arckit-cli 6.1.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- arckit_cli/__init__.py +1120 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/memory/sessions.md +293 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/RENDERING.md +22 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/document-control-uae.md +20 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/_partials/document-control-uk.md +16 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/adm-preliminary-template.md +135 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/adr-template.md +588 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-design-template.md +390 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-governance-template.md +90 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-integration-template.md +159 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-inventory-template.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-maturity-template.md +388 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/agent-security-template.md +213 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/analysis-report-template.md +323 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/application-inventory-template.md +221 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-board-template.md +194 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-change-template.md +205 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-diagram-template.md +610 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-principles-template.md +632 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-repository-template.md +107 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/architecture-strategy-template.md +666 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-bvergg-template.md +252 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-dsgvo-template.md +354 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/at-nisg-template.md +236 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-aescsf-template.md +189 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ai-assurance-template.md +243 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-disp-attestation-template.md +297 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-dss-template.md +302 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-e8-posture-template.md +377 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-energy-compliance-template.md +189 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ism-controls-template.md +462 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ndb-playbook-template.md +288 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-ot-security-template.md +204 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-pia-template.md +394 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-pspf-template.md +380 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/au-soci-cirmp-template.md +206 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/aws-research-template.md +605 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/azure-research-template.md +559 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/backlog-template.md +465 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-aia-template.md +206 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-atip-template.md +192 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-charter-template.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-cloud-residency-template.md +173 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-fitaa-template.md +156 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-gc-digital-standards-template.md +208 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-itsg-33-template.md +228 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-ocap-template.md +205 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-ola-template.md +171 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-pia-template.md +193 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-pspc-template.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ca-soia-template.md +219 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/capability-map-template.md +125 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/competitors-template.md +113 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/conformance-assessment-template.md +507 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-mesh-contract-template.md +851 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-model-template.md +1043 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/data-source-profile-template.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/datascout-template.md +546 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/devops-template.md +961 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dfd-template.md +161 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dld-review-template.md +427 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dos-requirements-template.md +506 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/dpia-template.md +1200 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-ai-act-template.md +227 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-cra-template.md +176 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-data-act-template.md +175 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-dora-template.md +197 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-dsa-template.md +183 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-nis2-template.md +196 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/eu-rgpd-template.md +198 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/evaluation-criteria-template.md +719 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/finops-template.md +662 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-algorithme-public-template.md +162 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-anssi-carto-template.md +196 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-anssi-template.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-code-reuse-template.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-dinum-template.md +195 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-dr-template.md +187 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-ebios-template.md +209 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-irn-template.md +311 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-marche-public-template.md +178 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-pssi-template.md +270 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-rgpd-template.md +195 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/fr-secnumcloud-template.md +188 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/framework-overview-template.md +247 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gap-analysis-template.md +198 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcloud-clarify-template.md +340 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcloud-requirements-template.md +370 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gcp-research-template.md +585 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/glossary-template.md +117 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-code-search-template.md +213 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-landscape-template.md +271 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/gov-reuse-template.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/grants-template.md +131 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/hld-review-template.md +760 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/jsp-936-template.md +1394 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/maturity-model-template.md +297 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/mlops-template.md +720 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/mod-secure-by-design-template.md +784 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/operationalize-template.md +1016 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/pages-template.html +5121 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/platform-design-template.md +1610 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/presentation-template.md +270 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/principles-compliance-assessment-template.md +389 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/project-plan-template.md +421 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/rationalization-template.md +208 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/requirements-template.md +1026 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/research-findings-template.md +939 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/risk-register-template.md +883 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/roadmap-template.md +787 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/service-assessment-prep-template.md +448 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/servicenow-design-template.md +273 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/sobc-template.md +1127 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/sow-template.md +785 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/stakeholder-drivers-template.md +493 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/story-template.md +889 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tcop-review-template.md +593 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tech-note-template.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/tenders-template.md +124 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/traceability-matrix-template.md +360 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/transition-architecture-template.md +286 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ai-autonomy-tier-template.md +97 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ai-charter-template.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-classification-template.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-cloud-residency-template.md +136 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-data-sharing-template.md +105 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-digital-records-template.md +97 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-ias-template.md +109 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-pdpl-template.md +105 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-priorities-alignment-template.md +99 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-procurement-template.md +115 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-uaepass-template.md +129 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uae-zero-bureaucracy-template.md +85 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-consumer-duty-board-report-template.md +49 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-consumer-duty-template.md +362 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-ctp-dependency-register-template.md +24 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-ctp-dependency-template.md +321 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-safeguarding-reconciliation-template.md +77 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-safeguarding-template.md +348 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-sca-rts-exemption-matrix-template.md +47 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-fs-sca-rts-template.md +273 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-gov-ai-playbook-template.md +942 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-gov-atrs-template.md +1087 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-mdr-classification-template.md +307 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-case-template.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-hazard-template.md +217 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-safety-template.md +78 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0129-template.md +13 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-case-template.md +207 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-hazard-template.md +290 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-deployment-safety-template.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dcb0160-template.md +13 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/uk-nhs-dtac-template.md +341 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/ukgov-secure-by-design-template.md +1031 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-ai-impact-template.md +212 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-ai-rmf-template.md +232 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fedramp-readiness-template.md +209 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fedramp-ssp-template.md +352 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-fisma-categorization-template.md +145 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-icam-template.md +216 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-nist-800-53-template.md +222 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-privacy-pia-template.md +191 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-sbom-eo-14028-template.md +253 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/us-zero-trust-template.md +234 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/vendor-profile-template.md +88 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/vendor-scoring-template.md +332 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-climate-template.md +269 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-doctrine-template.md +299 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-gameplay-template.md +346 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-map-template.md +587 -0
- arckit_cli-6.1.1.data/data/share/arckit/.arckit/templates/wardley-value-chain-template.md +256 -0
- arckit_cli-6.1.1.data/data/share/arckit/CHANGELOG.md +3554 -0
- arckit_cli-6.1.1.data/data/share/arckit/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/DEPENDENCY-MATRIX.md +929 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/README.md +322 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/WORKFLOW-DIAGRAMS.md +1088 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/adm-preliminary.md +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/adr.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-design.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-governance.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-integration.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-inventory.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-maturity.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/agent-security.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ai-playbook.md +103 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/analyze.md +57 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/application-inventory.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/application-rationalization.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-board.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-change.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/architecture-repository.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/artifact-health.md +228 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-bvergg.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-dsgvo.md +75 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/at-nisg.md +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/atrs.md +98 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-aescsf.md +45 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ai-assurance.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-disp-attestation.md +90 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-dss.md +76 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-e8-posture.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-energy-compliance.md +47 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-federal-overlay.md +199 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ism-controls.md +78 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ndb-playbook.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-ot-security.md +39 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-pia.md +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-pspf.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/au-soci-cirmp.md +40 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/autoresearch.md +334 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/aws-research.md +160 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/azure-research.md +157 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/backlog.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/build.md +132 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/business-capability-map.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/business-case.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/c4-layout-science.md +280 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-aia.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-atip.md +79 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-charter.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-cloud-residency.md +91 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-fitaa.md +81 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-gc-digital-standards.md +93 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-itsg-33.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-ocap.md +91 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-ola.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-pia.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-pspc.md +96 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/ca-soia.md +87 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/codes-of-practice.md +154 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/competitors.md +202 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/conformance.md +153 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/create.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/custom-commands.md +236 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/customize.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-mesh-contract.md +239 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-model.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/data-quality-framework.md +118 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/datascout.md +162 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/declaration.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/design-review.md +66 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/devops.md +96 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dfd.md +187 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/diagram.md +118 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dld-review.md +102 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dos.md +109 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/dpia.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/enterprise-scale.md +260 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-ai-act.md +82 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-cra.md +90 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-data-act.md +85 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-dora.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-dsa.md +85 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-nis2.md +82 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/eu-rgpd.md +76 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/evaluate.md +115 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/export-okf.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/finops.md +117 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-algorithme-public.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-anssi-carto.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-anssi.md +79 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-code-reuse.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-dinum.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-dr.md +88 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-ebios.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-irn.md +103 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-marche-public.md +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-pssi.md +87 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-rgpd.md +75 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/fr-secnumcloud.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/framework.md +234 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gap-analysis.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-clarify.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-competitors.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcloud-search.md +106 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gcp-research.md +169 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/glossary.md +190 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-code-search.md +119 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-landscape.md +114 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/gov-reuse.md +112 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/govs-007-security.md +93 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/grants.md +106 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/graph-report.md +77 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/health.md +234 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/hld-review.md +110 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/hooks.md +121 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/impact.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/import-okf.md +67 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/init.md +159 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/jsp-936.md +60 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/knowledge-compounding.md +140 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/maturity-model.md +186 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mcp-servers.md +329 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/migration.md +333 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mlops.md +126 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/mod-secure.md +124 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/national-data-strategy.md +115 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/navigator.md +86 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/operationalize.md +143 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pages.md +227 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pinecone-mcp.md +128 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/plan.md +66 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/platform-design.md +600 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/presentation.md +137 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/pricing.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/principles-compliance.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/principles.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/procurement.md +57 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/productivity.md +217 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/remote-control.md +151 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/requirements.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/research.md +65 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/review.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/risk-management.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/risk.md +132 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roadmap.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/README.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/business-analyst.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/business-architect.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/cdo.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/ciso.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/cto-cdio.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/data-architect.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/data-governance-manager.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/delivery-manager.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/devops-engineer.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/enterprise-architect.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/it-service-manager.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/network-architect.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/performance-analyst.md +67 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/product-manager.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/security-architect.md +78 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/service-owner.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/solution-architect.md +75 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/roles/technical-architect.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/score.md +91 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot1.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot2.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sdd-lot3.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/search.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/secure.md +181 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/security-hooks.md +200 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/security.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/service-assessment.md +47 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/service-design.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/servicenow.md +152 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/session-memory.md +100 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sobc.md +129 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/sow.md +125 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/stakeholder-analysis.md +51 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/stakeholders.md +138 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/start.md +276 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/story.md +61 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/strategy.md +211 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/submission-pack.md +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/supplier-profile.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/tcop.md +124 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/template-builder.md +125 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/tenders.md +193 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/testing-plugin-branches.md +79 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/traceability.md +58 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/transition-architecture.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/trello.md +139 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ai-autonomy-tier.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ai-charter.md +89 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-classification.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-cloud-residency.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-data-sharing.md +84 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-digital-records.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-ias.md +93 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-overlay-maintenance.md +154 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-overlay.md +208 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-pdpl.md +73 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-priorities-alignment.md +82 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-procurement.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-uaepass.md +83 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uae-zero-bureaucracy.md +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-consumer-duty.md +178 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-ctp-dependency.md +181 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-payments-overlay.md +216 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-safeguarding.md +176 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-fs-sca-rts.md +164 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/ai-playbook.md +56 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/algorithmic-transparency.md +44 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/digital-marketplace.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/secure-by-design.md +51 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/standards-map.md +108 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-government/technology-code-of-practice.md +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-mdr-classification.md +59 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-mod/secure-by-design.md +54 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-clinical-safety-overlay.md +214 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dcb0129.md +64 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dcb0160.md +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/uk-nhs-dtac.md +55 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/upgrading.md +130 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-ai-impact.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-ai-rmf.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-federal-overlay.md +111 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fedramp-readiness.md +69 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fedramp-ssp.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-fisma-categorization.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-icam.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-nist-800-53.md +70 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-privacy-pia.md +74 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-sbom-eo-14028.md +71 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/us-zero-trust.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-climate.md +122 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-doctrine.md +120 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-gameplay.md +123 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley-value-chain.md +130 -0
- arckit_cli-6.1.1.data/data/share/arckit/docs/guides/wardley.md +173 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/.agents/plugins/marketplace.json +20 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/README.md +325 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/docs/DEPENDENCY-MATRIX.md +616 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/arckit-codex-hook.mjs +1270 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-inject.mjs +1497 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-rollups.mjs +247 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/graph-utils.mjs +363 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/hook-utils.mjs +383 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/hooks.json +80 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/okf-frontmatter.mjs +279 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/project-context-builder.mjs +168 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-codex/hooks/sync-guides.mjs +1120 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/README.md +68 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-copilot/docs/DEPENDENCY-MATRIX.md +616 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/LICENSE +21 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/README.md +65 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/docs/DEPENDENCY-MATRIX.md +616 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-opencode/opencode.json +25 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/.mcp.json +63 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/LICENSE +26 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/README.md +407 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/VERSION +1 -0
- arckit_cli-6.1.1.data/data/share/arckit/extensions/arckit-vibe/vibe-config.toml +62 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/README.md +680 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/000-global/ARC-000-PRIN-v1.0.md +120 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/001-test-project/ARC-001-STKE-v1.0.md +100 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/fixtures/001-test-project/README.md +15 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/program-selfharness.md +748 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/autoresearch/program.md +269 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/check-prerequisites.sh +250 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/common.sh +359 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/create-project.sh +408 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/generate-document-id.sh +146 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/list-projects.sh +359 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bash/migrate-filenames.sh +553 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/bump-version.sh +293 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/check_doctype_collisions.py +30 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/check_recipes.py +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/check_references.py +144 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/convert_vibe_agents.py +198 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/convert_vibe_skills.py +499 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/converter.py +2002 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/create-sdg-repo.py +820 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-arckit-architecture-hero.py +317 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-arckit-hero.py +278 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/generate-release-notes.sh +112 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/managed-agents/README.md +105 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/managed-agents/arckit-agent.py +418 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/push-extensions.sh +424 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/apply_doc_control_marker.py +50 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/common.py +288 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/create-project.py +373 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/generate-document-id.py +96 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/list-projects.py +238 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/python/migrate_classification.py +94 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/render-brand-pngs.py +72 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/standardise-colon.py +128 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/sync-claude-plugin-layout.py +159 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/sync-shared-assets.py +132 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tag-plugins.sh +65 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-doc-types-dual-registration.mjs +57 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-fde-templates.mjs +100 -0
- arckit_cli-6.1.1.data/data/share/arckit/scripts/tests/test-regime-registration.mjs +65 -0
- arckit_cli-6.1.1.dist-info/METADATA +1966 -0
- arckit_cli-6.1.1.dist-info/RECORD +482 -0
- arckit_cli-6.1.1.dist-info/WHEEL +4 -0
- arckit_cli-6.1.1.dist-info/entry_points.txt +2 -0
- arckit_cli-6.1.1.dist-info/licenses/LICENSE +26 -0
|
@@ -0,0 +1,1200 @@
|
|
|
1
|
+
# Data Protection Impact Assessment (DPIA)
|
|
2
|
+
|
|
3
|
+
> **Template Origin**: Official | **ArcKit Version**: [VERSION] | **Command**: `/arckit:dpia`
|
|
4
|
+
|
|
5
|
+
## Document Control
|
|
6
|
+
|
|
7
|
+
<!-- DOC-CONTROL-HEADER -->
|
|
8
|
+
<!-- Resolved at command-execution time to _partials/document-control-uk.md or _partials/document-control-uae.md based on plugin userConfig classification_scheme + governance_framework. See _partials/RENDERING.md (when present). -->
|
|
9
|
+
|
|
10
|
+
## Revision History
|
|
11
|
+
|
|
12
|
+
| Version | Date | Author | Changes | Approved By | Approval Date |
|
|
13
|
+
|---------|------|--------|---------|-------------|---------------|
|
|
14
|
+
| [VERSION] | [DATE] | ArcKit AI | Initial creation from `/arckit.[COMMAND]` command | [PENDING] | [PENDING] |
|
|
15
|
+
|
|
16
|
+
## Executive Summary
|
|
17
|
+
|
|
18
|
+
**Processing Activity**: [ACTIVITY_NAME]
|
|
19
|
+
|
|
20
|
+
**DPIA Outcome**: [LOW/MEDIUM/HIGH] residual risk to data subjects
|
|
21
|
+
|
|
22
|
+
**Approval Status**: [APPROVED/APPROVED WITH CONDITIONS/REJECTED/PENDING]
|
|
23
|
+
|
|
24
|
+
**Key Findings**:
|
|
25
|
+
|
|
26
|
+
- [Finding 1]
|
|
27
|
+
- [Finding 2]
|
|
28
|
+
- [Finding 3]
|
|
29
|
+
|
|
30
|
+
**Recommendation**: [Proceed/Do not proceed/Proceed with conditions]
|
|
31
|
+
|
|
32
|
+
**ICO Consultation Required**: [YES/NO]
|
|
33
|
+
|
|
34
|
+
---
|
|
35
|
+
|
|
36
|
+
## 1. DPIA Screening Assessment
|
|
37
|
+
|
|
38
|
+
### 1.1 Screening Criteria (ICO's 9 Criteria)
|
|
39
|
+
|
|
40
|
+
| # | Criterion | YES/NO | Evidence |
|
|
41
|
+
|---|-----------|--------|----------|
|
|
42
|
+
| 1 | **Evaluation or scoring** including profiling and predicting (e.g., credit scoring, marketing preferences, location data, loyalty programs) | [YES/NO] | [Evidence from requirements/data model] |
|
|
43
|
+
| 2 | **Automated decision-making with legal or similarly significant effect** (e.g., automatic refusal of credit, e-recruiting without human intervention) | [YES/NO] | [Evidence] |
|
|
44
|
+
| 3 | **Systematic monitoring** of data subjects (e.g., CCTV, tracking, monitoring employee productivity/health, location tracking) | [YES/NO] | [Evidence] |
|
|
45
|
+
| 4 | **Sensitive data or data of highly personal nature** (special category data: race, health, biometric, genetic; criminal offence data; children's data) | [YES/NO] | [Evidence from data model PII analysis] |
|
|
46
|
+
| 5 | **Processing on a large scale** (consider: number of data subjects, volume of data, duration, geographical extent) | [YES/NO] | [Evidence - N data subjects, N records, N years] |
|
|
47
|
+
| 6 | **Matching or combining datasets** from different sources in ways data subjects wouldn't reasonably expect | [YES/NO] | [Evidence - list data sources] |
|
|
48
|
+
| 7 | **Data concerning vulnerable data subjects** (children, elderly, patients, employees, asylum seekers, those lacking capacity) | [YES/NO] | [Evidence - list vulnerable groups] |
|
|
49
|
+
| 8 | **Innovative use or application of new technological or organisational solutions** (AI/ML, blockchain, IoT, biometrics, facial recognition) | [YES/NO] | [Evidence - list technologies] |
|
|
50
|
+
| 9 | **Processing that prevents data subjects from exercising a right or using a service/contract** (e.g., cannot opt out, no access to data, blocking from service) | [YES/NO] | [Evidence] |
|
|
51
|
+
|
|
52
|
+
**Screening Score**: [N]/9 criteria met
|
|
53
|
+
|
|
54
|
+
### 1.2 DPIA Necessity Decision
|
|
55
|
+
|
|
56
|
+
**Decision**: [DPIA REQUIRED / DPIA RECOMMENDED / DPIA NOT REQUIRED]
|
|
57
|
+
|
|
58
|
+
**Rationale**:
|
|
59
|
+
|
|
60
|
+
- If ≥2 criteria met → DPIA REQUIRED
|
|
61
|
+
- If processing involves special category data at scale → DPIA REQUIRED
|
|
62
|
+
- If innovative technology with unknown risks → DPIA REQUIRED
|
|
63
|
+
- [Specific rationale based on screening results]
|
|
64
|
+
|
|
65
|
+
**Decision Authority**: [NAME, ROLE]
|
|
66
|
+
|
|
67
|
+
**Decision Date**: [DATE]
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## 2. Description of Processing
|
|
72
|
+
|
|
73
|
+
### 2.1 Nature of Processing
|
|
74
|
+
|
|
75
|
+
**What operations are being performed?**
|
|
76
|
+
|
|
77
|
+
- [ ] Collection
|
|
78
|
+
- [ ] Recording
|
|
79
|
+
- [ ] Organisation
|
|
80
|
+
- [ ] Structuring
|
|
81
|
+
- [ ] Storage
|
|
82
|
+
- [ ] Adaptation/alteration
|
|
83
|
+
- [ ] Retrieval
|
|
84
|
+
- [ ] Consultation
|
|
85
|
+
- [ ] Use
|
|
86
|
+
- [ ] Disclosure by transmission
|
|
87
|
+
- [ ] Dissemination
|
|
88
|
+
- [ ] Alignment/combination
|
|
89
|
+
- [ ] Restriction
|
|
90
|
+
- [ ] Erasure/destruction
|
|
91
|
+
|
|
92
|
+
**Processing Method**:
|
|
93
|
+
|
|
94
|
+
- [ ] Automated processing
|
|
95
|
+
- [ ] Manual processing
|
|
96
|
+
- [ ] Combination of automated and manual
|
|
97
|
+
|
|
98
|
+
**Profiling Involved**: [YES/NO]
|
|
99
|
+
|
|
100
|
+
- If YES, describe profiling activities: [DESCRIPTION]
|
|
101
|
+
|
|
102
|
+
**Automated Decision-Making**: [YES/NO]
|
|
103
|
+
|
|
104
|
+
- If YES, describe: [DESCRIPTION]
|
|
105
|
+
- Human oversight: [YES/NO - describe how]
|
|
106
|
+
|
|
107
|
+
### 2.2 Scope of Processing
|
|
108
|
+
|
|
109
|
+
#### What data are we processing?
|
|
110
|
+
|
|
111
|
+
**Personal Data Categories** (from Data Model):
|
|
112
|
+
|
|
113
|
+
| Entity ID | Entity Name | Data Categories | Special Category? | PII Level |
|
|
114
|
+
|-----------|-------------|-----------------|-------------------|-----------|
|
|
115
|
+
| E-001 | [Entity Name] | Name, email, address | NO | HIGH |
|
|
116
|
+
| E-002 | [Entity Name] | Health records | YES (Article 9) | VERY HIGH |
|
|
117
|
+
| ... | ... | ... | ... | ... |
|
|
118
|
+
|
|
119
|
+
**Total Data Items**: [N] personal data fields across [M] entities
|
|
120
|
+
|
|
121
|
+
**Special Category Data**: [YES/NO]
|
|
122
|
+
|
|
123
|
+
- If YES: Race/ethnicity, Political opinions, Religious beliefs, Trade union membership, Genetic data, Biometric data, Health data, Sex life/orientation, Criminal convictions
|
|
124
|
+
|
|
125
|
+
**Children's Data**: [YES/NO]
|
|
126
|
+
|
|
127
|
+
- If YES: Age range [AGE_RANGE], volume [N children]
|
|
128
|
+
|
|
129
|
+
#### Whose data are we processing?
|
|
130
|
+
|
|
131
|
+
**Data Subject Categories** (from Stakeholder Analysis):
|
|
132
|
+
|
|
133
|
+
| Data Subject Type | Description | Volume | Vulnerable? |
|
|
134
|
+
|-------------------|-------------|--------|-------------|
|
|
135
|
+
| [Type 1] | [Description] | [N individuals] | [YES/NO] |
|
|
136
|
+
| [Type 2] | [Description] | [N individuals] | [YES/NO] |
|
|
137
|
+
| ... | ... | ... | ... |
|
|
138
|
+
|
|
139
|
+
**Total Data Subjects**: Approximately [N] individuals
|
|
140
|
+
|
|
141
|
+
**Vulnerable Groups**: [List any vulnerable populations]
|
|
142
|
+
|
|
143
|
+
#### How much data?
|
|
144
|
+
|
|
145
|
+
**Volume Metrics**:
|
|
146
|
+
|
|
147
|
+
- **Records**: [N] records
|
|
148
|
+
- **Data subjects**: [N] individuals
|
|
149
|
+
- **Storage size**: [N GB/TB]
|
|
150
|
+
- **Transaction rate**: [N] per day/month
|
|
151
|
+
- **Geographic scope**: [UK-wide / Regional / Local / International]
|
|
152
|
+
|
|
153
|
+
**Scale Classification**: [Small scale / Large scale]
|
|
154
|
+
|
|
155
|
+
- Small scale: Fewer than 10,000 data subjects, limited geographic area, low volume
|
|
156
|
+
- Large scale: ≥10,000 data subjects, or national/international scope, or high volume
|
|
157
|
+
|
|
158
|
+
#### How long are we keeping it?
|
|
159
|
+
|
|
160
|
+
**Retention Periods** (from Data Model):
|
|
161
|
+
|
|
162
|
+
| Data Type | Retention Period | Legal Basis for Retention | Deletion Method |
|
|
163
|
+
|-----------|------------------|---------------------------|-----------------|
|
|
164
|
+
| [Data Type 1] | [N years] | [Legal requirement / Business need] | [Secure deletion / Anonymization] |
|
|
165
|
+
| [Data Type 2] | [N years] | [Legal requirement / Business need] | [Secure deletion / Anonymization] |
|
|
166
|
+
|
|
167
|
+
**Maximum Retention**: [N] years
|
|
168
|
+
|
|
169
|
+
**Automated Deletion**: [YES/NO - describe mechanism]
|
|
170
|
+
|
|
171
|
+
### 2.3 Context of Processing
|
|
172
|
+
|
|
173
|
+
#### Why are we processing this data?
|
|
174
|
+
|
|
175
|
+
**Processing Purpose** (from Requirements):
|
|
176
|
+
|
|
177
|
+
| Requirement ID | Purpose | Stakeholder Goal |
|
|
178
|
+
|----------------|---------|------------------|
|
|
179
|
+
| BR-001 | [Purpose description] | [Goal from stakeholder analysis] |
|
|
180
|
+
| FR-005 | [Purpose description] | [Goal] |
|
|
181
|
+
| ... | ... | ... |
|
|
182
|
+
|
|
183
|
+
**Primary Purpose**: [SUMMARY]
|
|
184
|
+
|
|
185
|
+
**Secondary Purposes**: [List any secondary uses]
|
|
186
|
+
|
|
187
|
+
#### What is the relationship with data subjects?
|
|
188
|
+
|
|
189
|
+
**Relationship Type**:
|
|
190
|
+
|
|
191
|
+
- [ ] Customer/client
|
|
192
|
+
- [ ] Employee
|
|
193
|
+
- [ ] Citizen/public service user
|
|
194
|
+
- [ ] Patient
|
|
195
|
+
- [ ] Student
|
|
196
|
+
- [ ] Supplier/partner
|
|
197
|
+
- [ ] Website visitor
|
|
198
|
+
- [ ] Other: [SPECIFY]
|
|
199
|
+
|
|
200
|
+
**Power Balance**:
|
|
201
|
+
|
|
202
|
+
- [ ] Equal relationship (e.g., commercial transaction)
|
|
203
|
+
- [ ] Imbalanced relationship (e.g., employer-employee, government-citizen)
|
|
204
|
+
- If imbalanced: Describe safeguards to protect data subjects: [SAFEGUARDS]
|
|
205
|
+
|
|
206
|
+
#### How much control do data subjects have?
|
|
207
|
+
|
|
208
|
+
**Control Mechanisms**:
|
|
209
|
+
|
|
210
|
+
- [ ] Consent can be withdrawn
|
|
211
|
+
- [ ] Can opt out of processing
|
|
212
|
+
- [ ] Can access their data (Subject Access Request)
|
|
213
|
+
- [ ] Can correct inaccurate data (rectification)
|
|
214
|
+
- [ ] Can request deletion (right to erasure)
|
|
215
|
+
- [ ] Can object to processing
|
|
216
|
+
- [ ] Can request restriction of processing
|
|
217
|
+
- [ ] Can port data to another controller
|
|
218
|
+
- [ ] Can object to automated decisions
|
|
219
|
+
|
|
220
|
+
**Limitations on Control**: [Describe any limitations and legal basis]
|
|
221
|
+
|
|
222
|
+
#### Would data subjects expect this processing?
|
|
223
|
+
|
|
224
|
+
**Reasonable Expectation Assessment**:
|
|
225
|
+
|
|
226
|
+
- **Transparency**: Are data subjects informed about processing? [YES/NO]
|
|
227
|
+
- **Privacy Notice**: Is a clear privacy notice provided? [YES/NO]
|
|
228
|
+
- **Expectation**: Would an average person in this context expect this processing? [YES/MAYBE/NO]
|
|
229
|
+
|
|
230
|
+
**If unexpected processing**: Describe additional safeguards: [SAFEGUARDS]
|
|
231
|
+
|
|
232
|
+
### 2.4 Purpose and Benefits
|
|
233
|
+
|
|
234
|
+
#### What do we want to achieve?
|
|
235
|
+
|
|
236
|
+
**Intended Outcomes** (from Stakeholder Goals):
|
|
237
|
+
|
|
238
|
+
| Stakeholder Goal | Processing Contribution | Measurable Benefit |
|
|
239
|
+
|------------------|------------------------|-------------------|
|
|
240
|
+
| [Goal G-001] | [How processing supports this] | [Quantifiable benefit] |
|
|
241
|
+
| [Goal G-002] | [How processing supports this] | [Quantifiable benefit] |
|
|
242
|
+
|
|
243
|
+
**Primary Benefit**: [SUMMARY]
|
|
244
|
+
|
|
245
|
+
#### Who benefits?
|
|
246
|
+
|
|
247
|
+
- [ ] Data subjects (describe: [HOW])
|
|
248
|
+
- [ ] Organisation (describe: [HOW])
|
|
249
|
+
- [ ] Society/public (describe: [HOW])
|
|
250
|
+
- [ ] Third parties (describe: [WHO and HOW])
|
|
251
|
+
|
|
252
|
+
---
|
|
253
|
+
|
|
254
|
+
## 3. Consultation
|
|
255
|
+
|
|
256
|
+
### 3.1 Data Protection Officer (DPO) Consultation
|
|
257
|
+
|
|
258
|
+
**DPO Name**: [DPO_NAME]
|
|
259
|
+
|
|
260
|
+
**Date Consulted**: [DATE]
|
|
261
|
+
|
|
262
|
+
**DPO Advice**:
|
|
263
|
+
|
|
264
|
+
- [Advice point 1]
|
|
265
|
+
- [Advice point 2]
|
|
266
|
+
- [Advice point 3]
|
|
267
|
+
|
|
268
|
+
**DPO Recommendations**:
|
|
269
|
+
|
|
270
|
+
- [Recommendation 1]
|
|
271
|
+
- [Recommendation 2]
|
|
272
|
+
|
|
273
|
+
**How DPO Advice Addressed**: [SUMMARY]
|
|
274
|
+
|
|
275
|
+
### 3.2 Data Subject Consultation
|
|
276
|
+
|
|
277
|
+
**Consultation Method**:
|
|
278
|
+
|
|
279
|
+
- [ ] Survey
|
|
280
|
+
- [ ] Focus groups
|
|
281
|
+
- [ ] Public consultation
|
|
282
|
+
- [ ] User testing
|
|
283
|
+
- [ ] Privacy notice + feedback mechanism
|
|
284
|
+
- [ ] Not consulted (explain why: [REASON])
|
|
285
|
+
|
|
286
|
+
**Date(s) Consulted**: [DATE_RANGE]
|
|
287
|
+
|
|
288
|
+
**Number of Respondents**: [N] data subjects
|
|
289
|
+
|
|
290
|
+
**Key Feedback Received**:
|
|
291
|
+
|
|
292
|
+
1. [Feedback theme 1] - [N responses]
|
|
293
|
+
2. [Feedback theme 2] - [N responses]
|
|
294
|
+
3. [Feedback theme 3] - [N responses]
|
|
295
|
+
|
|
296
|
+
**Concerns Raised**:
|
|
297
|
+
|
|
298
|
+
- [Concern 1]
|
|
299
|
+
- [Concern 2]
|
|
300
|
+
|
|
301
|
+
**How Feedback Addressed**:
|
|
302
|
+
|
|
303
|
+
- [Action taken for concern 1]
|
|
304
|
+
- [Action taken for concern 2]
|
|
305
|
+
|
|
306
|
+
### 3.3 Stakeholder Consultation
|
|
307
|
+
|
|
308
|
+
**Stakeholders Consulted** (from Stakeholder RACI):
|
|
309
|
+
|
|
310
|
+
| Stakeholder | Role | Date Consulted | Feedback Summary |
|
|
311
|
+
|-------------|------|----------------|------------------|
|
|
312
|
+
| [Stakeholder 1] | [Role from RACI] | [DATE] | [Feedback] |
|
|
313
|
+
| [Stakeholder 2] | [Role from RACI] | [DATE] | [Feedback] |
|
|
314
|
+
|
|
315
|
+
**Key Stakeholder Concerns**:
|
|
316
|
+
|
|
317
|
+
- [Concern 1]
|
|
318
|
+
- [Concern 2]
|
|
319
|
+
|
|
320
|
+
**Resolution**: [How concerns addressed]
|
|
321
|
+
|
|
322
|
+
---
|
|
323
|
+
|
|
324
|
+
## 4. Necessity and Proportionality Assessment
|
|
325
|
+
|
|
326
|
+
### 4.1 Lawful Basis Assessment
|
|
327
|
+
|
|
328
|
+
**Primary Lawful Basis** (GDPR Article 6):
|
|
329
|
+
|
|
330
|
+
- [ ] **(a) Consent** - Data subject has given clear consent for processing for a specific purpose
|
|
331
|
+
- Evidence of consent: [DESCRIBE mechanism]
|
|
332
|
+
- Freely given, specific, informed, unambiguous: [YES/NO]
|
|
333
|
+
- Withdrawal mechanism: [DESCRIBE]
|
|
334
|
+
|
|
335
|
+
- [ ] **(b) Contract** - Processing is necessary to perform a contract with the data subject or to take steps to enter into a contract
|
|
336
|
+
- Contract type: [DESCRIBE]
|
|
337
|
+
- How processing is necessary: [EXPLAIN]
|
|
338
|
+
|
|
339
|
+
- [ ] **(c) Legal obligation** - Processing is necessary to comply with the law
|
|
340
|
+
- Legal obligation: [CITE specific law/regulation]
|
|
341
|
+
- Compliance requirement: [DESCRIBE]
|
|
342
|
+
|
|
343
|
+
- [ ] **(d) Vital interests** - Processing is necessary to protect someone's life
|
|
344
|
+
- Vital interest scenario: [DESCRIBE]
|
|
345
|
+
|
|
346
|
+
- [ ] **(e) Public task** - Processing is necessary to perform a task in the public interest or for official functions
|
|
347
|
+
- Public task: [DESCRIBE statutory function]
|
|
348
|
+
- Statutory basis: [CITE legislation]
|
|
349
|
+
|
|
350
|
+
- [ ] **(f) Legitimate interests** - Processing is necessary for legitimate interests, except where overridden by data subject rights
|
|
351
|
+
- Legitimate interest: [DESCRIBE]
|
|
352
|
+
- Balancing test completed: [YES] (see Section 4.4)
|
|
353
|
+
- Interests do not override data subject rights: [ASSESSMENT]
|
|
354
|
+
|
|
355
|
+
**Justification for Chosen Basis**: [DETAILED EXPLANATION]
|
|
356
|
+
|
|
357
|
+
### 4.2 Special Category Data Basis (Article 9)
|
|
358
|
+
|
|
359
|
+
**Applicable**: [YES/NO]
|
|
360
|
+
|
|
361
|
+
If YES, select condition(s):
|
|
362
|
+
|
|
363
|
+
- [ ] **(a) Explicit consent** for specific purpose
|
|
364
|
+
- [ ] **(b) Employment/social security/social protection law**
|
|
365
|
+
- [ ] **(c) Vital interests** (data subject physically/legally incapable of consent)
|
|
366
|
+
- [ ] **(d) Legitimate activities** of foundation/association/non-profit (with safeguards)
|
|
367
|
+
- [ ] **(e) Data manifestly made public** by data subject
|
|
368
|
+
- [ ] **(f) Legal claims** or judicial acts
|
|
369
|
+
- [ ] **(g) Substantial public interest** (with UK law basis)
|
|
370
|
+
- [ ] **(h) Health/social care** (with health professional or statutory obligation)
|
|
371
|
+
- [ ] **(i) Public health**
|
|
372
|
+
- [ ] **(j) Archiving/research/statistics** (with safeguards)
|
|
373
|
+
|
|
374
|
+
**UK DPA 2018 Schedule 1 Condition**: [CITE specific condition if using (g)]
|
|
375
|
+
|
|
376
|
+
**Justification**: [DETAILED EXPLANATION]
|
|
377
|
+
|
|
378
|
+
### 4.3 Necessity Assessment
|
|
379
|
+
|
|
380
|
+
**Is processing necessary to achieve the purpose?**
|
|
381
|
+
|
|
382
|
+
| Question | Answer | Justification |
|
|
383
|
+
|----------|--------|---------------|
|
|
384
|
+
| Can we achieve the purpose without processing personal data? | [YES/NO] | [If NO, explain why personal data is essential] |
|
|
385
|
+
| Can we achieve the purpose with less personal data? | [YES/NO] | [If NO, explain why all data items are necessary] |
|
|
386
|
+
| Can we achieve the purpose with less intrusive processing? | [YES/NO] | [If NO, explain why current methods are least intrusive] |
|
|
387
|
+
| Can we achieve the purpose by processing data for less time? | [YES/NO] | [If NO, explain retention necessity] |
|
|
388
|
+
|
|
389
|
+
**Necessity Conclusion**: Processing is [NECESSARY/NOT NECESSARY]
|
|
390
|
+
|
|
391
|
+
**Alternatives Considered**:
|
|
392
|
+
|
|
393
|
+
1. [Alternative approach 1] - Rejected because: [REASON]
|
|
394
|
+
2. [Alternative approach 2] - Rejected because: [REASON]
|
|
395
|
+
|
|
396
|
+
### 4.4 Proportionality Assessment
|
|
397
|
+
|
|
398
|
+
**Is the processing proportionate to the purpose?**
|
|
399
|
+
|
|
400
|
+
**Data Minimization**:
|
|
401
|
+
|
|
402
|
+
- [ ] We only collect data that is adequate for the purpose
|
|
403
|
+
- [ ] We only collect data that is relevant for the purpose
|
|
404
|
+
- [ ] We do not collect excessive data
|
|
405
|
+
- Evidence: [List data items and justify each]
|
|
406
|
+
|
|
407
|
+
**Proportionality Factors**:
|
|
408
|
+
|
|
409
|
+
| Factor | Assessment | Score (1-5) |
|
|
410
|
+
|--------|------------|-------------|
|
|
411
|
+
| Severity of intrusion into private life | [Low/Medium/High] | [Score] |
|
|
412
|
+
| Benefits to data subjects | [Low/Medium/High] | [Score] |
|
|
413
|
+
| Benefits to organisation | [Low/Medium/High] | [Score] |
|
|
414
|
+
| Benefits to society | [Low/Medium/High] | [Score] |
|
|
415
|
+
| Reasonable alternatives exist | [Yes/No] | [Score] |
|
|
416
|
+
|
|
417
|
+
**Proportionality Conclusion**: Processing is [PROPORTIONATE/NOT PROPORTIONATE]
|
|
418
|
+
|
|
419
|
+
**Justification**: [DETAILED BALANCING EXPLANATION]
|
|
420
|
+
|
|
421
|
+
---
|
|
422
|
+
|
|
423
|
+
## 5. Risk Assessment to Data Subjects
|
|
424
|
+
|
|
425
|
+
**CRITICAL**: Assess risks to **individuals' rights and freedoms**, NOT organisational risks.
|
|
426
|
+
|
|
427
|
+
### 5.1 Risk Identification
|
|
428
|
+
|
|
429
|
+
**Risk Categories to Consider**:
|
|
430
|
+
|
|
431
|
+
- Physical harm (safety, health risks)
|
|
432
|
+
- Material damage (financial loss, fraud, identity theft, discrimination affecting employment/services)
|
|
433
|
+
- Non-material damage (distress, anxiety, reputational damage, loss of confidentiality, loss of control over personal data, discrimination, disadvantage)
|
|
434
|
+
|
|
435
|
+
### 5.2 Inherent Risks (Before Mitigation)
|
|
436
|
+
|
|
437
|
+
| Risk ID | Risk Description | Impact on Data Subjects | Likelihood | Severity | Risk Level | Risk Source |
|
|
438
|
+
|---------|------------------|-------------------------|------------|----------|------------|-------------|
|
|
439
|
+
| DPIA-001 | Unauthorised access to [data type] | [Description of harm to individuals] | [Low/Medium/High] | [Low/Medium/High/Very High] | [LOW/MEDIUM/HIGH/VERY HIGH] | Security vulnerability |
|
|
440
|
+
| DPIA-002 | Data breach exposing [data type] | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | [Source] |
|
|
441
|
+
| DPIA-003 | Inaccurate data leading to wrong decisions | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | Data quality |
|
|
442
|
+
| DPIA-004 | Excessive data retention | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | Retention policy |
|
|
443
|
+
| DPIA-005 | Third party misuse of data | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | Third party failure |
|
|
444
|
+
| DPIA-006 | Algorithmic bias/discrimination (if AI/ML) | [Description of harm to protected groups] | [Likelihood] | [Severity] | [Risk Level] | Algorithm design |
|
|
445
|
+
| DPIA-007 | Re-identification of anonymized data | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | De-anonymization attack |
|
|
446
|
+
| DPIA-008 | Function creep (use for unintended purposes) | [Description of harm] | [Likelihood] | [Severity] | [Risk Level] | Mission creep |
|
|
447
|
+
|
|
448
|
+
**Likelihood Scale**:
|
|
449
|
+
|
|
450
|
+
- **Low**: Unlikely to occur (0-33% chance)
|
|
451
|
+
- **Medium**: May occur (34-66% chance)
|
|
452
|
+
- **High**: Likely to occur (67-100% chance)
|
|
453
|
+
|
|
454
|
+
**Severity Scale** (Impact on Individuals):
|
|
455
|
+
|
|
456
|
+
- **Low**: Minimal or no impact; temporary inconvenience
|
|
457
|
+
- **Medium**: Significant inconvenience or distress; some financial loss; minor reputational impact
|
|
458
|
+
- **High**: Serious consequences; significant financial loss; significant reputational damage; psychological harm
|
|
459
|
+
- **Very High**: Irreversible harm; severe financial loss; severe psychological trauma; physical safety risk
|
|
460
|
+
|
|
461
|
+
**Risk Level Matrix**:
|
|
462
|
+
|
|
463
|
+
| | Low Severity | Medium Severity | High Severity | Very High Severity |
|
|
464
|
+
|------------|-------------|-----------------|---------------|-------------------|
|
|
465
|
+
| **Low Likelihood** | LOW | LOW | MEDIUM | HIGH |
|
|
466
|
+
| **Medium Likelihood** | LOW | MEDIUM | HIGH | VERY HIGH |
|
|
467
|
+
| **High Likelihood** | MEDIUM | HIGH | VERY HIGH | VERY HIGH |
|
|
468
|
+
|
|
469
|
+
### 5.3 Detailed Risk Analysis
|
|
470
|
+
|
|
471
|
+
**DPIA-001: [Risk Title]**
|
|
472
|
+
|
|
473
|
+
**Description**: [Detailed description of what could go wrong]
|
|
474
|
+
|
|
475
|
+
**Data Subjects Affected**: [Which groups/how many individuals]
|
|
476
|
+
|
|
477
|
+
**Harm to Individuals**:
|
|
478
|
+
|
|
479
|
+
- Physical: [Describe physical harm, if any]
|
|
480
|
+
- Material: [Describe financial/material harm, if any]
|
|
481
|
+
- Non-material: [Describe distress/reputational/discrimination harm, if any]
