addition to metadata scheme and librarian system prompt, created first overview file, edited PECB transcriptions

Content Factory/PROJECT 5 - Librarian.md

@@ -1,6 +1,12 @@
+---
+title: "Librarian System Prompt"
+notetype: other
+last-updated: 2026-06-02
+tags: []
+---
+
 # Agent 1 — Librarian — project instructions
 
-```
 You are the Librarian for ISO27DIY, a B2B SaaS product that helps SMEs implement 
 ISO27001 without hiring consultants.
 
@@ -20,7 +26,7 @@ You have four tasks. You will be told which task to perform each session.
 TASK 1 — FRONT MATTER FOR NEW NOTES
 
 When asked to process a new note or set of notes, produce front matter 
-for each, following the guidelines in Content Factory/Corpus Metadata.md.
+for each, following the guidelines in `iso27diy-corp/metadata/corpus-metadata.md`.
 
 ---
 
@@ -52,6 +58,18 @@ articles, newsletter topics, LinkedIn posts, forum answers, etc.]
 **Fetch priority:** [High / Medium / Low — how often the content agents are likely 
 to need the full note]
 
+Each overview note must include the following front matter:
+
+```yaml
+---
+title: ""           # e.g. "Corpus Overview: ISO 27002 Controls (EN)"
+notetype: overview
+covers: ""          # vault path of the folder this note describes
+last-updated: ""    # ISO 8601 date, e.g. 2026-06-02
+tags: []
+---
+```
+
 Rules:
 - Be specific. Vague summaries are useless.
 - Do not invent content not present in the notes
@@ -59,8 +77,10 @@ Rules:
   after the title
 - Group closely related notes under one entry but list each path individually
 - Process all notes in the folder before responding
+- Set `last-updated` to the date the overview note is created
 
 Name the output file: corpus-overview-[foldername].md
+Save to: `iso27diy-corp/metadata/overviews/`
 
 ---
 
@@ -74,6 +94,7 @@ When asked to update an overview note due to changes in the vault:
    - Update entries for changed notes
    - Mark retired notes with [RETIRED] and a one-line explanation
    - Update any related-notes references affected by the changes
+4. Update `last-updated` in the front matter to today's date
 
 Do not rewrite entries that have not changed.
 
@@ -88,7 +109,8 @@ After updating, produce a change summary:
 TASK 4 — MAINTAIN THE CORPUS INDEX NOTE
 
 The corpus index note is a single note that lists all corpus overview notes with 
-a one-line description of what each covers.
+a one-line description of what each covers. It lives at 
+`iso27diy-corp/metadata/corpus-index.md`.
 
 When asked to update the corpus index note:
 1. Read the current corpus index note
@@ -114,4 +136,3 @@ GENERAL RULES
 - After completing any task, list any issues you encountered that the human 
   should be aware of: gaps, inconsistencies, notes that need attention, 
   structural problems in the vault
-```

Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S01 - Course objectives and structure.md

@@ -7,5 +7,6 @@ tags:
 
 # Section 1: Training course objectives and structure
 
-An auditor’s competence consists of Knowledge, Skill and Behaviour
+- An auditor’s competence consists of Knowledge, Skill and Behavior.
+- 
 

marketing/The goal should not be the certificate..md

@@ -0,0 +1,10 @@
+So when starting with an ISO implementation, the goal should not be having the certificate. It should be realizing the follwoing advantages:
+
+Now, when looking at the implementation of an ISMS, besides having the certificates, there are a couple of advantages on implementing an ISO 27001:
+
+- Firstly, it will of course help you to protect your data. That's the basis, that's the reason why you do it. So you will have **robust data protection**, so you will have enhanced security measures. That protects sensitive data from unauthorized access, from breaches, from leaks. And you will also be able to assure that you have the confidentiality integrity and availability of your data ensured. 
+- It will help you to **assure compliance**. First of all, as security practices are aligned with laws and regulations, because that's a standard element in the ISO standard, and you will also adhere to data protection laws. 
+- You will be able to make a **step up in risk management**. You will be able to identify and evaluate information security risks, and that will enable the organization to really prioritize and also proactively address potential threats. You will be able to implement security controls and incident response plans, and that will also minimize, of course, the impact. of potential security incidents.
+- You will be able to **improve your security posture**. You will be able to better manage your information security threats, and you will be implementing, of course, a standard that is internationally recognized, with internationally recognized information security controls. 
+- And you will be able to **prevent certain security incidents from happening**, which is of course cheaper than recovering from a cyber attack. So the financial losses that would be associated with a security incident will be less, and you will have efficient resources to mitigate those risks. So you will be able to do a better resource allocation in line with the risk management that you've done. 
+ 

metadata/corpus-metadata.md

@@ -16,6 +16,7 @@ The `notetype` field will have one of the following values:
 - `application`: steps to solve a specific, real-world problem. Implementing the standard in real world environments, implementation aids, implementation examples, templates, etc.
 - `reference`: secondary sources of information, like original standard texts, dictionaries, terms and definitions.
 - `publication`: for content created by TSW for publication, e.g. articles, eBooks, social media posts.
+- `overview`: meta-notes created and maintained by the Librarian; describe and index the contents of a vault folder for use by content agents.
 - `other`: for all notes that, by their content, cannot be placed in one of the previous categories.
 - `iso27diyGIS`: notes that belong to the ISO27DIY Guided Implementation System (GIS).
 
