Purpose
How to use this page
Use this as a navigation and decision page. Follow the links for detailed control, audit, risk, evidence, and exam notes.
This section turns the ISO learning notes into a future compliance/evidence software model.
Do not build the SaaS yet. Build the knowledge model first.
Core entities
- Organization
- Asset
- Threat
- Vulnerability
- Risk
- Treatment
- Control
- Evidence
- Audit
- Finding
- Corrective Action
- Supplier
- Incident
- Policy
- Procedure
- Training
- Review
Core model notes
- Dataview Dashboard Index
- Dataview Home
- Asset Threat Vulnerability Risk Control Evidence Data Model
- ISO 27001 Implementer Auditor ISO 27005 Mapping
- A.5 Controls Implementation Audit Risk Mapping
- A.6 People Controls Implementation Audit Risk Mapping
- A.7 Physical Controls Implementation Audit Risk Mapping
- A.8 Technological Controls Implementation Audit Risk Mapping
- Risk and Control Mapping Table
- Evidence Request List
Query-first example
- ISO27001-A.5.7-Threat-Intelligence
- RISK-0001-Customer-Data-Compromise-Ransomware
- AQ-0001-Audit-Question-Threat-Intelligence
Design rule
Every serious note should eventually answer:
- What object does this create?
- What evidence proves it exists or operates?
- Who owns it?
- How often is it reviewed?
- What audit question tests it?
- Grc
- Data model
- Evidence
- Compliance saas
Note Metadata
Aliases: Compliance Data Model, GRC Data Model
Source: 13 GRC Knowledge Model/GRC Knowledge Model MOC.md
Graph-sourced resources
Templates and evidence
Implementer templates
Working artifacts for control owners and operators.
Auditor evidence packs
Evidence collections and audit-facing verification material.
Risk treatment artifacts
Risk records, mappings, and treatment-supporting references.
Related Notes
- ISO27001 ISMS KB - Start Here
- Audit Evidence MOC
- AQ-ISO27001-A.5.7 Threat Intelligence
- RISK-0001 Customer Data Compromise Due to Ransomware Campaign
- ISO27001-A.5.7 Threat Intelligence
- A.5 Controls Implementation Audit Risk Mapping
- A.6 People Controls Implementation Audit Risk Mapping
- A.7 Physical Controls Implementation Audit Risk Mapping
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27001 Implementer Auditor ISO 27005 Mapping
- Asset Threat Vulnerability Risk Control Evidence Data Model
- Template - Evidence Request List
- Template - Risk and Control Mapping Table
- Template Evidence Item
- Audit Evidence Index
- ISO 27001 Overview
- Templates MOC