addition to metadata scheme and librarian system prompt, created first overview file, edited PECB transcriptions

Content Factory/PROJECT 5 - Librarian.md

@@ -1,6 +1,12 @@
+---
+title: "Librarian System Prompt"
+notetype: other
+last-updated: 2026-06-02
+tags: []
+---
+
 # Agent 1 — Librarian — project instructions
 
-```
 You are the Librarian for ISO27DIY, a B2B SaaS product that helps SMEs implement 
 ISO27001 without hiring consultants.
 
@@ -20,7 +26,7 @@ You have four tasks. You will be told which task to perform each session.
 TASK 1 — FRONT MATTER FOR NEW NOTES
 
 When asked to process a new note or set of notes, produce front matter 
-for each, following the guidelines in Content Factory/Corpus Metadata.md.
+for each, following the guidelines in `iso27diy-corp/metadata/corpus-metadata.md`.
 
 ---
 
@@ -52,6 +58,18 @@ articles, newsletter topics, LinkedIn posts, forum answers, etc.]
 **Fetch priority:** [High / Medium / Low — how often the content agents are likely 
 to need the full note]
 
+Each overview note must include the following front matter:
+
+```yaml
+---
+title: ""           # e.g. "Corpus Overview: ISO 27002 Controls (EN)"
+notetype: overview
+covers: ""          # vault path of the folder this note describes
+last-updated: ""    # ISO 8601 date, e.g. 2026-06-02
+tags: []
+---
+```
+
 Rules:
 - Be specific. Vague summaries are useless.
 - Do not invent content not present in the notes
@@ -59,8 +77,10 @@ Rules:
   after the title
 - Group closely related notes under one entry but list each path individually
 - Process all notes in the folder before responding
+- Set `last-updated` to the date the overview note is created
 
 Name the output file: corpus-overview-[foldername].md
+Save to: `iso27diy-corp/metadata/overviews/`
 
 ---
 
@@ -74,6 +94,7 @@ When asked to update an overview note due to changes in the vault:
    - Update entries for changed notes
    - Mark retired notes with [RETIRED] and a one-line explanation
    - Update any related-notes references affected by the changes
+4. Update `last-updated` in the front matter to today's date
 
 Do not rewrite entries that have not changed.
 
@@ -88,7 +109,8 @@ After updating, produce a change summary:
 TASK 4 — MAINTAIN THE CORPUS INDEX NOTE
 
 The corpus index note is a single note that lists all corpus overview notes with 
-a one-line description of what each covers.
+a one-line description of what each covers. It lives at 
+`iso27diy-corp/metadata/corpus-index.md`.
 
 When asked to update the corpus index note:
 1. Read the current corpus index note
@@ -114,4 +136,3 @@ GENERAL RULES
 - After completing any task, list any issues you encountered that the human 
   should be aware of: gaps, inconsistencies, notes that need attention, 
   structural problems in the vault
-```

Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/PECB 27001 LA S01 - Course objectives and structure.md

@@ -7,5 +7,6 @@ tags:
 
 # Section 1: Training course objectives and structure
 
-An auditor’s competence consists of Knowledge, Skill and Behaviour
+- An auditor’s competence consists of Knowledge, Skill and Behavior.
+- 
 

Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business drivers.md

@@ -1,3 +1,3 @@
-- [Perverse prikkels in de normindustrie](../../../../../Marketing/content/Scratch%20file/Perverse%20prikkels%20in%20de%20normindustrie.md)
-- [GRC software is geschreven voor domeindeskundigen](../../../../../Marketing/content/Scratch%20file/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
+- [Perverse prikkels in de normindustrie](../../../../../Marketing/publications/Scratch%20file/Perverse%20prikkels%20in%20de%20normindustrie.md)
+- [GRC software is geschreven voor domeindeskundigen](../../../../../Marketing/publications/Scratch%20file/GRC%20software%20is%20geschreven%20voor%20domeindeskundigen.md)
 - [Problems solved 1](../../../../Sparks/Problems%20solved%201.md)

Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Business model.md

@@ -1,6 +1,6 @@
 Child notes:
 - [Blurbs](../../../../Sparks/Blurbs.md)
-- [Toegevoegde waarde van ISO27DIY](../../../../../Marketing/content/Scratch%20file/Toegevoegde%20waarde%20van%20ISO27DIY.md)
+- [Toegevoegde waarde van ISO27DIY](../../../../../Marketing/publications/Scratch%20file/Toegevoegde%20waarde%20van%20ISO27DIY.md)
 - [Friendly targets](../../../../../../💡Permanent%20ideas/Friendly%20targets.md)
 - [Possible Colabs](../../../../../AuditGlue/Possible%20Colabs.md)
 - [List of possible partners](../../../../../AuditGlue/List%20of%20possible%20partners.md)

Corpus/Standards/other/Privacy frameworks list.md

@@ -5,6 +5,6 @@
 [Privacy in ISO 27k](../ISO27x/Privacy%20in%20ISO%2027k.md)
 
 Related:
-- [Privacy protection in Databases](../../../Marketing/content/Scratch%20file/Privacy%20protection%20in%20Databases.md)
+- [Privacy protection in Databases](../../../Marketing/publications/Scratch%20file/Privacy%20protection%20in%20Databases.md)
 - [ISO 27001 A.18.1.4 Privacy and protection of personally identifiable information](../ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.18.1.4%20Privacy%20and%20protection%20of%20personally%20identifiable%20information.md)
 

marketing/The goal should not be the certificate..md

@@ -0,0 +1,10 @@
+So when starting with an ISO implementation, the goal should not be having the certificate. It should be realizing the follwoing advantages:
+
+Now, when looking at the implementation of an ISMS, besides having the certificates, there are a couple of advantages on implementing an ISO 27001:
+
+- Firstly, it will of course help you to protect your data. That's the basis, that's the reason why you do it. So you will have **robust data protection**, so you will have enhanced security measures. That protects sensitive data from unauthorized access, from breaches, from leaks. And you will also be able to assure that you have the confidentiality integrity and availability of your data ensured. 
+- It will help you to **assure compliance**. First of all, as security practices are aligned with laws and regulations, because that's a standard element in the ISO standard, and you will also adhere to data protection laws. 
+- You will be able to make a **step up in risk management**. You will be able to identify and evaluate information security risks, and that will enable the organization to really prioritize and also proactively address potential threats. You will be able to implement security controls and incident response plans, and that will also minimize, of course, the impact. of potential security incidents.
+- You will be able to **improve your security posture**. You will be able to better manage your information security threats, and you will be implementing, of course, a standard that is internationally recognized, with internationally recognized information security controls. 
+- And you will be able to **prevent certain security incidents from happening**, which is of course cheaper than recovering from a cyber attack. So the financial losses that would be associated with a security incident will be less, and you will have efficient resources to mitigate those risks. So you will be able to do a better resource allocation in line with the risk management that you've done. 
+ 

marketing/content/eBook-Audit/.claude/settings.local.json

@@ -1,7 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(bash build.sh)"
-    ]
-  }
-}

marketing/content/posts/ZZP/For Leadership/s02p06nl - Bonus post Cbw en 27001.md

@@ -1,3 +0,0 @@
-
-
-— Cbw-compliance in 8 stappen — 5/5 \#managingsecurity \#Cbw \#NIS2

marketing/content/posts/ZZP/For Leadership/s02pxxnl - Er is geen diploma voor Cbw-compliance.md

@@ -1,3 +0,0 @@
-Er is geen diploma voor Cbw-compliance, but the ISO 27001 comes pretty close.
-
-— Cbw-compliance in 8 stappen — 5/5 \#managingsecurity \#Cbw \#NIS2

marketing/publications/Scratch file/startproblemen of vastloper.md

@@ -0,0 +1,15 @@
+
+Vastgelopen met je ISO 27001 implementatie? Komt je SIO 27001 implementatie niet van de grond? Ik kan je helpen
+
+Wie moet je erbij betrekken?
+Wie moet je verantwoordelijk maken?
+Hoeveel tijd moet je vrijmaken?
+Welke tooling is nodig
+Moet jhe een consultant inhuren ?
+Wie maak je projectmanager?
+Waar moet je beginnen?
+Moet je alle controls implementeren?
+Loopt de boel niet vast in eindeloze procedures?
+Wordt het niet veel te bureacratisch
+Mensen szien de noodzaak niet
+IT werkt tegen

marketing/publications/posts/Do you supply EU customers.md

@@ -1,3 +1,26 @@
+---
+title: "Do you supply EU customers in vital sectors?"
+language: en
+
+proposition: advisory
+
+audience:
+  - msp
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: draft
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 **Do you supply EU customers in vital sectors? They will send you this checklist.**
 
 The EU Cybersecurity Act (NIS2) is now being implemented across member states of the European Union. One of its core requirements: supply chain responsibility. Organizations that fall under the law are legally obligated to assess the security posture of their suppliers — and to contractually enforce minimum standards.

marketing/publications/posts/You can't automate ISO 27001 compliance.md

@@ -1,3 +1,26 @@
+---
+title: "Sorry, but you can't automate ISO 27001 compliance"
+language: en
+
+proposition: advisory
+
+audience:
+  - general
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: draft
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 **Sorry, but you can't automate ISO 27001 compliance**
 
 Some vendors promise ISO 27001 certification at next to nothing, through the use of AI. Cheap, fast, and effortless. If it sounds too good to be true, it probably is.

marketing/publications/posts/s01p01en - IT is not going to fix your security problem.md

@@ -1,3 +1,36 @@
+---
+title: "IT is not going to fix your security problem"
+language: en
+
+proposition: advisory
+
+series-id: s01
+series-title: "Security as an organisational challenge"
+series-part: 1
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-13T17:30:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-activity-7460380869439016960-G-7x"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `Posted on 13 May 2026 19:30 CEST to LinkedIn personal stream`
 # IT is not going to fix your security problem
 
@@ -5,10 +38,10 @@ IT is not going to fix your security.
 
 Not because they don't want to. Not because they lack technical skills. But because essential parts of information security are out of scope for the IT department.
 
-Here’s what I see in practice:.
+Here's what I see in practice:.
 - A website developer temporarily shares admin rights with an external consultant to troubleshoot an integration.
 - The account of the maintenance engineer that left the company last year is still being used. 
-- A sales agent in Brazil gets full access to the company’s CRM, despite operating under a different legal framework.
+- A sales agent in Brazil gets full access to the company's CRM, despite operating under a different legal framework.
 
 Examples of non-trivial information security risks arising in day-to-day operations. They cannot be fixed by technical solutions. Why? Because they're management issues, not IT problems.
 

marketing/publications/posts/s01p01nl - De IT afdeling gaat jouw beveiliging niet op orde krijgen.md

@@ -1,3 +1,36 @@
+---
+title: "De IT afdeling gaat jouw beveiliging niet op orde krijgen"
+language: nl
+
+proposition: advisory
+
+series-id: s01
+series-title: "Security als managementvraagstuk"
+series-part: 1
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-13T08:30:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-activity-7460245060933136384-IiMo"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `posted on 13 May 2026 10:30 CEST to LinkedIn personal stream`
 # De IT afdeling gaat jouw beveiliging niet op orde krijgen
 

marketing/publications/posts/s01p02en - All security risks start with a decision.md

@@ -1,3 +1,36 @@
+---
+title: "All security risks start with a decision"
+language: en
+
+proposition: advisory
+
+series-id: s01
+series-title: "Security as an organisational challenge"
+series-part: 2
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-14T17:15:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-activity-7460739462822592512-sZ68"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `Posted on 14 May 2026 19:15 CEST to LinkedIn personal stream`
 # All security risks start with a decision
 

marketing/publications/posts/s01p02nl - Een beveiligingsrisico begint met een beslissing.md

@@ -1,3 +1,36 @@
+---
+title: "Een beveiligingsrisico begint met een beslissing"
+language: nl
+
+proposition: advisory
+
+series-id: s01
+series-title: "Security als managementvraagstuk"
+series-part: 2
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-18T08:15:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-activity-7462053131720413185-S-oH"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `posted on 18 May 2026 10:15 CEST to LinkedIn personal stream`
 # Een beveiligingsrisico begint met een beslissing
 

marketing/publications/posts/s01p03en - Security is a management issue.md

@@ -1,3 +1,36 @@
+---
+title: "Security isn't an IT problem, it's a management issue"
+language: en
+
+proposition: advisory
+
+series-id: s01
+series-title: "Security as an organisational challenge"
+series-part: 3
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-15T17:30:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-iso27001-resilience-activity-7461105663067283456-E_-F"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `Posted on 15 May 2026 19:30 CEST to LinkedIn personal stream`
 # Security isn't an IT problem, it's a management issue.
 

marketing/publications/posts/s01p03nl - Security is geen IT-probleem, maar een managementvraagstuk.md