@@ -56,6 +57,38 @@ For the possible values of these properties, see [themes-and-attributes-in-iso-2
 - Notes in the `iso27DIY-gis/guide` subfolder ...
 - Notes in the `iso27DIY-gis/reference` subfolder ...
 
+## Properties for Corpus Overview Notes
+
+Overview notes are created and maintained exclusively by the Librarian. They are not content notes and must not be used as source material for publications.
+
+### Folder structure
+
+All overview notes live in `iso27diy-corp/metadata/overviews/`. They are never placed inside the folder they describe.
+
+### Filename convention
+
+`corpus-overview-[foldername].md`, where `foldername` is the name of the vault folder being described, e.g. `corpus-overview-EN.md` for the ISO 27002 EN controls folder.
+
+### Template
+
+```yaml
+---
+title: ""           # human-readable title, e.g. "Corpus Overview: ISO 27002 Controls (EN)"
+notetype: overview
+covers: ""          # vault path of the folder this note describes,
+                    # e.g. "iso27diy-corp/Corpus/Standards/ISO27x/OST/27002/EN"
+last-updated: ""    # ISO 8601 date, e.g. 2026-06-02; update whenever the note is revised
+tags: []
+---
+```
+
+### Rules
+
+- `covers` must be the exact vault path of the folder being described — no trailing slash.
+- `last-updated` must be set every time the overview note is modified.
+- Overview notes do not carry `isotags`, `language`, or `status` — these fields are not applicable.
+- The Librarian updates `last-updated` and the corpus index note (`corpus-index.md`) whenever an overview note is created or revised.
+
 ## Properties for Publications
 
 Publications are found in `iso27diy-corp/Marketing/publications` and are of `notetype` `publication`.

metadata/librarian-system-prompt.md

@@ -0,0 +1,138 @@
+---
+title: "Librarian System Prompt"
+notetype: other
+last-updated: 2026-06-02
+tags: []
+---
+
+# Librarian System Prompt
+
+You are the Librarian for ISO27DIY, a B2B SaaS product that helps SMEs implement 
+ISO27001 without hiring consultants.
+
+Your job is to keep the Obsidian knowledge vault structured, consistent, and 
+navigable. You do not create content for publication. You create and maintain 
+the metadata and overview structures that allow the content agents to work 
+effectively.
+
+You have access to:
+- The Obsidian vault via MCP
+- The corpus index note and all corpus overview notes in the project knowledge base
+
+You have four tasks. You will be told which task to perform each session.
+
+---
+
+TASK 1 — FRONT MATTER FOR NEW NOTES
+
+When asked to process a new note or set of notes, produce front matter 
+for each, following the guidelines in `iso27diy-corp/metadata/corpus-metadata.md`.
+
+---
+
+Rules:
+- Do not invent content not present in the note
+- If the note is thin or incomplete, set status to Needs review and explain why
+- If you cannot identify related notes confidently, leave related-notes blank 
+  rather than guessing
+
+---
+
+TASK 2 — CREATE A NEW OVERVIEW NOTE
+
+When asked to create an overview note for a vault folder:
+1. Read all notes in the specified folder via MCP
+2. Produce an overview note using the following format for each note or cluster:
+
+**Title:** [note title or cluster name]
+**Path:** [filename or folder path — list each note path individually for clusters]
+**Summary:** [2-3 sentences on what this note actually contains — substance, not just topic]
+**Key concepts and terms:** [main concepts, frameworks, or terminology covered]
+**ISO27001 relevance:** [how this connects to ISO27001 implementation, compliance, 
+or cybersecurity practice]
+**ISO27DIY relevance:** [how this could support product messaging, content marketing, 
+or user education]
+**Related notes:** [other notes in the vault this connects to, if known]
+**Content potential:** [1-2 sentences on what kind of content this could fuel — 
+articles, newsletter topics, LinkedIn posts, forum answers, etc.]
+**Fetch priority:** [High / Medium / Low — how often the content agents are likely 
+to need the full note]
+
+Each overview note must include the following front matter:
+
+```yaml
+---
+title: ""           # e.g. "Corpus Overview: ISO 27002 Controls (EN)"
+notetype: overview
+covers: ""          # vault path of the folder this note describes
+last-updated: ""    # ISO 8601 date, e.g. 2026-06-02
+tags: []
+---
+```
+
+Rules:
+- Be specific. Vague summaries are useless.
+- Do not invent content not present in the notes
+- Flag any note that seems outdated, incomplete, or too thin with [REVIEW] 
+  after the title
+- Group closely related notes under one entry but list each path individually
+- Process all notes in the folder before responding
+- Set `last-updated` to the date the overview note is created
+
+Name the output file: corpus-overview-[foldername].md
+Save to: `iso27diy-corp/metadata/overviews/`
+
+---
+
+TASK 3 — UPDATE AN EXISTING OVERVIEW NOTE
+
+When asked to update an overview note due to changes in the vault:
+1. Read the current overview note
+2. Read the affected notes in the vault via MCP — new, updated, or retired notes
+3. Make the minimum changes necessary to bring the overview note current:
+   - Add entries for new notes
+   - Update entries for changed notes
+   - Mark retired notes with [RETIRED] and a one-line explanation
+   - Update any related-notes references affected by the changes
+4. Update `last-updated` in the front matter to today's date
+
+Do not rewrite entries that have not changed.
+
+After updating, produce a change summary:
+- What was added
+- What was updated
+- What was retired
+- Any [REVIEW] flags raised
+
+---
+
+TASK 4 — MAINTAIN THE CORPUS INDEX NOTE
+
+The corpus index note is a single note that lists all corpus overview notes with 
+a one-line description of what each covers. It lives at 
+`iso27diy-corp/metadata/corpus-index.md`.
+
+When asked to update the corpus index note:
+1. Read the current corpus index note
+2. Check it against the actual overview notes in the vault via MCP
+3. Add entries for new overview notes
+4. Update entries where the scope of an overview note has changed
+5. Remove entries for retired overview notes
+
+Index entry format:
+**[overview note name]** — [one-line description of what vault section it covers]
+Path: [path to overview note]
+Last updated: [date]
+
+---
+
+GENERAL RULES
+
+- Never invent facts, summaries, or relationships not present in the actual notes
+- When in doubt about a relationship between notes, leave it blank and flag it 
+  for the human to resolve
+- If a task is ambiguous — for example, it is unclear whether two notes should 
+  be grouped or kept separate — ask before proceeding
+- After completing any task, list any issues you encountered that the human 
+  should be aware of: gaps, inconsistencies, notes that need attention, 
+  structural problems in the vault

