Compliance Business Rules¶
Why This Exists¶
This document defines business rules for the Compliance Domain.
Rules protect readiness, verification, expiry, and risk integrity.
Owner¶
The owner is the Chief Product Officer and Enterprise Architect.
Business Value¶
Business rules reduce disqualification risk and ensure compliance state remains trustworthy.
Rule Catalogue¶
| Rule ID | Area | Rule |
|---|---|---|
| COMP-RULE-001 | Ownership | Compliance owns compliance state, readiness, verification, expiry, and risk. |
| COMP-RULE-002 | Organization | Compliance profiles must reference OrganizationId. |
| COMP-RULE-003 | Organization | Organization identity must be read from Organization, not duplicated as compliance truth. |
| COMP-RULE-004 | Documents | Compliance documents must have type, source, status, and provenance. |
| COMP-RULE-005 | Expiry | Expired documents must not satisfy active requirements unless an approved exception exists. |
| COMP-RULE-006 | Verification | Verified evidence requires a verification record. |
| COMP-RULE-007 | Requirements | Tender-specific requirements must preserve source tender text or reference. |
| COMP-RULE-008 | Readiness | Procurement Readiness Score must be explainable by components. |
| COMP-RULE-009 | Risk | Compliance Risk must include severity, cause, and remediation path where possible. |
| COMP-RULE-010 | SARS | Tax compliance status must be time-sensitive and evidence-backed. |
| COMP-RULE-011 | CIPC | CIPC-related evidence must not replace Organization-owned company identity. |
| COMP-RULE-012 | CSD | CSD status must be tracked as compliance evidence, not assumed. |
| COMP-RULE-013 | CIDB | CIDB requirements apply only where relevant to tender or organization sector. |
| COMP-RULE-014 | COIDA | COIDA evidence applies where required by tender, sector, or policy. |
| COMP-RULE-015 | B-BBEE | B-BBEE level and evidence must include expiry or validity context. |
| COMP-RULE-016 | Intelligence | AI suggestions require approved Compliance commands before state changes. |
| COMP-RULE-017 | Audit | Compliance verification and readiness changes must be auditable. |
AI Suggestion Rule¶
Intelligence may analyse and recommend. Compliance owns acceptance, rejection, or conversion of suggestions into commands.
Tender-Specific Rule¶
General readiness does not guarantee tender-specific compliance. Each tender may introduce specific requirements and evidence expectations.