@@ -1,3 +1,36 @@
+---
+title: "Security is geen IT-probleem, maar een managementvraagstuk"
+language: nl
+
+proposition: advisory
+
+series-id: s01
+series-title: "Security als managementvraagstuk"
+series-part: 3
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-19T08:00:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-iso27001-cyberweerbaarheid-activity-7462411782574452736-VfjA"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `posted on 19 May 2026 10:00 CEST to LinkedIn personal stream`
 # Security is geen IT-probleem, maar een managementvraagstuk.
 

marketing/publications/posts/s01p04en - Good intentions dont scale.md

@@ -1,4 +1,30 @@
-`posted on XX May 2026 XX:XX CEST to LinkedIn personal stream`
+---
+title: "Good intentions don't scale"
+language: en
+
+proposition: advisory
+
+series-id: s01
+series-title: "Security as an organisational challenge"
+series-part: 4
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: draft
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 # Good intentions don't scale
 
 Good intentions don't scale. 

marketing/publications/posts/s02p01nl - Op 1 juli treedt de Cbw in werking.md

@@ -1,3 +1,36 @@
+---
+title: "Op 1 juli treedt de Cbw in werking"
+language: nl
+
+proposition: advisory
+
+series-id: s02
+series-title: "Cbw-compliance in 8 stappen"
+series-part: 1
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-21T08:03:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-cbw-nis2-share-7463137163187171328-OQMx/"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `posted on 21 May 2026 10:03 CEST to LinkedIn personal stream`
 
 Als bestuurder wordt jij op 1 juli 2026 persoonlijk verantwoordelijk voor informatiebeveiliging.

marketing/publications/posts/s02p02nl - Je cybersecurity hoeft niet perfect te zijn.md

@@ -1,3 +1,36 @@
+---
+title: "Je cybersecurity hoeft niet perfect te zijn"
+language: nl
+
+proposition: advisory
+
+series-id: s02
+series-title: "Cbw-compliance in 8 stappen"
+series-part: 2
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-26T08:40:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-cbw-nis2-share-7464958267241267200-rCSz/"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `posted on 26 May 2026 10:40 CEST to LinkedIn personal stream`
 # Je cybersecurity hoeft niet perfect te zijn
 

marketing/publications/posts/s02p03nl - Waar begin je?.md

@@ -1,3 +1,36 @@
+---
+title: "De Cbw voor bestuurders: waar begin je?"
+language: nl
+
+proposition: advisory
+
+series-id: s02
+series-title: "Cbw-compliance in 8 stappen"
+series-part: 3
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-27T08:22:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-cbw-nis2-share-7465316450682011650-lg9O/"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `posted on 27 May 2026 10:22 CEST to LinkedIn personal stream`
 # De Cbw voor bestuurders: waar begin je?
 

marketing/publications/posts/s02p04nl - Hoe kun je als bestuurder aantonen dat je voldoet aan de Cbw.md

@@ -1,3 +1,36 @@
+---
+title: "Hoe kun je als bestuurder aantonen dat je voldoet aan de Cbw?"
+language: nl
+
+proposition: advisory
+
+series-id: s02
+series-title: "Cbw-compliance in 8 stappen"
+series-part: 4
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-05-28T08:33:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-cbw-nis2-share-7465681697880035329-E7VV/"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 `posted on 28 May 2026 10:33 CEST to LinkedIn personal stream`
 
 # Hoe kun je als bestuurder aantonen dat je voldoet aan de Cbw?

marketing/publications/posts/s02p05nl - De Cbw is geen project.md

@@ -1,3 +1,38 @@
+---
+title: "De Cbw is geen project!"
+language: nl
+
+proposition: advisory
+
+series-id: s02
+series-title: "Cbw-compliance in 8 stappen"
+series-part: 5
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: published
+
+publish-dates:
+  linkedin: 2026-06-01T13:31:00Z
+
+published-urls:
+  linkedin: "https://www.linkedin.com/posts/richardkranendonk_managingsecurity-cbw-nis2-activity-7467206197365030912-E-pn"
+
+notetype: publication
+isotags: []
+tags: []
+---
+
+`posted on 1 June 2026 15:31 CEST to LinkedIn personal stream`
+
 # De Cbw is geen project!
 
