
- | 5 | Severe | International / systemic | Irreversible | Very likely (>75%) |
105
-
106
- **Severity score (negative actual):** Scale × Scope × Irremediability (max 125)
107
- **Severity score (negative potential):** Scale × Scope × Irremediability × Likelihood (max 625)
108
-
109
- **Materiality threshold:** Company-defined (example: severity ≥ 27 for actual impacts; ≥ 50 for potential impacts)
110
-
111
- ---
112
-
113
- ### Step 4: Identify Financial Risks and Opportunities
114
-
115
- For each ESRS topic, assess whether there are associated financial risks or opportunities.
116
-
117
- **Financial Risk/Opportunity Identification Template:**
118
-
119
- | ESRS Topic | Risk/Opportunity Type | Description | Time Horizon | Potential Financial Effect |
120
- |-----------|----------------------|-------------|-------------|--------------------------|
121
- | Climate (E1) | Physical risk (acute) | Flooding of key manufacturing site | Short-term | Asset damage, business interruption |
122
- | Climate (E1) | Transition risk | Carbon pricing increases operating costs | Medium-term | Higher fuel/energy costs |
123
- | Water (E3) | Physical risk (chronic) | Water scarcity in production region | Long-term | Supply disruption, increased costs |
124
- | Workforce (S1) | Opportunity | Employer brand attracts talent | Short-term | Lower recruitment costs, retention |
125
-
126
- ---
127
-
128
- ### Step 5: Assess Financial Significance
129
-
130
- Rate identified risks/opportunities:
131
-
132
- | Rating | Magnitude | Likelihood |
133
- |--------|-----------|-----------|
134
- | Low | <1% of EBITDA | <25% |
135
- | Medium | 1–5% of EBITDA | 25–75% |
136
- | High | >5% of EBITDA | >75% |
137
-
138
- **Financial materiality score:** Magnitude × Likelihood → topic is financially material if score exceeds threshold.
139
-
140
- ---
141
-
142
- ### Step 6: Determine Materiality — Topic by Topic
143
-
144
- Apply the materiality determination matrix:
145
-
146
- | ESRS Topic | Impact Material? | Financially Material? | Overall Materiality | Report? |
147
- |-----------|-----------------|----------------------|-------------------|---------|
148
- | E1 Climate | Yes (Scope 3 GHG) | Yes (carbon pricing risk) | **MATERIAL** | Full ESRS E1 |
149
- | E2 Pollution | No | No | Non-material | Omit (brief statement) |
150
- | E3 Water | Yes (operations in water-stressed area) | No | **MATERIAL** | Full ESRS E3 |
151
- | S1 Own Workforce | Yes | No | **MATERIAL** | Full ESRS S1 |
152
- | G1 Business Conduct | No | Yes (compliance risk) | **MATERIAL** | Full ESRS G1 |
153
-
154
- ---
155
-
156
- ### Step 7: Document the DMA (ESRS 2 SBM-3 + IRO-1)
157
-
158
- **Mandatory disclosures about the DMA process:**
159
-
160
- *ESRS 2 IRO-1 — Description of the process to identify and assess material IROs:*
161
- - Scope of assessment (own operations / value chain depth)
162
- - Methodology and criteria used
163
- - How stakeholders were engaged
164
- - Timeline and frequency of DMA
165
- - How the results inform strategy and reporting
166
-
167
- *ESRS 2 SBM-3 — Material impacts, risks and opportunities:*
168
- - Complete list of material topics identified
169
- - How material IROs interact with business model and strategy
170
- - Current and anticipated financial effects
171
-
172
- **Materiality Statement:** Brief explanation for each ESRS topic found non-material (why it was excluded).
