Initial commit

AuditGlue/System alternative/Agent Design Intent Card.md

@@ -0,0 +1,28 @@
+---
+tags:
+  - project/iso27DIY
+  - dev
+  - llm
+  - agent
+---
+[Cognigy course](https://academy.cognigy.com/courses/take/conversation-design-course/lessons/24748613-request-and-reply) Proceed with 4.3
+
+**Agent Design Intent Card**
+![[Agent Design Intent Card.png]]
+
+Notice:
+- Who = the user
+- What = the utterance
+- Intention = get todays menu
+- Reason = to order food
+
+A conversation is inherently stateless: it probably won't follow your designed workflow. The user may ignore the bot and continue on his own path.
+
+**Personality, Persona**
+A Bot needs a Name and a Character. 
+
+It is a good idea to also have a capability for smalltalk. Users will ask 'how's the weather' or 'how should I prepare for a Zombie attack' or will say 'I love you'
+[Search Google for repository](https://www.google.com/search?client=safari&rls=en&q=repository+of+intents+and+utterances+for+smalltalk+chatbots&ie=UTF-8&oe=UTF-8)
+[A collection of sample utterances in various languages](https://github.com/codeforequity-at/botium-utterances).
+
+Contact Profile: creates persistence, by remembering, for instance, the user's preferences and home address, so the bot doesn't have to ask the same questions again each time.

AuditGlue/System alternative/Using AI to create policies.md

@@ -0,0 +1,36 @@
+AI-enabled tooling to guide and advise employees in different roles in the organization.
+
+Examples:
+
+**Risk analysis**
+- C-level: high level policies state that we analyse risks and identify mitigating measures when starting a new project
+	- Policy_Agent drafts a context specific policy based on best practices
+- Project manager:
+	- Risk_Agent provides an overview of the steps to be taken, who to involve in what way (based on stakeholder analyses, creating a RASCI matrix) and guides the project manager through gathering the data. Maybe even plan meetings and send out invites.
+- Integrate with project management and GRC software
+
+**Vendor selection**
+- C-level: high level policies state the security requirements for vendors and applications
+	- Policy_Agent drafts a context specific policy based on best practices
+- VendorQ_agent creates questionnaires to send out to a selection of vendors
+- Q_Comparison_agent compares the returned questionnaires with the requirements and creates a table comparing the vendors
+
+**Data classification**
+1. questionnaire on how employees would classify different kinds of documents
+2. a classification matrix is suggested based on the results
+3. once the policy is established, this serves as a metric on how the perception of different groups of employees differs from the norm
+4. develop interventions based on these differences
+
+**Threat analysis**
+- do a threat analysis, see [[Create a threat analysis chatbot]]
+
+
+**Policy drafting**
+
+**Auditing**
+- a virtual auditor, that interviews you, and identifies areas for improvement
+
+**Feed the bot**
+- Blokdyk content
+- NHC cases
+ 

