npm - monora-ai - Versions diffs - 2.1.0 → 2.1.4 - Mend

monora-ai 2.1.0 → 2.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

package/README.md +339 -158
package/dist/aims_governance.d.ts +238 -0
package/dist/aims_governance.d.ts.map +1 -0
package/dist/aims_governance.js +922 -0
package/dist/alerts.d.ts +16 -0
package/dist/alerts.d.ts.map +1 -1
package/dist/alerts.js +16 -0
package/dist/api.d.ts +6 -0
package/dist/api.d.ts.map +1 -1
package/dist/api.js +6 -0
package/dist/assessment.d.ts +85 -0
package/dist/assessment.d.ts.map +1 -1
package/dist/assessment.js +525 -13
package/dist/attribution.d.ts +44 -3
package/dist/attribution.d.ts.map +1 -1
package/dist/attribution.js +197 -10
package/dist/autodetect.d.ts +68 -0
package/dist/autodetect.d.ts.map +1 -1
package/dist/autodetect.js +639 -0
package/dist/bias.d.ts +130 -0
package/dist/bias.d.ts.map +1 -0
package/dist/bias.js +223 -0
package/dist/cli/diagnostics.d.ts +5 -1
package/dist/cli/diagnostics.d.ts.map +1 -1
package/dist/cli/diagnostics.js +23 -6
package/dist/cli/doctor.d.ts +25 -0
package/dist/cli/doctor.d.ts.map +1 -0
package/dist/cli/doctor.js +381 -0
package/dist/cli/fix.d.ts +16 -0
package/dist/cli/fix.d.ts.map +1 -0
package/dist/cli/fix.js +284 -0
package/dist/cli/init.d.ts +57 -0
package/dist/cli/init.d.ts.map +1 -0
package/dist/cli/init.js +205 -0
package/dist/cli.js +1564 -177
package/dist/complianceConsolidation.d.ts +17 -0
package/dist/complianceConsolidation.d.ts.map +1 -0
package/dist/complianceConsolidation.js +68 -0
package/dist/complianceTargets.d.ts +111 -0
package/dist/complianceTargets.d.ts.map +1 -0
package/dist/complianceTargets.js +521 -0
package/dist/config.d.ts +261 -16
package/dist/config.d.ts.map +1 -1
package/dist/config.js +381 -32
package/dist/config_migrations.d.ts.map +1 -1
package/dist/config_migrations.js +38 -1
package/dist/config_schema.d.ts +2490 -1035
package/dist/config_schema.d.ts.map +1 -1
package/dist/config_schema.js +233 -64
package/dist/context.d.ts +34 -0
package/dist/context.d.ts.map +1 -1
package/dist/context.js +118 -7
package/dist/control_backbone.d.ts +128 -0
package/dist/control_backbone.d.ts.map +1 -0
package/dist/control_backbone.js +826 -0
package/dist/data-governance.d.ts +187 -0
package/dist/data-governance.d.ts.map +1 -0
package/dist/data-governance.js +424 -0
package/dist/dataResidency.d.ts +44 -0
package/dist/dataResidency.d.ts.map +1 -0
package/dist/dataResidency.js +203 -0
package/dist/dispatcher.d.ts.map +1 -1
package/dist/dispatcher.js +17 -5
package/dist/evidence_store.d.ts +103 -0
package/dist/evidence_store.d.ts.map +1 -0
package/dist/evidence_store.js +459 -0
package/dist/executiveSummary.d.ts +15 -0
package/dist/executiveSummary.d.ts.map +1 -1
package/dist/executiveSummary.js +135 -22
package/dist/identity.d.ts +143 -0
package/dist/identity.d.ts.map +1 -0
package/dist/identity.js +231 -0
package/dist/impact-assessment.d.ts +350 -0
package/dist/impact-assessment.d.ts.map +1 -0
package/dist/impact-assessment.js +580 -0
package/dist/index.d.ts +21 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +254 -5
package/dist/instrumentation.d.ts +1 -1
package/dist/instrumentation.d.ts.map +1 -1
package/dist/instrumentation.js +123 -22
package/dist/integrations/anthropic.d.ts +3 -0
package/dist/integrations/anthropic.d.ts.map +1 -1
package/dist/integrations/anthropic.js +282 -80
package/dist/integrations/governance.d.ts +33 -0
package/dist/integrations/governance.d.ts.map +1 -0
package/dist/integrations/governance.js +208 -0
package/dist/integrations/langchain.d.ts +4 -0
package/dist/integrations/langchain.d.ts.map +1 -1
package/dist/integrations/langchain.js +362 -142
package/dist/integrations/openai.d.ts +9 -0
package/dist/integrations/openai.d.ts.map +1 -1
package/dist/integrations/openai.js +673 -73
package/dist/iso42001_consolidation.d.ts +16 -0
package/dist/iso42001_consolidation.d.ts.map +1 -0
package/dist/iso42001_consolidation.js +413 -0
package/dist/iso42001_workflows.d.ts +263 -0
package/dist/iso42001_workflows.d.ts.map +1 -0
package/dist/iso42001_workflows.js +781 -0
package/dist/lifecycle.d.ts +299 -0
package/dist/lifecycle.d.ts.map +1 -0
package/dist/lifecycle.js +624 -0
package/dist/lineage.d.ts +2 -2
package/dist/lineage.d.ts.map +1 -1
package/dist/lineage.js +9 -16
package/dist/middleware/express.d.ts.map +1 -1
package/dist/middleware/express.js +18 -3
package/dist/middleware/nextjs.js +2 -2
package/dist/model.d.ts +143 -0
package/dist/model.d.ts.map +1 -0
package/dist/model.js +371 -0
package/dist/onboarding.d.ts +42 -0
package/dist/onboarding.d.ts.map +1 -0
package/dist/onboarding.js +1075 -0
package/dist/oversight.d.ts +264 -0
package/dist/oversight.d.ts.map +1 -0
package/dist/oversight.js +497 -0
package/dist/presets.js +7 -7
package/dist/quotas.d.ts +171 -0
package/dist/quotas.d.ts.map +1 -0
package/dist/quotas.js +259 -0
package/dist/register.d.ts +13 -0
package/dist/register.d.ts.map +1 -0