173
-
174
- ---
175
-
176
- ### Step 8: Validate and Update
177
-
178
- - DMA must be updated at least annually
179
- - Trigger for mid-period review: significant business change, new regulation, emerging risk, stakeholder concern
180
- - Changes to materiality conclusions must be disclosed
181
-
182
- ---
183
-
184
- ## Sector-Specific Guidance
185
-
186
- ### High-Likelihood Material Topics by Sector
187
-
188
- | Sector | Typically Material |
189
- |--------|-------------------|
190
- | Energy / Utilities | E1 (Climate), E2 (Pollution), E3 (Water), G1 (Business Conduct) |
191
- | Financial Services | E1 (financed emissions), G1 (Business Conduct), S4 (Consumers) |
192
- | Manufacturing | E1 (GHG), E2 (Pollution), E5 (Circular Economy), S1 (Workforce), S2 (Value Chain) |
193
- | Retail / Consumer Goods | E1, E5 (packaging/waste), S2 (supply chain labour), S4 (consumers) |
194
- | Agriculture / Food | E3 (Water), E4 (Biodiversity), E2 (Pollution), S2 (Value Chain) |
195
- | Construction / Real Estate | E1 (building emissions), E5 (materials), E4 (land use), S3 (communities) |
196
- | Technology | S1 (Workforce), S4 (data protection/consumers), G1 (Business Conduct) |
197
- | Mining / Extractives | E1, E2, E3, E4, S3 (communities), G1 |
198
- | Healthcare / Pharma | S4 (consumers), S1 (workforce), G1 (business conduct), E1 |
199
-
200
- ---
201
-
202
- ## DMA Documentation Templates
203
-
204
- ### Impact Register Template
205
-
206
- | ID | ESRS Topic | Impact Description | Direction | Scope | Time Horizon | Scale (1-5) | Scope (1-5) | Irremediability (1-5) | Likelihood (1-5) | Severity Score | Material? |
207
- |----|-----------|-------------------|-----------|-------|-------------|------------|------------|----------------------|----------------|---------------|-----------|
208
- | I-001 | E1 | Scope 3 GHG emissions from product use | Negative | Downstream | Long-term | 5 | 5 | 4 | 5 | 500 | YES |
209
- | I-002 | S1 | Gender pay inequity among employees | Negative | Own ops | Short-term | 3 | 3 | 3 | 4 | 108 | YES |
210
- | I-003 | E4 | No operations near biodiversity areas | n/a | — | — | 1 | 1 | 1 | 1 | 1 | NO |
211
-
212
- ### Financial Risk/Opportunity Register Template
213
-
214
- | ID | ESRS Topic | Type | Description | Time Horizon | Magnitude | Likelihood | Financial Score | Material? |
215
- |----|-----------|------|-------------|-------------|-----------|-----------|----------------|-----------|
216
- | F-001 | E1 | Transition risk | EU ETS carbon costs increase | Short-medium | High | High | HIGH | YES |
217
- | F-002 | E3 | Physical risk | Water scarcity affects key plant | Long-term | Medium | Medium | MEDIUM | YES |
218
- | F-003 | S1 | Opportunity | ESG leader attracts talent | Short-term | Low | Medium | LOW | NO |
219
-
220
- ### DMA Summary Table
221
-
222
- | ESRS Standard | Topic | Impact Materiality | Financial Materiality | Overall Material | First Reporting Year |
223
- |--------------|-------|-------------------|----------------------|-----------------|---------------------|
224
- | E1 | Climate Change | ✓ | ✓ | ✓ | FY 2025 |
225
- | E2 | Pollution | ✗ | ✗ | ✗ | — |
226
- | E3 | Water & Marine | ✓ | ✓ | ✓ | FY 2025 |
227
- | E4 | Biodiversity | ✗ | ✗ | ✗ | — |
228
- | E5 | Circular Economy | ✓ | ✗ | ✓ | FY 2025 |
229
- | S1 | Own Workforce | ✓ | ✗ | ✓ | FY 2025 |
230
- | S2 | Value Chain Workers | ✓ | ✗ | ✓ | FY 2025 |
231
- | S3 | Communities | ✗ | ✗ | ✗ | — |
232
- | S4 | Consumers | ✗ | ✓ | ✓ | FY 2025 |
233
- | G1 | Business Conduct | ✓ | ✓ | ✓ | FY 2025 |
234
-
235
- ---
236
-
237
- ## Common DMA Pitfalls
238
-
239
- **1. Scope too narrow:** Limiting the DMA to own operations only; ESRS requires value chain consideration where material.
