Skip to content

[OpenSpec] GIBIT ICT Quality Norms Compliance #7

New issue
New issue
Open
Open
[OpenSpec] GIBIT ICT Quality Norms Compliance#7
Labels
openspecOpenSpec change proposals and specs
@rubenvdlinde

Description

@rubenvdlinde
rubenvdlinde
opened on Mar 23, 2026

GIBIT ICT Quality Norms Compliance

Status: Proposal
Scope: Org-wide (all 11 Conduction apps)
Spec: openspec/changes/gibit-compliance/proposal.md

Problem

GIBIT (Gemeentelijke ICT-kwaliteitsnormen en Beveiligingsnormen voor ICT) defines quality norms for government ICT. 49 tender sources require GIBIT compliance. Our apps don't explicitly document or verify GIBIT compliance.

Related demand: BIO (170 sources), AVG/GDPR (149), ISO 27001 (53).

Proposed Solution

Create a GIBIT compliance framework for all Conduction apps:

  • GIBIT compliance matrix -- which norms apply, current status per app
  • Security norms -- password policy, session management, encryption at rest/in transit
  • Availability norms -- uptime SLA, backup frequency, disaster recovery plan
  • Data quality norms -- data validation, integrity checks, audit logging
  • Privacy norms -- AVG/GDPR compliance, data minimization, right to be forgotten
  • Interoperability norms -- open standards, API documentation, data portability
  • Automated CI checks -- security headers, dependency vulnerabilities, code quality
  • Per-app compliance badge -- status in README, auto-updated from CI

Standards

Standard Tender Demand
GIBIT 2020 49 sources
BIO 170 sources
AVG/GDPR 149 sources
ISO 27001 53 sources

Metadata

Metadata

Assignees

No one assigned

    Labels

    openspecOpenSpec change proposals and specs

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions