arckit-cli 6.1.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (482) hide show
  1. arckit_cli/__init__.py +1120 -0
  2. arckit_cli-6.1.1.data/data/share/arckit/.arckit/memory/sessions.md +293 -0
  3. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/RENDERING.md +22 -0
  4. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/document-control-uae.md +20 -0
  5. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/document-control-uk.md +16 -0
  6. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/adm-preliminary-template.md +135 -0
  7. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/adr-template.md +588 -0
  8. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-design-template.md +390 -0
  9. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-governance-template.md +90 -0
  10. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-integration-template.md +159 -0
  11. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-inventory-template.md +108 -0
  12. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-maturity-template.md +388 -0
  13. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-security-template.md +213 -0
  14. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/analysis-report-template.md +323 -0
  15. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/application-inventory-template.md +221 -0
  16. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-board-template.md +194 -0
  17. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-change-template.md +205 -0
  18. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-diagram-template.md +610 -0
  19. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-principles-template.md +632 -0
  20. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-repository-template.md +107 -0
  21. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-strategy-template.md +666 -0
  22. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-bvergg-template.md +252 -0
  23. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-dsgvo-template.md +354 -0
  24. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-nisg-template.md +236 -0
  25. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-aescsf-template.md +189 -0
  26. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ai-assurance-template.md +243 -0
  27. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-disp-attestation-template.md +297 -0
  28. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-dss-template.md +302 -0
  29. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-e8-posture-template.md +377 -0
  30. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-energy-compliance-template.md +189 -0
  31. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ism-controls-template.md +462 -0
  32. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ndb-playbook-template.md +288 -0
  33. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ot-security-template.md +204 -0
  34. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-pia-template.md +394 -0
  35. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-pspf-template.md +380 -0
  36. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-soci-cirmp-template.md +206 -0
  37. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/aws-research-template.md +605 -0
  38. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/azure-research-template.md +559 -0
  39. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/backlog-template.md +465 -0
  40. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-aia-template.md +206 -0
  41. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-atip-template.md +192 -0
  42. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-charter-template.md +190 -0
  43. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-cloud-residency-template.md +173 -0
  44. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-fitaa-template.md +156 -0
  45. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-gc-digital-standards-template.md +208 -0
  46. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-itsg-33-template.md +228 -0
  47. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-ocap-template.md +205 -0
  48. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-ola-template.md +171 -0
  49. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-pia-template.md +193 -0
  50. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-pspc-template.md +214 -0
  51. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-soia-template.md +219 -0
  52. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/capability-map-template.md +125 -0
  53. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/competitors-template.md +113 -0
  54. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/conformance-assessment-template.md +507 -0
  55. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-mesh-contract-template.md +851 -0
  56. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-model-template.md +1043 -0
  57. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-source-profile-template.md +80 -0
  58. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/datascout-template.md +546 -0
  59. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/devops-template.md +961 -0
  60. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dfd-template.md +161 -0
  61. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dld-review-template.md +427 -0
  62. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dos-requirements-template.md +506 -0
  63. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dpia-template.md +1200 -0
  64. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-ai-act-template.md +227 -0
  65. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-cra-template.md +176 -0
  66. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-data-act-template.md +175 -0
  67. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-dora-template.md +197 -0
  68. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-dsa-template.md +183 -0
  69. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-nis2-template.md +196 -0
  70. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-rgpd-template.md +198 -0
  71. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/evaluation-criteria-template.md +719 -0
  72. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/finops-template.md +662 -0
  73. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-algorithme-public-template.md +162 -0
  74. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-anssi-carto-template.md +196 -0
  75. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-anssi-template.md +190 -0
  76. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-code-reuse-template.md +190 -0
  77. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-dinum-template.md +195 -0
  78. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-dr-template.md +187 -0
  79. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-ebios-template.md +209 -0
  80. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-irn-template.md +311 -0
  81. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-marche-public-template.md +178 -0
  82. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-pssi-template.md +270 -0
  83. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-rgpd-template.md +195 -0
  84. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-secnumcloud-template.md +188 -0
  85. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/framework-overview-template.md +247 -0
  86. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gap-analysis-template.md +198 -0
  87. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcloud-clarify-template.md +340 -0
  88. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcloud-requirements-template.md +370 -0
  89. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcp-research-template.md +585 -0
  90. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/glossary-template.md +117 -0
  91. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-code-search-template.md +213 -0
  92. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-landscape-template.md +271 -0
  93. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-reuse-template.md +214 -0
  94. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/grants-template.md +131 -0
  95. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/hld-review-template.md +760 -0
  96. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/jsp-936-template.md +1394 -0
  97. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/maturity-model-template.md +297 -0
  98. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/mlops-template.md +720 -0
  99. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/mod-secure-by-design-template.md +784 -0
  100. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/operationalize-template.md +1016 -0
  101. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/pages-template.html +5121 -0
  102. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/platform-design-template.md +1610 -0
  103. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/presentation-template.md +270 -0
  104. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/principles-compliance-assessment-template.md +389 -0
  105. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/project-plan-template.md +421 -0
  106. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/rationalization-template.md +208 -0
  107. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/requirements-template.md +1026 -0
  108. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/research-findings-template.md +939 -0
  109. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/risk-register-template.md +883 -0
  110. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/roadmap-template.md +787 -0
  111. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/service-assessment-prep-template.md +448 -0
  112. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/servicenow-design-template.md +273 -0
  113. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/sobc-template.md +1127 -0
  114. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/sow-template.md +785 -0
  115. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/stakeholder-drivers-template.md +493 -0
  116. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/story-template.md +889 -0
  117. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tcop-review-template.md +593 -0
  118. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tech-note-template.md +59 -0
  119. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tenders-template.md +124 -0
  120. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/traceability-matrix-template.md +360 -0
  121. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/transition-architecture-template.md +286 -0
  122. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ai-autonomy-tier-template.md +97 -0
  123. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ai-charter-template.md +81 -0
  124. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-classification-template.md +86 -0
  125. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-cloud-residency-template.md +136 -0
  126. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-data-sharing-template.md +105 -0
  127. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-digital-records-template.md +97 -0
  128. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ias-template.md +109 -0
  129. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-pdpl-template.md +105 -0
  130. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-priorities-alignment-template.md +99 -0
  131. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-procurement-template.md +115 -0
  132. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-uaepass-template.md +129 -0
  133. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-zero-bureaucracy-template.md +85 -0
  134. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-consumer-duty-board-report-template.md +49 -0
  135. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-consumer-duty-template.md +362 -0
  136. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-ctp-dependency-register-template.md +24 -0
  137. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-ctp-dependency-template.md +321 -0
  138. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-safeguarding-reconciliation-template.md +77 -0
  139. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-safeguarding-template.md +348 -0
  140. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-sca-rts-exemption-matrix-template.md +47 -0
  141. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-sca-rts-template.md +273 -0
  142. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-gov-ai-playbook-template.md +942 -0
  143. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-gov-atrs-template.md +1087 -0
  144. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-mdr-classification-template.md +307 -0
  145. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-case-template.md +214 -0
  146. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-hazard-template.md +217 -0
  147. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-safety-template.md +78 -0
  148. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-template.md +13 -0
  149. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-case-template.md +207 -0
  150. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-hazard-template.md +290 -0
  151. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-safety-template.md +81 -0
  152. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-template.md +13 -0
  153. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dtac-template.md +341 -0
  154. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ukgov-secure-by-design-template.md +1031 -0
  155. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-ai-impact-template.md +212 -0
  156. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-ai-rmf-template.md +232 -0
  157. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fedramp-readiness-template.md +209 -0
  158. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fedramp-ssp-template.md +352 -0
  159. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fisma-categorization-template.md +145 -0
  160. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-icam-template.md +216 -0
  161. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-nist-800-53-template.md +222 -0
  162. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-privacy-pia-template.md +191 -0
  163. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-sbom-eo-14028-template.md +253 -0
  164. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-zero-trust-template.md +234 -0
  165. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/vendor-profile-template.md +88 -0
  166. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/vendor-scoring-template.md +332 -0
  167. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-climate-template.md +269 -0
  168. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-doctrine-template.md +299 -0
  169. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-gameplay-template.md +346 -0
  170. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-map-template.md +587 -0
  171. arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-value-chain-template.md +256 -0
  172. arckit_cli-6.1.1.data/data/share/arckit/CHANGELOG.md +3554 -0
  173. arckit_cli-6.1.1.data/data/share/arckit/VERSION +1 -0
  174. arckit_cli-6.1.1.data/data/share/arckit/docs/DEPENDENCY-MATRIX.md +929 -0
