Content Work Package Definitions¶

24 CWPs across 6 dependency layers. Each CWP defines a discrete unit of content work with clear membership rules, batch sizes, and human/AI responsibility split.

Membership Rules¶

Files are assigned to CWPs based on YAML frontmatter fields: - management_system: IMS, ISMS, QMS, DSMS - type: control, richtlinie, arbeitsanweisung, prozess, lieferant, kpi, schulung, etc. - norm: ISO 27001, VDA ISA, NIS2, ISO 9001 (for controls) - chapter: A.5, A.6, A.7, A.8 (for ISO 27001 controls) - Directory path: used as fallback when YAML fields are insufficient

Files in templates/, dashboards/, .obsidian/, Systemhandbuch/ are excluded. Files named .pages or index.md are excluded.

Layer 1: Foundation¶

CWP-01: Richtlinien (IMS)¶

Filter: type == 'richtlinie' AND management_system == 'IMS'
Expected count: ~55
Batch size: 5 (policies are long, high complexity)
AI role: Write/enrich content, add cross-references to controls
Human role: Verify policy approval dates, confirm review_date, check VisiTrans-specificity
Dependencies: None

CWP-02: Arbeitsanweisungen (IMS)¶

Filter: type == 'arbeitsanweisung' AND management_system == 'IMS'
Expected count: ~9
Batch size: 5
AI role: Write/enrich procedural content
Human role: Verify procedures match actual workflows
Dependencies: None

CWP-03: Prozess Core (IMS)¶

Filter: type == 'prozess' AND management_system == 'IMS' AND directory in 01 - Kontext, 02 - Prozessmanagement, 03 - Chancen
Expected count: ~30
Batch size: 10
AI role: Write process descriptions, add cross-references
Human role: Verify organizational accuracy
Dependencies: None

Layer 2: Controls¶

CWP-04: ISO 27001 A.5 Organisatorische Massnahmen¶

Filter: type == 'control' AND management_system == 'ISMS' AND norm == 'ISO 27001' AND chapter starts with A.5
Expected count: ~37
Batch size: 25
AI role: Write Beschreibung der Umsetzung, set reifegrad (conservative), add Nachweise links
Human role: Verify reifegrad claims, confirm actual implementation matches description
Dependencies: CWP-01 (policies referenced as Nachweise)

CWP-05: ISO 27001 A.6 Personenbezogene Massnahmen¶

Filter: type == 'control' AND management_system == 'ISMS' AND norm == 'ISO 27001' AND chapter starts with A.6
Expected count: ~8
Batch size: 8
AI role: Same as CWP-04
Human role: Same as CWP-04
Dependencies: CWP-01

CWP-06: ISO 27001 A.7 Physische Massnahmen¶

Filter: type == 'control' AND management_system == 'ISMS' AND norm == 'ISO 27001' AND chapter starts with A.7
Expected count: ~14
Batch size: 14
AI role: Same as CWP-04
Human role: Same as CWP-04, plus verify physical security measures (remote-first company)
Dependencies: CWP-01

CWP-07: ISO 27001 A.8 Technologische Massnahmen¶

Filter: type == 'control' AND management_system == 'ISMS' AND norm == 'ISO 27001' AND chapter starts with A.8
Expected count: ~34
Batch size: 25
AI role: Same as CWP-04
Human role: Same as CWP-04, plus verify actual technical controls in infrastructure
Dependencies: CWP-01

CWP-08: VDA ISA Controls¶

Filter: type == 'control' AND management_system == 'ISMS' AND norm == 'VDA ISA'
Expected count: ~80
Batch size: 25
AI role: Write descriptions, cross-reference to corresponding ISO 27001 controls
Human role: Verify reifegrad, ensure consistency with ISO 27001 assessments
Dependencies: CWP-04 through CWP-07 (ISO 27001 controls inform VDA ISA assessments)

CWP-09: NIS2 Controls¶

Filter: type == 'control' AND management_system == 'ISMS' AND norm == 'NIS2'
Expected count: ~45
Batch size: 25
AI role: Write descriptions, map to ISO 27001 Annex A controls
Human role: Verify NIS2 applicability (Betroffenheitsanalyse)
Dependencies: CWP-04 through CWP-07

CWP-10: ISO 9001 Controls (QMS)¶

Filter: type == 'control' AND management_system == 'QMS'
Expected count: ~59
Batch size: 20
AI role: Write descriptions appropriate for SaaS company (not manufacturing)
Human role: Verify reifegrad, confirm quality processes match actual practice
Dependencies: CWP-01

