diff --git a/packages/data/policies/access_control.json b/packages/data/policies/access_control.json index e0aa5c9..776aa7d 100644 --- a/packages/data/policies/access_control.json +++ b/packages/data/policies/access_control.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "access-control-policy", + "id": "access_control", "slug": "access-control-policy", "name": "Access Control Policy", "description": "This policy defines the requirements for granting, monitoring, and revoking access to the organization’s information systems and data based on the principle of least privilege.", diff --git a/packages/data/policies/application.json b/packages/data/policies/application_security.json similarity index 99% rename from packages/data/policies/application.json rename to packages/data/policies/application_security.json index f22a4e1..2a6ed09 100644 --- a/packages/data/policies/application.json +++ b/packages/data/policies/application_security.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "application-security-policy", + "id": "application_security", "slug": "application-security-policy", "name": "Application Security Policy", "description": "This policy outlines the security framework and requirements for applications, notably web applications, within the organization's production environment.", diff --git a/packages/data/policies/availability.json b/packages/data/policies/availability.json index 199079d..97a0f1a 100644 --- a/packages/data/policies/availability.json +++ b/packages/data/policies/availability.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "availability-policy", + "id": "availability", "slug": "availability-policy", "name": "Availability Policy", "description": "This policy outlines the requirements for proper controls to protect the availability of the organization's information systems.", diff --git a/packages/data/policies/business_continuity.json b/packages/data/policies/business_continuity.json index d93dd72..fa21451 100644 --- a/packages/data/policies/business_continuity.json +++ b/packages/data/policies/business_continuity.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "business-continuity-dr-policy", + "id": "business_continuity", "slug": "business-continuity-dr-policy", "name": "Business Continuity & Disaster Recovery Policy", "description": "This policy outlines the strategies and procedures for ensuring the availability of critical systems and data during and after a disruptive event.", diff --git a/packages/data/policies/change_management.json b/packages/data/policies/change_management.json index 9d90322..4718ef0 100644 --- a/packages/data/policies/change_management.json +++ b/packages/data/policies/change_management.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "change-management-policy", + "id": "change_management", "slug": "change-management-policy", "name": "Change Management Policy", "description": "This policy defines the process for requesting, reviewing, approving, and documenting changes to the organization's information systems and infrastructure.", diff --git a/packages/data/policies/classification.json b/packages/data/policies/classification.json index d67704b..f3de13c 100644 --- a/packages/data/policies/classification.json +++ b/packages/data/policies/classification.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "data-classification-policy", + "id": "data_classification", "slug": "data-classification-policy", "name": "Data Classification Policy", "description": "This policy outlines the requirements for data classification.", diff --git a/packages/data/policies/code_of_conduct.json b/packages/data/policies/code_of_conduct.json index 5c7d6d0..22b6eac 100644 --- a/packages/data/policies/code_of_conduct.json +++ b/packages/data/policies/code_of_conduct.json @@ -1,7 +1,13 @@ { "type": "doc", "metadata": { - "controls": ["CC1.1", "CC6.1"] + "id": "code_of_conduct", + "slug": "code-of-conduct", + "name": "Code of Conduct Policy", + "description": "This policy outlines the expected behavior from employees towards their colleagues, supervisors, and the organization as a whole.", + "usedBy": { + "soc2": ["CC1.1", "CC6.1"] + } }, "content": [ { diff --git a/packages/data/policies/confidentiality.json b/packages/data/policies/confidentiality.json index 4ef6409..bc6b169 100644 --- a/packages/data/policies/confidentiality.json +++ b/packages/data/policies/confidentiality.json @@ -1,7 +1,13 @@ { "type": "doc", "metadata": { - "controls": ["CC9.9", "CC6.1"] + "id": "confidentiality", + "slug": "confidentiality", + "name": "Confidentiality Policy", + "description": "This policy outlines the requirements for maintaining the confidentiality of sensitive and proprietary information within the organization.", + "usedBy": { + "soc2": ["CC9.9", "CC6.1"] + } }, "content": [ { diff --git a/packages/data/policies/corporate_governance.json b/packages/data/policies/corporate_governance.json index ec28df2..d9ec380 100644 --- a/packages/data/policies/corporate_governance.json +++ b/packages/data/policies/corporate_governance.