package/dist/register.js +99 -0
package/dist/registry.d.ts +1 -0
package/dist/registry.d.ts.map +1 -1
package/dist/registry.js +7 -0
package/dist/registryData.json +43 -6
package/dist/report.d.ts +2 -1
package/dist/report.d.ts.map +1 -1
package/dist/report.js +189 -2
package/dist/reporting.d.ts +125 -0
package/dist/reporting.d.ts.map +1 -1
package/dist/reporting.js +192 -2
package/dist/resources.d.ts +285 -0
package/dist/resources.d.ts.map +1 -0
package/dist/resources.js +643 -0
package/dist/risk.d.ts +120 -0
package/dist/risk.d.ts.map +1 -0
package/dist/risk.js +220 -0
package/dist/runtime.d.ts +74 -0
package/dist/runtime.d.ts.map +1 -1
package/dist/runtime.js +416 -18
package/dist/schemaInference.d.ts +92 -0
package/dist/schemaInference.d.ts.map +1 -0
package/dist/schemaInference.js +466 -0
package/dist/schema_validation.js +2 -2
package/dist/schemas/config.schema.json +118 -4
package/dist/security_report.js +4 -4
package/dist/signing.d.ts +1 -1
package/dist/signing.d.ts.map +1 -1
package/dist/signing.js +4 -0
package/dist/sinks/file.d.ts +19 -1
package/dist/sinks/file.d.ts.map +1 -1
package/dist/sinks/file.js +82 -13
package/dist/sinks/https.d.ts +10 -0
package/dist/sinks/https.d.ts.map +1 -1
package/dist/sinks/https.js +76 -16
package/dist/sinks/stdout.d.ts +1 -0
package/dist/sinks/stdout.d.ts.map +1 -1
package/dist/sinks/stdout.js +12 -1
package/dist/spec.d.ts +159 -0
package/dist/spec.d.ts.map +1 -0
package/dist/spec.js +391 -0
package/dist/stakeholders.d.ts +199 -0
package/dist/stakeholders.d.ts.map +1 -0
package/dist/stakeholders.js +398 -0
package/dist/standards.d.ts.map +1 -1
package/dist/standards.js +160 -2
package/dist/standards_ingest.d.ts.map +1 -1
package/dist/standards_ingest.js +1 -4
package/dist/telemetry.d.ts +16 -2
package/dist/telemetry.d.ts.map +1 -1
package/dist/telemetry.js +77 -14
package/dist/templates/controls/gdpr_control_catalog.json +261 -0
package/dist/templates/controls/iso42001_control_catalog.json +1443 -0
package/dist/templates/controls/soc2_control_catalog.json +163 -0
package/dist/templates/standards/iso42001_claims.json +72 -0
package/dist/traced_emitter.d.ts.map +1 -1
package/dist/traced_emitter.js +19 -9
package/dist/trust_package.d.ts +20 -1
package/dist/trust_package.d.ts.map +1 -1
package/dist/trust_package.js +90 -2
package/dist/verify.d.ts.map +1 -1
package/dist/verify.js +9 -2
package/dist/wal.d.ts.map +1 -1
package/dist/wal.js +2 -1
package/package.json +14 -1
package/scripts/postinstall.js +105 -210
package/templates/controls/gdpr_control_catalog.json +261 -0
package/templates/controls/iso42001_control_catalog.json +1443 -0
package/templates/controls/soc2_control_catalog.json +163 -0
package/templates/standards/iso42001_claims.json +72 -0

package/dist/templates/controls/iso42001_control_catalog.json ADDED Viewed

@@ -0,0 +1,1443 @@
+{
+  "catalog_id": "iso42001_gap_catalog_monora",
+  "standard": "ISO42001",
+  "version": "0.1.0",
+  "generated_at": "2026-02-04T03:59:55.952311+00:00",
+  "notes": "Generated from docs/iso42001_gap_matrix.csv. Coverage levels represent current SDK/collector capabilities and missing governance evidence for ISO/IEC 42001 reporting.",
+  "controls": [
+    {
+      "control_id": "A.2.2",
+      "clause": "A",
+      "title": "AI policy documented",
+      "requirement": "AI policy documented",
+      "guidance": "Policy document lifecycle and approval",
+      "evidence_types": [
+        "documented_information",
+        "policy_document"
+      ],
+      "frequency": "annual",
+      "owner": "AI Governance Lead",
+      "system": "governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "policy_document"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Policy document lifecycle and approval",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.2.3",
+      "clause": "A",
+      "title": "AI policy aligned with org policies",
+      "requirement": "AI policy aligned with org policies",
+      "guidance": "Cross-policy mapping and approvals",
+      "evidence_types": [
+        "documented_information",
+        "policy_document"
+      ],
+      "frequency": "annual",
+      "owner": "AI Governance Lead",
+      "system": "governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "policy_document"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Cross-policy mapping and approvals",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.2.4",
+      "clause": "A",
+      "title": "AI policy reviewed periodically",
+      "requirement": "AI policy reviewed periodically",
+      "guidance": "Review records and schedule",
+      "evidence_types": [
+        "documented_information",
+        "review_minutes"
+      ],
+      "frequency": "annual",
+      "owner": "AI Governance Lead",
+      "system": "governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "review_minutes"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Review records and schedule",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.3.2",
