{"$schema":"https://domains.younndai.com/schemas/domain.json","domain":"yon.compliance","version":"1.0","status":"active","state":"active","tier":"official","verified":true,"score":1,"notice":null,"description":"Regulatory compliance, audit management, risk assessment, and policy enforcement across multiple regulatory frameworks","defaultMode":"struct","defaultProfile":"audit","defaultFormat":"canon","records":[{"tag":"CONTROL","fields":[{"name":"rid","type":"string","example":"ctrl:AC-001","required":true,"description":"Record ID"},{"name":"framework","type":"string","example":"NIST CSF","required":false,"description":"Regulatory Framework"},{"name":"title","type":"string","example":"Access Control Policy","required":false,"description":"Control Title"},{"enum":["not-started","in-progress","implemented","tested","effective","ineffective"],"name":"status","type":"string","example":"effective","required":false,"description":"Control Status (6 allowed values)"},{"name":"owner","type":"string","example":"CISO Office","required":false,"description":"Control Owner"},{"name":"maturity","type":"int","range":[1,5],"example":"4","required":false,"description":"Maturity Level (1–5) (1–5)"}],"description":"Compliance control — testable requirement linked to a regulatory framework"},{"tag":"FINDING","fields":[{"name":"rid","type":"string","example":"fnd:2026-003","required":true,"description":"Record ID"},{"name":"control_ref","type":"string","example":"ctrl:AC-001","required":false,"description":"Control Reference"},{"enum":["low","medium","high","critical"],"name":"severity","type":"string","example":"high","required":false,"description":"Finding Severity: low, medium, high, critical"},{"name":"description","type":"string","example":"MFA not enforced for admin accounts","required":false,"description":"Finding Description"},{"name":"remediation_due","type":"ts","example":"2026-06-30T00:00:00Z","required":false,"description":"Remediation Deadline as ISO 8601 timestamp"},{"enum":["open","in-progress","remediated","accepted","closed"],"name":"status","type":"string","example":"in-progress","required":false,"description":"Finding Status: open, in-progress, remediated, accepted, closed"}],"description":"Audit finding — gap or deficiency identified during control testing"},{"tag":"EVIDENCE","fields":[{"name":"control_ref","type":"string","example":"ctrl:AC-001","required":false,"description":"Control Reference"},{"enum":["document","screenshot","log","config","attestation","report"],"name":"type","type":"string","example":"screenshot","required":false,"description":"Evidence Type (6 allowed values)"},{"name":"collected","type":"ts","example":"2026-04-15T10:30:00Z","required":false,"description":"Collection Timestamp as ISO 8601 timestamp"},{"name":"collector","type":"string","example":"compliance-bot","required":false,"description":"Collector"}],"description":"Compliance evidence — artifact proving control effectiveness"},{"tag":"POLICY","fields":[{"name":"rid","type":"string","example":"pol:InfoSec-v3","required":true,"description":"Record ID"},{"name":"title","type":"string","example":"Information Security Policy","required":false,"description":"Policy Title"},{"name":"version","type":"string","example":"3.1","required":false,"description":"Version"},{"name":"effective_date","type":"ts","example":"2026-01-01T00:00:00Z","required":false,"description":"Effective Date as ISO 8601 timestamp"},{"name":"next_review","type":"ts","example":"2027-01-01T00:00:00Z","required":false,"description":"Next Review Date as ISO 8601 timestamp"},{"name":"owner","type":"string","example":"Legal & Compliance","required":false,"description":"Policy Owner"},{"enum":["draft","review","approved","effective","retired"],"name":"status","type":"string","example":"effective","required":false,"description":"Policy Status: draft, review, approved, effective, retired"}],"description":"Policy record — organizational governance document with review lifecycle"},{"tag":"RISK_ASSESSMENT","fields":[{"name":"rid","type":"string","example":"risk:DR-007","required":true,"description":"Record ID"},{"name":"risk","type":"string","example":"Unauthorized data exfiltration","required":false,"description":"Risk Description"},{"name":"likelihood","type":"int","range":[1,5],"example":"3","required":false,"description":"Likelihood (1–5) (1–5)"},{"name":"impact","type":"int","range":[1,5],"example":"5","required":false,"description":"Impact (1–5) (1–5)"},{"name":"residual_risk","type":"int","range":[1,25],"example":"6","required":false,"description":"Residual Risk Score (1–25)"},{"enum":["accept","mitigate","transfer","avoid"],"name":"treatment","type":"string","example":"mitigate","required":false,"description":"Treatment Strategy: accept, mitigate, transfer, avoid"},{"name":"owner","type":"string","example":"VP Engineering","required":false,"description":"Risk Owner"}],"description":"Risk assessment — likelihood × impact analysis with treatment plan"},{"tag":"OBLIGATION","fields":[{"name":"regulation","type":"string","example":"GDPR Article 33","required":false,"description":"Regulation"},{"name":"requirement","type":"string","example":"Data breach notification within 72 hours","required":false,"description":"Requirement"},{"name":"deadline","type":"ts","example":"2026-06-01T00:00:00Z","required":false,"description":"Compliance Deadline as ISO 8601 