 Cbw compliance is geen project, maar vraagt van jou als bestuurder voortdurende aandacht.

marketing/publications/posts/s02p06nl - Bonus post Cbw en 27001.md

@@ -0,0 +1,28 @@
+---
+title: "Bonus post: Cbw en ISO 27001"
+language: nl
+
+proposition: advisory
+
+series-id: s02
+series-title: "Cbw-compliance in 8 stappen"
+series-part: 6
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: draft
+
+notetype: publication
+isotags: []
+tags: []
+---
+
+— Cbw-compliance in 8 stappen — 5/5 \#managingsecurity \#Cbw \#NIS2

marketing/publications/posts/s02pxxnl - Er is geen diploma voor Cbw-compliance.md

@@ -0,0 +1,30 @@
+---
+title: "Er is geen diploma voor Cbw-compliance"
+language: nl
+
+proposition: advisory
+
+series-id: s02
+series-title: "Cbw-compliance in 8 stappen"
+series-part: null
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: draft
+
+notetype: publication
+isotags: []
+tags: []
+---
+
+Er is geen diploma voor Cbw-compliance, but the ISO 27001 comes pretty close.
+
+— Cbw-compliance in 8 stappen — 5/5 \#managingsecurity \#Cbw \#NIS2

marketing/publications/posts/s02pxxnl - Toch een Cbw checklist.md

@@ -1,3 +1,30 @@
+---
+title: "Toch een Cbw checklist"
+language: nl
+
+proposition: advisory
+
+series-id: s02
+series-title: "Cbw-compliance in 8 stappen"
+series-part: null
+
+audience:
+  - leadership
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: draft
+
+notetype: publication
+isotags: []
+tags: []
+---
+
 # De Cbw voor bestuurders: weten waar je staat vóór 1 juli 2026
 
 In mijn vorige post schreef ik, dat je de minimummaatregelen uit artikel 21 van de Cyberbeveiligingswet moet zien als een kader om te sturen in een voortdurend veranderende omgeving, en niet als een checklist voor eenmalig gebruik.
@@ -13,4 +40,3 @@ Als je na de checklist graag een uurtje wilt sparren over hoe nu verder, dan pra
 — Cbw-compliance in 8 stappen — 5/5 \#managingsecurity \#Cbw \#NIS2
 
 https://iso27diy.com/assets/cbw-checklist.html
-

metadata/corpus-metadata-backup.md

@@ -0,0 +1,97 @@
+# Corpus Metadata
+
+- All notes in `/Users/rico/Library/Mobile Documents/iCloud~md~obsidian/Documents/MyVault/iso27diy-corp/Corpus` need metadata. 
+- These metadata need to follow the [obsidian-front-matter-syntax](obsidian-front-matter-syntax.md). 
+- Obsidian calls metadata variables 'Properties'
+- In this Corpus we use General properties (every note should have them) and specific properties (depending on the kind of note, which can be inferred from the `notetype` property, see below).
+
+## General properties
+
+**Notetype**
+
+The `notetype` field will have one of the following values:
+
+- `guide`: guided, hands-on lessons, learning by doing, interactive lessons
+- `explanation`: background and context to the standards, paraphrases of the original standard texts, opinion, discussion, underlying principles, interpretation
+- `application`: steps to solve a specific, real-world problem. Implementing the standard in real world environments, implementation aids, implementation examples, templates, etc.
+- `reference`: secondary sources of information, like original standard texts, dictionaries, terms and definitions.
+- `publication`: for content created by TSW for publication, e.g. articles, eBooks, social media posts.
+- `other`: for all notes that, by there content, cannot be placed in one for the previous categories.
+- `iso27diyGIS`: notes that belong to the ISO27DIY Guided Implementation System (GIS).
+
+**Language**
+
+- For the `language` property we use the language code as defined in ISO 639-1.
+
+**Isotags**
+
+The property `isotags`, of type list, allows any note to be linked to clauses and controls of the ISO 27001 / ISO 27002 standard, by the `id` property of the Original Standard Texts, found in `Corpus/Standards/ISO27x/OST/27001/EN` and `/Corpus/Standards/ISO27x/OST/27002/EN`, respectively.
+
+For example, a note that needs to be linked to ISO 27001 clause 5.2 Policy, will get a value of `C.5.2` added to its `isotags` list. Likewise, a note that needs to be linked to ISO 27002 control 5.15 Access control, will get a value of `A.5.15` added to its `isotags` list.
+
+## Properties for ISO 27001 and 27002 Original Standard Texts
+
+Original Standard Texts are found in `Corpus/Standards/ISO27x/OST/` .
+
+*Important: the body of these notes must never be changed!*
+
+OST notes inherit the general properties, and also have the following properties:
+
+-  `status`: as of yet, the only value defined for the property is `active`. I foresee a `superseded` or `replaced` status for later.
+- `sourcetext`: the standard name and version, e.g. `iso27001:en:2022`
+
+The OST/27002 have specific properties deduced from chapter 4 of the standard ("Themes and Attributes"). They are:
+- `theme`
+- `control_type`
+- `information_security_properties`
+- `cybersecurity_concepts`
+- `operational_capabilities`
+- `security_domains`. 
+
+For the possible values of these properties, see [themes-and-attributes-in-iso-27002](themes-and-attributes-in-iso-27002.md).
+
+## Properties for the ISO27DIY Guided Implementation System
+
+- Notes in the `iso27DIY-gis` folder and subfolders are of `notetype`  `iso27diyGIS`.
+- Notes in the `iso27DIY-gis/guide` subfolder ...
+- Notes in the `iso27DIY-gis/reference` subfolder ...
+
+## Properties for Publications
+
+- publications can be found in `iso27diy-corp/Marketing/publications` and are of `notetype` `publication`
+
+
+```
+---
+title: ""            # post title
+series: ""           # series title
+series-slug: ""      # series title as a slug, e.g. "access-control-basics"
+series-part: 1       # position within the series; omit if standalone
+theme: ""            # broader topic cluster, e.g. "ISO27001 myths"
+channels:            # list — a post can go to multiple channels
+  - linkedin
+  - newsletter
+  - blog
+status: draft        # draft | ready | scheduled | published
+publish-dates:       # ISO 8601, e.g. 2026-06-10; can be a list if channels differ
+  linkedin: 2026-06-10
+  newsletter: 2026-06-17
+  blog: 2026-06-17
+published-urls:      # fill in after publishing; one per channel
+  linkedin: ""
+  blog: ""
+content-type: ""     # post | article | newsletter-section | thread
+source-notes:        # vault notes this was drawn from
+  - "[[path/to/note]]"
+tags: []
+
+notetype: publication
+isotags:
+iso-id
+audience
+
+---
+```
+
+
+