AuditGlue/System alternative/iso27DIY Functional Diagram.canvas

@@ -0,0 +1,32 @@
+{
+	"nodes":[
+		{"id":"75c30201fb81b0ec","type":"group","x":-320,"y":140,"width":550,"height":1020,"label":"GIS Guided Implementation System"},
+		{"id":"350b211777e89313","type":"group","x":820,"y":140,"width":560,"height":568,"label":"AuditGlue GRC Tool"},
+		{"id":"a5694aadef906b53","x":820,"y":840,"width":560,"height":320,"type":"group","label":"Knowledge Base"},
+		{"id":"43e5cc1fa3f296af","type":"text","text":"UI/UX","x":190,"y":-510,"width":430,"height":230},
+		{"id":"25aa3aae60de546d","type":"file","file":"📎 Attachments/noun-human-7596266.png","x":-120,"y":-860,"width":235,"height":235},
+		{"id":"f675351f27b4c1ba","type":"file","file":"📎 Attachments/noun-window-104597.png","x":277,"y":-440,"width":117,"height":117,"color":"5"},
+		{"id":"3e88c02ada1829d9","type":"file","file":"📎 Attachments/noun-bot-7868864.png","x":427,"y":-440,"width":117,"height":117,"color":"4"},
+		{"id":"541f3f74ded720a8","type":"text","text":"Example productions and templates","x":-297,"y":655,"width":505,"height":105},
+		{"id":"2d283f7e2af85112","type":"text","text":"Implementation Journey (method)","x":-299,"y":192,"width":505,"height":100},
+		{"id":"336beb2011a0552f","type":"text","text":"Training content","x":-297,"y":350,"width":505,"height":100},
+		{"id":"092a8b1f2b7b6107","type":"text","text":"Library of business processes and structures","x":-301,"y":500,"width":507,"height":105},
+		{"id":"4e7485a3417d5d7a","type":"text","text":"Client organization data","x":-297,"y":813,"width":505,"height":105},
+		{"id":"1663363e7f4bc888","type":"text","text":"ISO 27001 Clauses and Controls\nISO 27002 etc. Guidance","x":-297,"y":980,"width":508,"height":102},
+		{"id":"cb0bca515071c048","type":"text","text":"Document Management","x":840,"y":206,"width":505,"height":105},
+		{"id":"7bf3f2be62b62520","type":"text","text":"Planning","x":840,"y":361,"width":505,"height":105},
+		{"id":"4689e7cb295c69a7","type":"text","text":"Task Management","x":840,"y":518,"width":505,"height":105},
+		{"id":"0c16a220cda9191b","type":"file","file":"📎 Attachments/iso27DYI High level data structure.pdf","x":-301,"y":1620,"width":680,"height":402}
+	],
+	"edges":[
+		{"id":"7255ca95371b2d3c","fromNode":"43e5cc1fa3f296af","fromSide":"top","toNode":"25aa3aae60de546d","toSide":"right","label":"show & teach"},
+		{"id":"52c2a8120e9954a3","fromNode":"25aa3aae60de546d","fromSide":"bottom","toNode":"43e5cc1fa3f296af","toSide":"left","label":"provide information"},
+		{"id":"0172cf6f3059639b","fromNode":"43e5cc1fa3f296af","fromSide":"top","toNode":"25aa3aae60de546d","toSide":"bottom","label":"ask questions"},
+		{"id":"af9db9e573ed4ac8","fromNode":"75c30201fb81b0ec","fromSide":"top","toNode":"43e5cc1fa3f296af","toSide":"bottom","label":"provide guidance\nand examples"},
+		{"id":"b8c13d2facda3ed2","fromNode":"1663363e7f4bc888","fromSide":"left","toNode":"4e7485a3417d5d7a","toSide":"left","label":"determine\ndata slots"},
+		{"id":"4857e13f77b0fa91","fromNode":"75c30201fb81b0ec","fromSide":"right","toNode":"350b211777e89313","toSide":"left","label":"create productions"},
+		{"id":"3d50ce33887c86a9","fromNode":"43e5cc1fa3f296af","fromSide":"bottom","toNode":"350b211777e89313","toSide":"top","label":"provide proofs"},
+		{"id":"942358d1d84bbd49","fromNode":"4e7485a3417d5d7a","fromSide":"right","toNode":"a5694aadef906b53","toSide":"left"},
+		{"id":"dd7ff9142619fc0e","fromNode":"350b211777e89313","fromSide":"bottom","toNode":"a5694aadef906b53","toSide":"top"}
+	]
+}