timestamp"},{"enum":["pending","in-progress","completed","overdue"],"name":"status","type":"string","example":"in-progress","required":false,"description":"Obligation Status: pending, in-progress, completed, overdue"},{"name":"responsible","type":"string","example":"DPO","required":false,"description":"Responsible Party"},{"name":"penalty_risk","type":"float","unit":"EUR","example":"20000000.00","required":false,"description":"Penalty Risk in EUR"}],"description":"Regulatory obligation — specific compliance requirement with deadline tracking"}],"schemaHash":null,"recordCount":6,"totalFieldCount":36,"meta":{"links":[{"url":"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final","type":"standard","label":"NIST 800-53"},{"url":"https://www.iso.org/standard/27001","type":"standard","label":"ISO 27001"},{"url":"https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2","type":"standard","label":"SOC 2"}],"related":[{"domain":"yon.security","reason":"Security controls and audit","relationship":"regulatory overlap"},{"domain":"yon.fintech","reason":"Financial regulatory compliance","relationship":"often paired"},{"domain":"yon.legal","reason":"Regulatory filing","relationship":"data overlap"}],"tagline":"Regulatory compliance and audit management for enterprise AI","use_cases":[{"id":"regulatory-change","tags":["POLICY","CONTROL","AUDIT_FINDING","EVIDENCE"],"steps":["Ingest new @REGULATION from official gazette or regulatory feed","Map @OBLIGATION requirements to affected business units","Assess existing @CONTROL coverage against new obligations","Schedule @AUDIT to verify implementation readiness","Document @FINDING gaps and remediation timelines"],"title":"Regulatory Change Management","example":"@OBLIGATION rid=obl:1 | regulation_ref=\"reg:GDPR\" | requirement=\"Data breach notification within 72 hours\" | status=\"active\" | due_date=\"2026-06-01\"","tags_used":["REGULATION","OBLIGATION","CONTROL","AUDIT","FINDING"],"description":"Track regulatory updates across jurisdictions, map impacted controls and policies, and generate remediation plans with audit-ready evidence chains."},{"id":"continuous-monitoring","tags":["CONTROL","AUDIT_FINDING","EVIDENCE","POLICY"],"steps":["Define @CONTROL test procedures for each @OBLIGATION","Execute automated @AUDIT evidence collection","Classify @FINDING by severity and remediation priority","Update @POLICY documentation to reflect control changes","Generate board-ready compliance dashboard from @AUDIT results"],"title":"Continuous Compliance Monitoring","example":"@AUDIT rid=aud:1 | scope=\"SOX 404\" | status=\"in-progress\" | controls_tested:int=47 | findings:int=3","tags_used":["CONTROL","OBLIGATION","AUDIT","FINDING","POLICY"],"description":"Automate control testing against policy baselines, flag exceptions in real-time, and maintain evidence repositories for SOC 2, ISO 27001, and PCI-DSS audits."}],"highlights":["CONTROL","FINDING","RISK_ASSESSMENT"],"tag_context":{"POLICY":{"purpose":"Organizational governance policy document with version control and review lifecycle","when_to_use":"Policy creation, annual policy review, regulatory change response, employee acknowledgment tracking","related_standards":["ISO 37301","OECD Good Practice","IIA Standards"]},"CONTROL":{"purpose":"Testable compliance control mapped to a regulatory framework with maturity scoring","when_to_use":"Control objective definition, framework mapping, SOC 2 / ISO 27001 readiness, control library management","related_standards":["COSO 2013 Framework","COBIT 2019","NIST CSF"]},"FINDING":{"purpose":"Audit finding identifying a control gap or deficiency with severity and remediation tracking","when_to_use":"Audit result documentation, remediation planning, management response tracking, board reporting","related_standards":["ISO 19011 Audit Finding","COSO Deficiency","SOX 302/404"]},"EVIDENCE":{"purpose":"Compliance artifact proving control effectiveness for audit trails","when_to_use":"Evidence collection for SOC 2, ISO audits, control testing, continuous monitoring proof","related_standards":["ISO 19011 Audit Evidence","ISAE 3402","SOC 2 Type II"]},"OBLIGATION":{"purpose":"Specific regulatory obligation with deadline, responsible party, and penalty risk quantification","when_to_use":"Regulatory deadline tracking, compliance calendar management, penalty exposure assessment, obligation mapping","related_standards":["ISO 37301 Compliance Mgmt","COSO ERM","RegTech"]},"RISK_ASSESSMENT":{"purpose":"Risk analysis with likelihood × impact scoring, residual risk calculation, and treatment decision","when_to_use":"Annual risk assessments, new initiative risk evaluation, vendor risk screening, regulatory change impact","related_standards":["ISO 31000:2018","COSO ERM 2017","NIST SP 800-30"]}}},"registry":{"domain":{"path":"yon.compliance","owner":{"url":"https://younndai.com","name":"YounndAI Domains Registry","since":"2026-01-15T00:00:00Z","organization":"YounndAI"},"state":"active","notice":null,"created":"2026-01-15T00:00:00Z","lastUpdated":"2026-03-02T01:19:47.993Z"},"namespace":{"path":"yon","type":"official","owner":{"url":"https://younndai.com","name":"YounndAI Domains Registry","since":"2026-01-15T00:00:00Z","organization":"YounndAI"},"state":"active","notice":null}},"owner":{"url":"https://younndai.com","name":"YounndAI Domains Registry","since":"2026-01-15T00:00:00Z","organization":"YounndAI"}}