Skip to content

Add ISO27001 climate AI recovery evidence gates#1476

Open
jddark62 wants to merge 1 commit into
UnitOneAI:mainfrom
jddark62:improve/iso27001-climate-wiper-1107
Open

Add ISO27001 climate AI recovery evidence gates#1476
jddark62 wants to merge 1 commit into
UnitOneAI:mainfrom
jddark62:improve/iso27001-climate-wiper-1107

Conversation

@jddark62

@jddark62 jddark62 commented Jun 6, 2026

Copy link
Copy Markdown

Summary

Closes #1107.

This updates iso27001-gap with explicit evidence gates for ISO/IEC 27001:2022/Amd 1:2024 climate context, qualitative risk-methodology false positives, AI-associated asset inventory, destructive-event recovery readiness, cloud-replication backup false assurance, and 2013-to-2022 transition priority evidence.

What Changed

  • Add ISO27001-AMD-01 and ISO27001-AMD-02 gates for Clause 4.1 climate relevance and Clause 4.2 interested-party climate requirements.
  • Add ISO27001-RISK-01 so qualitative High/Medium/Low risk methods are accepted when criteria, thresholds, reassessment, and owner approval are repeatable.
  • Add ISO27001-AI-01 coverage for approved generative AI, AI-integrated SaaS, prompt stores, model-connected data stores, automation agents, and shadow AI discovery under A.5.9.
  • Add ISO27001-BC-01 and ISO27001-BC-02 for destructive malware / wiper / ransomware recovery evidence, immutable or offline backup status, deletion protection, admin separation, last-known-good selection, malware scanning, restore testing, and cloud-replication false assurance.
  • Add ISO27001-TRANS-01 for transition evidence around the 2022 control set and revised structure.
  • Extend the report output with a 2024 amendment and resilience evidence table.
  • Add seven YAML fixtures covering missing climate context, documented not-relevant climate rationale, qualitative risk false positive, non-repeatable qualitative risk, missing shadow AI inventory, cloud replication-only destructive recovery, and a complete evidence package.

Validation

  • git diff --check
  • Required frontmatter field check
  • Parsed all 7 YAML fixtures successfully
  • Markdown fence balance check
  • Marker/content scan for ISO27001-AMD, ISO27001-RISK, ISO27001-AI, ISO27001-BC, ISO27001-TRANS, Not Evaluable, 1.0.1, Amd 1:2024, qualitative risk scoring, immutable backup, and shadow AI
  • Official reference checks returned HTTP 200 for ISO/IEC 27001:2022/Amd 1:2024 and the ISO/IAF climate amendment communique
  • Privacy scan for local paths, personal email, and workspace identifiers

Bounty Info

  • I have read and agree to the CONTRIBUTING.md bounty terms.
  • Preferred payment method can be coordinated privately after maintainer acceptance.

/claim #1107

@danyili2632 danyili2632 mentioned this pull request Jun 6, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[REVIEW] iso27001-gap: add 2024 Climate Change amendments and 2026 supply-chain wiper resilience

1 participant

@jddark62