+      "clause": "A",
+      "title": "Roles/responsibilities for AI defined",
+      "requirement": "Roles/responsibilities for AI defined",
+      "guidance": "RACI + governance assignments",
+      "evidence_types": [
+        "documented_information",
+        "role_responsibility_matrix"
+      ],
+      "frequency": "annual",
+      "owner": "Compliance Lead",
+      "system": "governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "role_responsibility_matrix"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "RACI + governance assignments",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.3.3",
+      "clause": "A",
+      "title": "Process to report AI concerns",
+      "requirement": "Process to report AI concerns",
+      "guidance": "Reporting channel and workflow",
+      "evidence_types": [
+        "documented_information",
+        "concern_reporting_records"
+      ],
+      "frequency": "annual",
+      "owner": "Compliance Lead",
+      "system": "governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "concern_reporting_records"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Reporting channel and workflow",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.4.2",
+      "clause": "A",
+      "title": "Resource documentation",
+      "requirement": "Resource documentation",
+      "guidance": "Full resource inventory (data/tooling/compute/human)",
+      "evidence_types": [
+        "documented_information",
+        "iam_policy_snapshot",
+        "resource_inventory",
+        "data_governance_records"
+      ],
+      "frequency": "quarterly",
+      "owner": "Platform Security Lead",
+      "system": "resource_management",
+      "automated_check": [
+        "collector_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "iam_policy_snapshot"
+      ],
+      "missing_evidence": [
+        "resource_inventory",
+        "data_governance_records"
+      ],
+      "current_evidence_note": "AWS/GCP IAM snapshots; system configs",
+      "missing_evidence_note": "Full resource inventory (data/tooling/compute/human)",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.4.3",
+      "clause": "A",
+      "title": "Data resources documented",
+      "requirement": "Data resources documented",
+      "guidance": "Data inventory and ownership",
+      "evidence_types": [
+        "documented_information",
+        "resource_inventory",
+        "data_governance_records"
+      ],
+      "frequency": "quarterly",
+      "owner": "Data Governance Lead",
+      "system": "data_governance",
+      "automated_check": [
+        "sdk_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "resource_inventory",
+        "data_governance_records"
+      ],
+      "current_evidence_note": "Monora data handling config",
+      "missing_evidence_note": "Data inventory and ownership",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.4.4",
+      "clause": "A",
+      "title": "Tooling resources documented",
+      "requirement": "Tooling resources documented",
+      "guidance": "Tooling inventory and lifecycle",
+      "evidence_types": [
+        "documented_information",
+        "identity_and_mfa_report",
+        "repository_configuration_export",
+        "workflow_configuration_export",
+        "resource_inventory"
+      ],
+      "frequency": "quarterly",
+      "owner": "Platform Engineering Lead",
+      "system": "tooling_governance",
+      "automated_check": [
+        "collector_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "identity_and_mfa_report",
+        "repository_configuration_export",
+        "workflow_configuration_export"
+      ],
+      "missing_evidence": [
+        "resource_inventory"
+      ],
+      "current_evidence_note": "GitHub/Jira/Okta/AWS/GCP evidence",
+      "missing_evidence_note": "Tooling inventory and lifecycle",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.4.5",
+      "clause": "A",
+      "title": "System/compute resources documented",
+      "requirement": "System/compute resources documented",
+      "guidance": "Compute inventory and configs",
+      "evidence_types": [
+        "documented_information",
+        "iam_policy_snapshot",
+        "resource_inventory"
+      ],
+      "frequency": "quarterly",
+      "owner": "Cloud Security Lead",
+      "system": "cloud_governance",
+      "automated_check": [
+        "collector_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "iam_policy_snapshot"
+      ],
+      "missing_evidence": [
+        "resource_inventory"
+      ],
+      "current_evidence_note": "AWS/GCP IAM snapshots",
+      "missing_evidence_note": "Compute inventory and configs",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.4.6",
+      "clause": "A",
+      "title": "Human resources/competence documented",
+      "requirement": "Human resources/competence documented",
