docs: Rebuild documentation as enterprise-grade TLAS platform
- Migrate from custom HTTP server to VitePress framework - Rename project to Tokenized License Approval System (TLAS) - Add comprehensive documentation for all stakeholders: - Business: Executive summary, value proposition, governance - Operations: Infrastructure, installation, monitoring, backup - Departments: User guide, workflows, verification, issuance - Developers: API reference, authentication, webhooks, SDKs - Compliance: OWASP, DPDP Act, IT Act, audit framework - Add modern theme with dark mode and full-text search - Update Dockerfile for VitePress build process Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Mahi
65
Documentation/compliance/regulatory.md
Normal file
65
Documentation/compliance/regulatory.md
Normal file
@@ -0,0 +1,65 @@
|
||||
# Regulatory Alignment
|
||||
|
||||
## Indian Legal Framework
|
||||
|
||||
### Information Technology Act, 2000
|
||||
|
||||
| Section | Requirement | Compliance |
|
||||
|---------|-------------|------------|
|
||||
| 3A | Electronic signatures | Digital certificates with PKI infrastructure |
|
||||
| 4 | Legal recognition of e-records | Blockchain provides immutable records |
|
||||
| 43A | Reasonable security | ISO 27001-aligned controls |
|
||||
| 72A | Breach notification | Incident response procedures documented |
|
||||
|
||||
### Digital Personal Data Protection Act, 2023
|
||||
|
||||
| Principle | Implementation |
|
||||
|-----------|----------------|
|
||||
| Lawful processing | Consent obtained for data collection |
|
||||
| Purpose limitation | Data used only for license processing |
|
||||
| Data minimization | Only necessary fields collected |
|
||||
| Accuracy | Self-service data correction available |
|
||||
| Storage limitation | Retention policy enforced |
|
||||
| Security safeguards | Encryption and access controls |
|
||||
|
||||
### Government of India Guidelines
|
||||
|
||||
| Standard | Scope | Compliance |
|
||||
|----------|-------|------------|
|
||||
| GIGW 3.0 | Web accessibility | WCAG 2.1 AA compliant |
|
||||
| MeitY Cloud | Data residency | All data in India |
|
||||
| NIC Guidelines | Security | Penetration tested |
|
||||
|
||||
## Audit Compliance
|
||||
|
||||
### Annual Requirements
|
||||
|
||||
| Audit Type | Frequency | Conducted By |
|
||||
|------------|-----------|--------------|
|
||||
| Security audit | Annual | Empaneled auditor |
|
||||
| Compliance review | Annual | Internal audit |
|
||||
| Access review | Quarterly | Department admins |
|
||||
|
||||
### Documentation Maintained
|
||||
|
||||
- Security policy documents
|
||||
- Risk assessment reports
|
||||
- Incident response records
|
||||
- Access control matrices
|
||||
- Change management logs
|
||||
- Training records
|
||||
|
||||
## Certifications
|
||||
|
||||
| Certification | Status | Validity |
|
||||
|---------------|--------|----------|
|
||||
| STQC Certification | Pending | - |
|
||||
| ISO 27001 | Aligned | - |
|
||||
| MeitY Empanelment | Applied | - |
|
||||
|
||||
## Data Localization
|
||||
|
||||
All data stored within India:
|
||||
- Primary servers: Mumbai region
|
||||
- Backup servers: Delhi region
|
||||
- No cross-border data transfer
|
||||
Reference in New Issue
Block a user