metadata/overviews/corpus-overview-AuditGlue.md

@@ -0,0 +1,403 @@
+---
+title: "Corpus Overview: AuditGlue"
+notetype: overview
+covers: "iso27diy-corp/AuditGlue"
+last-updated: 2026-06-02
+tags: []
+---
+
+# Corpus Overview: AuditGlue
+
+This note covers all markdown files in `iso27diy-corp/AuditGlue` and its `System alternative` subfolder. The folder contains product design, requirements, technical architecture, and research notes for the iso27DIY product — primarily the AuditGlue GRC component and its underlying platform.
+
+---
+
+## Top-level notes
+
+---
+
+**Title:** PRD Product Requirements Document for iso27DYI
+**Path:** `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`
+**Summary:** The foundational product requirements document for iso27DIY, defining the three-component system: Guided Implementation System (GIS), AuditGlue GRC tool, and Knowledge Base. Covers client and user definitions (SME, no dedicated compliance officer), design principles (incremental rather than linear, smartwatch-style coaching), and technical requirements including multi-tenancy, LLM integration, and output formats. Includes a functional diagram reference.
+**Key concepts and terms:** GIS (Guided Implementation System), AuditGlue, Knowledge Base, Modules and Sessions, slot-filling, PDCA cycle, ISMS, proof of implementation, Statement of Applicability, multi-tenancy
+**ISO27001 relevance:** Directly describes a system designed to guide SMEs through ISO 27001 implementation. References ISMS structure, clause/control tagging, and certification audit preparation throughout.
+**ISO27DIY relevance:** This is the core product definition document. Content agents should use it to understand the product's purpose, scope, and value proposition.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`, `iso27diy-corp/AuditGlue/GIS-content-map.md`, `iso27diy-corp/AuditGlue/System alternative/Design Document for ISO 27001 Certification Support Online Service.md`
+**Content potential:** Foundational for product messaging, investor pitches, and onboarding content. Also useful for explaining the product architecture to technical audiences.
+**Fetch priority:** High
+
+---
+
+**Title:** AuditGlue Workflows
+**Path:** `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`
+**Summary:** Describes the user interaction flows within AuditGlue: following a Session, re-visiting a Session, triggering an Automation, and working with Tasks. Defines the four task statuses (Backlog, ToDo, Done, Finalized) and explains how automations depend on prior tasks being completed. Written in Dutch.
+**Key concepts and terms:** Sessions, Modules, Tasks, Automations, task statuses (Backlog/ToDo/Done/Finalized), slot-filling, n8n workflow trigger, LLM content generation, maturity levels
+**ISO27001 relevance:** The workflow models how a user builds ISMS evidence through guided tasks — directly implementing the PDCA cycle required by ISO 27001.
+**ISO27DIY relevance:** Core reference for understanding the GIS user experience and automation pipeline. Relevant for writing user onboarding content and help documentation.
+**Related notes:** `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`, `iso27diy-corp/AuditGlue/AuditGlue metadata.md`, `iso27diy-corp/AuditGlue/Conceptual ERD.md`
+**Content potential:** Basis for product explainer content, user documentation, and feature descriptions on the website.
+**Fetch priority:** High
+
+---
+
+**Title:** AuditGlue metadata
+**Path:** `iso27diy-corp/AuditGlue/AuditGlue metadata.md`
+**Summary:** Defines the reserved metadata fields for AuditGlue Session files, including `id`, `module`, `session`, `title`, `related_assets`, `related_references`, `related_form`, `related_automation`, and `automation_depends_on`. Explains the purpose and usage of each field and provides a source example for copy-paste.
+**Key concepts and terms:** Session metadata, YAML front matter, `automation_depends_on`, `related_form`, `related_assets`, module hierarchy, session id
+**ISO27001 relevance:** Indirect — this metadata scheme is what enables the GIS to link sessions to ISO 27001 clause and control identifiers.
+**ISO27DIY relevance:** Technical reference for the content team building GIS session files. Agents creating or editing session content must follow this schema.
+**Related notes:** `iso27diy-corp/AuditGlue/Metadata in YAML.md`, `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`
+**Content potential:** Low — internal technical reference, not a source for publication content.
+**Fetch priority:** Medium
+
+---
+
+**Title:** Metadata in YAML
+**Path:** `iso27diy-corp/AuditGlue/Metadata in YAML.md`
+**Summary:** A reference table of required and optional YAML metadata keys for GIS Session files, with field names, value types, examples, and explanations. More detailed and structured than `AuditGlue metadata.md`, and includes a copy-paste source example.
+**Key concepts and terms:** YAML metadata, `implements`, `feeds_into`, `depends_on`, `related_form`, `related_assets`, session id convention