|
|
482
|
+
|
|
483
|
+
**Likelihood Analysis**: [Why is this likely/unlikely to happen?]
|
|
484
|
+
|
|
485
|
+
**Severity Analysis**: [Why would the impact be low/medium/high/very high?]
|
|
486
|
+
|
|
487
|
+
**Existing Controls**: [What controls are already in place, if any?]
|
|
488
|
+
|
|
489
|
+
[Repeat for each identified risk]
|
|
490
|
+
|
|
491
|
+
---
|
|
492
|
+
|
|
493
|
+
## 6. Mitigation Measures
|
|
494
|
+
|
|
495
|
+
### 6.1 Technical Measures
|
|
496
|
+
|
|
497
|
+
**Data Security**:
|
|
498
|
+
|
|
499
|
+
- [ ] **Encryption at rest** - [Specify: AES-256, database encryption, disk encryption]
|
|
500
|
+
- [ ] **Encryption in transit** - [Specify: TLS 1.3, VPN, secure protocols]
|
|
501
|
+
- [ ] **Pseudonymization** - [Describe: tokenization, hashing, key management]
|
|
502
|
+
- [ ] **Anonymization** - [Describe: k-anonymity, differential privacy, aggregation]
|
|
503
|
+
- [ ] **Access controls** - [Specify: RBAC, least privilege, MFA, SSO]
|
|
504
|
+
- [ ] **Audit logging** - [Specify: what is logged, retention period, monitoring]
|
|
505
|
+
- [ ] **Data masking** - [Describe: field-level masking, dynamic masking]
|
|
506
|
+
- [ ] **Secure deletion** - [Describe: cryptographic erasure, overwriting, destruction]
|
|
507
|
+
|
|
508
|
+
**Data Minimization**:
|
|
509
|
+
|
|
510
|
+
- [ ] **Collection limitation** - Only collect necessary data fields
|
|
511
|
+
- [ ] **Storage limitation** - Automated deletion after retention period
|
|
512
|
+
- [ ] **Processing limitation** - Restrict processing to stated purposes
|
|
513
|
+
- [ ] **Disclosure limitation** - Share only with authorized parties
|
|
514
|
+
|
|
515
|
+
**Technical Safeguards for AI/ML** (if applicable):
|
|
516
|
+
|
|
517
|
+
- [ ] **Bias testing** - Regular testing for discriminatory outcomes
|
|
518
|
+
- [ ] **Model explainability** - LIME, SHAP, or other interpretability tools
|
|
519
|
+
- [ ] **Human oversight** - Human review of automated decisions
|
|
520
|
+
- [ ] **Fairness metrics** - Demographic parity, equal opportunity, calibration
|
|
521
|
+
|
|
522
|
+
**Privacy-Enhancing Technologies**:
|
|
523
|
+
|
|
524
|
+
- [ ] **Differential privacy** for statistical analysis
|
|
525
|
+
- [ ] **Homomorphic encryption** for computation on encrypted data
|
|
526
|
+
- [ ] **Secure multi-party computation** for collaborative analysis
|
|
527
|
+
- [ ] **Zero-knowledge proofs** for verification without disclosure
|
|
528
|
+
|
|
529
|
+
### 6.2 Organisational Measures
|
|
530
|
+
|
|
531
|
+
**Policies and Procedures**:
|
|
532
|
+
|
|
533
|
+
- [ ] **Privacy Policy** - Clear, accessible privacy notice for data subjects
|
|
534
|
+
- [ ] **Data Protection Policy** - Internal policy for staff
|
|
535
|
+
- [ ] **Retention and Disposal Policy** - Defined retention periods and deletion procedures
|
|
536
|
+
- [ ] **Data Breach Response Plan** - 72-hour notification to ICO, data subject notification
|
|
537
|
+
- [ ] **Data Subject Rights Procedures** - SAR, rectification, erasure, portability processes
|
|
538
|
+
|
|
539
|
+
**Training and Awareness**:
|
|
540
|
+
|
|
541
|
+
- [ ] **Staff training** - GDPR awareness, privacy principles, secure handling
|
|
542
|
+
- [ ] **Role-specific training** - Additional training for those with data access
|
|
543
|
+
- [ ] **Regular refresher training** - Frequency: [SPECIFY]
|
|
544
|
+
|
|
545
|
+
**Vendor Management**:
|
|
546
|
+
|
|
547
|
+
- [ ] **Data Processing Agreements (DPAs)** - Contracts with all processors
|
|
548
|
+
- [ ] **Vendor due diligence** - Security and privacy assessments before engagement
|
|
549
|
+
- [ ] **Regular audits** - Annual audits of processor compliance
|
|
550
|
+
- [ ] **Data transfer safeguards** - SCCs for international transfers
|
|
551
|
+
|
|
552
|
+
**Governance**:
|
|
553
|
+
|
|
554
|
+
- [ ] **Data Protection Officer (DPO)** - DPO appointed and accessible
|
|
555
|
+
- [ ] **Privacy by Design** - Privacy built into system design from the start
|
|
556
|
+
- [ ] **Privacy by Default** - Strictest privacy settings by default
|
|
557
|
+
- [ ] **Regular reviews** - DPIA reviewed every [N] months or on significant change
|
|
558
|
+
|
|
559
|
+
**Data Subject Rights Facilitation**:
|
|
560
|
+
|
|
561
|
+
- [ ] **Subject Access Request (SAR) process** - Response within 1 month
|
|
562
|
+
- [ ] **Rectification process** - Mechanism to correct inaccurate data
|
|
563
|
+
- [ ] **Erasure process** - "Right to be forgotten" implementation
|
|
564
|
+
- [ ] **Portability process** - Export data in machine-readable format
|
|
565
|
+
- [ ] **Objection process** - Mechanism to object to processing
|
|
566
|
+
- [ ] **Restriction process** - Mechanism to restrict processing
|
|
567
|
+
|
|
568
|
+
### 6.3 Mitigation Mapping
|
|
569
|
+
|
|
570
|
+
**Risk-by-Risk Mitigation**:
|
|
571
|
+
|
|
572
|
+
| Risk ID | Risk Title | Mitigations Applied | Responsibility | Implementation Date |
|
|
573
|
+
|---------|------------|---------------------|----------------|---------------------|
|
|
574
|
+
| DPIA-001 | Unauthorised access | Encryption (AES-256), MFA, RBAC, Audit logging | Security Team | [DATE] |
|
|
575
|
+
| DPIA-002 | Data breach | Encryption, DLP, Incident response plan, Staff training | Security + DPO | [DATE] |
|
|
576
|
+
| DPIA-003 | Inaccurate data | Data validation, Rectification process, Regular audits | Data Steward | [DATE] |
|
|
577
|
+
| DPIA-004 | Excessive retention | Automated deletion, Retention policy, Regular reviews | Data Governance | [DATE] |
|
|
578
|
+
| DPIA-005 | Third party misuse | DPAs, Vendor audits, Limited sharing, Contractual controls | Legal + Procurement | [DATE] |
|
|
579
|
+
| DPIA-006 | Algorithmic bias | Bias testing, Fairness metrics, Human oversight, Diverse training data | Data Science + Ethics Board | [DATE] |
|
|
580
|
+
|
|
581
|
+
### 6.4 Residual Risk Assessment
|
|
582
|
+
|
|
583
|
+
**Risks After Mitigation**:
|
|
584
|
+
|
|
585
|
+
| Risk ID | Risk Title | Mitigations | Residual Likelihood | Residual Severity | Residual Risk Level | Acceptable? | Justification |
|
|
586
|
+
|---------|------------|-------------|---------------------|-------------------|---------------------|-------------|---------------|
|
|
587
|
+
| DPIA-001 | Unauthorised access | Encryption + MFA + RBAC + Audit logs | Low | Medium | **MEDIUM** | YES | Risk reduced to tolerable level with strong controls |
|
|
588
|
+
| DPIA-002 | Data breach | Encryption + DLP + Incident plan + Training | Low | High | **MEDIUM** | YES | Cannot eliminate entirely; mitigations are industry best practice |
|
|
589
|
+
| DPIA-003 | Inaccurate data | Validation + Rectification + Audits | Medium | Low | **LOW** | YES | Low impact; regular audits catch issues |
|
|
590
|
+
| DPIA-004 | Excessive retention | Automated deletion + Policy | Low | Low | **LOW** | YES | Technical controls ensure compliance |
|
|
591
|
+
| DPIA-005 | Third party misuse | DPAs + Audits + Limited sharing | Low | Medium | **MEDIUM** | YES | Contractual and technical controls in place |
|
|
592
|
+
| DPIA-006 | Algorithmic bias | Bias testing + Fairness + Oversight | Medium | Medium | **MEDIUM** | YES (with monitoring) | Ongoing monitoring and human oversight required |
|
|
593
|
+
|
|
594
|
+
**Overall Residual Risk Level**: [LOW/MEDIUM/HIGH/VERY HIGH]
|
|
595
|
+
|
|
596
|
+
**Acceptability Assessment**:
|
|
597
|
+
|
|
598
|
+
- [ ] All residual risks are LOW or MEDIUM → ACCEPTABLE
|
|
599
|
+
- [ ] Some residual risks are HIGH → ACCEPTABLE WITH CONDITIONS (describe conditions)
|
|
600
|
+
- [ ] Any residual risks are VERY HIGH → NOT ACCEPTABLE (ICO consultation required)
|
|
601
|
+
|
|
602
|
+
**Conditions for Acceptance** (if applicable):
|
|
603
|
+
|
|
604
|
+
1. [Condition 1]
|
|
605
|
+
2. [Condition 2]
|
|
606
|
+
|
|
607
|
+
---
|
|
608
|
+
|
|
609
|
+
## 7. ICO Prior Consultation
|
|
610
|
+
|
|
611
|
+
**ICO Consultation Required**: [YES/NO]
|
|
612
|
+
|
|
613
|
+
**Trigger**: ICO prior consultation is required if:
|
|
614
|
+
|
|
615
|
+
- Residual risk remains **HIGH** or **VERY HIGH** after mitigation, AND
|
|
616
|
+
- Processing will go ahead despite the high residual risk
|
|
617
|
+
|
|
618
|
+
**ICO Consultation Details** (if required):
|
|
619
|
+
|
|
620
|
+
| Field | Value |
|
|
621
|
+
|-------|-------|
|
|
622
|
+
| ICO Reference Number | [REF-NUMBER] |
|
|
623
|
+
| Consultation Date | [DATE] |
|
|
624
|
+
| ICO Case Officer | [NAME] |
|
|
625
|
+
| ICO Advice Received | [DATE] |
|
|
626
|
+
| ICO Recommendations | [SUMMARY] |
|
|
627
|
+
| ICO Approval | [APPROVED/APPROVED WITH CONDITIONS/NOT APPROVED] |
|
|
628
|
+
| Conditions | [LIST CONDITIONS] |
|
|
629
|
+
| How Conditions Addressed | [SUMMARY] |
|
|
630
|
+
|
|
631
|
+
**ICO Advice Summary**:
|
|
632
|
+
|
|
633
|
+
- [Advice point 1]
|
|
634
|
+
- [Advice point 2]
|
|
635
|
+
- [Advice point 3]
|
|
636
|
+
|
|
637
|
+
---
|
|
638
|
+
|
|
639
|
+
## 8. Sign-Off and Approval
|
|
640
|
+
|
|
641
|
+
### 8.1 DPIA Approval
|
|
642
|
+
|
|
643
|
+
| Role | Name | Decision | Date | Signature |
|
|
644
|
+
|------|------|----------|------|-----------|
|
|
645
|
+
| **Data Protection Officer** | [DPO_NAME] | [Approved/Approved with conditions/Not approved] | [DATE] | [SIGNATURE] |
|
|
646
|
+
| **Data Controller** | [CONTROLLER_NAME] | [Approved/Approved with conditions/Not approved] | [DATE] | [SIGNATURE] |
|
|
647
|
+
| **Senior Responsible Owner** | [SRO_NAME] | [Approved/Approved with conditions/Not approved] | [DATE] | [SIGNATURE] |
|
|
648
|
+
|
|
649
|
+
### 8.2 Conditions of Approval
|
|
650
|
+
|
|
651
|
+
**Conditions** (if any):
|
|
652
|
+
|
|
653
|
+
1. [Condition 1]
|
|
654
|
+
2. [Condition 2]
|
|
655
|
+
|
|
656
|
+
**How Conditions Will Be Met**:
|
|
657
|
+
|
|
658
|
+
- [Action for condition 1] - Responsibility: [NAME] - Due: [DATE]
|
|
659
|
+
- [Action for condition 2] - Responsibility: [NAME] - Due: [DATE]
|
|
660
|
+
|
|
661
|
+
### 8.3 Final Decision
|
|
662
|
+
|
|
663
|
+
**Decision**: [PROCEED / DO NOT PROCEED / PROCEED WITH CONDITIONS]
|
|
664
|
+
|
|
665
|
+
**Rationale**: [JUSTIFICATION FOR DECISION]
|
|
666
|
+
|
|
667
|
+
**Effective Date**: [DATE processing can commence]
|
|
668
|
+
|
|
669
|
+
---
|
|
670
|
+
|
|
671
|
+
## 9. Integration with Information Security Management
|
|
672
|
+
|
|
673
|
+
### 9.1 Link to Security Controls
|
|
674
|
+
|
|
675
|
+
**Security Assessment Reference**: `projects/{project_id}/ARC-{PROJECT_ID}-SBD-v*.md`
|
|
676
|
+
|
|
677
|
+
**DPIA Mitigations → Security Controls Mapping**:
|
|
678
|
+
|
|
679
|
+
| DPIA Mitigation | Security Control | NCSC CAF Principle | Implementation Status |
|
|
680
|
+
|-----------------|------------------|--------------------|-----------------------|
|
|
681
|
+
| Encryption at rest | Data security (encryption) | A.3 Asset Management | [Implemented/Planned] |
|
|
682
|
+
| Access controls | Identity and access management | B.1 Identity and Access | [Implemented/Planned] |
|
|
683
|
+
| Audit logging | Monitoring and audit | A.1 Governance | [Implemented/Planned] |
|
|
684
|
+
| Staff training | Security awareness | C.1 People | [Implemented/Planned] |
|
|
685
|
+
|
|
686
|
+
**Security Controls Feed into DPIA**: Security controls reduce likelihood of unauthorized access, data breach, and misuse risks.
|
|
687
|
+
|
|
688
|
+
### 9.2 Link to Risk Register
|
|
689
|
+
|
|
690
|
+
**Risk Register Reference**: `projects/{project_id}/ARC-{PROJECT_ID}-RISK-v*.md`
|
|
691
|
+
|
|
692
|
+
**DPIA Risks to Add to Risk Register**:
|
|
693
|
+
|
|
694
|
+
| DPIA Risk ID | Risk Register ID | Risk Category | Owner | Treatment |
|
|
695
|
+
|--------------|------------------|---------------|-------|-----------|
|
|
696
|
+
| DPIA-001 | RISK-SEC-001 | Technology Risk | CISO | Treat (mitigate) |
|
|
697
|
+
| DPIA-002 | RISK-COMP-001 | Compliance Risk | DPO | Treat (mitigate) |
|
|
698
|
+
| DPIA-006 | RISK-REP-001 | Reputational Risk | CDO | Treat (mitigate) |
|
|
699
|
+
|
|
700
|
+
---
|
|
701
|
+
|
|
702
|
+
## 10. Review and Monitoring
|
|
703
|
+
|
|
704
|
+
### 10.1 Review Triggers
|
|
705
|
+
|
|
706
|
+
**DPIA must be reviewed when**:
|
|
707
|
+
|
|
708
|
+
- [ ] Significant change to processing (new data, new purpose, new systems)
|
|
709
|
+
- [ ] New technology introduced
|
|
710
|
+
- [ ] New risks identified (e.g., new attack vectors, regulatory changes)
|
|
711
|
+
- [ ] Data breach or security incident occurs
|
|
712
|
+
- [ ] ICO guidance changes
|
|
713
|
+
- [ ] Data subjects raise concerns
|
|
714
|
+
- [ ] Periodic review date reached
|
|
715
|
+
|
|
716
|
+
**Periodic Review Frequency**: Every [6/12/24] months
|
|
717
|
+
|
|
718
|
+
### 10.2 Review Schedule
|
|
719
|
+
|
|
720
|
+
| Review Type | Frequency | Next Review Date | Responsibility |
|
|
721
|
+
|-------------|-----------|------------------|----------------|
|
|
722
|
+
| **Periodic review** | [N] months | [DATE] | DPO |
|
|
723
|
+
| **Post-implementation review** | 3 months after go-live | [DATE] | Enterprise Architect |
|
|
724
|
+
| **Annual review** | Annually | [DATE] | Data Controller |
|
|
725
|
+
|
|
726
|
+
### 10.3 Monitoring Activities
|
|
727
|
+
|
|
728
|
+
**Ongoing Monitoring**:
|
|
729
|
+
|
|
730
|
+
- [ ] Track number of SARs received and response times
|
|
731
|
+
- [ ] Track data breaches and near-misses
|
|
732
|
+
- [ ] Monitor audit logs for unauthorized access attempts
|
|
733
|
+
- [ ] Review algorithmic bias metrics (if AI/ML)
|
|
734
|
+
- [ ] Review data subject complaints
|
|
735
|
+
- [ ] Track compliance with retention periods
|
|
736
|
+
|
|
737
|
+
**Monitoring Metrics**:
|
|
738
|
+
|
|
739
|
+
| Metric | Target | Measurement Frequency | Responsibility |
|
|
740
|
+
|--------|--------|----------------------|----------------|
|
|
741
|
+
| SAR response time | <1 month | Monthly | DPO |
|
|
742
|
+
| Data breaches | 0 | Continuous | Security Team |
|
|
743
|
+
| Unauthorized access attempts | <10/month | Weekly | Security Team |
|
|
744
|
+
| Algorithmic bias metrics | Fairness ratio >0.8 | Quarterly | Data Science Team |
|
|
745
|
+
|
|
746
|
+
### 10.4 Change Management
|
|
747
|
+
|
|
748
|
+
**Change Control Process**:
|
|
749
|
+
|
|
750
|
+
1. Any change to processing must be assessed for DPIA impact
|
|
751
|
+
2. If change is significant (new data, new purpose, new risk), DPIA must be updated
|
|
752
|
+
3. Updated DPIA must be re-approved by DPO and Data Controller
|
|
753
|
+
4. Data subjects must be notified of significant changes
|
|
754
|
+
|
|
755
|
+
**Change Log**:
|
|
756
|
+
|
|
757
|
+
| Change Date | Change Description | DPIA Impact | Updated Sections | Approved By |
|
|
758
|
+
|-------------|-------------------|-------------|------------------|-------------|
|
|
759
|
+
| [DATE] | [Change] | [Significant/Minor/None] | [Sections] | [NAME] |
|
|
760
|
+
|
|
761
|
+
---
|
|
762
|
+
|
|
763
|
+
## 11. Traceability to ArcKit Artifacts
|
|
764
|
+
|
|
765
|
+
### 11.1 Source Artifacts
|
|
766
|
+
|
|
767
|
+
**This DPIA was generated from**:
|
|
768
|
+
|
|
769
|
+
| Artifact | Location | Information Extracted |
|
|
770
|
+
|----------|----------|----------------------|
|
|
771
|
+
| **Architecture Principles** | `projects/000-global/ARC-000-PRIN-v*.md` | Privacy by Design, Data Minimization principles |
|
|
772
|
+
| **Data Model** | `projects/{project_id}/ARC-{PROJECT_ID}-DATA-v*.md` | Entities, PII inventory, special category data, GDPR lawful basis, retention periods |
|
|
773
|
+
| **Requirements** | `projects/{project_id}/ARC-{PROJECT_ID}-REQ-v*.md` | Data requirements (DR-xxx), processing purposes |
|
|
774
|
+
| **Stakeholder Analysis** | `projects/{project_id}/ARC-{PROJECT_ID}-STKE-v*.md` | Data subject categories, vulnerable groups, RACI for data governance roles |
|
|
775
|
+
| **Risk Register** | `projects/{project_id}/ARC-{PROJECT_ID}-RISK-v*.md` | Existing data protection risks |
|
|
776
|
+
| **Secure by Design Assessment** | `projects/{project_id}/ARC-*-SECD-*.md` | Security controls used as DPIA mitigations |
|
|
777
|
+
|
|
778
|
+
### 11.2 Traceability Matrix: Data → Requirements → DPIA
|
|
779
|
+
|
|
780
|
+
| Data Model Entity | PII Level | DR Requirement | Processing Purpose | DPIA Risk(s) | Lawful Basis |
|
|
781
|
+
|-------------------|-----------|----------------|-------------------|-------------|--------------|
|
|
782
|
+
| E-001: [Entity] | HIGH | DR-001 | [Purpose from requirement] | DPIA-001, DPIA-002 | [Article 6 basis] |
|
|
783
|
+
| E-002: [Entity] | VERY HIGH (Special) | DR-003 | [Purpose] | DPIA-002, DPIA-004 | [Article 6 + Article 9 basis] |
|
|
784
|
+
|
|
785
|
+
### 11.3 Traceability Matrix: Stakeholder → Data Subject → Rights
|
|
786
|
+
|
|
787
|
+
| Stakeholder | Data Subject Type | Volume | Rights Processes Implemented | Vulnerability Safeguards |
|
|
788
|
+
|-------------|-------------------|--------|------------------------------|--------------------------|
|
|
789
|
+
| [Stakeholder 1] | [Type] | [N] | SAR, Rectification, Erasure | [Safeguards if vulnerable] |
|
|
790
|
+
| [Stakeholder 2] | [Type] | [N] | SAR, Rectification, Erasure, Portability | [Safeguards] |
|
|
791
|
+
|
|
792
|
+
### 11.4 Downstream Artifacts Informed by DPIA
|
|
793
|
+
|
|
794
|
+
**This DPIA informs**:
|
|
795
|
+
|
|
796
|
+
| Artifact | How DPIA Informs It |
|
|
797
|
+
|----------|---------------------|
|
|
798
|
+
| **Risk Register** | DPIA risks (DPIA-001, etc.) added as data protection/compliance risks |
|
|
799
|
+
| **Secure by Design Assessment** | DPIA mitigations become security control requirements |
|
|
800
|
+
| **Vendor HLD Review** | Vendor design must address DPIA risks and implement mitigations |
|
|
801
|
+
| **Vendor DLD Review** | Detailed technical controls must match DPIA mitigation requirements |
|
|
802
|
+
| **AI Playbook Assessment** | DPIA algorithmic bias findings inform AI ethics assessment |
|
|
803
|
+
| **Service Assessment (GDS)** | DPIA demonstrates Point 5 (data and privacy) compliance |
|
|
804
|
+
| **Procurement (SOW)** | DPIA requirements flow into vendor RFP requirements |
|
|
805
|
+
|
|
806
|
+
---
|
|
807
|
+
|
|
808
|
+
## 12. Data Subject Rights Implementation
|
|
809
|
+
|
|
810
|
+
### 12.1 Rights Checklist
|
|
811
|
+
|
|
812
|
+
**Right of Access (Article 15)**:
|
|
813
|
+
|
|
814
|
+
- [ ] Process implemented: [Describe SAR process]
|
|
815
|
+
- [ ] Response time: Within 1 month (extendable by 2 months if complex)
|
|
816
|
+
- [ ] Identity verification: [Describe verification method]
|
|
817
|
+
- [ ] Information provided: Copy of data, processing purpose, categories, recipients, retention period, rights
|
|
818
|
+
- [ ] Free of charge (unless excessive/unfounded)
|
|
819
|
+
|
|
820
|
+
**Right to Rectification (Article 16)**:
|
|
821
|
+
|
|
822
|
+
- [ ] Process implemented: [Describe rectification process]
|
|
823
|
+
- [ ] Verification: [How accuracy is verified]
|
|
824
|
+
- [ ] Notification: Recipients notified of rectifications
|
|
825
|
+
|
|
826
|
+
**Right to Erasure (Article 17)**:
|
|
827
|
+
|
|
828
|
+
- [ ] Process implemented: [Describe deletion process]
|
|
829
|
+
- [ ] Exceptions: [When erasure cannot be granted - legal obligation, public interest, etc.]