+      "guidance": "Training records and competency evidence",
+      "evidence_types": [
+        "documented_information",
+        "identity_and_mfa_report",
+        "training_and_competency_records"
+      ],
+      "frequency": "annual",
+      "owner": "People Ops Lead",
+      "system": "workforce_governance",
+      "automated_check": [
+        "collector_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "identity_and_mfa_report"
+      ],
+      "missing_evidence": [
+        "training_and_competency_records"
+      ],
+      "current_evidence_note": "Okta MFA coverage sample",
+      "missing_evidence_note": "Training records and competency evidence",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.5.2",
+      "clause": "A",
+      "title": "Impact assessment process",
+      "requirement": "Impact assessment process",
+      "guidance": "Defined impact assessment process",
+      "evidence_types": [
+        "documented_information",
+        "impact_assessment_report"
+      ],
+      "frequency": "quarterly",
+      "owner": "Responsible AI Lead",
+      "system": "risk_impact",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "impact_assessment_report"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Defined impact assessment process",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.5.3",
+      "clause": "A",
+      "title": "Impact assessment documentation",
+      "requirement": "Impact assessment documentation",
+      "guidance": "Assessment records and retention",
+      "evidence_types": [
+        "documented_information"
+      ],
+      "frequency": "quarterly",
+      "owner": "Responsible AI Lead",
+      "system": "risk_impact",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "assessment_records",
+        "retention_policies"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Assessment records and retention",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.5.4",
+      "clause": "A",
+      "title": "Impact on individuals/groups assessed",
+      "requirement": "Impact on individuals/groups assessed",
+      "guidance": "Impact analysis artifacts",
+      "evidence_types": [
+        "documented_information",
+        "impact_assessment_report"
+      ],
+      "frequency": "quarterly",
+      "owner": "Responsible AI Lead",
+      "system": "risk_impact",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "impact_assessment_report"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Impact analysis artifacts",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.5.5",
+      "clause": "A",
+      "title": "Societal impacts assessed",
+      "requirement": "Societal impacts assessed",
+      "guidance": "Societal impact analysis",
+      "evidence_types": [
+        "documented_information",
+        "impact_assessment_report"
+      ],
+      "frequency": "quarterly",
+      "owner": "Responsible AI Lead",
+      "system": "risk_impact",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "impact_assessment_report"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Societal impact analysis",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.6.1.2",
+      "clause": "A",
+      "title": "Objectives for responsible development",
+      "requirement": "Objectives for responsible development",
+      "guidance": "Objectives and linkage to risks",
+      "evidence_types": [
+        "documented_information",
+        "objectives_register"
+      ],
+      "frequency": "per_release",
+      "owner": "AI Engineering Lead",
+      "system": "ai_lifecycle",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "objectives_register"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Objectives and linkage to risks",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.6.1.3",
+      "clause": "A",
+      "title": "Responsible design/development processes",
+      "requirement": "Responsible design/development processes",
+      "guidance": "SDLC controls and evidence",
+      "evidence_types": [
+        "documented_information",
+        "sdlc_control_evidence"
+      ],
+      "frequency": "per_release",
+      "owner": "AI Engineering Lead",
+      "system": "ai_lifecycle",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "sdlc_control_evidence"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "SDLC controls and evidence",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.6.2.2",
+      "clause": "A",
+      "title": "Requirements/specification documented",
+      "requirement": "Requirements/specification documented",
+      "guidance": "Requirements docs and traceability",
+      "evidence_types": [
+        "documented_information",
+        "requirements_specification",
+        "stakeholder_documentation"
+      ],
+      "frequency": "per_release",
+      "owner": "AI Engineering Lead",
+      "system": "ai_lifecycle",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "requirements_specification",