  175. arckit_cli-6.1.1.data/data/share/arckit/docs/README.md +322 -0
  176. arckit_cli-6.1.1.data/data/share/arckit/docs/WORKFLOW-DIAGRAMS.md +1088 -0
  177. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/adm-preliminary.md +72 -0
  178. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/adr.md +60 -0
  179. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-design.md +71 -0
  180. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-governance.md +61 -0
  181. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-integration.md +59 -0
  182. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-inventory.md +60 -0
  183. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-maturity.md +84 -0
  184. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-security.md +63 -0
  185. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ai-playbook.md +103 -0
  186. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/analyze.md +57 -0
  187. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/application-inventory.md +71 -0
  188. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/application-rationalization.md +71 -0
  189. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-board.md +60 -0
  190. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-change.md +73 -0
  191. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-repository.md +62 -0
  192. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/artifact-health.md +228 -0
  193. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-bvergg.md +86 -0
  194. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-dsgvo.md +75 -0
  195. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-nisg.md +94 -0
  196. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/atrs.md +98 -0
  197. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-aescsf.md +45 -0
  198. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ai-assurance.md +84 -0
  199. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-disp-attestation.md +90 -0
  200. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-dss.md +76 -0
  201. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-e8-posture.md +73 -0
  202. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-energy-compliance.md +47 -0
  203. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-federal-overlay.md +199 -0
  204. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ism-controls.md +78 -0
  205. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ndb-playbook.md +80 -0
  206. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ot-security.md +39 -0
  207. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-pia.md +72 -0
  208. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-pspf.md +81 -0
  209. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-soci-cirmp.md +40 -0
  210. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/autoresearch.md +334 -0
  211. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/aws-research.md +160 -0
  212. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/azure-research.md +157 -0
  213. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/backlog.md +58 -0
  214. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/build.md +132 -0
  215. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/business-capability-map.md +68 -0
  216. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/business-case.md +68 -0
  217. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/c4-layout-science.md +280 -0
  218. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-aia.md +81 -0
  219. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-atip.md +79 -0
  220. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-charter.md +81 -0
  221. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-cloud-residency.md +91 -0
  222. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-fitaa.md +81 -0
  223. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-gc-digital-standards.md +93 -0
  224. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-itsg-33.md +80 -0
  225. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-ocap.md +91 -0
  226. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-ola.md +80 -0
  227. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-pia.md +83 -0
  228. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-pspc.md +96 -0
  229. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-soia.md +87 -0
  230. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/codes-of-practice.md +154 -0
  231. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/competitors.md +202 -0
  232. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/conformance.md +153 -0
  233. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/create.md +61 -0
  234. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/custom-commands.md +236 -0
  235. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/customize.md +108 -0
  236. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-mesh-contract.md +239 -0
  237. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-model.md +69 -0
  238. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-quality-framework.md +118 -0
  239. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/datascout.md +162 -0
  240. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/declaration.md +59 -0
  241. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/design-review.md +66 -0
  242. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/devops.md +96 -0
  243. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dfd.md +187 -0
  244. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/diagram.md +118 -0
  245. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dld-review.md +102 -0
  246. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dos.md +109 -0
  247. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dpia.md +80 -0
  248. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/enterprise-scale.md +260 -0
  249. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-ai-act.md +82 -0
  250. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-cra.md +90 -0
  251. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-data-act.md +85 -0
  252. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-dora.md +83 -0
  253. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-dsa.md +85 -0
  254. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-nis2.md +82 -0
  255. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-rgpd.md +76 -0
  256. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/evaluate.md +115 -0
  257. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/export-okf.md +70 -0
  258. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/finops.md +117 -0
  259. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-algorithme-public.md +86 -0
  260. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-anssi-carto.md +69 -0
  261. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-anssi.md +79 -0
  262. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-code-reuse.md +86 -0
  263. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-dinum.md +83 -0
  264. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-dr.md +88 -0
  265. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-ebios.md +84 -0
  266. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-irn.md +103 -0
  267. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-marche-public.md +94 -0
  268. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-pssi.md +87 -0
  269. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-rgpd.md +75 -0
  270. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-secnumcloud.md +80 -0
  271. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/framework.md +234 -0
  272. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gap-analysis.md +70 -0
  273. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-clarify.md +108 -0
  274. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-competitors.md +61 -0
  275. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-search.md +106 -0
  276. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcp-research.md +169 -0
  277. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/glossary.md +190 -0
  278. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-code-search.md +119 -0
  279. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-landscape.md +114 -0
  280. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-reuse.md +112 -0
  281. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/govs-007-security.md +93 -0
  282. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/grants.md +106 -0
  283. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/graph-report.md +77 -0
  284. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/health.md +234 -0
  285. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/hld-review.md +110 -0
  286. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/hooks.md +121 -0
  287. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/impact.md +68 -0
  288. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/import-okf.md +67 -0
  289. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/init.md +159 -0
  290. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/jsp-936.md +60 -0
  291. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/knowledge-compounding.md +140 -0
  292. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/maturity-model.md +186 -0
  293. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mcp-servers.md +329 -0
  294. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/migration.md +333 -0
  295. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mlops.md +126 -0
  296. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mod-secure.md +124 -0
  297. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/national-data-strategy.md +115 -0
  298. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/navigator.md +86 -0
  299. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/operationalize.md +143 -0
  300. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pages.md +227 -0
  301. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pinecone-mcp.md +128 -0
  302. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/plan.md +66 -0
  303. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/platform-design.md +600 -0
  304. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/presentation.md +137 -0
  305. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pricing.md +62 -0
  306. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/principles-compliance.md +63 -0
  307. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/principles.md +55 -0
  308. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/procurement.md +57 -0
  309. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/productivity.md +217 -0
  310. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/remote-control.md +151 -0
  311. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/requirements.md +61 -0
  312. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/research.md +65 -0
  313. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/review.md +61 -0
  314. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/risk-management.md +70 -0
  315. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/risk.md +132 -0
  316. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roadmap.md +58 -0
  317. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/README.md +68 -0
  318. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/business-analyst.md +70 -0
  319. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/business-architect.md +70 -0
  320. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/cdo.md +59 -0
  321. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/ciso.md +61 -0
  322. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/cto-cdio.md +59 -0
  323. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/data-architect.md +68 -0
  324. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/data-governance-manager.md +59 -0
  325. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/delivery-manager.md +63 -0
  326. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/devops-engineer.md +55 -0
  327. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/enterprise-architect.md +84 -0
  328. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/it-service-manager.md +55 -0
  329. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/network-architect.md +58 -0
  330. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/performance-analyst.md +67 -0
  331. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/product-manager.md +62 -0
  332. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/security-architect.md +78 -0
  333. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/service-owner.md +58 -0
  334. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/solution-architect.md +75 -0
  335. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/technical-architect.md +68 -0
  336. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/score.md +91 -0
  337. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot1.md +61 -0
  338. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot2.md +62 -0
  339. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot3.md +62 -0
  340. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/search.md +71 -0
  341. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/secure.md +181 -0
  342. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/security-hooks.md +200 -0
  343. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/security.md +62 -0
  344. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/service-assessment.md +47 -0
  345. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/service-design.md +71 -0
  346. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/servicenow.md +152 -0
  347. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/session-memory.md +100 -0
  348. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sobc.md +129 -0
  349. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sow.md +125 -0
  350. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/stakeholder-analysis.md +51 -0
  351. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/stakeholders.md +138 -0
  352. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/start.md +276 -0
  353. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/story.md +61 -0
  354. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/strategy.md +211 -0
  355. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/submission-pack.md +72 -0
  356. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/supplier-profile.md +70 -0
  357. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/tcop.md +124 -0
  358. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/template-builder.md +125 -0
  359. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/tenders.md +193 -0
  360. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/testing-plugin-branches.md +79 -0
  361. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/traceability.md +58 -0
  362. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/transition-architecture.md +69 -0
  363. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/trello.md +139 -0
  364. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ai-autonomy-tier.md +84 -0
  365. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ai-charter.md +89 -0
  366. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-classification.md +73 -0
  367. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-cloud-residency.md +84 -0