+**ISO27001 relevance:** The `implements` field directly links sessions to ISO 27001 clauses and controls (e.g., `ISO27001:2022:C.6.2`).
+**ISO27DIY relevance:** Technical reference for GIS content authors. Supersedes or complements `AuditGlue metadata.md`.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue metadata.md`
+**Content potential:** None — internal technical reference only.
+**Fetch priority:** Medium
+
+---
+
+**Title:** Conceptual ERD
+**Path:** `iso27diy-corp/AuditGlue/Conceptual ERD.md`
+**Summary:** A Mermaid entity-relationship diagram showing the core data model for AuditGlue. Defines relationships between Session, Task, FormValues, Document, DocVersion, and NormArticle. Key rules: a Session has zero or one Task; a Document is proof for one or more NormArticles; a Document can have multiple versions.
+**Key concepts and terms:** ERD, Session, Task, FormValues, Document, DocVersion, NormArticle, proof of implementation, version management
+**ISO27001 relevance:** The `NormArticle` entity directly represents ISO 27001 clauses and controls. The model captures how user tasks produce documents that serve as audit proof for specific norm articles.
+**ISO27DIY relevance:** Foundational data model for AuditGlue. Required reading for anyone building or extending the platform.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`, `iso27diy-corp/AuditGlue/System alternative/TypeDB structure for ISO27DIY.md`
+**Content potential:** Low — technical architecture note. Could inform a technical blog post about how AuditGlue models the audit evidence chain.
+**Fetch priority:** Medium
+
+---
+
+**Title:** GIS Content Map
+**Path:** `iso27diy-corp/AuditGlue/GIS-content-map.md`
+**Summary:** A complete hierarchical map of the GIS module and session structure, from m100 (Implementing with ISO27DIY) through m900 (ISO 27001 Audits). Each session entry links to the actual GIS session file and to the relevant ISO 27001 clauses and ISO 27002 controls. Covers strategy, context, risks, measures, supporting the ISMS, and evaluation.
+**Key concepts and terms:** GIS modules (m100–m900), Sessions, ISO 27001 clause mapping, ISO 27002 control mapping, ISMS implementation sequence
+**ISO27001 relevance:** This is the master navigation map for the entire ISO 27001 implementation journey as structured by iso27DIY. Every clause and control in scope is referenced here.
+**ISO27DIY relevance:** Critical reference for content agents navigating the GIS. Also useful for communicating the product's coverage and completeness to prospects.
+**Related notes:** `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`, `iso27diy-corp/AuditGlue/Modules, Screens and Content.md`
+**Content potential:** Basis for content about the iso27DIY implementation roadmap; could support marketing claims about full ISO 27001 coverage.
+**Fetch priority:** High
+
+---
+
+**Title:** Modules, Screens and Content [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/Modules, Screens and Content.md`
+**Summary:** Brief note pointing to other sources for the three user modes: guided implementation (references video series), operational (references Nedap ISMS tool structure), and audit mode (references NHC dashboard). Thin on original content — primarily a set of cross-references.
+**Key concepts and terms:** Guided implementation mode, operational mode, audit mode, Nedap, NHC
+**ISO27001 relevance:** Indirect — describes the three operational contexts for using AuditGlue.
+**ISO27DIY relevance:** Low standalone value; useful only as a navigation aid to other notes.
+**Related notes:** `iso27diy-corp/AuditGlue/Three user modes for AuditGlue.md`, `iso27diy-corp/AuditGlue/GIS-content-map.md`
+**Content potential:** Low — too thin for content generation without the referenced sources.
+**Fetch priority:** Low
+
+---
+
+**Title:** Three user modes for AuditGlue
+**Path:** `iso27diy-corp/AuditGlue/Three user modes for AuditGlue.md`
+**Summary:** Defines the three modes of AuditGlue: Guided Implementation (step-by-step for novices, with rich explanatory content), Operational (GRC forms and dashboards for experienced users), and Audit (matrix interface mapping ISO 27001 clauses and controls to risks, policies, and evidence). Note body is duplicated.
+**Key concepts and terms:** Guided implementation, operational mode, audit mode, GRC, audit matrix, proofs, risk/control matrix
+**ISO27001 relevance:** The audit mode directly maps to the ISO 27001 audit process structure.
+**ISO27DIY relevance:** Useful for product positioning and feature description content. The three-mode model is a differentiator worth communicating.
+**Related notes:** `iso27diy-corp/AuditGlue/Modules, Screens and Content.md`, `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`
+**Content potential:** Good basis for product explainer content and website feature descriptions.
+**Fetch priority:** Medium
+
+---
+
+**Title:** AuditGlue Personae [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/AuditGlue Personae.md`
+**Summary:** A bare five-item bullet list of personas: Client/business owner, Auditor, Expert (support role), Content Editor, and Administrator. No descriptions or elaboration.
+**Key concepts and terms:** Personas, roles
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Too thin to use without `Personae and Roles.md` for context.
+**Related notes:** `iso27diy-corp/AuditGlue/Personae and Roles.md`
+**Content potential:** None in current state.
+**Fetch priority:** Low
+
+---
+
+**Title:** Personae and Roles
+**Path:** `iso27diy-corp/AuditGlue/Personae and Roles.md`
+**Summary:** Lists business personae (implementer, auditor internal/external, business manager, compliance officer, CISO), system roles (admin, user, power user), and ISMS roles from ISO 27001 (risk owner, incomplete). Also includes two user persona sketches: a startup co-owner and a lone professional in a low-security-affinity organization.
+**Key concepts and terms:** Personas, ISMS roles, risk owner, system roles, compliance officer, CISO
+**ISO27001 relevance:** References ISO 27001 roles including risk owner; relevant to clause 5.3 (organizational roles, responsibilities, and authorities).
+**ISO27DIY relevance:** Useful for audience targeting in content and for defining user segments in product marketing.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue Personae.md`, `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`
+**Content potential:** Basis for persona-driven content and customer empathy messaging.
+**Fetch priority:** Medium
+
+---
+
+**Title:** Most Challenging Clauses in ISO 27001
+**Path:** `iso27diy-corp/AuditGlue/Most Challenging Clauses in ISO 27001.md`
+**Summary:** Lists the ISO 27001 clauses that practitioners find most difficult: Clause 4 (context and boundaries), Clause 6 (risk assessment), Clause 9 (performance evaluation), Clause 10 (corrective action), and Annex A (control mapping and Statement of Applicability). Includes specific sub-challenges for each.
+**Key concepts and terms:** Clause 4 context, Clause 6 risk assessment, Clause 9 performance evaluation, Clause 10 corrective action, Statement of Applicability, risk methodology, nonconformity
+**ISO27001 relevance:** Directly maps to real-world implementation pain points for each clause referenced.
+**ISO27DIY relevance:** Highly relevant for content marketing — these pain points are exactly the problems iso27DIY solves. Strong basis for LinkedIn posts, newsletter topics, and landing page copy.
+**Related notes:** `iso27diy-corp/AuditGlue/GIS-content-map.md`
+**Content potential:** Excellent source for "why ISO 27001 is hard" content, problem-aware messaging, and feature justification.
+**Fetch priority:** High
+
+---
+
+**Title:** ISO27DIY Plain English Template [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/iso27DIY Plain English Template.md`
+**Summary:** A bare outline for a "Plain English" control description template: Control ID/Title, Properties, one-sentence summary, Implementation Guidance (required/recommended/relations), real-life examples, and remarks. No worked example or populated content.
+**Key concepts and terms:** Plain English, control template, implementation guidance
+**ISO27001 relevance:** Describes a format for making ISO 27002 controls accessible to non-experts.
+**ISO27DIY relevance:** Relevant to the corpus content format, but too thin to use without a worked example.
+**Related notes:** `iso27diy-corp/AuditGlue/Policy Card Example for Access to Software Applications.md`
+**Content potential:** Low in current state — needs a populated example to be useful.
+**Fetch priority:** Low
+
+---
+
+**Title:** Policy Card Example for Access to Software Applications
+**Path:** `iso27diy-corp/AuditGlue/Policy Card Example for Access to Software Applications.md`
+**Summary:** A detailed worked example of a "Policy Card" for an access control policy, covering purpose, scope, risk mitigation, method, metrics, measurement, evaluation, version control, and documentation. Shown in both structured bullet format and as a JSON object. References ISO 27001 controls 5.15 and 5.18.
+**Key concepts and terms:** Policy Card, access control policy, version control, metrics, measurement, evaluation, JSON policy schema, ISO27001:2022:A.5.15, ISO27001:2022:A.5.18
+**ISO27001 relevance:** Directly implements controls A.5.15 (Access control) and A.5.18 (Access rights). Demonstrates the policy structure required by ISO 27001.
+**ISO27DIY relevance:** Concrete example of a core iso27DIY output artifact. Useful for product demos, documentation, and content showing what "good" looks like.
+**Related notes:** `iso27diy-corp/AuditGlue/iso27DIY Plain English Template.md`
+**Content potential:** Strong basis for content showing what a compliant policy looks like in practice. Good for educational posts and product demos.
+**Fetch priority:** High
+
+---
+
+**Title:** ISO27DIY benefits [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/ISO27DIY benefits.md`
+**Summary:** A three-bullet stub listing product benefits (saves consulting fees, scale confidently, implement scalable security practices), plus two competitor URLs (Sprinto, instant27001.com). No elaboration.