+        "stakeholder_documentation"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Requirements docs and traceability",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.6.2.4",
+      "clause": "A",
+      "title": "Verification/validation criteria",
+      "requirement": "Verification/validation criteria",
+      "guidance": "Formal V&V plans and results",
+      "evidence_types": [
+        "documented_information",
+        "policy_configuration",
+        "verification_validation_evidence"
+      ],
+      "frequency": "per_release",
+      "owner": "AI Engineering Lead",
+      "system": "ai_lifecycle",
+      "automated_check": [
+        "sdk_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "policy_configuration"
+      ],
+      "missing_evidence": [
+        "verification_validation_evidence"
+      ],
+      "current_evidence_note": "Monora policy violations, completeness checks",
+      "missing_evidence_note": "Formal V&V plans and results",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.6.2.5",
+      "clause": "A",
+      "title": "Deployment plan documented",
+      "requirement": "Deployment plan documented",
+      "guidance": "Deployment checklists and approvals",
+      "evidence_types": [
+        "documented_information",
+        "deployment_approval_records"
+      ],
+      "frequency": "per_release",
+      "owner": "AI Engineering Lead",
+      "system": "ai_lifecycle",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "deployment_approval_records"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Deployment checklists and approvals",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.6.2.6",
+      "clause": "A",
+      "title": "Operation/monitoring defined",
+      "requirement": "Operation/monitoring defined",
+      "guidance": "Ops plan and maintenance process",
+      "evidence_types": [
+        "documented_information",
+        "event_logs",
+        "telemetry_metrics",
+        "operational_runbook"
+      ],
+      "frequency": "per_release",
+      "owner": "AI Engineering Lead",
+      "system": "ai_lifecycle",
+      "automated_check": [
+        "sdk_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "event_logs",
+        "telemetry_metrics"
+      ],
+      "missing_evidence": [
+        "operational_runbook"
+      ],
+      "current_evidence_note": "Monora event logs + metrics",
+      "missing_evidence_note": "Ops plan and maintenance process",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.6.2.7",
+      "clause": "A",
+      "title": "Technical documentation provided",
+      "requirement": "Technical documentation provided",
+      "guidance": "Docs distribution evidence",
+      "evidence_types": [
+        "documented_information",
+        "stakeholder_documentation"
+      ],
+      "frequency": "per_release",
+      "owner": "AI Engineering Lead",
+      "system": "ai_lifecycle",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "stakeholder_documentation"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Docs distribution evidence",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.6.2.8",
+      "clause": "A",
+      "title": "Event log recording enabled",
+      "requirement": "Event log recording enabled",
+      "guidance": "Monora event logs + hash chain",
+      "evidence_types": [
+        "documented_information",
+        "event_logs",
+        "hash_chain_proof",
+        "continuous_evidence"
+      ],
+      "frequency": "per_release",
+      "owner": "AI Engineering Lead",
+      "system": "ai_lifecycle",
+      "automated_check": [
+        "sdk_evidence_check"
+      ],
+      "collection_method": "automated",
+      "status": "covered",
+      "tags": [
+        "iso42001",
+        "covered",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "event_logs",
+        "hash_chain_proof"
+      ],
+      "missing_evidence": [
+        "role_responsibility_matrix",
+        "contract_terms"
+      ],
+      "current_evidence_note": "Monora event logs + hash chain",
+      "missing_evidence_note": "",
+      "priority": "low"
+    },
+    {
+      "control_id": "A.7.2",
+      "clause": "A",
+      "title": "Data for development documented",
+      "requirement": "Data for development documented",
+      "guidance": "Dataset versioning + evidence",
+      "evidence_types": [
+        "documented_information",
+        "data_governance_records"
+      ],
+      "frequency": "per_release",
+      "owner": "Data Governance Lead",
+      "system": "data_governance",
+      "automated_check": [
+        "sdk_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "data_governance_records"
+      ],
+      "current_evidence_note": "Monora data handling rules",
+      "missing_evidence_note": "Dataset versioning + evidence",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.7.3",
+      "clause": "A",