  368. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-data-sharing.md +84 -0
  369. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-digital-records.md +71 -0
  370. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ias.md +93 -0
  371. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-overlay-maintenance.md +154 -0
  372. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-overlay.md +208 -0
  373. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-pdpl.md +73 -0
  374. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-priorities-alignment.md +82 -0
  375. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-procurement.md +71 -0
  376. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-uaepass.md +83 -0
  377. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-zero-bureaucracy.md +80 -0
  378. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-consumer-duty.md +178 -0
  379. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-ctp-dependency.md +181 -0
  380. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-payments-overlay.md +216 -0
  381. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-safeguarding.md +176 -0
  382. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-sca-rts.md +164 -0
  383. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/ai-playbook.md +56 -0
  384. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/algorithmic-transparency.md +44 -0
  385. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/digital-marketplace.md +55 -0
  386. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/secure-by-design.md +51 -0
  387. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/standards-map.md +108 -0
  388. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/technology-code-of-practice.md +63 -0
  389. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-mdr-classification.md +59 -0
  390. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-mod/secure-by-design.md +54 -0
  391. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-clinical-safety-overlay.md +214 -0
  392. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dcb0129.md +64 -0
  393. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dcb0160.md +62 -0
  394. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dtac.md +55 -0
  395. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/upgrading.md +130 -0
  396. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-ai-impact.md +71 -0
  397. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-ai-rmf.md +70 -0
  398. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-federal-overlay.md +111 -0
  399. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fedramp-readiness.md +69 -0
  400. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fedramp-ssp.md +71 -0
  401. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fisma-categorization.md +68 -0
  402. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-icam.md +70 -0
  403. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-nist-800-53.md +70 -0
  404. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-privacy-pia.md +74 -0
  405. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-sbom-eo-14028.md +71 -0
  406. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-zero-trust.md +68 -0
  407. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-climate.md +122 -0
  408. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-doctrine.md +120 -0
  409. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-gameplay.md +123 -0
  410. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-value-chain.md +130 -0
  411. arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley.md +173 -0
  412. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/.agents/plugins/marketplace.json +20 -0
  413. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/README.md +325 -0
  414. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/VERSION +1 -0
  415. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/docs/DEPENDENCY-MATRIX.md +616 -0
  416. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/arckit-codex-hook.mjs +1270 -0
  417. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-inject.mjs +1497 -0
  418. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-rollups.mjs +247 -0
  419. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-utils.mjs +363 -0
  420. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/hook-utils.mjs +383 -0
  421. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/hooks.json +80 -0
  422. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/okf-frontmatter.mjs +279 -0
  423. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/project-context-builder.mjs +168 -0
  424. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/sync-guides.mjs +1120 -0
  425. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/README.md +68 -0
  426. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/VERSION +1 -0
  427. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/docs/DEPENDENCY-MATRIX.md +616 -0
  428. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/LICENSE +21 -0
  429. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/README.md +65 -0
  430. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/VERSION +1 -0
  431. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/docs/DEPENDENCY-MATRIX.md +616 -0
  432. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/opencode.json +25 -0
  433. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/.mcp.json +63 -0
  434. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/LICENSE +26 -0
  435. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/README.md +407 -0
  436. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/VERSION +1 -0
  437. arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/vibe-config.toml +62 -0
  438. arckit_cli-6.1.1.data/data/share/arckit/scripts/README.md +680 -0
  439. arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/000-global/ARC-000-PRIN-v1.0.md +120 -0
  440. arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/001-test-project/ARC-001-STKE-v1.0.md +100 -0
  441. arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/001-test-project/README.md +15 -0
  442. arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/program-selfharness.md +748 -0
  443. arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/program.md +269 -0
  444. arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/check-prerequisites.sh +250 -0
  445. arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/common.sh +359 -0
  446. arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/create-project.sh +408 -0
  447. arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/generate-document-id.sh +146 -0
  448. arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/list-projects.sh +359 -0
  449. arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/migrate-filenames.sh +553 -0
  450. arckit_cli-6.1.1.data/data/share/arckit/scripts/bump-version.sh +293 -0
  451. arckit_cli-6.1.1.data/data/share/arckit/scripts/check_doctype_collisions.py +30 -0
  452. arckit_cli-6.1.1.data/data/share/arckit/scripts/check_recipes.py +94 -0
  453. arckit_cli-6.1.1.data/data/share/arckit/scripts/check_references.py +144 -0
  454. arckit_cli-6.1.1.data/data/share/arckit/scripts/convert_vibe_agents.py +198 -0
  455. arckit_cli-6.1.1.data/data/share/arckit/scripts/convert_vibe_skills.py +499 -0
  456. arckit_cli-6.1.1.data/data/share/arckit/scripts/converter.py +2002 -0
  457. arckit_cli-6.1.1.data/data/share/arckit/scripts/create-sdg-repo.py +820 -0
  458. arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-arckit-architecture-hero.py +317 -0
  459. arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-arckit-hero.py +278 -0
  460. arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-release-notes.sh +112 -0
  461. arckit_cli-6.1.1.data/data/share/arckit/scripts/managed-agents/README.md +105 -0
  462. arckit_cli-6.1.1.data/data/share/arckit/scripts/managed-agents/arckit-agent.py +418 -0
  463. arckit_cli-6.1.1.data/data/share/arckit/scripts/push-extensions.sh +424 -0
  464. arckit_cli-6.1.1.data/data/share/arckit/scripts/python/apply_doc_control_marker.py +50 -0
  465. arckit_cli-6.1.1.data/data/share/arckit/scripts/python/common.py +288 -0
  466. arckit_cli-6.1.1.data/data/share/arckit/scripts/python/create-project.py +373 -0
  467. arckit_cli-6.1.1.data/data/share/arckit/scripts/python/generate-document-id.py +96 -0
  468. arckit_cli-6.1.1.data/data/share/arckit/scripts/python/list-projects.py +238 -0
  469. arckit_cli-6.1.1.data/data/share/arckit/scripts/python/migrate_classification.py +94 -0
  470. arckit_cli-6.1.1.data/data/share/arckit/scripts/render-brand-pngs.py +72 -0
  471. arckit_cli-6.1.1.data/data/share/arckit/scripts/standardise-colon.py +128 -0
  472. arckit_cli-6.1.1.data/data/share/arckit/scripts/sync-claude-plugin-layout.py +159 -0
  473. arckit_cli-6.1.1.data/data/share/arckit/scripts/sync-shared-assets.py +132 -0
  474. arckit_cli-6.1.1.data/data/share/arckit/scripts/tag-plugins.sh +65 -0
  475. arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-doc-types-dual-registration.mjs +57 -0
  476. arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-fde-templates.mjs +100 -0
  477. arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-regime-registration.mjs +65 -0
  478. arckit_cli-6.1.1.dist-info/METADATA +1966 -0
  479. arckit_cli-6.1.1.dist-info/RECORD +482 -0
  480. arckit_cli-6.1.1.dist-info/WHEEL +4 -0
  481. arckit_cli-6.1.1.dist-info/entry_points.txt +2 -0
  482. arckit_cli-6.1.1.dist-info/licenses/LICENSE +26 -0
@@ -0,0 +1,1200 @@
1
+ # Data Protection Impact Assessment (DPIA)
2
+
3
+ > **Template Origin**: Official | **ArcKit Version**: [VERSION] | **Command**: `/arckit:dpia`
4
+
5
+ ## Document Control
6
+
7
+ <!-- DOC-CONTROL-HEADER -->
8
+ <!-- Resolved at command-execution time to _partials/document-control-uk.md or _partials/document-control-uae.md based on plugin userConfig classification_scheme + governance_framework. See _partials/RENDERING.md (when present). -->
9
+
10
+ ## Revision History
11
+
12
+ | Version | Date | Author | Changes | Approved By | Approval Date |
13
+ |---------|------|--------|---------|-------------|---------------|
14
+ | [VERSION] | [DATE] | ArcKit AI | Initial creation from `/arckit.[COMMAND]` command | [PENDING] | [PENDING] |
15
+
16
+ ## Executive Summary
17
+
18
+ **Processing Activity**: [ACTIVITY_NAME]
19
+
20
+ **DPIA Outcome**: [LOW/MEDIUM/HIGH] residual risk to data subjects
21
+
22
+ **Approval Status**: [APPROVED/APPROVED WITH CONDITIONS/REJECTED/PENDING]
23
+
24
+ **Key Findings**:
25
+
26
+ - [Finding 1]
27
+ - [Finding 2]
28
+ - [Finding 3]
29
+
30
+ **Recommendation**: [Proceed/Do not proceed/Proceed with conditions]
31
+
32
+ **ICO Consultation Required**: [YES/NO]
33
+
34
+ ---
35
+
36
+ ## 1. DPIA Screening Assessment
37
+
38
+ ### 1.1 Screening Criteria (ICO's 9 Criteria)
39
+
40
+ | # | Criterion | YES/NO | Evidence |
41
+ |---|-----------|--------|----------|
42
+ | 1 | **Evaluation or scoring** including profiling and predicting (e.g., credit scoring, marketing preferences, location data, loyalty programs) | [YES/NO] | [Evidence from requirements/data model] |
43
+ | 2 | **Automated decision-making with legal or similarly significant effect** (e.g., automatic refusal of credit, e-recruiting without human intervention) | [YES/NO] | [Evidence] |
44
+ | 3 | **Systematic monitoring** of data subjects (e.g., CCTV, tracking, monitoring employee productivity/health, location tracking) | [YES/NO] | [Evidence] |
45
+ | 4 | **Sensitive data or data of highly personal nature** (special category data: race, health, biometric, genetic; criminal offence data; children's data) | [YES/NO] | [Evidence from data model PII analysis] |
46
+ | 5 | **Processing on a large scale** (consider: number of data subjects, volume of data, duration, geographical extent) | [YES/NO] | [Evidence - N data subjects, N records, N years] |
47
+ | 6 | **Matching or combining datasets** from different sources in ways data subjects wouldn't reasonably expect | [YES/NO] | [Evidence - list data sources] |
48
+ | 7 | **Data concerning vulnerable data subjects** (children, elderly, patients, employees, asylum seekers, those lacking capacity) | [YES/NO] | [Evidence - list vulnerable groups] |
49
+ | 8 | **Innovative use or application of new technological or organisational solutions** (AI/ML, blockchain, IoT, biometrics, facial recognition) | [YES/NO] | [Evidence - list technologies] |
50
+ | 9 | **Processing that prevents data subjects from exercising a right or using a service/contract** (e.g., cannot opt out, no access to data, blocking from service) | [YES/NO] | [Evidence] |
51
+
52
+ **Screening Score**: [N]/9 criteria met
53
+
54
+ ### 1.2 DPIA Necessity Decision
55
+
56
+ **Decision**: [DPIA REQUIRED / DPIA RECOMMENDED / DPIA NOT REQUIRED]
57
+
58
+ **Rationale**:
59
+
60
+ - If ≥2 criteria met → DPIA REQUIRED
61
+ - If processing involves special category data at scale → DPIA REQUIRED
62
+ - If innovative technology with unknown risks → DPIA REQUIRED
63
+ - [Specific rationale based on screening results]
64
+
65
+ **Decision Authority**: [NAME, ROLE]
66
+
67
+ **Decision Date**: [DATE]
68
+
69
+ ---
70
+
71
+ ## 2. Description of Processing
72
+
73
+ ### 2.1 Nature of Processing
74
+
75
+ **What operations are being performed?**
76
+
77
+ - [ ] Collection
78
+ - [ ] Recording
79
+ - [ ] Organisation
80
+ - [ ] Structuring
81
+ - [ ] Storage
82
+ - [ ] Adaptation/alteration
83
+ - [ ] Retrieval
84
+ - [ ] Consultation
85
+ - [ ] Use
86
+ - [ ] Disclosure by transmission
87
+ - [ ] Dissemination
88
+ - [ ] Alignment/combination
89
+ - [ ] Restriction
90
+ - [ ] Erasure/destruction
91
+
92
+ **Processing Method**:
93
+
94
+ - [ ] Automated processing
95
+ - [ ] Manual processing
96
+ - [ ] Combination of automated and manual
97
+
98
+ **Profiling Involved**: [YES/NO]
99
+
100
+ - If YES, describe profiling activities: [DESCRIPTION]
101
+
102
+ **Automated Decision-Making**: [YES/NO]
103
+
104
+ - If YES, describe: [DESCRIPTION]
105
+ - Human oversight: [YES/NO - describe how]
106
+
107
+ ### 2.2 Scope of Processing
108
+
109
+ #### What data are we processing?
110
+
111
+ **Personal Data Categories** (from Data Model):
112
+
113
+ | Entity ID | Entity Name | Data Categories | Special Category? | PII Level |
114
+ |-----------|-------------|-----------------|-------------------|-----------|
115
+ | E-001 | [Entity Name] | Name, email, address | NO | HIGH |
116
+ | E-002 | [Entity Name] | Health records | YES (Article 9) | VERY HIGH |
117
+ | ... | ... | ... | ... | ... |
118
+
119
+ **Total Data Items**: [N] personal data fields across [M] entities
120
+
121
+ **Special Category Data**: [YES/NO]
122
+
123
+ - If YES: Race/ethnicity, Political opinions, Religious beliefs, Trade union membership, Genetic data, Biometric data, Health data, Sex life/orientation, Criminal convictions
124
+
125
+ **Children's Data**: [YES/NO]
126
+
127
+ - If YES: Age range [AGE_RANGE], volume [N children]
128
+
129
+ #### Whose data are we processing?
130
+
131
+ **Data Subject Categories** (from Stakeholder Analysis):
132
+
133
+ | Data Subject Type | Description | Volume | Vulnerable? |
134
+ |-------------------|-------------|--------|-------------|
135
+ | [Type 1] | [Description] | [N individuals] | [YES/NO] |
136
+ | [Type 2] | [Description] | [N individuals] | [YES/NO] |
137
+ | ... | ... | ... | ... |
138
+
139
+ **Total Data Subjects**: Approximately [N] individuals
140
+
141
+ **Vulnerable Groups**: [List any vulnerable populations]
142
+
143
+ #### How much data?