+**Key concepts and terms:** Value proposition, consulting fees, scalability
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Relevant to marketing but too thin in current state. The competitor links suggest this was being used for competitive research.
+**Related notes:** None
+**Content potential:** None in current state — needs significant development.
+**Fetch priority:** Low
+
+---
+
+**Title:** Idea Validation
+**Path:** `iso27diy-corp/AuditGlue/Idea Validation.md`
+**Summary:** A saved Reddit post from r/microsaas describing a three-step idea validation methodology: problem thesis and user interviews, building an MVP in 30 days, and marketing to collect feedback. Not original content — saved for inspiration.
+**Key concepts and terms:** Idea validation, problem thesis, MVP, user interviews, Reddit marketing, feedback loops
+**ISO27001 relevance:** None.
+**ISO27DIY relevance:** Background research on SaaS product validation methodology. Not a source for publication content.
+**Related notes:** None
+**Content potential:** None — third-party content saved for reference.
+**Fetch priority:** Low
+
+---
+
+**Title:** Scale up markt NL [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/Scale up markt NL.md`
+**Summary:** Brief note referencing NLgroeit's Top 250 Dutch growth companies list (with Erasmus University) and their mentorship programme for companies over €1M revenue. Two links, no analysis.
+**Key concepts and terms:** NLgroeit, Dutch growth companies, mentorship, scale-up market
+**ISO27001 relevance:** None.
+**ISO27DIY relevance:** Market research reference — potential prospect pool or partnership lead for the Dutch advisory practice.
+**Related notes:** None
+**Content potential:** Low — background research only.
+**Fetch priority:** Low
+
+---
+
+**Title:** List of possible partners
+**Path:** `iso27diy-corp/AuditGlue/List of possible partners.md`
+**Summary:** Three-item list of potential partners: The Art of Service (InfoSec Kanban boards), Certificeringsadvies (independent external audits), and a Gumroad seller (SCM content, cross-posting offer).
+**Key concepts and terms:** Partners, InfoSec Kanban, external audits, cross-posting
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Business development reference. Certificeringsadvies is potentially relevant as an audit partner.
+**Related notes:** None
+**Content potential:** None — internal business development note.
+**Fetch priority:** Low
+
+---
+
+**Title:** Possible Colabs [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/Possible Colabs.md`
+**Summary:** Single entry: Phil Odence of Black Duck/Synopsys, a connection via Richard ten Cate (The Red Button), potentially relevant to software due diligence. No further detail.
+**Key concepts and terms:** Black Duck, Synopsys, software due diligence
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Business development note — possibly relevant for supply chain security content partnerships.
+**Related notes:** None
+**Content potential:** None in current state.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DIY-MoC (Map of Content)
+**Path:** `iso27diy-corp/AuditGlue/iso27DIY-MoC.md`
+**Summary:** A Map of Content linking to all major note clusters for the iso27DIY product: marketing source material, product design, method, agents, content, and platform. Functions as the top-level navigation hub for the entire AuditGlue folder and connected areas of the vault.
+**Key concepts and terms:** Map of Content, navigation, product design, marketing, platform, agents
+**ISO27001 relevance:** None directly — this is a navigation note.
+**ISO27DIY relevance:** High value as a navigation aid for agents needing to find connected notes quickly. Should be fetched early in any session working across AuditGlue material.
+**Related notes:** Most notes in `iso27diy-corp/AuditGlue/` and connected folders.
+**Content potential:** None — internal navigation note.
+**Fetch priority:** High
+
+---
+
+## System alternative subfolder
+
+This subfolder contains technical architecture, stack evaluation, and platform design notes. Most are research outputs or AI-generated design documents rather than original product decisions.
+
+---
+
+**Title:** Design Document for ISO 27001 Certification Support Online Service
+**Path:** `iso27diy-corp/AuditGlue/System alternative/Design Document for ISO 27001 Certification Support Online Service.md`
+**Summary:** An AI-generated (Perplexity) design document for an online ISO 27001 certification support service, produced in response to a structured prompt. Covers objectives, features (documentation hub, expert guidance, automation, self-assessment, training, community, tool integrations), user roles, user journey, technical architecture, and a 12-month roadmap. Saved as reference material, not original work.
+**Key concepts and terms:** Documentation hub, risk assessment engine, compliance tracker, self-assessment, e-learning, consultant marketplace, freemium model, GDPR
+**ISO27001 relevance:** Describes a service that maps closely to iso27DIY's own value proposition. Useful for competitive benchmarking and feature gap analysis.
+**ISO27DIY relevance:** Reference for product design thinking. Not a source for publication content.
+**Related notes:** `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`
+**Content potential:** Low — AI-generated reference, not original content.
+**Fetch priority:** Low
+
+---
+
+**Title:** Application architecture
+**Path:** `iso27diy-corp/AuditGlue/System alternative/Application architecture.md`
+**Summary:** A decision framework for distributing functionality across WeWeb (frontend), SQL functions/RPC, Edge Functions, and Database Triggers. Provides a decision matrix by performance, security, external integration, complexity, and real-time requirements, with practical worked examples.
+**Key concepts and terms:** WeWeb, Supabase, Edge Functions, SQL functions, Database Triggers, RPC, decision matrix, business logic placement
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Technical architecture reference for developers building on the preferred stack.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`, `iso27diy-corp/AuditGlue/System alternative/Building functionality in Supabase.md`
+**Content potential:** None — technical reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DIY Preferred Stack
+**Path:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`
+**Summary:** Evaluates and recommends the WeWeb (frontend) + Supabase (backend) low-code stack for iso27DIY's MVP. Covers rationale for each component, lock-in risk, entry costs, and best practices for avoiding vendor lock-in. Also covers business logic placement options across WeWeb workflows, Supabase database functions, and Edge Functions.
+**Key concepts and terms:** WeWeb, Supabase, low-code, vendor lock-in, Edge Functions, Postgres functions, Vue.js, REST API, TypeScript
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Technical stack decision reference for developer onboarding and architectural discussions.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/Application architecture.md`, `iso27diy-corp/AuditGlue/System alternative/iso27DIY stack deployment.md`
+**Content potential:** None — technical reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DYI architecture with LLM
+**Path:** `iso27diy-corp/AuditGlue/System alternative/iso27DYI architecture with LLM.md`
+**Summary:** Covers options for integrating LLM functionality into the WeWeb + Supabase stack: direct API calls (OpenAI/Anthropic), Node.js/Express middleware, Supabase Edge Functions, and serverless functions. Also covers self-hosting options (Ollama, vLLM, TGI). Recommends Supabase Edge Functions as the most elegant approach.
+**Key concepts and terms:** LLM integration, Ollama, vLLM, TGI, Supabase Edge Functions, OpenAI API, Anthropic API, self-hosted LLM, slot-filling
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Technical reference for the LLM integration layer relevant to content generation and slot-filling automation in the GIS.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`
+**Content potential:** None — technical reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** Building functionality in Supabase
+**Path:** `iso27diy-corp/AuditGlue/System alternative/Building functionality in Supabase.md`
+**Summary:** Reference overview of Supabase's functionality-building methods: SQL functions, Edge Functions, RPC, Database Triggers, RLS policies, auto-generated REST APIs, real-time subscriptions, GraphQL, webhooks, and PostgREST extensions.
+**Key concepts and terms:** Supabase, SQL functions, Edge Functions, RPC, Database Triggers, RLS, GraphQL, webhooks
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Technical reference for Supabase development decisions.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/Application architecture.md`
+**Content potential:** None — technical reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DIY stack deployment
+**Path:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY stack deployment.md`
+**Summary:** Step-by-step deployment guidance for the WeWeb + Supabase stack: publishing via WeWeb, custom domain setup, Supabase production configuration (RLS, backups, connection pooling), environment variable management, and a security checklist.
+**Key concepts and terms:** WeWeb deployment, Supabase deployment, RLS, CORS, environment variables, custom domain, CDN
+**ISO27001 relevance:** None directly, though the security checklist aligns loosely with secure deployment practices.
+**ISO27DIY relevance:** Operational reference for the development team.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`
+**Content potential:** None — operational reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** No local installs
+**Path:** `iso27diy-corp/AuditGlue/System alternative/No local installs.md`
+**Summary:** Confirms that end users need no local software beyond a modern browser — the entire stack runs in the cloud. Includes cited references.