+      "title": "Data acquisition documented",
+      "requirement": "Data acquisition documented",
+      "guidance": "Data sourcing/consent records",
+      "evidence_types": [
+        "documented_information",
+        "data_governance_records",
+        "data_source_and_consent_log"
+      ],
+      "frequency": "per_release",
+      "owner": "Data Governance Lead",
+      "system": "data_governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "data_governance_records",
+        "data_source_and_consent_log"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Data sourcing/consent records",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.7.4",
+      "clause": "A",
+      "title": "Data quality criteria",
+      "requirement": "Data quality criteria",
+      "guidance": "Data quality checks and metrics",
+      "evidence_types": [
+        "documented_information",
+        "data_governance_records",
+        "data_quality_report"
+      ],
+      "frequency": "per_release",
+      "owner": "Data Governance Lead",
+      "system": "data_governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "data_governance_records",
+        "data_quality_report"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Data quality checks and metrics",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.7.5",
+      "clause": "A",
+      "title": "Data provenance process",
+      "requirement": "Data provenance process",
+      "guidance": "Provenance tracking/lineage",
+      "evidence_types": [
+        "documented_information",
+        "data_lineage_records"
+      ],
+      "frequency": "per_release",
+      "owner": "Data Governance Lead",
+      "system": "data_governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "data_lineage_records"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Provenance tracking/lineage",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.7.6",
+      "clause": "A",
+      "title": "Data preparation criteria",
+      "requirement": "Data preparation criteria",
+      "guidance": "Data prep SOPs",
+      "evidence_types": [
+        "documented_information",
+        "operational_runbook",
+        "data_governance_records",
+        "standard_operating_procedure"
+      ],
+      "frequency": "per_release",
+      "owner": "Data Governance Lead",
+      "system": "data_governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "operational_runbook",
+        "data_governance_records",
+        "standard_operating_procedure"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Data prep SOPs",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.8.2",
+      "clause": "A",
+      "title": "Information to users",
+      "requirement": "Information to users",
+      "guidance": "User disclosures",
+      "evidence_types": [
+        "documented_information",
+        "user_disclosure_artifacts"
+      ],
+      "frequency": "quarterly",
+      "owner": "Compliance Lead",
+      "system": "transparency",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "user_disclosure_artifacts"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "User disclosures",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.8.3",
+      "clause": "A",
+      "title": "Adverse impact reporting",
+      "requirement": "Adverse impact reporting",
+      "guidance": "Reporting channel and triage",
+      "evidence_types": [
+        "documented_information",
+        "concern_reporting_records"
+      ],
+      "frequency": "quarterly",
+      "owner": "Compliance Lead",
+      "system": "transparency",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "concern_reporting_records"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Reporting channel and triage",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.8.4",
+      "clause": "A",
+      "title": "Incident communication plan",
+      "requirement": "Incident communication plan",
+      "guidance": "Incident comms plan",
+      "evidence_types": [
+        "documented_information",
+        "incident_communication_plan"
+      ],
+      "frequency": "quarterly",
+      "owner": "Compliance Lead",
+      "system": "transparency",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "incident_communication_plan"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Incident comms plan",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.8.5",
+      "clause": "A",
+      "title": "Reporting obligations defined",
+      "requirement": "Reporting obligations defined",
+      "guidance": "Regulatory/contract reporting map",
+      "evidence_types": [
+        "documented_information",
+        "regulatory_reporting_matrix"
+      ],
+      "frequency": "quarterly",
+      "owner": "Compliance Lead",
+      "system": "transparency",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "regulatory_reporting_matrix"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Regulatory/contract reporting map",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.9.2",