144
+
145
+ **Volume Metrics**:
146
+
147
+ - **Records**: [N] records
148
+ - **Data subjects**: [N] individuals
149
+ - **Storage size**: [N GB/TB]
150
+ - **Transaction rate**: [N] per day/month
151
+ - **Geographic scope**: [UK-wide / Regional / Local / International]
152
+
153
+ **Scale Classification**: [Small scale / Large scale]
154
+
155
+ - Small scale: Fewer than 10,000 data subjects, limited geographic area, low volume
156
+ - Large scale: ≥10,000 data subjects, or national/international scope, or high volume
157
+
158
+ #### How long are we keeping it?
159
+
160
+ **Retention Periods** (from Data Model):
161
+
162
+ | Data Type | Retention Period | Legal Basis for Retention | Deletion Method |
163
+ |-----------|------------------|---------------------------|-----------------|
164
+ | [Data Type 1] | [N years] | [Legal requirement / Business need] | [Secure deletion / Anonymization] |
165
+ | [Data Type 2] | [N years] | [Legal requirement / Business need] | [Secure deletion / Anonymization] |
166
+
167
+ **Maximum Retention**: [N] years
168
+
169
+ **Automated Deletion**: [YES/NO - describe mechanism]
170
+
171
+ ### 2.3 Context of Processing
172
+
173
+ #### Why are we processing this data?
174
+
175
+ **Processing Purpose** (from Requirements):
176
+
177
+ | Requirement ID | Purpose | Stakeholder Goal |
178
+ |----------------|---------|------------------|
179
+ | BR-001 | [Purpose description] | [Goal from stakeholder analysis] |
180
+ | FR-005 | [Purpose description] | [Goal] |
181
+ | ... | ... | ... |
182
+
183
+ **Primary Purpose**: [SUMMARY]
184
+
185
+ **Secondary Purposes**: [List any secondary uses]
186
+
187
+ #### What is the relationship with data subjects?
188
+
189
+ **Relationship Type**:
190
+
191
+ - [ ] Customer/client
192
+ - [ ] Employee
193
+ - [ ] Citizen/public service user
194
+ - [ ] Patient
195
+ - [ ] Student
196
+ - [ ] Supplier/partner
197
+ - [ ] Website visitor
198
+ - [ ] Other: [SPECIFY]
199
+
200
+ **Power Balance**:
201
+
202
+ - [ ] Equal relationship (e.g., commercial transaction)
203
+ - [ ] Imbalanced relationship (e.g., employer-employee, government-citizen)
204
+ - If imbalanced: Describe safeguards to protect data subjects: [SAFEGUARDS]
205
+
206
+ #### How much control do data subjects have?
207
+
208
+ **Control Mechanisms**:
209
+
210
+ - [ ] Consent can be withdrawn
211
+ - [ ] Can opt out of processing
212
+ - [ ] Can access their data (Subject Access Request)
213
+ - [ ] Can correct inaccurate data (rectification)
214
+ - [ ] Can request deletion (right to erasure)
215
+ - [ ] Can object to processing
216
+ - [ ] Can request restriction of processing
217
+ - [ ] Can port data to another controller
218
+ - [ ] Can object to automated decisions
219
+
220
+ **Limitations on Control**: [Describe any limitations and legal basis]
221
+
222
+ #### Would data subjects expect this processing?
223
+
224
+ **Reasonable Expectation Assessment**:
225
+
226
+ - **Transparency**: Are data subjects informed about processing? [YES/NO]
227
+ - **Privacy Notice**: Is a clear privacy notice provided? [YES/NO]
228
+ - **Expectation**: Would an average person in this context expect this processing? [YES/MAYBE/NO]
229
+
230
+ **If unexpected processing**: Describe additional safeguards: [SAFEGUARDS]
231
+
232
+ ### 2.4 Purpose and Benefits
233
+
234
+ #### What do we want to achieve?
235
+
236
+ **Intended Outcomes** (from Stakeholder Goals):
237
+
238
+ | Stakeholder Goal | Processing Contribution | Measurable Benefit |
239
+ |------------------|------------------------|-------------------|
240
+ | [Goal G-001] | [How processing supports this] | [Quantifiable benefit] |
241
+ | [Goal G-002] | [How processing supports this] | [Quantifiable benefit] |
242
+
243
+ **Primary Benefit**: [SUMMARY]
244
+
245
+ #### Who benefits?
246
+
247
+ - [ ] Data subjects (describe: [HOW])
248
+ - [ ] Organisation (describe: [HOW])
249
+ - [ ] Society/public (describe: [HOW])
250
+ - [ ] Third parties (describe: [WHO and HOW])
251
+
252
+ ---
253
+
254
+ ## 3. Consultation
255
+
256
+ ### 3.1 Data Protection Officer (DPO) Consultation
257
+
258
+ **DPO Name**: [DPO_NAME]
259
+
260
+ **Date Consulted**: [DATE]
261
+
262
+ **DPO Advice**:
263
+
264
+ - [Advice point 1]
265
+ - [Advice point 2]
266
+ - [Advice point 3]
267
+
268
+ **DPO Recommendations**:
269
+
270
+ - [Recommendation 1]
271
+ - [Recommendation 2]
272
+
273
+ **How DPO Advice Addressed**: [SUMMARY]
274
+
275
+ ### 3.2 Data Subject Consultation
276
+
277
+ **Consultation Method**:
278
+
279
+ - [ ] Survey
280
+ - [ ] Focus groups
281
+ - [ ] Public consultation
282
+ - [ ] User testing
283
+ - [ ] Privacy notice + feedback mechanism
284
+ - [ ] Not consulted (explain why: [REASON])
285
+
286
+ **Date(s) Consulted**: [DATE_RANGE]
287
+
288
+ **Number of Respondents**: [N] data subjects
289
+
290
+ **Key Feedback Received**:
291
+
292
+ 1. [Feedback theme 1] - [N responses]
293
+ 2. [Feedback theme 2] - [N responses]
294
+ 3. [Feedback theme 3] - [N responses]
295
+
296
+ **Concerns Raised**:
297
+
298
+ - [Concern 1]
299
+ - [Concern 2]
300
+
301
+ **How Feedback Addressed**:
302
+
303
+ - [Action taken for concern 1]
304
+ - [Action taken for concern 2]
305
+
306
+ ### 3.3 Stakeholder Consultation
307
+
308
+ **Stakeholders Consulted** (from Stakeholder RACI):
309
+
310
+ | Stakeholder | Role | Date Consulted | Feedback Summary |
311
+ |-------------|------|----------------|------------------|
312
+ | [Stakeholder 1] | [Role from RACI] | [DATE] | [Feedback] |
313
+ | [Stakeholder 2] | [Role from RACI] | [DATE] | [Feedback] |
314
+
315
+ **Key Stakeholder Concerns**:
316
+
317
+ - [Concern 1]
318
+ - [Concern 2]
319
+
320
+ **Resolution**: [How concerns addressed]
321
+
322
+ ---
323
+
324
+ ## 4. Necessity and Proportionality Assessment
325
+
326
+ ### 4.1 Lawful Basis Assessment
327
+
328
+ **Primary Lawful Basis** (GDPR Article 6):
329
+
330
+ - [ ] **(a) Consent** - Data subject has given clear consent for processing for a specific purpose
331
+ - Evidence of consent: [DESCRIBE mechanism]
332
+ - Freely given, specific, informed, unambiguous: [YES/NO]
333
+ - Withdrawal mechanism: [DESCRIBE]
334
+
335
+ - [ ] **(b) Contract** - Processing is necessary to perform a contract with the data subject or to take steps to enter into a contract
336
+ - Contract type: [DESCRIBE]
337
+ - How processing is necessary: [EXPLAIN]
338
+
339
+ - [ ] **(c) Legal obligation** - Processing is necessary to comply with the law
340
+ - Legal obligation: [CITE specific law/regulation]
341
+ - Compliance requirement: [DESCRIBE]
342
+
343
+ - [ ] **(d) Vital interests** - Processing is necessary to protect someone's life
344
+ - Vital interest scenario: [DESCRIBE]
345
+
346
+ - [ ] **(e) Public task** - Processing is necessary to perform a task in the public interest or for official functions
347
+ - Public task: [DESCRIBE statutory function]
348
+ - Statutory basis: [CITE legislation]
349
+
350
+ - [ ] **(f) Legitimate interests** - Processing is necessary for legitimate interests, except where overridden by data subject rights
351
+ - Legitimate interest: [DESCRIBE]
352
+ - Balancing test completed: [YES] (see Section 4.4)
353
+ - Interests do not override data subject rights: [ASSESSMENT]
354
+
355
+ **Justification for Chosen Basis**: [DETAILED EXPLANATION]
356
+
357
+ ### 4.2 Special Category Data Basis (Article 9)
358
+
359
+ **Applicable**: [YES/NO]
360
+
361
+ If YES, select condition(s):
362
+
363
+ - [ ] **(a) Explicit consent** for specific purpose
364
+ - [ ] **(b) Employment/social security/social protection law**
365
+ - [ ] **(c) Vital interests** (data subject physically/legally incapable of consent)
366
+ - [ ] **(d) Legitimate activities** of foundation/association/non-profit (with safeguards)
367
+ - [ ] **(e) Data manifestly made public** by data subject
368
+ - [ ] **(f) Legal claims** or judicial acts
369
+ - [ ] **(g) Substantial public interest** (with UK law basis)
370
+ - [ ] **(h) Health/social care** (with health professional or statutory obligation)
371
+ - [ ] **(i) Public health**
372
+ - [ ] **(j) Archiving/research/statistics** (with safeguards)
373
+
374
+ **UK DPA 2018 Schedule 1 Condition**: [CITE specific condition if using (g)]
375
+
376
+ **Justification**: [DETAILED EXPLANATION]
377
+
378
+ ### 4.3 Necessity Assessment
379
+
380
+ **Is processing necessary to achieve the purpose?**
381
+
382
+ | Question | Answer | Justification |
383
+ |----------|--------|---------------|
384
+ | Can we achieve the purpose without processing personal data? | [YES/NO] | [If NO, explain why personal data is essential] |
385
+ | Can we achieve the purpose with less personal data? | [YES/NO] | [If NO, explain why all data items are necessary] |
386
+ | Can we achieve the purpose with less intrusive processing? | [YES/NO] | [If NO, explain why current methods are least intrusive] |
387
+ | Can we achieve the purpose by processing data for less time? | [YES/NO] | [If NO, explain retention necessity] |
388
+
389
+ **Necessity Conclusion**: Processing is [NECESSARY/NOT NECESSARY]
390
+
391
+ **Alternatives Considered**:
392
+
393
+ 1. [Alternative approach 1] - Rejected because: [REASON]
394
+ 2. [Alternative approach 2] - Rejected because: [REASON]
395
+
396
+ ### 4.4 Proportionality Assessment
397
+
398
+ **Is the processing proportionate to the purpose?**
399
+
400
+ **Data Minimization**:
401
+
402
+ - [ ] We only collect data that is adequate for the purpose
403
+ - [ ] We only collect data that is relevant for the purpose
404
+ - [ ] We do not collect excessive data
405
+ - Evidence: [List data items and justify each]
406
+
407
+ **Proportionality Factors**:
408
+
409
+ | Factor | Assessment | Score (1-5) |
410
+ |--------|------------|-------------|
411
+ | Severity of intrusion into private life | [Low/Medium/High] | [Score] |
412
+ | Benefits to data subjects | [Low/Medium/High] | [Score] |
413
+ | Benefits to organisation | [Low/Medium/High] | [Score] |
414
+ | Benefits to society | [Low/Medium/High] | [Score] |
415
+ | Reasonable alternatives exist | [Yes/No] | [Score] |
416
+
417
+ **Proportionality Conclusion**: Processing is [PROPORTIONATE/NOT PROPORTIONATE]
418
+
419
+ **Justification**: [DETAILED BALANCING EXPLANATION]
420
+
421
+ ---
422
+
423
+ ## 5. Risk Assessment to Data Subjects
424
+
425
+ **CRITICAL**: Assess risks to **individuals' rights and freedoms**, NOT organisational risks.
