IMS Audit Criteria
Pass/warn/fail thresholds for each audit dimension.
YAML Schema Checks
| Check |
Level |
Trigger |
| Missing Pflichtfeld |
ERROR |
Any of: title, type, management_system, classification, status is null |
| Invalid enum value |
ERROR |
type/management_system/classification/status not in valid set |
| Missing type-specific field |
WARNING |
Expected field for this type is null (e.g., reifegrad for control) |
| Missing recommended field |
INFO |
review_date, approved_by, or approved_date is null |
| Invalid date format |
WARNING |
Date field doesn't match YYYY-MM-DD |
| review_date in past |
WARNING |
review_date < today (document overdue for review) |
Cross-Reference Checks
| Check |
Level |
Trigger |
| Broken wiki-link |
ERROR |
[[target]] doesn't match any file in vault |
| Invalid norm_ref |
WARNING |
Value not in: ISO 27001, VDA ISA, NIS2, DSGVO, ISO 9001, Umweltschutz |
| Missing Nachweise link |
INFO |
Control with reifegrad ≥2 has no wiki-links in Nachweise row |
Content Depth Checks
| Check |
Level |
Trigger |
| Empty file |
ERROR |
No body content after YAML |
| Skeleton content |
WARNING |
Body <5 lines, type-specific fields mostly null |
| Template-only |
WARNING |
Body contains only SmartKit template text or Dataview queries |
| No cross-references |
INFO |
File has zero outgoing [[wiki-links]] |
Reifegrad Consistency Checks
| Check |
Level |
Trigger |
| reifegrad null |
INFO |
Control has not been assessed yet |
| reifegrad ≥2 without bewertet_am |
WARNING |
Claim of documented process without assessment date |
| reifegrad ≥3 without Nachweise |
WARNING |
Claim of established process without evidence links |
| reifegrad na without Abwahlgrund |
WARNING |
Non-applicability without justification |
| reifegrad inconsistency across norms |
INFO |
Same topic has different reifegrad in ISO 27001 vs VDA ISA |
Compliance Score Thresholds
| Score Range |
Rating |
Action |
| ≥85 |
PASS |
Target met |
| 70-84 |
ACCEPTABLE |
Close to target, continue improvement |
| 50-69 |
NEEDS WORK |
Significant gaps, prioritize content development |
| <50 |
CRITICAL |
Major compliance gaps, immediate action needed |
Domain-Specific Thresholds
ISMS (target: ≥80 score)
- All 93 ISO 27001 controls must have reifegrad assessed
- All VDA ISA controls must have cross-reference to ISO 27001
- NIS2 controls must have ISO 27001 mapping documented
DSMS (target: ≥75 score)
- All VVT entries must have: zweck, rechtsgrundlage, datenkategorien, loeschfristen
- TOM checklists must have status for each measure
- DSFA must exist for high-risk processing activities
QMS (target: ≥75 score)
- All ISO 9001 controls (Chapters 4-10) must have reifegrad
- KPI definitions must have einheit, zielwert, messfrequenz
IMS (target: ≥80 score)
- All policies must have review_date and approved_by
- Supplier records must have umwelt_bewertung