240
-
241
- **2. Stakeholder engagement inadequate:** Consulting only investors; ESRS requires engagement with affected stakeholders (workers, communities).
242
-
243
- **3. Financial materiality neglected:** Conducting only impact assessment; financial risks/opportunities must be assessed separately.
244
-
245
- **4. Thresholds not justified:** Setting arbitrary thresholds without documenting the rationale; thresholds must be disclosed in IRO-1.
246
-
247
- **5. DMA done retrospectively:** Completing the DMA after deciding what to report; the DMA must drive reporting decisions.
248
-
249
- **6. Over-exclusion:** Excluding topics from reporting without adequate justification; ESRS requires a brief explanation for excluded topics.
250
-
251
- **7. Static DMA:** Treating DMA as a one-time exercise; it must be reviewed at least annually.
252
-
253
- **8. Climate auto-excluded:** Climate change (E1) is presumed material for most companies; requires robust justification and strong evidence to exclude.
1
+ # Double Materiality Assessment (DMA) — Methodology and Templates
2
+
3
+ ## Overview
4
+
5
+ The Double Materiality Assessment is the mandatory first step in CSRD compliance (ESRS 1, paras. 19–56). Every in-scope company must complete a DMA before deciding which ESRS topical standards to report on. The DMA determines what is reported; it cannot be completed retrospectively.
6
+
7
+ ---
8
+
9
+ ## Two Perspectives Explained
10
+
11
+ ### 1. Impact Materiality (Inside-Out)
12
+ *Does the company have actual or potential impacts on people or the environment?*
13
+
14
+ **Scope:** Own operations + upstream and downstream value chain
15
+
16
+ **Actual impacts:** Currently occurring
17
+ **Potential impacts:** Could occur in the future (assess likelihood)
18
+
19
+ **Positive impacts:** Benefits to people or environment (e.g., jobs created, carbon sequestration)
20
+ **Negative impacts:** Harm to people or environment (e.g., pollution, unsafe working conditions)
21
+
22
+ **Significance assessment formula:**
23
+ - *Negative actual impacts:* Scale × Scope × Irremediability
24
+ - *Negative potential impacts:* Scale × Scope × Irremediability × Likelihood
25
+ - *Positive actual impacts:* Scale × Scope
26
+ - *Positive potential impacts:* Scale × Scope × Likelihood
27
+
28
+ **Definitions:**
29
+ | Criterion | Definition |
30
+ |-----------|-----------|
31
+ | Scale | Severity of the impact on people or environment |
32
+ | Scope | How widespread (number of people affected / geographic area) |
33
+ | Irremediability | Difficulty of restoring pre-impact state |
34
+ | Likelihood | Probability of potential impact occurring |
35
+
36
+ ### 2. Financial Materiality (Outside-In)
37
+ *Does the sustainability matter create risks or opportunities affecting the company's finances?*
38
+
39
+ **Financial effects include:** Revenue, costs, assets, liabilities, cash flows, access to finance, cost of capital
40
+
41
+ **Time horizons:** Short-term (<1 year), medium-term (1–5 years), long-term (>5 years)
42
+
43
+ **Assessment criteria:**
44
+ - Magnitude: How large could the financial effect be? (quantify where possible)
45
+ - Likelihood: How probable is the financial effect?
46
+
47
+ **Sources of financial risks and opportunities:**
48
+ - Physical risks (acute: extreme weather; chronic: temperature, sea-level)
49
+ - Transition risks (policy/regulation, technology, market, reputational)
50
+ - Opportunities (energy efficiency, new markets, brand value, talent attraction)
51
+
52
+ ### The Materiality Threshold
53
+ A topic is **material** if it meets EITHER the impact materiality threshold OR the financial materiality threshold (or both).