426
+
427
+ ### 5.1 Risk Identification
428
+
429
+ **Risk Categories to Consider**:
430
+
431
+ - Physical harm (safety, health risks)
432
+ - Material damage (financial loss, fraud, identity theft, discrimination affecting employment/services)
433
+ - Non-material damage (distress, anxiety, reputational damage, loss of confidentiality, loss of control over personal data, discrimination, disadvantage)
434
+
435
+ ### 5.2 Inherent Risks (Before Mitigation)
436
+
437
+ | Risk ID | Risk Description | Impact on Data Subjects | Likelihood | Severity | Risk Level | Risk Source |
438
+ |---------|------------------|-------------------------|------------|----------|------------|-------------|
439
+ | DPIA-001 | Unauthorised access to [data type] | [Description of harm to individuals] | [Low/Medium/High] | [Low/Medium/High/Very High] | [LOW/MEDIUM/HIGH/VERY HIGH] | Security vulnerability |
440
+ | DPIA-002 | Data breach exposing [data type] | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | [Source] |
441
+ | DPIA-003 | Inaccurate data leading to wrong decisions | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | Data quality |
442
+ | DPIA-004 | Excessive data retention | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | Retention policy |
443
+ | DPIA-005 | Third party misuse of data | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | Third party failure |
444
+ | DPIA-006 | Algorithmic bias/discrimination (if AI/ML) | [Description of harm to protected groups] | [Likelihood] | [Severity] | [Risk Level] | Algorithm design |
445
+ | DPIA-007 | Re-identification of anonymized data | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | De-anonymization attack |
446
+ | DPIA-008 | Function creep (use for unintended purposes) | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | Mission creep |
447
+
448
+ **Likelihood Scale**:
449
+
450
+ - **Low**: Unlikely to occur (0-33% chance)
451
+ - **Medium**: May occur (34-66% chance)
452
+ - **High**: Likely to occur (67-100% chance)
453
+
454
+ **Severity Scale** (Impact on Individuals):
455
+
456
+ - **Low**: Minimal or no impact; temporary inconvenience
457
+ - **Medium**: Significant inconvenience or distress; some financial loss; minor reputational impact
458
+ - **High**: Serious consequences; significant financial loss; significant reputational damage; psychological harm
459
+ - **Very High**: Irreversible harm; severe financial loss; severe psychological trauma; physical safety risk
460
+
461
+ **Risk Level Matrix**:
462
+
463
+ | | Low Severity | Medium Severity | High Severity | Very High Severity |
464
+ |------------|-------------|-----------------|---------------|-------------------|
465
+ | **Low Likelihood** | LOW | LOW | MEDIUM | HIGH |
466
+ | **Medium Likelihood** | LOW | MEDIUM | HIGH | VERY HIGH |
467
+ | **High Likelihood** | MEDIUM | HIGH | VERY HIGH | VERY HIGH |
468
+
469
+ ### 5.3 Detailed Risk Analysis
470
+
471
+ **DPIA-001: [Risk Title]**
472
+
473
+ **Description**: [Detailed description of what could go wrong]
474
+
475
+ **Data Subjects Affected**: [Which groups/how many individuals]
476
+
477
+ **Harm to Individuals**:
478
+
479
+ - Physical: [Describe physical harm, if any]
480
+ - Material: [Describe financial/material harm, if any]
481
+ - Non-material: [Describe distress/reputational/discrimination harm, if any]
482
+
483
+ **Likelihood Analysis**: [Why is this likely/unlikely to happen?]
484
+
485
+ **Severity Analysis**: [Why would the impact be low/medium/high/very high?]
486
+
487
+ **Existing Controls**: [What controls are already in place, if any?]
488
+
489
+ [Repeat for each identified risk]
490
+
491
+ ---
492
+
493
+ ## 6. Mitigation Measures
494
+
495
+ ### 6.1 Technical Measures
496
+
497
+ **Data Security**:
498
+
499
+ - [ ] **Encryption at rest** - [Specify: AES-256, database encryption, disk encryption]
500
+ - [ ] **Encryption in transit** - [Specify: TLS 1.3, VPN, secure protocols]
501
+ - [ ] **Pseudonymization** - [Describe: tokenization, hashing, key management]
502
+ - [ ] **Anonymization** - [Describe: k-anonymity, differential privacy, aggregation]
503
+ - [ ] **Access controls** - [Specify: RBAC, least privilege, MFA, SSO]
504
+ - [ ] **Audit logging** - [Specify: what is logged, retention period, monitoring]
505
+ - [ ] **Data masking** - [Describe: field-level masking, dynamic masking]
506
+ - [ ] **Secure deletion** - [Describe: cryptographic erasure, overwriting, destruction]
507
+
508
+ **Data Minimization**:
509
+
510
+ - [ ] **Collection limitation** - Only collect necessary data fields
511
+ - [ ] **Storage limitation** - Automated deletion after retention period
512
+ - [ ] **Processing limitation** - Restrict processing to stated purposes
513
+ - [ ] **Disclosure limitation** - Share only with authorized parties
514
+
515
+ **Technical Safeguards for AI/ML** (if applicable):
516
+
517
+ - [ ] **Bias testing** - Regular testing for discriminatory outcomes
518
+ - [ ] **Model explainability** - LIME, SHAP, or other interpretability tools
519
+ - [ ] **Human oversight** - Human review of automated decisions
520
+ - [ ] **Fairness metrics** - Demographic parity, equal opportunity, calibration
521
+
522
+ **Privacy-Enhancing Technologies**:
523
+
524
+ - [ ] **Differential privacy** for statistical analysis
525
+ - [ ] **Homomorphic encryption** for computation on encrypted data
526
+ - [ ] **Secure multi-party computation** for collaborative analysis
527
+ - [ ] **Zero-knowledge proofs** for verification without disclosure
528
+
529
+ ### 6.2 Organisational Measures
530
+
531
+ **Policies and Procedures**:
532
+
533
+ - [ ] **Privacy Policy** - Clear, accessible privacy notice for data subjects
534
+ - [ ] **Data Protection Policy** - Internal policy for staff
535
+ - [ ] **Retention and Disposal Policy** - Defined retention periods and deletion procedures
536
+ - [ ] **Data Breach Response Plan** - 72-hour notification to ICO, data subject notification
537
+ - [ ] **Data Subject Rights Procedures** - SAR, rectification, erasure, portability processes
538
+
539
+ **Training and Awareness**:
540
+
541
+ - [ ] **Staff training** - GDPR awareness, privacy principles, secure handling
542
+ - [ ] **Role-specific training** - Additional training for those with data access
543
+ - [ ] **Regular refresher training** - Frequency: [SPECIFY]
544
+
545
+ **Vendor Management**:
546
+
547
+ - [ ] **Data Processing Agreements (DPAs)** - Contracts with all processors
548
+ - [ ] **Vendor due diligence** - Security and privacy assessments before engagement
549
+ - [ ] **Regular audits** - Annual audits of processor compliance
550
+ - [ ] **Data transfer safeguards** - SCCs for international transfers
551
+
552
+ **Governance**:
553
+
554
+ - [ ] **Data Protection Officer (DPO)** - DPO appointed and accessible
555
+ - [ ] **Privacy by Design** - Privacy built into system design from the start
556
+ - [ ] **Privacy by Default** - Strictest privacy settings by default
557
+ - [ ] **Regular reviews** - DPIA reviewed every [N] months or on significant change
558
+
559
+ **Data Subject Rights Facilitation**:
560
+
561
+ - [ ] **Subject Access Request (SAR) process** - Response within 1 month
562
+ - [ ] **Rectification process** - Mechanism to correct inaccurate data
563
+ - [ ] **Erasure process** - "Right to be forgotten" implementation
564
+ - [ ] **Portability process** - Export data in machine-readable format
565
+ - [ ] **Objection process** - Mechanism to object to processing
566
+ - [ ] **Restriction process** - Mechanism to restrict processing
567
+
568
+ ### 6.3 Mitigation Mapping
569
+
570
+ **Risk-by-Risk Mitigation**:
571
+
572
+ | Risk ID | Risk Title | Mitigations Applied | Responsibility | Implementation Date |
573
+ |---------|------------|---------------------|----------------|---------------------|
574
+ | DPIA-001 | Unauthorised access | Encryption (AES-256), MFA, RBAC, Audit logging | Security Team | [DATE] |
575
+ | DPIA-002 | Data breach | Encryption, DLP, Incident response plan, Staff training | Security + DPO | [DATE] |
576
+ | DPIA-003 | Inaccurate data | Data validation, Rectification process, Regular audits | Data Steward | [DATE] |
577
+ | DPIA-004 | Excessive retention | Automated deletion, Retention policy, Regular reviews | Data Governance | [DATE] |
578
+ | DPIA-005 | Third party misuse | DPAs, Vendor audits, Limited sharing, Contractual controls | Legal + Procurement | [DATE] |
579
+ | DPIA-006 | Algorithmic bias | Bias testing, Fairness metrics, Human oversight, Diverse training data | Data Science + Ethics Board | [DATE] |
580
+
581
+ ### 6.4 Residual Risk Assessment
582
+
583
+ **Risks After Mitigation**:
584
+
585
+ | Risk ID | Risk Title | Mitigations | Residual Likelihood | Residual Severity | Residual Risk Level | Acceptable? | Justification |
586
+ |---------|------------|-------------|---------------------|-------------------|---------------------|-------------|---------------|
587
+ | DPIA-001 | Unauthorised access | Encryption + MFA + RBAC + Audit logs | Low | Medium | **MEDIUM** | YES | Risk reduced to tolerable level with strong controls |
588
+ | DPIA-002 | Data breach | Encryption + DLP + Incident plan + Training | Low | High | **MEDIUM** | YES | Cannot eliminate entirely; mitigations are industry best practice |
589
+ | DPIA-003 | Inaccurate data | Validation + Rectification + Audits | Medium | Low | **LOW** | YES | Low impact; regular audits catch issues |
590
+ | DPIA-004 | Excessive retention | Automated deletion + Policy | Low | Low | **LOW** | YES | Technical controls ensure compliance |
591
+ | DPIA-005 | Third party misuse | DPAs + Audits + Limited sharing | Low | Medium | **MEDIUM** | YES | Contractual and technical controls in place |
592
+ | DPIA-006 | Algorithmic bias | Bias testing + Fairness + Oversight | Medium | Medium | **MEDIUM** | YES (with monitoring) | Ongoing monitoring and human oversight required |
593
+
594
+ **Overall Residual Risk Level**: [LOW/MEDIUM/HIGH/VERY HIGH]
595
+
596
+ **Acceptability Assessment**:
597
+
598
+ - [ ] All residual risks are LOW or MEDIUM → ACCEPTABLE
599
+ - [ ] Some residual risks are HIGH → ACCEPTABLE WITH CONDITIONS (describe conditions)
600
+ - [ ] Any residual risks are VERY HIGH → NOT ACCEPTABLE (ICO consultation required)
601
+
602
+ **Conditions for Acceptance** (if applicable):
603
+
604
+ 1. [Condition 1]
605
+ 2. [Condition 2]
606
+
607
+ ---
608
+
609
+ ## 7. ICO Prior Consultation
610
+
611
+ **ICO Consultation Required**: [YES/NO]
612
+
613
+ **Trigger**: ICO prior consultation is required if:
614
+
615
+ - Residual risk remains **HIGH** or **VERY HIGH** after mitigation, AND
616
+ - Processing will go ahead despite the high residual risk
617
+
618
+ **ICO Consultation Details** (if required):
619
+
620
+ | Field | Value |
621
+ |-------|-------|
622
+ | ICO Reference Number | [REF-NUMBER] |
623
+ | Consultation Date | [DATE] |
624
+ | ICO Case Officer | [NAME] |
625
+ | ICO Advice Received | [DATE] |
626
+ | ICO Recommendations | [SUMMARY] |
627
+ | ICO Approval | [APPROVED/APPROVED WITH CONDITIONS/NOT APPROVED] |
628
+ | Conditions | [LIST CONDITIONS] |
629
+ | How Conditions Addressed | [SUMMARY] |
630
+
631
+ **ICO Advice Summary**:
632
+
633
+ - [Advice point 1]
634
+ - [Advice point 2]
635
+ - [Advice point 3]
636
+
637
+ ---
638
+
639
+ ## 8. Sign-Off and Approval
640
+
641
+ ### 8.1 DPIA Approval
642
+
643
+ | Role | Name | Decision | Date | Signature |
644
+ |------|------|----------|------|-----------|
645
+ | **Data Protection Officer** | [DPO_NAME] | [Approved/Approved with conditions/Not approved] | [DATE] | [SIGNATURE] |
646
+ | **Data Controller** | [CONTROLLER_NAME] | [Approved/Approved with conditions/Not approved] | [DATE] | [SIGNATURE] |
647
+ | **Senior Responsible Owner** | [SRO_NAME] | [Approved/Approved with conditions/Not approved] | [DATE] | [SIGNATURE] |
648
+
649
+ ### 8.2 Conditions of Approval
650
+
651
+ **Conditions** (if any):
652
+
653
+ 1. [Condition 1]
654
+ 2. [Condition 2]
655
+
656
+ **How Conditions Will Be Met**:
657
+
658
+ - [Action for condition 1] - Responsibility: [NAME] - Due: [DATE]
659
+ - [Action for condition 2] - Responsibility: [NAME] - Due: [DATE]
660
+
661
+ ### 8.3 Final Decision
662
+
663
+ **Decision**: [PROCEED / DO NOT PROCEED / PROCEED WITH CONDITIONS]
664
+
665
+ **Rationale**: [JUSTIFICATION FOR DECISION]
666
+
667
+ **Effective Date**: [DATE processing can commence]
668
+
669
+ ---
670
+
671
+ ## 9. Integration with Information Security Management
672
+
673
+ ### 9.1 Link to Security Controls
674
+
675
+ **Security Assessment Reference**: `projects/{project_id}/ARC-{PROJECT_ID}-SBD-v*.md`
676
+
677
+ **DPIA Mitigations → Security Controls Mapping**:
678
+
679
+ | DPIA Mitigation | Security Control | NCSC CAF Principle | Implementation Status |
680
+ |-----------------|------------------|--------------------|-----------------------|
681
+ | Encryption at rest | Data security (encryption) | A.3 Asset Management | [Implemented/Planned] |
682
+ | Access controls | Identity and access management | B.1 Identity and Access | [Implemented/Planned] |
683
+ | Audit logging | Monitoring and audit | A.1 Governance | [Implemented/Planned] |
684
+ | Staff training | Security awareness | C.1 People | [Implemented/Planned] |
685
+
686
+ **Security Controls Feed into DPIA**: Security controls reduce likelihood of unauthorized access, data breach, and misuse risks.
687
+
688
+ ### 9.2 Link to Risk Register
689
+
690
+ **Risk Register Reference**: `projects/{project_id}/ARC-{PROJECT_ID}-RISK-v*.md`
691
+
692
+ **DPIA Risks to Add to Risk Register**:
693
+
694
+ | DPIA Risk ID | Risk Register ID | Risk Category | Owner | Treatment |
695
+ |--------------|------------------|---------------|-------|-----------|
696
+ | DPIA-001 | RISK-SEC-001 | Technology Risk | CISO | Treat (mitigate) |
697
+ | DPIA-002 | RISK-COMP-001 | Compliance Risk | DPO | Treat (mitigate) |
698
+ | DPIA-006 | RISK-REP-001 | Reputational Risk | CDO | Treat (mitigate) |
699
+
700
+ ---
701
+
702
+ ## 10. Review and Monitoring
703
+
704
+ ### 10.1 Review Triggers
705
+
706
+ **DPIA must be reviewed when**:
707
+
708
+ - [ ] Significant change to processing (new data, new purpose, new systems)
709
+ - [ ] New technology introduced
710
+ - [ ] New risks identified (e.g., new attack vectors, regulatory changes)
711
+ - [ ] Data breach or security incident occurs
712
+ - [ ] ICO guidance changes
713
+ - [ ] Data subjects raise concerns
714
+ - [ ] Periodic review date reached
715
+
716
+ **Periodic Review Frequency**: Every [6/12/24] months
717
+
718
+ ### 10.2 Review Schedule
719
+
720
+ | Review Type | Frequency | Next Review Date | Responsibility |
721
+ |-------------|-----------|------------------|----------------|
722
+ | **Periodic review** | [N] months | [DATE] | DPO |
723
+ | **Post-implementation review** | 3 months after go-live | [DATE] | Enterprise Architect |
724
+ | **Annual review** | Annually | [DATE] | Data Controller |
725
+
726
+ ### 10.3 Monitoring Activities
727
+
728
+ **Ongoing Monitoring**:
729
+
730
+ - [ ] Track number of SARs received and response times
731
+ - [ ] Track data breaches and near-misses
732
+ - [ ] Monitor audit logs for unauthorized access attempts
733
+ - [ ] Review algorithmic bias metrics (if AI/ML)
734
+ - [ ] Review data subject complaints
735
+ - [ ] Track compliance with retention periods
736
+
737
+ **Monitoring Metrics**:
738
+
739
+ | Metric | Target | Measurement Frequency | Responsibility |
740
+ |--------|--------|----------------------|----------------|
741
+ | SAR response time | <1 month | Monthly | DPO |
742
+ | Data breaches | 0 | Continuous | Security Team |
743
+ | Unauthorized access attempts | <10/month | Weekly | Security Team |
744
+ | Algorithmic bias metrics | Fairness ratio >0.8 | Quarterly | Data Science Team |
745
+
746
+ ### 10.4 Change Management
747
+
748
+ **Change Control Process**:
749
+
750
+ 1. Any change to processing must be assessed for DPIA impact
751
+ 2. If change is significant (new data, new purpose, new risk), DPIA must be updated
752
+ 3. Updated DPIA must be re-approved by DPO and Data Controller
753
+ 4. Data subjects must be notified of significant changes
754
+
755
+ **Change Log**:
756
+
757
+ | Change Date | Change Description | DPIA Impact | Updated Sections | Approved By |
758
+ |-------------|-------------------|-------------|------------------|-------------|
759
+ | [DATE] | [Change] | [Significant/Minor/None] | [Sections] | [NAME] |
760
+
761
+ ---
762
+
763
+ ## 11. Traceability to ArcKit Artifacts
764
+
765
+ ### 11.1 Source Artifacts
766
+
767
+ **This DPIA was generated from**:
768
+
769
+ | Artifact | Location | Information Extracted |
770
+ |----------|----------|----------------------|
771
+ | **Architecture Principles** | `projects/000-global/ARC-000-PRIN-v*.md` | Privacy by Design, Data Minimization principles |
772
+ | **Data Model** | `projects/{project_id}/ARC-{PROJECT_ID}-DATA-v*.md` | Entities, PII inventory, special category data, GDPR lawful basis, retention periods |
773