AuditGlue/System alternative/iso27DIY Preferred Stack.md

@@ -0,0 +1,248 @@
+---
+tags:
+  - project/iso27DIY
+  - "#stack"
+  - WeWeb
+  - "#SupaBase"
+---
+
+# Preferred Low-Code Stack for iso27DIY 
+
+[Perplexity](https://www.perplexity.ai/search/so-far-in-this-conversation-we-KS4D76gkQQi0e7OVClx9qQ)
+
+**Key Requirements**
+* Low-code web app development
+* Avoid vendor/code lock-in
+* Minimal entry costs for MVP
+
+### Frontend: WeWeb
+* **Why:**
+  * Exports clean, customizable Vue.js code, allowing you to fully own and modify your frontend outside the platform~[5](https://www.nocodefinder.com/blog-posts/no-code-tools-export-code)~.
+  * You can self-host, integrate with CI/CD, and deploy anywhere (AWS, Netlify, etc.)~[5](https://www.nocodefinder.com/blog-posts/no-code-tools-export-code)~.
+  * Flexible integration with external backends via APIs.
+* **Entry Cost:**
+  * Free tier available; paid plans for advanced features, but MVPs can start with minimal cost~[5](https://www.nocodefinder.com/blog-posts/no-code-tools-export-code)~.
+
+### Backend: Supabase
+* **Why:**
+  * Supabase is open source, offers a free tier, and provides a scalable PostgreSQL backend with authentication, storage, and real-time features. Supabase offers Edge Functions for business logic.
+  * Airtable is easy for non-developers, but for long-term flexibility, Supabase is preferable.
+* **Entry Cost:**
+  * Generous free tier for Supabase; Airtable also has a free plan.
+
+### Integration Layer
+* Use REST or GraphQL APIs to connect WeWeb (frontend) with Supabase/Airtable (backend).
+* This loose coupling ensures you can swap out either layer later, minimizing lock-in~[4](https://www.outsystems.com/blog/posts/vendor-lock-in/)~.
+
+⠀
+### Why This Stack?
+* **No Vendor Lock-In:**
+  * Exported frontend code (WeWeb) is fully customizable and can be hosted anywhere~[5](https://www.nocodefinder.com/blog-posts/no-code-tools-export-code)~.
+  * Backend is open source (Supabase) or easily exportable (Airtable data).
+  * Keeping backend and frontend separate via APIs further reduces lock-in risk~[4](https://www.outsystems.com/blog/posts/vendor-lock-in/)~.
+* **Low Entry Cost:**
+  * Both WeWeb and Supabase offer free tiers suitable for MVPs.
+  * No upfront infrastructure or licensing costs.
+* **Learning Curve:**
+  * WeWeb’s drag-and-drop interface is beginner-friendly, and Vue.js is widely documented.
+  * Supabase’s dashboard and documentation are accessible for those new to backend development.
+
+⠀
+### Alternative Open-Source Low-Code Platform: Appsmith
+* **Why:**
+  * Open source, can be self-hosted, and is built for internal tools and dashboards~[3](https://www.appsmith.com/blog/low-code-platforms)~.
+  * No vendor lock-in, full access to source code, and usage-based pricing (even free for community edition)~[3](https://www.appsmith.com/blog/low-code-platforms)~.
+  * Integrates with 18+ databases and APIs.
+* **Best For:**
+  * Internal tools, admin panels, and data-driven apps.
+
+⠀
+### Summary Table
+| **Stack Component** | **Recommended Tool** | **Lock-In Risk** | **Entry Cost** | **Export/Ownership** |
+|:-:|:-:|:-:|:-:|:-:|
+| Frontend | WeWeb | Very Low | Free tier | Full code export |
+| Backend | Supabase | None | Free tier | Open source |
+| Alternative | Appsmith | None | Free tier | Self-hosted |
+
+
+### Best Practices to Avoid Lock-In
+* **Keep your database and business logic outside the low-code platform when possible**~[4](https://www.outsystems.com/blog/posts/vendor-lock-in/)~.
+* **Use open standards (REST, GraphQL) for integration**.
+* **Choose platforms that allow code/data export and self-hosting**~[5](https://www.nocodefinder.com/blog-posts/no-code-tools-export-code)~.
+
+⠀
+**In summary:**
A stack using WeWeb (frontend, code export), Supabase (backend, open source), and API integration offers the best balance of low entry cost, minimal lock-in, and flexibility for a web app MVP. For internal tools, Appsmith is a strong open-source alternative~[3](https://www.appsmith.com/blog/low-code-platforms)[5](https://www.nocodefinder.com/blog-posts/no-code-tools-export-code)~.
+1 ~[https://acropolium.com/blog/low-code-mvp/](https://acropolium.com/blog/low-code-mvp/)~
+2 ~[https://www.mintbit.com/blog/top-7-low-slash-no-code-platforms-for-building-an-mvp/](https://www.mintbit.com/blog/top-7-low-slash-no-code-platforms-for-building-an-mvp/)~
+3 ~[https://www.appsmith.com/blog/low-code-platforms](https://www.appsmith.com/blog/low-code-platforms)~
+4 ~[https://www.outsystems.com/blog/posts/vendor-lock-in/](https://www.outsystems.com/blog/posts/vendor-lock-in/)~
+5 ~[https://www.nocodefinder.com/blog-posts/no-code-tools-export-code](https://www.nocodefinder.com/blog-posts/no-code-tools-export-code)~
+6 ~[https://impalaintech.com/blog/low-code-platforms-list/](https://impalaintech.com/blog/low-code-platforms-list/)~
+7 ~[https://www.akveo.com/blog/top-low-code-development-platforms](https://www.akveo.com/blog/top-low-code-development-platforms)~
+8 ~[https://deployd.co/blog/low-code-vs-traditional-development-cost-comparison-guide](https://deployd.co/blog/low-code-vs-traditional-development-cost-comparison-guide)~
+9 ~[https://www.linkedin.com/pulse/best-low-code-platforms-mvp-development-amit-prakash-swucf](https://www.linkedin.com/pulse/best-low-code-platforms-mvp-development-amit-prakash-swucf)~
+10 ~[https://www.appbuilder.dev/blog/vendor-lock-in](https://www.appbuilder.dev/blog/vendor-lock-in)~
+11 ~[https://www.outsystems.com/application-development/vendor-lock-in-challenges-and-concerns/](https://www.outsystems.com/application-development/vendor-lock-in-challenges-and-concerns/)~
+12 ~[https://refine.dev/blog/low-code-tools/](https://refine.dev/blog/low-code-tools/)~
+13 ~[https://rocketdevs.com/blog/low-code-development-platforms](https://rocketdevs.com/blog/low-code-development-platforms)~
+14 ~[https://impalaintech.com/blog/mvp/low-code-mvp/](https://impalaintech.com/blog/mvp/low-code-mvp/)~
+15 ~[https://www.netguru.com/blog/bubble-no-code-development](https://www.netguru.com/blog/bubble-no-code-development)~
+16 ~[https://www.reddit.com/r/SaaS/comments/1fqi03v/what_are_the_best_nocode_tools_to_build_an_mvp/](https://www.reddit.com/r/SaaS/comments/1fqi03v/what_are_the_best_nocode_tools_to_build_an_mvp/)~
+17 ~[https://www.reddit.com/r/nocode/comments/1fp6857/suggestions_for_a_no_code_platform_that_doesnt/](https://www.reddit.com/r/nocode/comments/1fp6857/suggestions_for_a_no_code_platform_that_doesnt/)~
+18 ~[https://thectoclub.com/tools/best-low-code-platform/](https://thectoclub.com/tools/best-low-code-platform/)~
+19 ~[https://www.dhiwise.com/post/how-vibe-coding-compares-to-low-code-platforms](https://www.dhiwise.com/post/how-vibe-coding-compares-to-low-code-platforms)~
+20 ~[https://techstartups.com/2025/03/01/no-code-and-ai-coding-tools-risks-dangers-limitations-and-hidden-costs-you-need-to-know/](https://techstartups.com/2025/03/01/no-code-and-ai-coding-tools-risks-dangers-limitations-and-hidden-costs-you-need-to-know/)~
+21 ~[https://vinova.sg/2025/06/03/the-cost-of-developing-an-mvp-budgeting-for-success/](https://vinova.sg/2025/06/03/the-cost-of-developing-an-mvp-budgeting-for-success/)~
+22 ~[https://www.appbuilder.dev/blog/building-an-mvp-with-low-code](https://www.appbuilder.dev/blog/building-an-mvp-with-low-code)~
+23 ~[https://budibase.com/blog/open-source-low-code-platforms/](https://budibase.com/blog/open-source-low-code-platforms/)~
+24 ~[https://www.reddit.com/r/nocode/comments/1j8oemu/the_ultimate_list_to_coding_nocode_and_lowcode/](https://www.reddit.com/r/nocode/comments/1j8oemu/the_ultimate_list_to_coding_nocode_and_lowcode/)~
+25 ~[https://dev.to/kamal_deeppareek_f5bb5d8/no-codelow-code-tools-for-mvp-development-in-2025-1k3d](https://dev.to/kamal_deeppareek_f5bb5d8/no-codelow-code-tools-for-mvp-development-in-2025-1k3d)~
+26 ~[https://snappify.com/blog/best-low-code-tools](https://snappify.com/blog/best-low-code-tools)~
+27 ~[https://deployd.co/low-code-migration-hub/top-5-low-code-migration-strategies-for-enterprise-apps](https://deployd.co/low-code-migration-hub/top-5-low-code-migration-strategies-for-enterprise-apps)~
+28 ~[https://www.jmix.io/tech-library/low-code-vs-less-code/](https://www.jmix.io/tech-library/low-code-vs-less-code/)~
+
+WeWeb for the Frontend
+Supabase for the Database
+Supabase Edge Functions for business logic
+Postgres functions for data-centric rules.
+## Programming the business logic 
+
+With a WeWeb and Supabase stack, you have several options for where to implement business logic, each with different trade-offs for maintainability, scalability, and lock-in:
+
+### 1. WeWeb Workflows (Frontend)
+* **What:** Use WeWeb’s built-in visual workflows, conditional logic, and custom JavaScript code blocks to handle simple business rules, UI logic, and API orchestration.
+* **Best for:** UI-centric logic, simple validations, or workflows tightly coupled to the user interface.
+* **Limitations:** Puts logic on the client side, which can expose sensitive rules and make maintenance harder as complexity grows~[1](https://community.weweb.io/t/recommendation-for-business-logic-using-supabase/8320)[4](https://www.nocodeassistant.agency/blog/weweb-and-supabase)[5](https://www.weweb.io/integrations/supabase)~.
+
+⠀
+### 2. Supabase Database Layer
+* **What:** Implement business logic in PostgreSQL using database functions, triggers, and stored procedures.
+* **Best for:** Data validation, calculations, and workflows that must be enforced at the data level (e.g., keeping business rules close to the data, ensuring integrity).
+* **Pros:**
+  * Logic is centralized, secure, and portable (standard SQL/Postgres).
+  * Reduces vendor lock-in, since you can migrate your database and functions to another Postgres-compatible host if needed~[3](https://www.reddit.com/r/Supabase/comments/1kcm181/how_do_you_get_around_the_lack_of_a_business/)~.
+* **Cons:**
+  * Writing and maintaining complex logic in SQL/PLpgSQL can be challenging and less flexible than using a general-purpose language~[1](https://community.weweb.io/t/recommendation-for-business-logic-using-supabase/8320)[3](https://www.reddit.com/r/Supabase/comments/1kcm181/how_do_you_get_around_the_lack_of_a_business/)~.
+
+⠀
+### 3. Supabase Edge Functions
+* **What:** Write serverless functions (in TypeScript/JavaScript) that run on Supabase’s infrastructure and are callable via HTTP endpoints.
+* **Best for:**
+  * More complex business logic, integrating with external APIs, or workflows that shouldn’t run on the client.
+  * Use cases such as checkout flows, custom validations, sending emails, or handling webhooks~[2](https://supabase.com/blog/simplify-backend-with-data-api)~.
+* **Pros:**
+  * Keeps logic off the client, improves security, and is more maintainable for complex scenarios.
+  * Flexible: you can write logic in a modern language and integrate with any service.
+* **Cons:**
+  * Adds some operational overhead (deployment, monitoring).
+  * Still somewhat tied to Supabase’s serverless environment, but easier to migrate than pure no-code logic~[1](https://community.weweb.io/t/recommendation-for-business-logic-using-supabase/8320)[2](https://supabase.com/blog/simplify-backend-with-data-api)[3](https://www.reddit.com/r/Supabase/comments/1kcm181/how_do_you_get_around_the_lack_of_a_business/)~.
+
+⠀
+### 4. Dedicated Backend (Optional Extra Layer)
+* **What:** Build a separate backend (e.g., with Node.js, Python, or another stack) to act as a business logic/API layer between WeWeb and Supabase.
+* **Best for:**
+  * Large projects, highly complex business rules, or when you want maximum portability and control.
+* **Pros:**
+  * Full flexibility, easy to migrate, and not tied to any one platform.
+* **Cons:**
+  * Increases development and maintenance effort; may not be necessary for MVPs~[3](https://www.reddit.com/r/Supabase/comments/1kcm181/how_do_you_get_around_the_lack_of_a_business/)~.
+
+⠀
+### Best Practice for MVPs
+* Start with **Supabase Edge Functions** for business logic that shouldn’t be exposed to the client, and use **Postgres functions** for data-centric rules.
+* Use WeWeb workflows for UI-level logic only.
+* If your app grows in complexity, you can introduce a dedicated backend later without major refactoring.
+
+⠀
+### Summary Table
+| **Option** | **Language** | **Lock-in Risk** | **Best for** | **Notes** |
+|:-:|:-:|:-:|:-:|:-:|
+| WeWeb Workflows | Visual/JS | High | UI logic, simple workflows | Not secure for sensitive logic |
+| Supabase DB Functions | SQL/PLpgSQL | Low | Data validation, calculations | Portable, but SQL-centric |
+| Supabase Edge Functions | TypeScript/JS | Moderate | Complex, secure business logic | Good balance for most MVPs |
+| Dedicated Backend (API) | Any | Very Low | Large/complex projects | Most flexible, most work |
+
+
+**In conclusion:**
You do not need an extra backend layer for most MVPs. Use Supabase Edge Functions and database functions for business logic, and reserve WeWeb workflows for UI-level tasks. This approach keeps your logic secure, maintainable, and minimizes lock-in while allowing for future migration or scaling~[1](https://community.weweb.io/t/recommendation-for-business-logic-using-supabase/8320)[2](https://supabase.com/blog/simplify-backend-with-data-api)[3](https://www.reddit.com/r/Supabase/comments/1kcm181/how_do_you_get_around_the_lack_of_a_business/)[4](https://www.nocodeassistant.agency/blog/weweb-and-supabase)[5](https://www.weweb.io/integrations/supabase)~.
+1 ~[https://community.weweb.io/t/recommendation-for-business-logic-using-supabase/8320](https://community.weweb.io/t/recommendation-for-business-logic-using-supabase/8320)~
+2 ~[https://supabase.com/blog/simplify-backend-with-data-api](https://supabase.com/blog/simplify-backend-with-data-api)~
+3 ~[https://www.reddit.com/r/Supabase/comments/1kcm181/how_do_you_get_around_the_lack_of_a_business/](https://www.reddit.com/r/Supabase/comments/1kcm181/how_do_you_get_around_the_lack_of_a_business/)~
+4 ~[https://www.nocodeassistant.agency/blog/weweb-and-supabase](https://www.nocodeassistant.agency/blog/weweb-and-supabase)~
+5 ~[https://www.weweb.io/integrations/supabase](https://www.weweb.io/integrations/supabase)~
+6 ~[https://community.weweb.io/t/recommendation-for-business-logic-using-supabase/8320?page=2](https://community.weweb.io/t/recommendation-for-business-logic-using-supabase/8320?page=2)~
+7 ~[https://community.weweb.io/t/can-supabase-do-the-entire-backend-with-advanced-logic/4181](https://community.weweb.io/t/can-supabase-do-the-entire-backend-with-advanced-logic/4181)~
+8 ~[https://www.reddit.com/r/Supabase/comments/17c1izo/all_business_logic_within_supabase/](https://www.reddit.com/r/Supabase/comments/17c1izo/all_business_logic_within_supabase/)~
+9 ~[https://www.youtube.com/watch?v=fZbkLElKuFQ](https://www.youtube.com/watch?v=fZbkLElKuFQ)~
+10 ~[https://community.weweb.io/t/any-date-for-full-supabase-integration/6050](https://community.weweb.io/t/any-date-for-full-supabase-integration/6050)~
+
+
+
+## What to familiarize myself with
+
+**Summary**
+- WeWeb’s visual tools and 
+- Some JavaScript for the frontend
+- PostgreSQL for the database
+- TypeScript/JavaScript for Supabase Edge Functions
+- Learn how to connect and consume RESTful endpoints
+
+If you choose WeWeb for the frontend, Supabase for the database, Supabase Edge Functions for business logic, and Postgres functions for data-centric rules, here are the languages and frameworks you should familiarize yourself with:
+
+### WeWeb (Frontend)
+* **Visual Development:**
+  * Most UI and workflow logic can be built visually with WeWeb’s drag-and-drop interface~[2](https://www.weweb.io/blog/front-end-design-guide)[8](https://www.weweb.io/blog/no-code-web-app-guide)~.
+* **JavaScript:**
+  * For custom UI interactions, logic, or integrating with APIs, some knowledge of JavaScript is helpful~[2](https://www.weweb.io/blog/front-end-design-guide)[5](https://unicoconnect.com/careers/weweb)~.
+* **HTML & CSS (Basics):**
+  * While not strictly required, understanding HTML and CSS will help you troubleshoot, customize, and polish your app’s appearance~[2](https://www.weweb.io/blog/front-end-design-guide)[5](https://unicoconnect.com/careers/weweb)[6](https://www.merixstudio.com/blog/10-skills-need-be-frontend-developer)~.
+* **RESTful APIs:**
+  * Learn how to connect and consume RESTful endpoints, as WeWeb integrates with external APIs for dynamic data~[2](https://www.weweb.io/blog/front-end-design-guide)[5](https://unicoconnect.com/careers/weweb)~.
+⠀
+### Supabase (Database)
+* **SQL (PostgreSQL dialect):**
+  * For writing queries, managing data, and especially for creating Postgres functions (stored procedures) to handle data-centric business rules~[5](https://unicoconnect.com/careers/weweb)~.
+* **Database Concepts:**
+  * Understanding tables, relationships, authentication, and permissions in a relational database context~[5](https://unicoconnect.com/careers/weweb)~.
+
+⠀
+### Supabase Edge Functions (Business Logic)
+* **TypeScript/JavaScript:**
+  * Supabase Edge Functions are written in TypeScript or JavaScript, so you’ll need to be comfortable with at least one of these languages to implement backend business logic.
+
+⠀
+### General Web Development Skills<!-- {"fold":true} -->
+* **Version Control (Git):**
+  * Basic familiarity with Git for managing code, especially if you export code from WeWeb or collaborate with others~[3](https://www.reddit.com/r/webdev/comments/10ve6j2/what_skills_should_a_front_end_web_developer_have/)[6](https://www.merixstudio.com/blog/10-skills-need-be-frontend-developer)~.
+* **Testing & Debugging:**
+  * Ability to test and debug both frontend and backend logic to ensure a robust application~[2](https://www.weweb.io/blog/front-end-design-guide)[5](https://unicoconnect.com/careers/weweb)~.
+
+⠀
+### Summary Table
+| **Layer** | **Language/Frameworks** | **Why Learn It?** |
+|:-:|:-:|:-:|
+| WeWeb (Frontend) | Visual builder, JavaScript | UI building, custom logic, API integration |
+|  | HTML, CSS (basics) | Troubleshooting, advanced UI customization |
+| Supabase (Database) | SQL (Postgres) | Queries, data modeling, Postgres functions |
+| Supabase Edge Functions | TypeScript/JavaScript | Secure, scalable backend business logic |
+| General Dev Skills | REST APIs, Git | Integration, code management, team collaboration |
+
+**In summary:**
You’ll primarily work with WeWeb’s visual tools and some JavaScript for the frontend, SQL/Postgres for the database, and TypeScript/JavaScript for Supabase Edge Functions. This stack minimizes lock-in, is approachable for new developers, and leverages widely-used, well-documented technologies~[2](https://www.weweb.io/blog/front-end-design-guide)[5](https://unicoconnect.com/careers/weweb)~.
+
+1 ~[https://www.nocodeinstitute.io/nocode-jobs/weweb-developer](https://www.nocodeinstitute.io/nocode-jobs/weweb-developer)~
+2 ~[https://www.weweb.io/blog/front-end-design-guide](https://www.weweb.io/blog/front-end-design-guide)~
+3 ~[https://www.reddit.com/r/webdev/comments/10ve6j2/what_skills_should_a_front_end_web_developer_have/](https://www.reddit.com/r/webdev/comments/10ve6j2/what_skills_should_a_front_end_web_developer_have/)~
+4 ~[https://careerfoundry.com/en/blog/web-development/frontend-developer-skills](https://careerfoundry.com/en/blog/web-development/frontend-developer-skills)~
+5 ~[https://unicoconnect.com/careers/weweb](https://unicoconnect.com/careers/weweb)~
+6 ~[https://www.merixstudio.com/blog/10-skills-need-be-frontend-developer](https://www.merixstudio.com/blog/10-skills-need-be-frontend-developer)~
+7 ~[https://skillcrush.com/blog/skills-to-become-a-front-end-developer/](https://skillcrush.com/blog/skills-to-become-a-front-end-developer/)~
+8 ~[https://www.weweb.io/blog/no-code-web-app-guide](https://www.weweb.io/blog/no-code-web-app-guide)~
+
+
+### Learning JavaScript
+
+* **Mozilla Developer Network (MDN) Web Docs:** Excellent and comprehensive JavaScript guide.
+* **freeCodeCamp:** Interactive courses that teach you programming fundamentals.
+* **The Odin Project:** A full-stack curriculum that starts with JavaScript fundamentals.
+* **Codecademy:** Interactive lessons for foundational concepts.
+* **"Eloquent JavaScript" by Marijn Haverbeke:** A free online book (more challenging, but very thorough).
+

AuditGlue/System alternative/iso27DIY UI Canvas.canvas

@@ -0,0 +1,13 @@
+{
+	"nodes":[
+		{"id":"ebb754722fcc96f6","type":"group","x":-620,"y":-480,"width":320,"height":340,"label":"Setting up the ISMS"},
+		{"id":"17fd5c52210c7811","type":"group","x":-220,"y":-480,"width":320,"height":340,"label":"Maintaining the ISMS"},
+		{"id":"718433e9856ea0aa","type":"group","x":-220,"y":-60,"width":320,"height":340,"label":"Support"},
+		{"id":"ab1cb1a22b54522f","type":"group","x":180,"y":-480,"width":320,"height":340,"label":"Auditing the ISMS"}
+	],
+	"edges":[],
+	"metadata":{
+		"version":"1.0-1.0",
+		"frontmatter":{}
+	}
+}

AuditGlue/System alternative/iso27DIY UI ideas.md

@@ -0,0 +1,21 @@
+---
+tags:
+  - iso27DIY
+  - design
+---
+**Advisera Conformio Guided implementation**
+https://advisera.com/conformio/
+
+
+**academy.cognigy.com**
+Video courses for conversation design
+![[Cognigy.png|1000]]
+
+**PECB eLearning** 
+
+![[CleanShot 2025-07-01 at 13.59.22 1.png|1000]]
+
+**Writing assistant made with Base44**
+
+![[screenshot 1.png]]
+

