Compliance Entities¶
Why This Exists¶
This document defines Compliance Domain entities with identity.
Entities track compliance state and evidence over time.
Owner¶
The owner is the Chief Product Officer and Enterprise Architect.
Business Value¶
Clear entities support readiness assessment, evidence reuse, expiry monitoring, verification, AI analysis, and auditability.
Entity Catalogue¶
| Entity | Purpose | Key attributes | Business rules | Relationships | MVP status |
|---|---|---|---|---|---|
| Compliance Profile | Organization-bound compliance state. | ComplianceProfileId, OrganizationId, status, readiness score. | Must reference OrganizationId. | Root of compliance state. | MVP |
| Compliance Requirement | Requirement that must be satisfied. | RequirementId, type, source, description, required evidence. | Must have source and applicability. | Used by assessments. | MVP |
| Tender Compliance Requirement | Tender-specific compliance requirement. | TenderRequirementId, opportunity reference, requirement text, due date. | Must preserve source tender reference. | References Opportunity. | MVP |
| Compliance Document | Document used as evidence. | DocumentId, name, type, issue date, expiry date, status. | Expiry must be tracked where applicable. | Belongs to evidence register. | MVP |
| Compliance Evidence | Evidence satisfying requirement. | EvidenceId, document ID, requirement ID, evidence status. | Must distinguish uploaded, reviewed, verified. | Links documents to requirements. | MVP |
| Verification Record | Verification result. | VerificationId, evidence ID, method, result, reviewer, date. | Verified status requires record. | Linked to evidence. | MVP |
| Expiry Alert | Alert for expiring evidence. | AlertId, document ID, expiry date, severity. | Must be generated before critical expiry where configured. | Supports notifications. | MVP |
| Readiness Assessment | Procurement readiness score. | AssessmentId, score, components, date. | Must be explainable. | Uses requirements and evidence. | MVP |
| Compliance Risk | Risk record. | RiskId, type, severity, cause, status. | Must include remediation path where possible. | May link to gaps. | MVP |
| Compliance Gap | Missing or insufficient compliance coverage. | GapId, requirement ID, severity, status. | Must map to requirement. | Feeds readiness and risk. | MVP |
| Compliance Suggestion | Suggested compliance improvement. | SuggestionId, source, confidence, status. | AI suggestions require review. | May come from Intelligence. | Later |
Entity Rule¶
Compliance entities must record OrganizationId directly or through the Compliance Profile to maintain customer-bound context.