+ | **Requirements** | `projects/{project_id}/ARC-{PROJECT_ID}-REQ-v*.md` | Data requirements (DR-xxx), processing purposes |
774
+ | **Stakeholder Analysis** | `projects/{project_id}/ARC-{PROJECT_ID}-STKE-v*.md` | Data subject categories, vulnerable groups, RACI for data governance roles |
775
+ | **Risk Register** | `projects/{project_id}/ARC-{PROJECT_ID}-RISK-v*.md` | Existing data protection risks |
776
+ | **Secure by Design Assessment** | `projects/{project_id}/ARC-*-SECD-*.md` | Security controls used as DPIA mitigations |
777
+
778
+ ### 11.2 Traceability Matrix: Data → Requirements → DPIA
779
+
780
+ | Data Model Entity | PII Level | DR Requirement | Processing Purpose | DPIA Risk(s) | Lawful Basis |
781
+ |-------------------|-----------|----------------|-------------------|-------------|--------------|
782
+ | E-001: [Entity] | HIGH | DR-001 | [Purpose from requirement] | DPIA-001, DPIA-002 | [Article 6 basis] |
783
+ | E-002: [Entity] | VERY HIGH (Special) | DR-003 | [Purpose] | DPIA-002, DPIA-004 | [Article 6 + Article 9 basis] |
784
+
785
+ ### 11.3 Traceability Matrix: Stakeholder → Data Subject → Rights
786
+
787
+ | Stakeholder | Data Subject Type | Volume | Rights Processes Implemented | Vulnerability Safeguards |
788
+ |-------------|-------------------|--------|------------------------------|--------------------------|
789
+ | [Stakeholder 1] | [Type] | [N] | SAR, Rectification, Erasure | [Safeguards if vulnerable] |
790
+ | [Stakeholder 2] | [Type] | [N] | SAR, Rectification, Erasure, Portability | [Safeguards] |
791
+
792
+ ### 11.4 Downstream Artifacts Informed by DPIA
793
+
794
+ **This DPIA informs**:
795
+
796
+ | Artifact | How DPIA Informs It |
797
+ |----------|---------------------|
798
+ | **Risk Register** | DPIA risks (DPIA-001, etc.) added as data protection/compliance risks |
799
+ | **Secure by Design Assessment** | DPIA mitigations become security control requirements |
800
+ | **Vendor HLD Review** | Vendor design must address DPIA risks and implement mitigations |
801
+ | **Vendor DLD Review** | Detailed technical controls must match DPIA mitigation requirements |
802
+ | **AI Playbook Assessment** | DPIA algorithmic bias findings inform AI ethics assessment |
803
+ | **Service Assessment (GDS)** | DPIA demonstrates Point 5 (data and privacy) compliance |
804
+ | **Procurement (SOW)** | DPIA requirements flow into vendor RFP requirements |
805
+
806
+ ---
807
+
808
+ ## 12. Data Subject Rights Implementation
809
+
810
+ ### 12.1 Rights Checklist
811
+
812
+ **Right of Access (Article 15)**:
813
+
814
+ - [ ] Process implemented: [Describe SAR process]
815
+ - [ ] Response time: Within 1 month (extendable by 2 months if complex)
816
+ - [ ] Identity verification: [Describe verification method]
817
+ - [ ] Information provided: Copy of data, processing purpose, categories, recipients, retention period, rights
818
+ - [ ] Free of charge (unless excessive/unfounded)
819
+
820
+ **Right to Rectification (Article 16)**:
821
+
822
+ - [ ] Process implemented: [Describe rectification process]
823
+ - [ ] Verification: [How accuracy is verified]
824
+ - [ ] Notification: Recipients notified of rectifications
825
+
826
+ **Right to Erasure (Article 17)**:
827
+
828
+ - [ ] Process implemented: [Describe deletion process]
829
+ - [ ] Exceptions: [When erasure cannot be granted - legal obligation, public interest, etc.]
830
+ - [ ] Third parties notified: [Process to notify processors/recipients]
831
+
832
+ **Right to Restriction of Processing (Article 18)**:
833
+
834
+ - [ ] Process implemented: [Describe restriction mechanism]
835
+ - [ ] Technical implementation: [How data is marked/flagged as restricted]
836
+
837
+ **Right to Data Portability (Article 20)**:
838
+
839
+ - [ ] Applicable: [YES/NO - only for automated processing on consent/contract basis]
840
+ - [ ] Process implemented: [Describe export process]
841
+ - [ ] Format: Machine-readable (JSON, CSV, XML)
842
+ - [ ] Direct transmission: [Can data be transmitted to another controller?]
843
+
844
+ **Right to Object (Article 21)**:
845
+
846
+ - [ ] Process implemented: [Describe objection process]
847
+ - [ ] Basis: Applicable for public task and legitimate interests processing
848
+ - [ ] Marketing opt-out: [Describe opt-out mechanism]
849
+
850
+ **Rights Related to Automated Decision-Making (Article 22)**:
851
+
852
+ - [ ] Applicable: [YES/NO - is there solely automated decision-making?]
853
+ - [ ] Safeguards: Human oversight, explanation, ability to challenge decision
854
+ - [ ] Process: [Describe how individuals can request human review]
855
+
856
+ ### 12.2 Rights Fulfillment Procedures
857
+
858
+ **Standard Operating Procedures**:
859
+
860
+ 1. **Receipt**: Rights requests received via [email/web form/postal address]
861
+ 2. **Verification**: Identity verified using [method]
862
+ 3. **Logging**: Request logged in [system] with unique reference number
863
+ 4. **Acknowledgement**: Acknowledgement sent within [N] days
864
+ 5. **Retrieval**: Data retrieved from [systems/databases]
865
+ 6. **Review**: Legal/DPO review for exemptions or complexities
866
+ 7. **Response**: Response provided within 1 month
867
+ 8. **Escalation**: Complex requests escalated to DPO
868
+
869
+ **Training**: Staff trained on rights fulfillment - [Training frequency]
870
+
871
+ ---
872
+
873
+ ## 13. International Data Transfers
874
+
875
+ **Applicable**: [YES/NO]
876
+
877
+ If YES:
878
+
879
+ ### 13.1 Transfer Details
880
+
881
+ | Recipient | Country | Data Transferred | Purpose | Volume | Adequacy Decision? |
882
+ |-----------|---------|------------------|---------|--------|-------------------|
883
+ | [Recipient 1] | [Country] | [Data types] | [Purpose] | [N records] | [YES/NO] |
884
+ | [Recipient 2] | [Country] | [Data types] | [Purpose] | [N records] | [YES/NO] |
885
+
886
+ ### 13.2 Transfer Safeguards
887
+
888
+ **For countries WITH UK adequacy decision**:
889
+
890
+ - [ ] No additional safeguards required beyond standard DPIA measures
891
+
892
+ **For countries WITHOUT adequacy decision**:
893
+
894
+ - [ ] **Standard Contractual Clauses (SCCs)** - UK ICO approved SCCs signed with recipient
895
+ - SCC version: [International Data Transfer Agreement (IDTA) / Addendum to EU SCCs]
896
+ - Date signed: [DATE]
897
+ - Recipient guarantees: [Summary of guarantees]
898
+
899
+ - [ ] **Binding Corporate Rules (BCRs)** - Approved BCRs in place
900
+ - BCR approval date: [DATE]
901
+ - ICO reference: [REF]
902
+
903
+ - [ ] **Derogations** (only in exceptional circumstances)
904
+ - Explicit consent obtained: [YES/NO]
905
+ - Necessary for contract performance: [YES/NO]
906
+ - Necessary for legal claims: [YES/NO]
907
+
908
+ ### 13.3 Transfer Risk Assessment
909
+
910
+ **Additional risks from international transfer**:
911
+
912
+ - Foreign government access to data: [Assessment]
913
+ - Different legal protections: [Assessment]
914
+ - Enforcement challenges: [Assessment]
915
+
916
+ **Additional safeguards**:
917
+
918
+ - [Safeguard 1]
919
+ - [Safeguard 2]
920
+
921
+ ---
922
+
923
+ ## 14. Children's Data (if applicable)
924
+
925
+ **Processing Children's Data**: [YES/NO]
926
+
927
+ If YES:
928
+
929
+ ### 14.1 Age Verification
930
+
931
+ **Age Threshold**: [13/16] years (online services)
932
+
933
+ **Age Verification Method**: [Describe verification mechanism]
934
+
935
+ **Parental Consent**: [Describe parental consent mechanism for children under threshold]
936
+
937
+ ### 14.2 Additional Safeguards for Children
938
+
939
+ - [ ] **Privacy notice for children** - Age-appropriate language, simplified explanation
940
+ - [ ] **Minimization** - Only essential data collected from children
941
+ - [ ] **No profiling** - Children's data not used for profiling/marketing (unless consent + child's best interests)
942
+ - [ ] **No AI decision-making** - No solely automated decisions affecting children
943
+ - [ ] **Secure processing** - Enhanced security measures for children's data
944
+ - [ ] **Timely deletion** - Children's data deleted when no longer necessary
945
+ - [ ] **No sharing** - Children's data not shared without parental consent
946
+
947
+ ### 14.3 Best Interests Assessment
948
+
949
+ **Assessment**: Is processing in the child's best interests? [YES/NO]
950
+
951
+ **Justification**: [Explain how processing benefits children and does not cause harm]
952
+
953
+ ---
954
+
955
+ ## 15. Algorithmic/AI Processing (if applicable)
956
+
957
+ **Algorithmic Processing**: [YES/NO]
958
+
959
+ If YES, also complete `/arckit:ai-playbook` and `/arckit:atrs` assessments.