metadata/corpus-metadata.md

@@ -1,37 +1,176 @@
 # Corpus Metadata
 
-- All notes in this Obsidian vault need metadata. 
+- All notes in `/Users/rico/Library/Mobile Documents/iCloud~md~obsidian/Documents/MyVault/iso27diy-corp/Corpus` need metadata. 
 - These metadata need to follow the [obsidian-front-matter-syntax](obsidian-front-matter-syntax.md). 
 - Obsidian calls metadata variables 'Properties'
-- In this Corpus we use General properties (every note should have them) and Specific properties (depending on the kind of note, can be inferred from other properties)
+- In this Corpus we use General properties (every note should have them) and specific properties (depending on the kind of note, which can be inferred from the `notetype` property, see below).
 
-## General metadata
+## General properties
 
-### Notetype
+**Notetype**
 
 The `notetype` field will have one of the following values:
+
 - `guide`: guided, hands-on lessons, learning by doing, interactive lessons
 - `explanation`: background and context to the standards, paraphrases of the original standard texts, opinion, discussion, underlying principles, interpretation
 - `application`: steps to solve a specific, real-world problem. Implementing the standard in real world environments, implementation aids, implementation examples, templates, etc.
-- `reference`: for original standard texts, dictionaries, terms and definitions.
-- `other`: for all notes that, by there content, cannot be placed in one for the previous categories.
+- `reference`: secondary sources of information, like original standard texts, dictionaries, terms and definitions.
+- `publication`: for content created by TSW for publication, e.g. articles, eBooks, social media posts.
+- `overview`: meta-notes created and maintained by the Librarian; describe and index the contents of a vault folder for use by content agents.
+- `other`: for all notes that, by their content, cannot be placed in one of the previous categories.
+- `iso27diyGIS`: notes that belong to the ISO27DIY Guided Implementation System (GIS).
 