54
+
55
+ There is no prescribed numerical threshold — companies set their own thresholds, which must be justified and disclosed (ESRS 2 IRO-1).
56
+
57
+ ---
58
+
59
+ ## DMA Process — Step by Step
60
+
61
+ ### Step 1: Understand the Context (ESRS 1, para. 45)
62
+
63
+ **Activities:**
64
+ 1. Map the business model: products/services, markets, geographies
65
+ 2. Map the value chain: key suppliers (tier 1 and beyond), distribution, customers, end-users
66
+ 3. Identify the company's key activities, assets, and relationships
67
+ 4. Identify sector-specific sustainability risks using industry references (ESRS sector standards when published, SASB, GRI sector standards)
68
+
69
+ **Output:** Business context document / value chain map
70
+
71
+ ---
72
+
73
+ ### Step 2: Identify Actual and Potential Impacts (ESRS 1, paras. 46–48)
74
+
75
+ **Sources of impact identification:**
76
+ - Internal: operations review, incident data, management interviews
77
+ - External: stakeholder engagement, industry benchmarks, peer analysis, ESG ratings
78
+
79
+ **Stakeholder engagement (ESRS 1, para. 22):**
80
+ ESRS requires meaningful engagement with affected stakeholders and users of sustainability reporting. Stakeholders to engage:
81
+ - Workers (own and value chain)
82
+ - Local communities
83
+ - Customers / consumers
84
+ - NGOs and civil society
85
+ - Investors and financial institutions
86
+ - Regulators
87
+
88
+ **Output:** Long list of potential impacts per ESRS topic area
89
+
90
+ ---
91
+
92
+ ### Step 3: Assess Significance of Impacts
93
+
94
+ Rate each identified impact on each criterion using a 1–5 scale (or equivalent):
95
+
96
+ **Impact Scoring Matrix:**
97
+
98
+ | Score | Scale | Scope | Irremediability | Likelihood |
99
+ |-------|-------|-------|----------------|-----------|
100
+ | 1 | Minimal | Very local / few individuals | Easily remediable | Very unlikely (<5%) |
101
+ | 2 | Low | Local / small group | Mostly remediable | Unlikely (5–25%) |
102
+ | 3 | Moderate | Regional / significant group | Partially remediable | Possible (25–50%) |
103
+ | 4 | High | National / large group | Mostly irreversible | Likely (50–75%) |
104
+ | 5 | Severe | International / systemic | Irreversible | Very likely (>75%) |
105
+
106
+ **Severity score (negative actual):** Scale × Scope × Irremediability (max 125)
107
+ **Severity score (negative potential):** Scale × Scope × Irremediability × Likelihood (max 625)
108
+
109
+ **Materiality threshold:** Company-defined (example: severity ≥ 27 for actual impacts; ≥ 50 for potential impacts)
110
+
111
+ ---
112
+
113
+ ### Step 4: Identify Financial Risks and Opportunities
114
+
115
+ For each ESRS topic, assess whether there are associated financial risks or opportunities.
116
+
117
+ **Financial Risk/Opportunity Identification Template:**
118
+
119
+ | ESRS Topic | Risk/Opportunity Type | Description | Time Horizon | Potential Financial Effect |
120
+ |-----------|----------------------|-------------|-------------|--------------------------|
121
+ | Climate (E1) | Physical risk (acute) | Flooding of key manufacturing site | Short-term | Asset damage, business interruption |
122
+ | Climate (E1) | Transition risk | Carbon pricing increases operating costs | Medium-term | Higher fuel/energy costs |
123
+ | Water (E3) | Physical risk (chronic) | Water scarcity in production region | Long-term | Supply disruption, increased costs |
124
+ | Workforce (S1) | Opportunity | Employer brand attracts talent | Short-term | Lower recruitment costs, retention |
125
+
126
+ ---
127
+
128
+ ### Step 5: Assess Financial Significance
129
+
130
+ Rate identified risks/opportunities:
131
+
132
+ | Rating | Magnitude | Likelihood |
133
+ |--------|-----------|-----------|
134
+ | Low | <1% of EBITDA | <25% |
135
+ | Medium | 1–5% of EBITDA | 25–75% |
136
+ | High | >5% of EBITDA | >75% |
137
+
138
+ **Financial materiality score:** Magnitude × Likelihood → topic is financially material if score exceeds threshold.