+      "clause": "A",
+      "title": "Responsible use processes",
+      "requirement": "Responsible use processes",
+      "guidance": "Responsible use SOPs",
+      "evidence_types": [
+        "documented_information",
+        "operational_runbook",
+        "standard_operating_procedure"
+      ],
+      "frequency": "quarterly",
+      "owner": "AI Product Owner",
+      "system": "responsible_use",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "operational_runbook",
+        "standard_operating_procedure"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Responsible use SOPs",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.9.3",
+      "clause": "A",
+      "title": "Objectives for responsible use",
+      "requirement": "Objectives for responsible use",
+      "guidance": "Objectives and monitoring",
+      "evidence_types": [
+        "documented_information",
+        "objectives_register"
+      ],
+      "frequency": "quarterly",
+      "owner": "AI Product Owner",
+      "system": "responsible_use",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "objectives_register"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Objectives and monitoring",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.9.4",
+      "clause": "A",
+      "title": "Intended use enforced",
+      "requirement": "Intended use enforced",
+      "guidance": "Formal intended-use statements",
+      "evidence_types": [
+        "documented_information",
+        "policy_configuration",
+        "intended_use_statement"
+      ],
+      "frequency": "quarterly",
+      "owner": "AI Product Owner",
+      "system": "responsible_use",
+      "automated_check": [
+        "sdk_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "policy_configuration"
+      ],
+      "missing_evidence": [
+        "intended_use_statement"
+      ],
+      "current_evidence_note": "Monora policy allow/deny lists",
+      "missing_evidence_note": "Formal intended-use statements",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.10.1",
+      "clause": "A",
+      "title": "Allocate responsibilities w/ third parties",
+      "requirement": "Allocate responsibilities w/ third parties",
+      "guidance": "Responsibility matrix/contract terms",
+      "evidence_types": [
+        "documented_information"
+      ],
+      "frequency": "annual",
+      "owner": "Vendor Management Lead",
+      "system": "third_party",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "role_responsibility_matrix",
+        "contract_terms"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Responsibility matrix/contract terms",
+      "priority": "high"
+    },
+    {
+      "control_id": "A.10.2",
+      "clause": "A",
+      "title": "Suppliers aligned to responsible AI",
+      "requirement": "Suppliers aligned to responsible AI",
+      "guidance": "Supplier assessment program",
+      "evidence_types": [
+        "documented_information",
+        "vendor_assessment_records",
+        "supplier_due_diligence_records"
+      ],
+      "frequency": "annual",
+      "owner": "Vendor Management Lead",
+      "system": "third_party",
+      "automated_check": [
+        "collector_evidence_check"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "vendor_assessment_records"
+      ],
+      "missing_evidence": [
+        "supplier_due_diligence_records"
+      ],
+      "current_evidence_note": "Vendor management import template",
+      "missing_evidence_note": "Supplier assessment program",
+      "priority": "medium"
+    },
+    {
+      "control_id": "A.10.3",
+      "clause": "A",
+      "title": "Customer expectations aligned",
+      "requirement": "Customer expectations aligned",
+      "guidance": "Customer comms and agreements",
+      "evidence_types": [
+        "documented_information",
+        "customer_requirement_mapping"
+      ],
+      "frequency": "quarterly",
+      "owner": "Customer Success Lead",
+      "system": "customer_governance",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "customer_requirement_mapping"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Customer comms and agreements",
+      "priority": "high"
+    },
+    {
+      "control_id": "Clause4",
+      "clause": "Clause4",
+      "title": "Context of organization",
+      "requirement": "Context of organization",
+      "guidance": "Formal context analysis + scope",
+      "evidence_types": [
+        "documented_information",
+        "organizational_context_assessment"
+      ],
+      "frequency": "annual",
+      "owner": "Compliance Lead",
+      "system": "aims_context",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "organizational_context_assessment"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Formal context analysis + scope",
+      "priority": "critical"
+    },
+    {