960
+
961
+ ### 15.1 Algorithm Description
962
+
963
+ **Algorithm Type**:
964
+
965
+ - [ ] Rule-based system
966
+ - [ ] Statistical model
967
+ - [ ] Machine learning (supervised/unsupervised/reinforcement)
968
+ - [ ] Deep learning
969
+ - [ ] Natural language processing
970
+ - [ ] Computer vision
971
+ - [ ] Other: [SPECIFY]
972
+
973
+ **Processing Type**:
974
+
975
+ - [ ] Profiling
976
+ - [ ] Prediction
977
+ - [ ] Classification
978
+ - [ ] Recommendation
979
+ - [ ] Automated decision-making
980
+ - [ ] Anomaly detection
981
+
982
+ **Human Oversight**:
983
+
984
+ - [ ] Fully automated (no human review)
985
+ - [ ] Human-in-the-loop (human can override)
986
+ - [ ] Human-on-the-loop (human monitors and can intervene)
987
+
988
+ ### 15.2 Algorithmic Bias Assessment
989
+
990
+ **Protected Characteristics Considered**:
991
+
992
+ - [ ] Age
993
+ - [ ] Disability
994
+ - [ ] Gender reassignment
995
+ - [ ] Marriage and civil partnership
996
+ - [ ] Pregnancy and maternity
997
+ - [ ] Race
998
+ - [ ] Religion or belief
999
+ - [ ] Sex
1000
+ - [ ] Sexual orientation
1001
+
1002
+ **Bias Testing**:
1003
+
1004
+ - [ ] Training data reviewed for bias
1005
+ - [ ] Fairness metrics calculated (demographic parity, equal opportunity, equalized odds)
1006
+ - [ ] Disparate impact analysis conducted
1007
+ - [ ] Regular monitoring for bias in production
1008
+
1009
+ **Bias Mitigation**:
1010
+
1011
+ - [ ] Diverse training data
1012
+ - [ ] Fairness constraints in model
1013
+ - [ ] Human review of edge cases
1014
+ - [ ] Regular retraining
1015
+ - [ ] Explainability tools (LIME, SHAP)
1016
+
1017
+ ### 15.3 Explainability and Transparency
1018
+
1019
+ **Explainability Level**:
1020
+
1021
+ - [ ] Black box (no explanation possible)
1022
+ - [ ] Limited explainability (feature importance)
1023
+ - [ ] Full explainability (decision path visible)
1024
+
1025
+ **Explanation Mechanism**:
1026
+
1027
+ - [Describe how decisions are explained to data subjects]
1028
+
1029
+ **ATRS Compliance**: [Link to ATRS record at `projects/{project_id}/ARC-{PROJECT_ID}-ATRS-v*.md`]
1030
+
1031
+ ---
1032
+
1033
+ ## 16. Summary and Conclusion
1034
+
1035
+ ### 16.1 Key Findings
1036
+
1037
+ **Processing Summary**:
1038
+
1039
+ - Processing [N] categories of personal data
1040
+ - Processing [N] special category data types
1041
+ - Affecting [N] data subjects
1042
+ - For purposes: [List primary purposes]
1043
+ - Using lawful basis: [Article 6 basis]
1044
+ - Using special category basis: [Article 9 basis, if applicable]
1045
+
1046
+ **Risk Summary**:
1047
+
1048
+ - [N] risks identified
1049
+ - [N] HIGH risks before mitigation
1050
+ - [N] MEDIUM risks after mitigation
1051
+ - [N] HIGH risks after mitigation (if any)
1052
+ - Overall residual risk: [LOW/MEDIUM/HIGH]
1053
+
1054
+ **Compliance Summary**:
1055
+
1056
+ - [ ] Necessity and proportionality demonstrated
1057
+ - [ ] Lawful basis identified
1058
+ - [ ] Data subjects consulted
1059
+ - [ ] DPO consulted
1060
+ - [ ] Risks identified and mitigated
1061
+ - [ ] Data subject rights processes in place
1062
+ - [ ] Security measures implemented
1063
+ - [ ] Review schedule established
1064
+
1065
+ ### 16.2 Recommendations
1066
+
1067
+ **Recommendations**:
1068
+
1069
+ 1. [Recommendation 1]
1070
+ 2. [Recommendation 2]
1071
+ 3. [Recommendation 3]
1072
+
1073
+ **Actions Required Before Go-Live**:
1074
+
1075
+ | Action | Responsibility | Due Date | Status |
1076
+ |--------|----------------|----------|--------|
1077
+ | [Action 1] | [Role] | [DATE] | [Not Started/In Progress/Complete] |
1078
+ | [Action 2] | [Role] | [DATE] | [Status] |
1079
+
1080
+ ### 16.3 Final Conclusion
1081
+
1082
+ **Conclusion**: [PROCEED / DO NOT PROCEED / PROCEED WITH CONDITIONS]
1083
+
1084
+ **Rationale**: [Summary justification]
1085
+
1086
+ **Conditions** (if any):
1087
+
1088
+ - [Condition 1]
1089
+ - [Condition 2]
1090
+
1091
+ **Sign-Off**: This DPIA has been completed and approved. Processing may commence subject to conditions above.
1092
+
1093
+ ---
1094
+
1095
+ ## External References
1096
+
1097
+ > This section provides traceability from generated content back to source documents.
1098
+ > Follow citation instructions in the project's citation reference guide.
1099
+
1100
+ ### Document Register
1101
+
1102
+ | Doc ID | Filename | Type | Source Location | Description |
1103
+ |--------|----------|------|-----------------|-------------|
1104
+ | *None provided* | — | — | — | — |
1105
+
1106
+ ### Citations
1107
+
1108
+ | Citation ID | Doc ID | Page/Section | Category | Quoted Passage |
1109
+ |-------------|--------|--------------|----------|----------------|
1110
+ | — | — | — | — | — |
1111
+
1112
+ ### Unreferenced Documents
1113
+
1114
+ | Filename | Source Location | Reason |
1115
+ |----------|-----------------|--------|
1116
+ | — | — | — |
1117
+
1118
+ ---
1119
+
1120
+ ## Generation Metadata
1121
+
1122
+ **Generated by**: ArcKit `/arckit:dpia` command
1123
+ **Generated on**: [DATE]
1124
+ **ArcKit Version**: [VERSION]
1125
+ **Project**: [PROJECT_NAME] (Project [PROJECT_ID])
1126
+ **Model**: [AI_MODEL]
1127
+
1128
+ **Traceability**: This DPIA is traceable to architecture principles, data model, requirements, stakeholders, and risk register via the ArcKit governance framework.
1129
+
1130
+ ---
1131
+
1132
+ ## Appendix A: ICO DPIA Screening Checklist
1133
+
1134
+ Full screening questionnaire (9 criteria) with detailed YES/NO/N/A responses:
1135
+
1136
+ 1. ☐ Evaluation or scoring (including profiling)
1137
+ 2. ☐ Automated decision-making with legal/significant effect
1138
+ 3. ☐ Systematic monitoring
1139
+ 4. ☐ Sensitive data or highly personal data
1140
+ 5. ☐ Large scale processing
1141
+ 6. ☐ Matching or combining datasets
1142
+ 7. ☐ Vulnerable data subjects
1143
+ 8. ☐ Innovative technology
1144
+ 9. ☐ Processing prevents exercising rights
1145
+
1146
+ ---
1147
+
1148
+ ## Appendix B: GDPR Article 35 Requirements Checklist
1149
+
1150
+ | Article 35 Requirement | Addressed in Section | Complete? |
1151
+ |------------------------|---------------------|-----------|
1152
+ | Systematic description of processing | Section 2 | ✓ |
1153
+ | Purposes of processing | Section 2.4 | ✓ |
1154
+ | Assessment of necessity and proportionality | Section 4 | ✓ |
1155
+ | Assessment of risks to data subjects | Section 5 | ✓ |
1156
+ | Measures to address risks | Section 6 | ✓ |
1157
+ | Safeguards, security measures | Section 6 | ✓ |
1158
+ | Demonstrate compliance with GDPR | Throughout | ✓ |
1159
+
1160
+ ---
1161
+
1162
+ ## Appendix C: Data Protection Principles Compliance
1163
+
1164
+ **GDPR Article 5 Principles**:
1165
+
1166
+ | Principle | Assessment | Evidence |
1167
+ |-----------|------------|----------|
1168
+ | **(a) Lawfulness, fairness, transparency** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Privacy notice provided, lawful basis identified in Section 4.1 |
1169
+ | **(b) Purpose limitation** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Purposes clearly defined in Section 2.4; no function creep controls in Section 6 |
1170
+ | **(c) Data minimization** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Only necessary data collected (Section 4.3); unnecessary fields removed |
1171
+ | **(d) Accuracy** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Rectification process in Section 12.1; data validation in Section 6.1 |
1172
+ | **(e) Storage limitation** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Retention periods defined in Section 2.2; automated deletion implemented |
1173
+ | **(f) Integrity and confidentiality** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Security measures in Section 6.1; encryption, access controls implemented |
1174
+ | **Accountability** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | DPIA completed; DPO involved; policies documented |
1175
+
1176
+ ---
1177
+
1178
+ ## Appendix D: Glossary
1179
+
1180
+ | Term | Definition |
1181
+ |------|------------|
1182
+ | **Data Subject** | An identified or identifiable natural person whose personal data is being processed |
1183
+ | **Data Controller** | The organisation that determines the purposes and means of processing personal data |
1184
+ | **Data Processor** | An organisation that processes personal data on behalf of the controller |
1185
+ | **Personal Data** | Any information relating to an identified or identifiable natural person |
1186
+ | **Special Category Data** | Sensitive personal data (race, health, biometric, etc.) requiring Article 9 basis |
1187
+ | **Processing** | Any operation performed on personal data (collection, storage, use, disclosure, deletion) |
1188
+ | **Profiling** | Automated processing to evaluate personal aspects (predict performance, behaviour, preferences) |
1189
+ | **Pseudonymization** | Processing that prevents identification without additional information kept separately |
1190
+ | **Anonymization** | Irreversibly removing identifying information so re-identification is not possible |
1191
+ | **Lawful Basis** | Legal ground for processing under GDPR Article 6 (consent, contract, legal obligation, etc.) |
1192
+ | **DPIA** | Data Protection Impact Assessment - required for high-risk processing |
1193
+ | **ICO** | Information Commissioner's Office - UK data protection supervisory authority |
1194
+ | **UK GDPR** | UK General Data Protection Regulation (retained EU GDPR post-Brexit) |
1195
+ | **DPA 2018** | Data Protection Act 2018 - UK law supplementing GDPR |
1196
+ | **SCC** | Standard Contractual Clauses - mechanism for international data transfers |
1197
+
1198
+ ---
1199
+
1200
+ **END OF DPIA**