139
+
140
+ ---
141
+
142
+ ### Step 6: Determine Materiality — Topic by Topic
143
+
144
+ Apply the materiality determination matrix:
145
+
146
+ | ESRS Topic | Impact Material? | Financially Material? | Overall Materiality | Report? |
147
+ |-----------|-----------------|----------------------|-------------------|---------|
148
+ | E1 Climate | Yes (Scope 3 GHG) | Yes (carbon pricing risk) | **MATERIAL** | Full ESRS E1 |
149
+ | E2 Pollution | No | No | Non-material | Omit (brief statement) |
150
+ | E3 Water | Yes (operations in water-stressed area) | No | **MATERIAL** | Full ESRS E3 |
151
+ | S1 Own Workforce | Yes | No | **MATERIAL** | Full ESRS S1 |
152
+ | G1 Business Conduct | No | Yes (compliance risk) | **MATERIAL** | Full ESRS G1 |
153
+
154
+ ---
155
+
156
+ ### Step 7: Document the DMA (ESRS 2 SBM-3 + IRO-1)
157
+
158
+ **Mandatory disclosures about the DMA process:**
159
+
160
+ *ESRS 2 IRO-1 — Description of the process to identify and assess material IROs:*
161
+ - Scope of assessment (own operations / value chain depth)
162
+ - Methodology and criteria used
163
+ - How stakeholders were engaged
164
+ - Timeline and frequency of DMA
165
+ - How the results inform strategy and reporting
166
+
167
+ *ESRS 2 SBM-3 — Material impacts, risks and opportunities:*
168
+ - Complete list of material topics identified
169
+ - How material IROs interact with business model and strategy
170
+ - Current and anticipated financial effects
171
+
172
+ **Materiality Statement:** Brief explanation for each ESRS topic found non-material (why it was excluded).
173
+
174
+ ---
175
+
176
+ ### Step 8: Validate and Update
177
+
178
+ - DMA must be updated at least annually
179
+ - Trigger for mid-period review: significant business change, new regulation, emerging risk, stakeholder concern
180
+ - Changes to materiality conclusions must be disclosed
181
+
182
+ ---
183
+
184
+ ## Sector-Specific Guidance
185
+
186
+ ### High-Likelihood Material Topics by Sector
187
+
188
+ | Sector | Typically Material |
189
+ |--------|-------------------|
190
+ | Energy / Utilities | E1 (Climate), E2 (Pollution), E3 (Water), G1 (Business Conduct) |
191
+ | Financial Services | E1 (financed emissions), G1 (Business Conduct), S4 (Consumers) |
192
+ | Manufacturing | E1 (GHG), E2 (Pollution), E5 (Circular Economy), S1 (Workforce), S2 (Value Chain) |
193
+ | Retail / Consumer Goods | E1, E5 (packaging/waste), S2 (supply chain labour), S4 (consumers) |
194
+ | Agriculture / Food | E3 (Water), E4 (Biodiversity), E2 (Pollution), S2 (Value Chain) |
195
+ | Construction / Real Estate | E1 (building emissions), E5 (materials), E4 (land use), S3 (communities) |
196
+ | Technology | S1 (Workforce), S4 (data protection/consumers), G1 (Business Conduct) |
197
+ | Mining / Extractives | E1, E2, E3, E4, S3 (communities), G1 |
198
+ | Healthcare / Pharma | S4 (consumers), S1 (workforce), G1 (business conduct), E1 |
199
+
200
+ ---
201
+
202
+ ## DMA Documentation Templates
203
+
204
+ ### Impact Register Template
205
+
206
+ | ID | ESRS Topic | Impact Description | Direction | Scope | Time Horizon | Scale (1-5) | Scope (1-5) | Irremediability (1-5) | Likelihood (1-5) | Severity Score | Material? |