|
|
830
|
+
- [ ] Third parties notified: [Process to notify processors/recipients]
|
|
831
|
+
|
|
832
|
+
**Right to Restriction of Processing (Article 18)**:
|
|
833
|
+
|
|
834
|
+
- [ ] Process implemented: [Describe restriction mechanism]
|
|
835
|
+
- [ ] Technical implementation: [How data is marked/flagged as restricted]
|
|
836
|
+
|
|
837
|
+
**Right to Data Portability (Article 20)**:
|
|
838
|
+
|
|
839
|
+
- [ ] Applicable: [YES/NO - only for automated processing on consent/contract basis]
|
|
840
|
+
- [ ] Process implemented: [Describe export process]
|
|
841
|
+
- [ ] Format: Machine-readable (JSON, CSV, XML)
|
|
842
|
+
- [ ] Direct transmission: [Can data be transmitted to another controller?]
|
|
843
|
+
|
|
844
|
+
**Right to Object (Article 21)**:
|
|
845
|
+
|
|
846
|
+
- [ ] Process implemented: [Describe objection process]
|
|
847
|
+
- [ ] Basis: Applicable for public task and legitimate interests processing
|
|
848
|
+
- [ ] Marketing opt-out: [Describe opt-out mechanism]
|
|
849
|
+
|
|
850
|
+
**Rights Related to Automated Decision-Making (Article 22)**:
|
|
851
|
+
|
|
852
|
+
- [ ] Applicable: [YES/NO - is there solely automated decision-making?]
|
|
853
|
+
- [ ] Safeguards: Human oversight, explanation, ability to challenge decision
|
|
854
|
+
- [ ] Process: [Describe how individuals can request human review]
|
|
855
|
+
|
|
856
|
+
### 12.2 Rights Fulfillment Procedures
|
|
857
|
+
|
|
858
|
+
**Standard Operating Procedures**:
|
|
859
|
+
|
|
860
|
+
1. **Receipt**: Rights requests received via [email/web form/postal address]
|
|
861
|
+
2. **Verification**: Identity verified using [method]
|
|
862
|
+
3. **Logging**: Request logged in [system] with unique reference number
|
|
863
|
+
4. **Acknowledgement**: Acknowledgement sent within [N] days
|
|
864
|
+
5. **Retrieval**: Data retrieved from [systems/databases]
|
|
865
|
+
6. **Review**: Legal/DPO review for exemptions or complexities
|
|
866
|
+
7. **Response**: Response provided within 1 month
|
|
867
|
+
8. **Escalation**: Complex requests escalated to DPO
|
|
868
|
+
|
|
869
|
+
**Training**: Staff trained on rights fulfillment - [Training frequency]
|
|
870
|
+
|
|
871
|
+
---
|
|
872
|
+
|
|
873
|
+
## 13. International Data Transfers
|
|
874
|
+
|
|
875
|
+
**Applicable**: [YES/NO]
|
|
876
|
+
|
|
877
|
+
If YES:
|
|
878
|
+
|
|
879
|
+
### 13.1 Transfer Details
|
|
880
|
+
|
|
881
|
+
| Recipient | Country | Data Transferred | Purpose | Volume | Adequacy Decision? |
|
|
882
|
+
|-----------|---------|------------------|---------|--------|-------------------|
|
|
883
|
+
| [Recipient 1] | [Country] | [Data types] | [Purpose] | [N records] | [YES/NO] |
|
|
884
|
+
| [Recipient 2] | [Country] | [Data types] | [Purpose] | [N records] | [YES/NO] |
|
|
885
|
+
|
|
886
|
+
### 13.2 Transfer Safeguards
|
|
887
|
+
|
|
888
|
+
**For countries WITH UK adequacy decision**:
|
|
889
|
+
|
|
890
|
+
- [ ] No additional safeguards required beyond standard DPIA measures
|
|
891
|
+
|
|
892
|
+
**For countries WITHOUT adequacy decision**:
|
|
893
|
+
|
|
894
|
+
- [ ] **Standard Contractual Clauses (SCCs)** - UK ICO approved SCCs signed with recipient
|
|
895
|
+
- SCC version: [International Data Transfer Agreement (IDTA) / Addendum to EU SCCs]
|
|
896
|
+
- Date signed: [DATE]
|
|
897
|
+
- Recipient guarantees: [Summary of guarantees]
|
|
898
|
+
|
|
899
|
+
- [ ] **Binding Corporate Rules (BCRs)** - Approved BCRs in place
|
|
900
|
+
- BCR approval date: [DATE]
|
|
901
|
+
- ICO reference: [REF]
|
|
902
|
+
|
|
903
|
+
- [ ] **Derogations** (only in exceptional circumstances)
|
|
904
|
+
- Explicit consent obtained: [YES/NO]
|
|
905
|
+
- Necessary for contract performance: [YES/NO]
|
|
906
|
+
- Necessary for legal claims: [YES/NO]
|
|
907
|
+
|
|
908
|
+
### 13.3 Transfer Risk Assessment
|
|
909
|
+
|
|
910
|
+
**Additional risks from international transfer**:
|
|
911
|
+
|
|
912
|
+
- Foreign government access to data: [Assessment]
|
|
913
|
+
- Different legal protections: [Assessment]
|
|
914
|
+
- Enforcement challenges: [Assessment]
|
|
915
|
+
|
|
916
|
+
**Additional safeguards**:
|
|
917
|
+
|
|
918
|
+
- [Safeguard 1]
|
|
919
|
+
- [Safeguard 2]
|
|
920
|
+
|
|
921
|
+
---
|
|
922
|
+
|
|
923
|
+
## 14. Children's Data (if applicable)
|
|
924
|
+
|
|
925
|
+
**Processing Children's Data**: [YES/NO]
|
|
926
|
+
|
|
927
|
+
If YES:
|
|
928
|
+
|
|
929
|
+
### 14.1 Age Verification
|
|
930
|
+
|
|
931
|
+
**Age Threshold**: [13/16] years (online services)
|
|
932
|
+
|
|
933
|
+
**Age Verification Method**: [Describe verification mechanism]
|
|
934
|
+
|
|
935
|
+
**Parental Consent**: [Describe parental consent mechanism for children under threshold]
|
|
936
|
+
|
|
937
|
+
### 14.2 Additional Safeguards for Children
|
|
938
|
+
|
|
939
|
+
- [ ] **Privacy notice for children** - Age-appropriate language, simplified explanation
|
|
940
|
+
- [ ] **Minimization** - Only essential data collected from children
|
|
941
|
+
- [ ] **No profiling** - Children's data not used for profiling/marketing (unless consent + child's best interests)
|
|
942
|
+
- [ ] **No AI decision-making** - No solely automated decisions affecting children
|
|
943
|
+
- [ ] **Secure processing** - Enhanced security measures for children's data
|
|
944
|
+
- [ ] **Timely deletion** - Children's data deleted when no longer necessary
|
|
945
|
+
- [ ] **No sharing** - Children's data not shared without parental consent
|
|
946
|
+
|
|
947
|
+
### 14.3 Best Interests Assessment
|
|
948
|
+
|
|
949
|
+
**Assessment**: Is processing in the child's best interests? [YES/NO]
|
|
950
|
+
|
|
951
|
+
**Justification**: [Explain how processing benefits children and does not cause harm]
|
|
952
|
+
|
|
953
|
+
---
|
|
954
|
+
|
|
955
|
+
## 15. Algorithmic/AI Processing (if applicable)
|
|
956
|
+
|
|
957
|
+
**Algorithmic Processing**: [YES/NO]
|
|
958
|
+
|
|
959
|
+
If YES, also complete `/arckit:ai-playbook` and `/arckit:atrs` assessments.
|
|
960
|
+
|
|
961
|
+
### 15.1 Algorithm Description
|
|
962
|
+
|
|
963
|
+
**Algorithm Type**:
|
|
964
|
+
|
|
965
|
+
- [ ] Rule-based system
|
|
966
|
+
- [ ] Statistical model
|
|
967
|
+
- [ ] Machine learning (supervised/unsupervised/reinforcement)
|
|
968
|
+
- [ ] Deep learning
|
|
969
|
+
- [ ] Natural language processing
|
|
970
|
+
- [ ] Computer vision
|
|
971
|
+
- [ ] Other: [SPECIFY]
|
|
972
|
+
|
|
973
|
+
**Processing Type**:
|
|
974
|
+
|
|
975
|
+
- [ ] Profiling
|
|
976
|
+
- [ ] Prediction
|
|
977
|
+
- [ ] Classification
|
|
978
|
+
- [ ] Recommendation
|
|
979
|
+
- [ ] Automated decision-making
|
|
980
|
+
- [ ] Anomaly detection
|
|
981
|
+
|
|
982
|
+
**Human Oversight**:
|
|
983
|
+
|
|
984
|
+
- [ ] Fully automated (no human review)
|
|
985
|
+
- [ ] Human-in-the-loop (human can override)
|
|
986
|
+
- [ ] Human-on-the-loop (human monitors and can intervene)
|
|
987
|
+
|
|
988
|
+
### 15.2 Algorithmic Bias Assessment
|
|
989
|
+
|
|
990
|
+
**Protected Characteristics Considered**:
|
|
991
|
+
|
|
992
|
+
- [ ] Age
|
|
993
|
+
- [ ] Disability
|
|
994
|
+
- [ ] Gender reassignment
|
|
995
|
+
- [ ] Marriage and civil partnership
|
|
996
|
+
- [ ] Pregnancy and maternity
|
|
997
|
+
- [ ] Race
|
|
998
|
+
- [ ] Religion or belief
|
|
999
|
+
- [ ] Sex
|
|
1000
|
+
- [ ] Sexual orientation
|
|
1001
|
+
|
|
1002
|
+
**Bias Testing**:
|
|
1003
|
+
|
|
1004
|
+
- [ ] Training data reviewed for bias
|
|
1005
|
+
- [ ] Fairness metrics calculated (demographic parity, equal opportunity, equalized odds)
|
|
1006
|
+
- [ ] Disparate impact analysis conducted
|
|
1007
|
+
- [ ] Regular monitoring for bias in production
|
|
1008
|
+
|
|
1009
|
+
**Bias Mitigation**:
|
|
1010
|
+
|
|
1011
|
+
- [ ] Diverse training data
|
|
1012
|
+
- [ ] Fairness constraints in model
|
|
1013
|
+
- [ ] Human review of edge cases
|
|
1014
|
+
- [ ] Regular retraining
|
|
1015
|
+
- [ ] Explainability tools (LIME, SHAP)
|
|
1016
|
+
|
|
1017
|
+
### 15.3 Explainability and Transparency
|
|
1018
|
+
|
|
1019
|
+
**Explainability Level**:
|
|
1020
|
+
|
|
1021
|
+
- [ ] Black box (no explanation possible)
|
|
1022
|
+
- [ ] Limited explainability (feature importance)
|
|
1023
|
+
- [ ] Full explainability (decision path visible)
|
|
1024
|
+
|
|
1025
|
+
**Explanation Mechanism**:
|
|
1026
|
+
|
|
1027
|
+
- [Describe how decisions are explained to data subjects]
|
|
1028
|
+
|
|
1029
|
+
**ATRS Compliance**: [Link to ATRS record at `projects/{project_id}/ARC-{PROJECT_ID}-ATRS-v*.md`]
|
|
1030
|
+
|
|
1031
|
+
---
|
|
1032
|
+
|
|
1033
|
+
## 16. Summary and Conclusion
|
|
1034
|
+
|
|
1035
|
+
### 16.1 Key Findings
|
|
1036
|
+
|
|
1037
|
+
**Processing Summary**:
|
|
1038
|
+
|
|
1039
|
+
- Processing [N] categories of personal data
|
|
1040
|
+
- Processing [N] special category data types
|
|
1041
|
+
- Affecting [N] data subjects
|
|
1042
|
+
- For purposes: [List primary purposes]
|
|
1043
|
+
- Using lawful basis: [Article 6 basis]
|
|
1044
|
+
- Using special category basis: [Article 9 basis, if applicable]
|
|
1045
|
+
|
|
1046
|
+
**Risk Summary**:
|
|
1047
|
+
|
|
1048
|
+
- [N] risks identified
|
|
1049
|
+
- [N] HIGH risks before mitigation
|
|
1050
|
+
- [N] MEDIUM risks after mitigation
|
|
1051
|
+
- [N] HIGH risks after mitigation (if any)
|
|
1052
|
+
- Overall residual risk: [LOW/MEDIUM/HIGH]
|
|
1053
|
+
|
|
1054
|
+
**Compliance Summary**:
|
|
1055
|
+
|
|
1056
|
+
- [ ] Necessity and proportionality demonstrated
|
|
1057
|
+
- [ ] Lawful basis identified
|
|
1058
|
+
- [ ] Data subjects consulted
|
|
1059
|
+
- [ ] DPO consulted
|
|
1060
|
+
- [ ] Risks identified and mitigated
|
|
1061
|
+
- [ ] Data subject rights processes in place
|
|
1062
|
+
- [ ] Security measures implemented
|
|
1063
|
+
- [ ] Review schedule established
|
|
1064
|
+
|
|
1065
|
+
### 16.2 Recommendations
|
|
1066
|
+
|
|
1067
|
+
**Recommendations**:
|
|
1068
|
+
|
|
1069
|
+
1. [Recommendation 1]
|
|
1070
|
+
2. [Recommendation 2]
|
|
1071
|
+
3. [Recommendation 3]
|
|
1072
|
+
|
|
1073
|
+
**Actions Required Before Go-Live**:
|
|
1074
|
+
|
|
1075
|
+
| Action | Responsibility | Due Date | Status |
|
|
1076
|
+
|--------|----------------|----------|--------|
|
|
1077
|
+
| [Action 1] | [Role] | [DATE] | [Not Started/In Progress/Complete] |
|
|
1078
|
+
| [Action 2] | [Role] | [DATE] | [Status] |
|
|
1079
|
+
|
|
1080
|
+
### 16.3 Final Conclusion
|
|
1081
|
+
|
|
1082
|
+
**Conclusion**: [PROCEED / DO NOT PROCEED / PROCEED WITH CONDITIONS]
|
|
1083
|
+
|
|
1084
|
+
**Rationale**: [Summary justification]
|
|
1085
|
+
|
|
1086
|
+
**Conditions** (if any):
|
|
1087
|
+
|
|
1088
|
+
- [Condition 1]
|
|
1089
|
+
- [Condition 2]
|
|
1090
|
+
|
|
1091
|
+
**Sign-Off**: This DPIA has been completed and approved. Processing may commence subject to conditions above.
|
|
1092
|
+
|
|
1093
|
+
---
|
|
1094
|
+
|
|
1095
|
+
## External References
|
|
1096
|
+
|
|
1097
|
+
> This section provides traceability from generated content back to source documents.
|
|
1098
|
+
> Follow citation instructions in the project's citation reference guide.
|
|
1099
|
+
|
|
1100
|
+
### Document Register
|
|
1101
|
+
|
|
1102
|
+
| Doc ID | Filename | Type | Source Location | Description |
|
|
1103
|
+
|--------|----------|------|-----------------|-------------|
|
|
1104
|
+
| *None provided* | — | — | — | — |
|
|
1105
|
+
|
|
1106
|
+
### Citations
|
|
1107
|
+
|
|
1108
|
+
| Citation ID | Doc ID | Page/Section | Category | Quoted Passage |
|
|
1109
|
+
|-------------|--------|--------------|----------|----------------|
|
|
1110
|
+
| — | — | — | — | — |
|
|
1111
|
+
|
|
1112
|
+
### Unreferenced Documents
|
|
1113
|
+
|
|
1114
|
+
| Filename | Source Location | Reason |
|
|
1115
|
+
|----------|-----------------|--------|
|
|
1116
|
+
| — | — | — |
|
|
1117
|
+
|
|
1118
|
+
---
|
|
1119
|
+
|
|
1120
|
+
## Generation Metadata
|
|
1121
|
+
|
|
1122
|
+
**Generated by**: ArcKit `/arckit:dpia` command
|
|
1123
|
+
**Generated on**: [DATE]
|
|
1124
|
+
**ArcKit Version**: [VERSION]
|
|
1125
|
+
**Project**: [PROJECT_NAME] (Project [PROJECT_ID])
|
|
1126
|
+
**Model**: [AI_MODEL]
|
|
1127
|
+
|
|
1128
|
+
**Traceability**: This DPIA is traceable to architecture principles, data model, requirements, stakeholders, and risk register via the ArcKit governance framework.
|
|
1129
|
+
|
|
1130
|
+
---
|
|
1131
|
+
|
|
1132
|
+
## Appendix A: ICO DPIA Screening Checklist
|
|
1133
|
+
|
|
1134
|
+
Full screening questionnaire (9 criteria) with detailed YES/NO/N/A responses:
|
|
1135
|
+
|
|
1136
|
+
1. ☐ Evaluation or scoring (including profiling)
|
|
1137
|
+
2. ☐ Automated decision-making with legal/significant effect
|
|
1138
|
+
3. ☐ Systematic monitoring
|
|
1139
|
+
4. ☐ Sensitive data or highly personal data
|
|
1140
|
+
5. ☐ Large scale processing
|
|
1141
|
+
6. ☐ Matching or combining datasets
|
|
1142
|
+
7. ☐ Vulnerable data subjects
|
|
1143
|
+
8. ☐ Innovative technology
|
|
1144
|
+
9. ☐ Processing prevents exercising rights
|
|
1145
|
+
|
|
1146
|
+
---
|
|
1147
|
+
|
|
1148
|
+
## Appendix B: GDPR Article 35 Requirements Checklist
|
|
1149
|
+
|
|
1150
|
+
| Article 35 Requirement | Addressed in Section | Complete? |
|
|
1151
|
+
|------------------------|---------------------|-----------|
|
|
1152
|
+
| Systematic description of processing | Section 2 | ✓ |
|
|
1153
|
+
| Purposes of processing | Section 2.4 | ✓ |
|
|
1154
|
+
| Assessment of necessity and proportionality | Section 4 | ✓ |
|
|
1155
|
+
| Assessment of risks to data subjects | Section 5 | ✓ |
|
|
1156
|
+
| Measures to address risks | Section 6 | ✓ |
|
|
1157
|
+
| Safeguards, security measures | Section 6 | ✓ |
|
|
1158
|
+
| Demonstrate compliance with GDPR | Throughout | ✓ |
|
|
1159
|
+
|
|
1160
|
+
---
|
|
1161
|
+
|
|
1162
|
+
## Appendix C: Data Protection Principles Compliance
|
|
1163
|
+
|
|
1164
|
+
**GDPR Article 5 Principles**:
|
|
1165
|
+
|
|
1166
|
+
| Principle | Assessment | Evidence |
|
|
1167
|
+
|-----------|------------|----------|
|
|
1168
|
+
| **(a) Lawfulness, fairness, transparency** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Privacy notice provided, lawful basis identified in Section 4.1 |
|
|
1169
|
+
| **(b) Purpose limitation** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Purposes clearly defined in Section 2.4; no function creep controls in Section 6 |
|
|
1170
|
+
| **(c) Data minimization** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Only necessary data collected (Section 4.3); unnecessary fields removed |
|
|
1171
|
+
| **(d) Accuracy** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Rectification process in Section 12.1; data validation in Section 6.1 |
|
|
1172
|
+
| **(e) Storage limitation** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Retention periods defined in Section 2.2; automated deletion implemented |
|
|
1173
|
+
| **(f) Integrity and confidentiality** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | Security measures in Section 6.1; encryption, access controls implemented |
|
|
1174
|
+
| **Accountability** | [COMPLIANT/NON-COMPLIANT/PARTIAL] | DPIA completed; DPO involved; policies documented |
|
|
1175
|
+
|
|
1176
|
+
---
|
|
1177
|
+
|
|
1178
|
+
## Appendix D: Glossary
|
|
1179
|
+
|
|
1180
|
+
| Term | Definition |
|
|
1181
|
+
|------|------------|
|
|
1182
|
+
| **Data Subject** | An identified or identifiable natural person whose personal data is being processed |
|
|
1183
|
+
| **Data Controller** | The organisation that determines the purposes and means of processing personal data |
|
|
1184
|
+
| **Data Processor** | An organisation that processes personal data on behalf of the controller |
|
|
1185
|
+
| **Personal Data** | Any information relating to an identified or identifiable natural person |
|
|
1186
|
+
| **Special Category Data** | Sensitive personal data (race, health, biometric, etc.) requiring Article 9 basis |
|
|
1187
|
+
| **Processing** | Any operation performed on personal data (collection, storage, use, disclosure, deletion) |
|
|
1188
|
+
| **Profiling** | Automated processing to evaluate personal aspects (predict performance, behaviour, preferences) |
|
|
1189
|
+
| **Pseudonymization** | Processing that prevents identification without additional information kept separately |
|
|
1190
|
+
| **Anonymization** | Irreversibly removing identifying information so re-identification is not possible |
|
|
1191
|
+
| **Lawful Basis** | Legal ground for processing under GDPR Article 6 (consent, contract, legal obligation, etc.) |
|
|
1192
|
+
| **DPIA** | Data Protection Impact Assessment - required for high-risk processing |
|
|
1193
|
+
| **ICO** | Information Commissioner's Office - UK data protection supervisory authority |
|
|
1194
|
+
| **UK GDPR** | UK General Data Protection Regulation (retained EU GDPR post-Brexit) |
|
|
1195
|
+
| **DPA 2018** | Data Protection Act 2018 - UK law supplementing GDPR |
|
|
1196
|
+
| **SCC** | Standard Contractual Clauses - mechanism for international data transfers |
|
|
1197
|
+
|
|
1198
|
+
---
|
|
1199
|
+
|
|
1200
|
+
**END OF DPIA**
|