CWP-11: DSMS Controls¶

Filter: type == 'control' AND management_system == 'DSMS'
Expected count: ~24
Batch size: 12
AI role: Write descriptions, link to TOM and VVT entries
Human role: Verify data protection control implementation
Dependencies: CWP-01

Layer 3: DSMS Content¶

CWP-12: VVT Verarbeitungstaetigkeiten (Art. 30)¶

Filter: type == 'verarbeitungstaetigkeit'
Expected count: 3 existing + potentially new ones to create
Batch size: 5
AI role: Draft VVT entries based on supplier list and known systems
Human role: Verify actual processing activities, recipients, legal basis, retention periods
Blocked by: HA-02 (VVT completeness check)
Dependencies: CWP-11

CWP-13: TOM and DSFA¶

Filter: type == 'dsfa' OR (directory contains Technische & Organisatorische Massnahmen)
Expected count: ~4
Batch size: 3
AI role: Structure TOM checklists, draft DSFA risk assessments
Human role: Verify actual technical and organizational measures
Dependencies: CWP-11

CWP-14: DSMS Prozess¶

Filter: type == 'prozess' AND management_system == 'DSMS'
Expected count: ~48
Batch size: 15
AI role: Write process descriptions, add legal references
Human role: Verify legal accuracy
Dependencies: CWP-12, CWP-13

Layer 4: Support Content¶

CWP-15: Lieferanten¶

Filter: type == 'lieferant'
Expected count: ~53
Batch size: 15
AI role: Enrich supplier records from existing data, add umwelt_bewertung
Human role: Verify contract details, AVV status, contact information
Blocked by: HA-03 (supplier data verification)
Dependencies: CWP-01

CWP-16: KPIs¶

Filter: type == 'kpi'
Expected count: ~25
Batch size: 10
AI role: Draft KPI definitions with einheit, messfrequenz, measurement method
Human role: Set actual zielwert (target values)
Blocked by: HA-04 (KPI target setting)
Dependencies: CWP-01

CWP-17: Schulung¶

Filter: type == 'schulung'
Expected count: ~31
Batch size: 10
AI role: Write training content descriptions, link to relevant controls/policies
Human role: Verify training program accuracy
Dependencies: CWP-01

CWP-18: Audits¶

Filter: type IN ('auditbericht', 'auditplan')
Expected count: ~7
Batch size: 5
AI role: Structure audit documents, link to control areas
Human role: Fill actual audit findings and corrective actions
Dependencies: CWP-04 through CWP-10 (audit program references controls)

CWP-19: Managementbewertung¶

Filter: type == 'managementbewertung'
Expected count: ~1
Batch size: 1
AI role: Structure the document, set up Dataview queries
Human role: Provide actual management review data
Blocked by: HA-05
Dependencies: All Layer 2 + Layer 3 CWPs

Layer 5: Cross-referencing and Fix-up¶

CWP-20: Cross-reference Pass¶

Filter: All content files (685)
Expected count: ~685
Batch size: 50
AI role: Add [[wiki-links]] between related files, fill norm_refs, verify link targets
Human role: None (fully automated)
Dependencies: Layers 1-4 complete

CWP-21: YAML Fix-up¶

Filter: Files with known YAML errors or broken links
Expected count: ~96 (12 errors + 84 broken links)
Batch size: 50
AI role: Fix invalid enum values, repair broken wiki-links, correct date formats
Human role: Review fixes for files with management_system or status errors
Dependencies: CWP-20

Layer 6: Remaining Enrichment¶

CWP-22: IMS Prozess Remaining¶

Filter: type == 'prozess' AND management_system == 'IMS' AND NOT in CWP-03
Expected count: ~53
Batch size: 15
AI role: Write/enrich remaining IMS process files
Human role: Review organizational accuracy
Dependencies: CWP-20

CWP-23: ISMSI Prozess and Other¶

Filter: type IN ('prozess', 'schulung', 'massnahme') AND management_system == 'ISMS'
Expected count: ~65
Batch size: 20
AI role: Write/enrich ISMSI support files
Human role: Review security process accuracy
Dependencies: CWP-20

CWP-24: QMS Prozess/Schulung/KPI¶

Filter: type IN ('prozess', 'schulung') AND management_system == 'QMS' AND NOT in CWP-10/16/17
Expected count: ~28
Batch size: 15
AI role: Write/enrich QMS support files
Human role: Review quality process accuracy
Dependencies: CWP-20