207
+ |----|-----------|-------------------|-----------|-------|-------------|------------|------------|----------------------|----------------|---------------|-----------|
208
+ | I-001 | E1 | Scope 3 GHG emissions from product use | Negative | Downstream | Long-term | 5 | 5 | 4 | 5 | 500 | YES |
209
+ | I-002 | S1 | Gender pay inequity among employees | Negative | Own ops | Short-term | 3 | 3 | 3 | 4 | 108 | YES |
210
+ | I-003 | E4 | No operations near biodiversity areas | n/a | — | — | 1 | 1 | 1 | 1 | 1 | NO |
211
+
212
+ ### Financial Risk/Opportunity Register Template
213
+
214
+ | ID | ESRS Topic | Type | Description | Time Horizon | Magnitude | Likelihood | Financial Score | Material? |
215
+ |----|-----------|------|-------------|-------------|-----------|-----------|----------------|-----------|
216
+ | F-001 | E1 | Transition risk | EU ETS carbon costs increase | Short-medium | High | High | HIGH | YES |
217
+ | F-002 | E3 | Physical risk | Water scarcity affects key plant | Long-term | Medium | Medium | MEDIUM | YES |
218
+ | F-003 | S1 | Opportunity | ESG leader attracts talent | Short-term | Low | Medium | LOW | NO |
219
+
220
+ ### DMA Summary Table
221
+
222
+ | ESRS Standard | Topic | Impact Materiality | Financial Materiality | Overall Material | First Reporting Year |
223
+ |--------------|-------|-------------------|----------------------|-----------------|---------------------|
224
+ | E1 | Climate Change | ✓ | ✓ | ✓ | FY 2025 |
225
+ | E2 | Pollution | ✗ | ✗ | ✗ | — |
226
+ | E3 | Water & Marine | ✓ | ✓ | ✓ | FY 2025 |
227
+ | E4 | Biodiversity | ✗ | ✗ | ✗ | — |
228
+ | E5 | Circular Economy | ✓ | ✗ | ✓ | FY 2025 |
229
+ | S1 | Own Workforce | ✓ | ✗ | ✓ | FY 2025 |
230
+ | S2 | Value Chain Workers | ✓ | ✗ | ✓ | FY 2025 |
231
+ | S3 | Communities | ✗ | ✗ | ✗ | — |
232
+ | S4 | Consumers | ✗ | ✓ | ✓ | FY 2025 |
233
+ | G1 | Business Conduct | ✓ | ✓ | ✓ | FY 2025 |
234
+
235
+ ---
236
+
237
+ ## Common DMA Pitfalls
238
+
239
+ **1. Scope too narrow:** Limiting the DMA to own operations only; ESRS requires value chain consideration where material.
240
+
241
+ **2. Stakeholder engagement inadequate:** Consulting only investors; ESRS requires engagement with affected stakeholders (workers, communities).
242
+
243
+ **3. Financial materiality neglected:** Conducting only impact assessment; financial risks/opportunities must be assessed separately.
244
+
245
+ **4. Thresholds not justified:** Setting arbitrary thresholds without documenting the rationale; thresholds must be disclosed in IRO-1.
246
+
247
+ **5. DMA done retrospectively:** Completing the DMA after deciding what to report; the DMA must drive reporting decisions.
248
+
249
+ **6. Over-exclusion:** Excluding topics from reporting without adequate justification; ESRS requires a brief explanation for excluded topics.
250
+
251
+ **7. Static DMA:** Treating DMA as a one-time exercise; it must be reviewed at least annually.
252
+
253
+ **8. Climate auto-excluded:** Climate change (E1) is presumed material for most companies; requires robust justification and strong evidence to exclude.