GIBIT ICT Quality Norms Compliance
Status: Proposal
Scope: Org-wide (all 11 Conduction apps)
Spec: openspec/changes/gibit-compliance/proposal.md
Problem
GIBIT (Gemeentelijke ICT-kwaliteitsnormen en Beveiligingsnormen voor ICT) defines quality norms for government ICT. 49 tender sources require GIBIT compliance. Our apps don't explicitly document or verify GIBIT compliance.
Related demand: BIO (170 sources), AVG/GDPR (149), ISO 27001 (53).
Proposed Solution
Create a GIBIT compliance framework for all Conduction apps:
- GIBIT compliance matrix -- which norms apply, current status per app
- Security norms -- password policy, session management, encryption at rest/in transit
- Availability norms -- uptime SLA, backup frequency, disaster recovery plan
- Data quality norms -- data validation, integrity checks, audit logging
- Privacy norms -- AVG/GDPR compliance, data minimization, right to be forgotten
- Interoperability norms -- open standards, API documentation, data portability
- Automated CI checks -- security headers, dependency vulnerabilities, code quality
- Per-app compliance badge -- status in README, auto-updated from CI
Standards
| Standard |
Tender Demand |
| GIBIT 2020 |
49 sources |
| BIO |
170 sources |
| AVG/GDPR |
149 sources |
| ISO 27001 |
53 sources |
GIBIT ICT Quality Norms Compliance
Status: Proposal
Scope: Org-wide (all 11 Conduction apps)
Spec:
openspec/changes/gibit-compliance/proposal.mdProblem
GIBIT (Gemeentelijke ICT-kwaliteitsnormen en Beveiligingsnormen voor ICT) defines quality norms for government ICT. 49 tender sources require GIBIT compliance. Our apps don't explicitly document or verify GIBIT compliance.
Related demand: BIO (170 sources), AVG/GDPR (149), ISO 27001 (53).
Proposed Solution
Create a GIBIT compliance framework for all Conduction apps:
Standards