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "corporate-governance-policy", + "id": "corporate_governance", "slug": "corporate-governance-policy", "name": "Corporate Governance Policy", "description": "This policy defines the overall governance framework including board oversight, management responsibilities, and organizational structure to ensure effective oversight and accountability.", diff --git a/packages/data/policies/cyber_risk.json b/packages/data/policies/cyber_risk.json index 373cbdc..72842d4 100644 --- a/packages/data/policies/cyber_risk.json +++ b/packages/data/policies/cyber_risk.json @@ -1,7 +1,13 @@ { "type": "doc", "metadata": { - "controls": ["CC1.1", "CC1.2", "CC1.3", "CC1.4", "CC1.5"] + "id": "cyber_risk", + "slug": "cyber-risk", + "name": "Cyber Risk Assessment Policy", + "description": "This policy outlines the requirements for conducting cyber risk assessments to identify, evaluate, and mitigate cybersecurity threats to the organization.", + "usedBy": { + "soc2": ["CC1.1", "CC1.2", "CC1.3", "CC1.4", "CC1.5"] + } }, "content": [ { diff --git a/packages/data/policies/data_center.json b/packages/data/policies/data_center.json index e453e5f..568f705 100644 --- a/packages/data/policies/data_center.json +++ b/packages/data/policies/data_center.json @@ -1,7 +1,13 @@ { "type": "doc", "metadata": { - "controls": ["CC6.1", "CC6.2", "CC8.1", "CC7.1"] + "id": "data_center", + "slug": "data-center", + "name": "Data Center Policy", + "description": "This policy outlines the requirements for the organization's data center facilities to ensure protection, availability, and reliability of critical systems and data.", + "usedBy": { + "soc2": ["CC6.1", "CC6.2", "CC8.1", "CC7.1"] + } }, "content": [ { diff --git a/packages/data/policies/data_classification.json b/packages/data/policies/data_classification.json index ba81805..fa56251 100644 --- a/packages/data/policies/data_classification.json +++ b/packages/data/policies/data_classification.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "data-classification-policy", + "id": "data_classification", "slug": "data-classification-policy", "name": "Data Classification Policy", "description": "This policy establishes a framework for classifying data based on sensitivity and defines handling requirements for each classification level.", diff --git a/packages/data/policies/disaster_recovery.json b/packages/data/policies/disaster_recovery.json index e644f0d..8ef6d48 100644 --- a/packages/data/policies/disaster_recovery.json +++ b/packages/data/policies/disaster_recovery.json @@ -1,7 +1,13 @@ { "type": "doc", "metadata": { - "controls": ["CC9.1", "CC8.1"] + "id": "disaster_recovery", + "slug": "disaster-recovery", + "name": "Disaster Recovery Policy", + "description": "This policy outlines the requirements for disaster recovery planning to ensure that critical business operations can be resumed in the event of a disruption.", + "usedBy": { + "soc2": ["CC9.1", "CC8.1"] + } }, "content": [ { diff --git a/packages/data/policies/human_resources.json b/packages/data/policies/human_resources.json index 9567c9f..a3966bf 100644 --- a/packages/data/policies/human_resources.json +++ b/packages/data/policies/human_resources.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "human-resources-policy", + "id": "human_resources", "slug": "human-resources-policy", "name": "Human Resources Policy", "description": "This policy outlines the principles and practices for recruitment, employee management, performance evaluations, and the enforcement of internal control responsibilities.", diff --git a/packages/data/policies/incident_response.json b/packages/data/policies/incident_response.json index 239c5f4..a6b88d8 100644 --- a/packages/data/policies/incident_response.json +++ b/packages/data/policies/incident_response.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "incident-response-policy", + "id": "incident_response", "slug": "incident-response-policy", "name": "Incident Response Policy", "description": "This policy establishes the framework and procedures for detecting, responding to, and recovering from security incidents.", diff --git a/packages/data/policies/information_security.json b/packages/data/policies/information_security.json index 04e22f2..07a5b96 100644 --- a/packages/data/policies/information_security.json +++ b/packages/data/policies/information_security.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "information-security-policy", + "id": "information_security", "slug": "information-security-policy", "name": "Information Security Policy", "description": "This policy establishes the framework for protecting the organization's information assets by defining security objectives, roles, responsibilities, and controls.", diff --git a/packages/data/policies/privacy.json b/packages/data/policies/privacy.json index afaa997..38190f4 100644 --- a/packages/data/policies/privacy.json +++ b/packages/data/policies/privacy.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "privacy-policy", + "id": "privacy", "slug": "privacy-policy", "name": "Privacy Policy", "description": "This policy describes how the organization collects, uses, discloses, and protects personal information in compliance with applicable privacy regulations.", diff --git a/packages/data/policies/risk_assessment.json b/packages/data/policies/risk_assessment.json index 9e2ccb8..3c7208b 100644 --- a/packages/data/policies/risk_assessment.json +++ b/packages/data/policies/risk_assessment.json @@ -1,7 +1,13 @@ { "type": "doc", "metadata": { - "controls": ["CC3.2", "CC3.4", "CC8.1"] + "id": "risk_assessment", + "slug": "risk-assessment", + "name": "Risk Assessment Policy", + "description": "This policy outlines the requirements for conducting risk assessments to identify, evaluate, and mitigate risks associated with the organization's information systems, operations, and assets.", + "usedBy": { + "soc2": ["CC3.2", "CC3.4", "CC8.1"] + } }, "content": [ { diff --git a/packages/data/policies/risk_management.json b/packages/data/policies/risk_management.json index d5a8fa0..2bf7257 100644 --- a/packages/data/policies/risk_management.json +++ b/packages/data/policies/risk_management.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "risk-management-policy", + "id": "risk_management", "slug": "risk-management-policy", "name": "Risk Management Policy", "description": "This policy defines the process for identifying, assessing, and mitigating risks to the organization’s objectives and information assets.", diff --git a/packages/data/policies/software_development.json b/packages/data/policies/software_development.json index a026d94..a8f4b91 100644 --- a/packages/data/policies/software_development.json +++ b/packages/data/policies/software_development.json @@ -1,7 +1,13 @@ { "type": "doc", "metadata": { - "controls": ["CC6.2", "CC7.1", "CC7.2", "CC8.1"] + "id": "software_development", + "slug": "software-development", + "name": "Software Development Lifecycle Policy", + "description": "This policy outlines the requirements for the software development lifecycle to ensure secure, reliable, and high-quality software development practices.", + "usedBy": { + "soc2": ["CC6.2", "CC7.1", "CC7.2", "CC8.1"] + } }, "content": [ { diff --git a/packages/data/policies/change.json b/packages/data/policies/system_change.json similarity index 99% rename from packages/data/policies/change.json rename to packages/data/policies/system_change.json index 6a64b8a..8427464 100644 --- a/packages/data/policies/change.json +++ b/packages/data/policies/system_change.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "system-change-policy", + "id": "system_change", "slug": "system-change-policy", "name": "System Change Policy", "description": "This policy outlines the requirements for system changes.", diff --git a/packages/data/policies/thirdparty.json b/packages/data/policies/thirdparty.json index 64f9294..2092162 100644 --- a/packages/data/policies/thirdparty.json +++ b/packages/data/policies/thirdparty.json @@ -1,7 +1,13 @@ { "type": "doc", "metadata": { - "controls": ["CC2.3", "CC7.3", "CC8.1"] + "id": "thirdparty", + "slug": "thirdparty", + "name": "Third-Party Management Policy", + "description": "This policy defines the rules for relationships with the organization’s Information Technology (IT) third-parties and partners.", + "usedBy": { + "soc2": ["CC2.3", "CC7.3", "CC8.1"] + } }, "content": [ { diff --git a/packages/data/policies/vendor_risk_management.json b/packages/data/policies/vendor_risk_management.json index fdae5a1..bc9b1e4 100644 --- a/packages/data/policies/vendor_risk_management.json +++ b/packages/data/policies/vendor_risk_management.json @@ -1,7 +1,7 @@ { "type": "doc", "metadata": { - "id": "vendor-risk-management-policy", + "id": "vendor_risk_management", "slug": "vendor-risk-management-policy", "name": "Vendor Risk Management Policy", "description": "This policy outlines the criteria and procedures for evaluating, selecting, and monitoring third-party vendors to manage risks associated with external service providers.", diff --git a/packages/data/policies/workstation.json b/packages/data/policies/workstation.json index bba6865..3133394 100644 --- a/packages/data/policies/workstation.json +++ b/packages/data/policies/workstation.json @@ -1,7 +1,13 @@ { "type": "doc", "metadata": { - "controls": ["CC6.2", "CC6.7", "CC7.2"] + "id": "workstation", + "slug": "workstation", + "name": "Workstation Policy", + "description": "This policy outlines the requirements for workstations to ensure secure, reliable, and high-quality software development practices.", + "usedBy": { + "soc2": ["CC6.2", "CC6.7", "CC7.2"] + } }, "content": [ { diff --git a/packages/db/prisma/seed.ts b/packages/db/prisma/seed.ts index 99a5e20..ea26041 100644 --- a/packages/db/prisma/seed.ts +++ b/packages/db/prisma/seed.ts @@ -9,28 +9,28 @@ import type { Control, Policy, } from "./seedTypes"; -import type { JsonValue } from "@prisma/client/runtime/library"; const prisma = new PrismaClient(); async function main() { - // console.log("\n🗑️ Cleaning up existing data..."); - // Delete in order of dependencies - // await prisma.organizationFramework.deleteMany(); - // await prisma.organizationCategory.deleteMany(); - // await prisma.organizationControl.deleteMany(); - // await prisma.organizationPolicy.deleteMany(); - - // await prisma.policy.deleteMany(); - // await prisma.policyControl.deleteMany(); - // await prisma.policyFramework.deleteMany(); - - // await prisma.control.deleteMany(); - // await prisma.controlRequirement.deleteMany(); - - // await prisma.framework.deleteMany(); - // await prisma.frameworkCategory.deleteMany(); - // console.log("✅ Database cleaned"); + if (process.env.NODE_ENV === "development") { + console.log("\n🗑️ Cleaning up existing data..."); + await prisma.organizationFramework.deleteMany(); + await prisma.organizationCategory.deleteMany(); + await prisma.organizationControl.deleteMany(); + await prisma.organizationPolicy.deleteMany(); + + await prisma.policy.deleteMany(); + await prisma.policyControl.deleteMany(); + await prisma.policyFramework.deleteMany(); + + await prisma.control.deleteMany(); + await prisma.controlRequirement.deleteMany(); + + await prisma.framework.deleteMany(); + await prisma.frameworkCategory.deleteMany(); + console.log("✅ Database cleaned"); + } console.log("\n📋 Seeding policies..."); await seedPolicies();