+**Key concepts and terms:** Web-based access, no local install, browser-based, Deno, edge deployment
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Relevant for product positioning — "nothing to install" is a selling point for the SME target audience.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`
+**Content potential:** Low but usable for product messaging.
+**Fetch priority:** Low
+
+---
+
+**Title:** Agent Design Intent Card
+**Path:** `iso27diy-corp/AuditGlue/System alternative/Agent Design Intent Card.md`
+**Summary:** Notes from a Cognigy conversation design course on designing conversational agents. Covers intent modeling (Who/What/Intention/Reason), the stateless nature of conversations, personality and persona design for bots, and Contact Profiles for persistence.
+**Key concepts and terms:** Conversational agent design, intent, utterance, stateless conversation, bot persona, Contact Profile, Cognigy
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Design reference for the slot-filling conversational agent in the GIS.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`
+**Content potential:** None — design reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** TypeDB structure for ISO27DIY
+**Path:** `iso27diy-corp/AuditGlue/System alternative/TypeDB structure for ISO27DIY.md`
+**Summary:** An AI-generated (Gemini) TypeDB schema for representing ISO 27001 and 27002 entities and relationships, including standards, clauses, controls, actors, assets, artifacts, risks, events, and processes. Covers full TypeQL schema definition and a Mermaid diagram. Saved as an alternative/research note — not the current production data model.
+**Key concepts and terms:** TypeDB, TypeQL, knowledge graph, entity-relationship, controls, actors, artifacts, evidence, proof of implementation, graph database
+**ISO27001 relevance:** Models the full ISO 27001/27002 entity landscape including relationships between controls, clauses, actors, artifacts, and evidence.
+**ISO27DIY relevance:** Research/alternative design note. The conceptual model informs the current ERD even if TypeDB is not the chosen technology.
+**Related notes:** `iso27diy-corp/AuditGlue/Conceptual ERD.md`
+**Content potential:** Low — could inform a technical blog post about knowledge graphs and ISO 27001.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DIY UI ideas
+**Path:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY UI ideas.md`
+**Summary:** Brief note with UI inspiration references: Advisera Conformio, Cognigy academy (conversation design), PECB eLearning, and a Base44 writing assistant. Primarily screenshots with minimal commentary.
+**Key concepts and terms:** UI inspiration, guided implementation, eLearning, conversation design
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Design research reference.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/Agent Design Intent Card.md`
+**Content potential:** None — visual reference only.
+**Fetch priority:** Low
+
+---
+
+## Files not processed
+
+The following files in this folder are not markdown notes and were excluded from this overview:
+
+- Image files: `Canvas Cyclus.png`, `CleanShot 2025-07-17 at 10.45.16.png`, and multiple PNGs in `System alternative/`
+- `PolicyCard_Example_5.15.yaml` — YAML example; related to the Policy Card note
+- `iso27DIY content modules.canvas`, `System alternative/iso27DIY Functional Diagram.canvas`, `System alternative/iso27DIY UI Canvas.canvas` — Obsidian Canvas files
+- `System alternative/iso27DYI High level data structure.pdf` — not read
+- `System alternative/slot_config_erd.mermaid`, `slot_config_schema.sql`, `slot_manager_implementation.py` — code/schema files
+
+The following markdown files in `System alternative/` were not read due to batch size constraints and should be processed in a follow-up pass:
+- `JSON validation for Postgres.md`
+- `SQL vs NoSQL.md`
+- `SupaBase Edge Functions.md`
+- `SupaBase edge functions portability.md`
+- `Using AI to create policies.md`
+- `When to use JSON types in Supabase.md`
+- `Source text.md` (appears to be empty)
+
+---
+
+## Issues to flag
+
+1. **`AuditGlue Personae.md` vs `Personae and Roles.md`** — Two notes covering overlapping ground with no clear relationship. Consider merging or deprecating the shorter one.
+2. **`Modules, Screens and Content.md`** — Thin note largely redundant with `Three user modes for AuditGlue.md` and `GIS-content-map.md`. Candidate for removal.
+3. **`ISO27DIY benefits.md`** — Stub. Develop or delete.
+4. **`iso27DIY Plain English Template.md`** — Outline without a worked example. Needs population before it's useful.
+5. **Six `System alternative` notes unread** — Batch size constraint. Require a follow-up pass to complete this overview.
+6. **`Source text.md`** — Empty file. Remove.
+7. **`iso27DYI High level data structure.pdf`** — Unread. May contain architecture information not captured elsewhere.
+8. **Duplicate body in `Three user modes for AuditGlue.md`** — Entire note body appears twice. Clean up.