Add support for ISO 27001 #1863
Description
We need to support ISO 27001 in VerifyWise as an organization-wide framework, alongside EU AI Act and ISO 42001, which are project-based. ISO 27001 should be set up a bit differently because it applies to the entire company, not just one AI project.
Unlike project-based frameworks, ISO 27001 applies to the entire organization. It should not require project-level AI attributes (like risk classification). Multiple ISO 27001 projects are allowed only for sub-organizations or subsidiaries.
For this reason, when creating a new framework project, users should select one of:
- Project-based frameworks: EU AI Act, ISO 42001 (specific to an AI system/project)
- Organization-wide framework: ISO 27001 (company-wide project)
The attached JSON file contains the complete ISO 27001 structure (19 clauses, 93 Annex A controls grouped under A.5–A.8, with cross-mappings to ISO 42001).
We need to load ISO 27001 clauses and controls from the attached JSON file (or convert it to TS first). Each clause/control includes fields for id, title, requirement_summary, key_questions, evidence_examples, implementation_description, and cross_mappings for evidence reuse (evidence reuse can be ignored now).
We don't need to enforce only 1 ISO 27001 framework by the way, as there might be suborganizations which need this framework later.
Modified project creation modal for ISO 27001:
- Header: “Set up ISO 27001 (Organization ISMS)”
- Fields:
- ISMS name * (text field)
- Owner * (dropdown)
- Team members (multi-select)
- Start date * (date picker)
- Goal * (multi-line text field)
Removed fields:
- AI risk classification
- Type of high-risk role
- Monitored regulations and standards (not relevant since ISO 27001 is selected directly)
Acceptance criteria:
- User can create an ISO 27001 project from the "Create project" flow.
- The ISO 27001 modal uses the modified layout above.
- Evidence from ISO 27001 can later be reused by EU AI Act and ISO 42001 projects (this is a future task).