Add an attachment in the form to allow to add proof or additional data related to the topic.

Mesure -> Measure

The Organization - Policy - Mesure indirection append to be painfull.
We probably need to get ride of the Policy class and represent Policy as a bunch of Mesure

it may be usefull in international context, to display if the policy is writen in english or in a other language.

Implement an audit log of all change on object with simple-history :

https://django-simple-history.readthedocs.io/en/latest/quick_start.html

need a set of Policy to import during the setup th have a more usabel tool.

• Witch format ? JSON, CSV, Other ?
• What is the import process ?

Create a planed report to receive daily / weekly / monthly status.
Create an email notification for action near to expiration date.

Implement sorted and filtered table.

https://django-tables2.readthedocs.io/en/latest/

Add a new menu to see the plan of controls my year/months/weeks and be able to planifie unplaned control or replanifie the existing one.

Update ISO27701:2013 to correctly represents the security control

Create the security control list for ISO27001:2022.

Review the OWASP TOP 10, an describe in Security.md how we handle each risque.

Classes names are not coherant with the wording used in ISO27000 framwork.

To have a more clear code and interface it's importante to clarify the wording and to update the classes names and display accordingly.

I didn't succeed to find the way to add this "filter".

Alllow to track audits and audits findings.
This is a prerequisit to actions and actions plan

Some measure may be not applicable, We need to add a check box to allow it.
Comment wil be used to explain why

Add link to creat Actions from Conformiy and Finding.
Add the visibility on the number of action listed to a Conformity or a Finding.
Add direct link to the list of action related to a Conformity or an Finding

Had link to open Finding or Conformity from Action. (Detail View or in the form ?)

CCIP should allow to have an hoverview of all Actions with teh followinf information :

• the phase : Plan Do Check Act (or something else ? PCAS / DMAIC / A3 / 8D / PSP ?)
• Planification date, estimated and effective start date and end date
• the status (0% to 100%) with update date
• the owner,
• the priority,
• the associated Policy/Measure,
• the Organization,
• the formal Check by who and when
• Comment
• others ?

This page must provide an overview off all item affected to the user (compliance, audit, CAPA, ...)

The controler must be in capacity to prove the control and add an attachement.

• Initial risk
• Risk traitement (Action)
• Residual risk

Relation between risk and Action

Upgrade forms tom implemente logics and restrictions.
For exemple, if a Conformity is not applicable, all other field should be disabled.

The conformity is actualy evaluat an a scal from 0 to 100.

Other system may be more pertinant :

• CMMI Maturity level
• Conform / parcialy conforme / unconforme
• Scan from 1 to 5

What is the best choice ?

Extend User Model to implement Organization attachement and Organization based restriction

Status must be change automatically at the start of a period from "Scheduled" to "To Be Evaluated".

Additionally, at the end of the period, they must be changed to Missed, if they ave not been evaluated.

When we affect a Policy to an Organization, we need te create automaticaly all Conformity item.
At the revers, we need to delete them when the Policy is unassociate.