AuditGlue/System alternative/iso27DIY stack deployment.md

@@ -0,0 +1,70 @@
+---
+tags:
+  - iso27DIY
+  - dev
+  - WeWeb
+  - SupaBase
+---
+## WeWeb Frontend Deployment
+
+**WeWeb handles deployment automatically:**
+
+- WeWeb applications are deployed directly from their platform
+- Go to your WeWeb editor and click “Publish”
+- WeWeb will generate a production URL for your app
+- You can connect a custom domain through WeWeb’s domain settings
+- WeWeb uses a global CDN for fast loading times
+
+**Custom domain setup:**
+
+- In WeWeb, go to Project Settings > Domain
+- Add your custom domain and follow their DNS configuration instructions
+- Update your domain’s DNS records to point to WeWeb’s servers
+
+## Supabase Backend Deployment
+
+**Supabase is already cloud-hosted:**
+
+- Your Supabase project runs on their managed infrastructure
+- No separate deployment needed for the database and API
+- Ensure your project is on a paid plan for production use (removes limitations)
+- Configure Row Level Security (RLS) policies for data protection
+
+## Integration Configuration
+
+**Environment variables and API keys:**
+
+- In WeWeb, configure your Supabase connection in the backend integrations
+- Use your production Supabase URL and anon key (not the local development ones)
+- Ensure CORS is properly configured in Supabase for your WeWeb domain
+- Set up authentication redirects to point to your production WeWeb URL
+
+**Database preparation:**
+
+- Run any pending migrations in Supabase
+- Set up proper indexes for performance
+- Configure backup policies
+- Review and tighten security rules
+
+## Additional Production Considerations
+
+**Performance optimization:**
+
+- Enable caching where appropriate in WeWeb
+- Optimize your Supabase queries and add indexes
+- Consider setting up database connection pooling if needed
+
+**Monitoring and maintenance:**
+
+- Set up Supabase monitoring and alerts
+- Configure error tracking in WeWeb if available
+- Plan for regular database maintenance
+
+**Security checklist:**
+
+- Review all RLS policies in Supabase
+- Ensure API keys are properly scoped
+- Configure proper CORS settings
+- Set up proper authentication flows
+
+The main advantage of this stack is that both platforms handle the infrastructure complexity for you - WeWeb manages the frontend hosting and CDN, while Supabase handles the database, API, and authentication infrastructure.

AuditGlue/System alternative/iso27DYI architecture with LLM.md

@@ -0,0 +1,88 @@
+---
+tags:
+  - iso27DIY
+  - architecture
+  - LLMgenerated
+---
+# iso27DYI architecture with LLM
+
+For connecting WeWeb (frontend) and Supabase (backend) with LLM functionality, you have several technology options:
+- **OpenAI API** or **Anthropic API** directly from your middleware
+- **Supabase JavaScript client** for database operations
+- **WeWeb API calls** to your middleware endpoints
+
+Since WeWeb works well with REST APIs and Supabase has excellent API support, you can build a middleware layer:
+
+1. **Node.js/Express API** - Create API endpoints that:
+    - Receive requests from WeWeb
+    - Query Supabase for data
+    - Call LLM APIs (OpenAI, Anthropic, etc.)
+    - Return processed responses to WeWeb
+2. **Supabase Edge Functions** - Use Supabase's serverless functions to:
+    - Handle LLM processing directly within your Supabase environment
+    - Access your database without additional API calls
+    - Deploy TypeScript/JavaScript functions that WeWeb can call
+3. **Serverless Functions** (Vercel, Netlify, or AWS Lambda):
+    - Deploy functions that orchestrate between WeWeb, Supabase, and LLMs
+    - Good for scaling and keeping costs predictable
+
+
+The **Supabase Edge Functions** approach is often the most elegant since it keeps everything in your existing Supabase ecosystem and supports TypeScript natively.
+
+``` typescript
+// Edge function that:
+// 1. Receives user input from WeWeb
+// 2. Queries Supabase database for context
+// 3. Calls OpenAI/Anthropic API directly
+// 4. Returns response to WeWeb
+
+```
+
+**For your slot-filling + content generation use case:**
+
+- Direct API calls to LLMs work perfectly
+- Supabase handles your data needs
+- WeWeb handles the UI interactions
+
+## Self-hosting the LLM
+For self-hosting an LLM with an easy API, here are the simplest options:
+
+**Ollama (Easiest)**
+
+- Install Ollama on your server
+- Pull models like `llama3`, `mistral`, `codellama`
+- Built-in REST API at `http://localhost:11434`
+- Simple JSON requests, OpenAI-compatible endpoints
+- Works great for development and moderate production use
+
+**vLLM (Best for Production)**
+
+- High-performance serving with OpenAI-compatible API
+- Excellent throughput and batching
+- Simple command: `vllm serve model-name --api-key your-key`
+- API available at `http://localhost:8000/v1/`
+
+**Text Generation Inference (TGI)**
+
+- Hugging Face's production-ready solution
+- Docker container deployment
+- OpenAI-compatible API
+- Good performance optimization
+
+**For your Supabase setup:**
+
+1. Deploy Ollama/vLLM on a server (or even locally for development)
+2. From your Supabase Edge Functions, make HTTP requests to your LLM API
+3. No need to change your WeWeb → Supabase → LLM flow
+
+**Quick start with Ollama:**
+
+```bash
+# Install and run
+curl -fsSL https://ollama.ai/install.sh | sh
+ollama serve
+ollama pull llama3
+```
+
+Then your Edge Functions can call `POST http://your-server:11434/api/generate`
+