+      "control_id": "Clause5",
+      "clause": "Clause5",
+      "title": "Leadership commitment",
+      "requirement": "Leadership commitment",
+      "guidance": "Leadership approvals + policy artifacts",
+      "evidence_types": [
+        "documented_information",
+        "policy_document",
+        "leadership_commitment_records"
+      ],
+      "frequency": "annual",
+      "owner": "Executive Sponsor",
+      "system": "aims_leadership",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "policy_document",
+        "leadership_commitment_records"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Leadership approvals + policy artifacts",
+      "priority": "critical"
+    },
+    {
+      "control_id": "Clause6",
+      "clause": "Clause6",
+      "title": "Planning risks/opportunities",
+      "requirement": "Planning risks/opportunities",
+      "guidance": "Formal risk/impact plans",
+      "evidence_types": [
+        "documented_information",
+        "risk_signal_report",
+        "impact_assessment_report"
+      ],
+      "frequency": "quarterly",
+      "owner": "Risk Lead",
+      "system": "aims_planning",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "risk_signal_report"
+      ],
+      "missing_evidence": [
+        "impact_assessment_report"
+      ],
+      "current_evidence_note": "Risk signals from logs",
+      "missing_evidence_note": "Formal risk/impact plans",
+      "priority": "critical"
+    },
+    {
+      "control_id": "Clause7",
+      "clause": "Clause7",
+      "title": "Support/competence/docs",
+      "requirement": "Support/competence/docs",
+      "guidance": "Training + document control",
+      "evidence_types": [
+        "documented_information",
+        "training_and_competency_records"
+      ],
+      "frequency": "annual",
+      "owner": "People Ops Lead",
+      "system": "aims_support",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "training_and_competency_records"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Training + document control",
+      "priority": "critical"
+    },
+    {
+      "control_id": "Clause8",
+      "clause": "Clause8",
+      "title": "Operational planning/control",
+      "requirement": "Operational planning/control",
+      "guidance": "Operational SOPs",
+      "evidence_types": [
+        "documented_information",
+        "runtime_observability_report",
+        "operational_runbook",
+        "standard_operating_procedure"
+      ],
+      "frequency": "quarterly",
+      "owner": "AI Operations Lead",
+      "system": "aims_operation",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "hybrid",
+      "status": "partial",
+      "tags": [
+        "iso42001",
+        "partial",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "runtime_observability_report"
+      ],
+      "missing_evidence": [
+        "operational_runbook",
+        "standard_operating_procedure"
+      ],
+      "current_evidence_note": "Runtime logging/telemetry",
+      "missing_evidence_note": "Operational SOPs",
+      "priority": "critical"
+    },
+    {
+      "control_id": "Clause9",
+      "clause": "Clause9",
+      "title": "Performance evaluation",
+      "requirement": "Performance evaluation",
+      "guidance": "Internal audits + management reviews",
+      "evidence_types": [
+        "documented_information",
+        "telemetry_metrics",
+        "review_minutes",
+        "internal_audit_report",
+        "management_review_minutes"
+      ],
+      "frequency": "quarterly",
+      "owner": "Internal Audit Lead",
+      "system": "aims_evaluation",
+      "automated_check": [
+        "sdk_evidence_check",
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [
+        "telemetry_metrics"
+      ],
+      "missing_evidence": [
+        "review_minutes",
+        "internal_audit_report",
+        "management_review_minutes"
+      ],
+      "current_evidence_note": "Monora metrics",
+      "missing_evidence_note": "Internal audits + management reviews",
+      "priority": "critical"
+    },
+    {
+      "control_id": "Clause10",
+      "clause": "Clause10",
+      "title": "Improvement/CAPA",
+      "requirement": "Improvement/CAPA",
+      "guidance": "Corrective action workflow",
+      "evidence_types": [
+        "documented_information",
+        "corrective_action_log"
+      ],
+      "frequency": "quarterly",
+      "owner": "Compliance Lead",
+      "system": "aims_improvement",
+      "automated_check": [
+        "manual_attestation"
+      ],
+      "collection_method": "manual",
+      "status": "gap",
+      "tags": [
+        "iso42001",
+        "gap",
+        "gap_matrix"
+      ],
+      "current_evidence": [],
+      "missing_evidence": [
+        "corrective_action_log"
+      ],
+      "current_evidence_note": "",
+      "missing_evidence_note": "Corrective action workflow",
+      "priority": "critical"
+    }
+  ]
+}