-Note:
-- Notes in the iso27DIY-gis/guide folder and subfolders are typically of the `guide` type.
-- Notes in iso27DIY-gis/reference and subfolders are typically of the `explanation` or `application` type.
+**Language**
 
-### Language
-For the `language` property we use the language code as defined in ISO 639-1.
+- For the `language` property we use the language code as defined in ISO 639-1.
+
+**Isotags**
 
-### Status
-As of yet, the only value defined for the `status` property is `active`.
-## Isotags
 The property `isotags`, of type list, allows any note to be linked to clauses and controls of the ISO 27001 / ISO 27002 standard, by the `id` property of the Original Standard Texts, found in `Corpus/Standards/ISO27x/OST/27001/EN` and `/Corpus/Standards/ISO27x/OST/27002/EN`, respectively.
-For example, a note that needs to be linked to ISO 27001 clause 5.2 Policy, will get a value of C.5.2 added to its `isotags` list. Likewise, a note that needs to be linked to ISO 27002 control 5.15 Access control, will get a value of A.5.15 added to its `isotags` list.
-## Metadata for ISO 27001 and 27002 Original Standard Texts
-- The original texts of the ISO 27001 and ISO 27002 standards can be found in the OST folder and subfolders. 
-- These notes are tagged with “sourcetext”. 
-- The body of these notes must never be changed!
-- Specific properties for ISO 27002 OST notes are deduced from chapter 4 of the standard ("Themes and Attributes"). They are: `theme`, `control_type`, `information_security_properties`, `cybersecurity_concepts`, `operational_capabilities`, and `security_domains`. 
-- For the possible values of these properties, see [themes-and-attributes-in-iso-27002](themes-and-attributes-in-iso-27002.md).
 
+For example, a note that needs to be linked to ISO 27001 clause 5.2 Policy, will get a value of `C.5.2` added to its `isotags` list. Likewise, a note that needs to be linked to ISO 27002 control 5.15 Access control, will get a value of `A.5.15` added to its `isotags` list.
+
+## Properties for ISO 27001 and 27002 Original Standard Texts
+
+Original Standard Texts are found in `Corpus/Standards/ISO27x/OST/` .
+
+*Important: the body of these notes must never be changed!*
+
+OST notes inherit the general properties, and also have the following properties:
+
+- `status`: as of yet, the only value defined for the property is `active`. I foresee a `superseded` or `replaced` status for later.
+- `sourcetext`: the standard name and version, e.g. `iso27001:en:2022`
+
+The OST/27002 have specific properties deduced from chapter 4 of the standard ("Themes and Attributes"). They are:
+- `theme`
+- `control_type`
+- `information_security_properties`
+- `cybersecurity_concepts`
+- `operational_capabilities`
+- `security_domains`
+
+For the possible values of these properties, see [themes-and-attributes-in-iso-27002](themes-and-attributes-in-iso-27002.md).
+
+## Properties for the ISO27DIY Guided Implementation System
+
+- Notes in the `iso27DIY-gis` folder and subfolders are of `notetype` `iso27diyGIS`.
+- Notes in the `iso27DIY-gis/guide` subfolder ...
+- Notes in the `iso27DIY-gis/reference` subfolder ...
+
+## Properties for Corpus Overview Notes
+
+Overview notes are created and maintained exclusively by the Librarian. They are not content notes and must not be used as source material for publications.
+
+### Folder structure
+
+All overview notes live in `iso27diy-corp/metadata/overviews/`. They are never placed inside the folder they describe.
+
+### Filename convention
+
+`corpus-overview-[foldername].md`, where `foldername` is the name of the vault folder being described, e.g. `corpus-overview-EN.md` for the ISO 27002 EN controls folder.
+
+### Template
+
+```yaml
+---
+title: ""           # human-readable title, e.g. "Corpus Overview: ISO 27002 Controls (EN)"
+notetype: overview
+covers: ""          # vault path of the folder this note describes,
+                    # e.g. "iso27diy-corp/Corpus/Standards/ISO27x/OST/27002/EN"
+last-updated: ""    # ISO 8601 date, e.g. 2026-06-02; update whenever the note is revised
+tags: []
+---
+```
+
+### Rules
+
+- `covers` must be the exact vault path of the folder being described — no trailing slash.
+- `last-updated` must be set every time the overview note is modified.
+- Overview notes do not carry `isotags`, `language`, or `status` — these fields are not applicable.
+- The Librarian updates `last-updated` and the corpus index note (`corpus-index.md`) whenever an overview note is created or revised.
+
+## Properties for Publications
+
+Publications are found in `iso27diy-corp/Marketing/publications` and are of `notetype` `publication`.
+
+### Folder structure
+
+All publication notes live directly under `iso27diy-corp/Marketing/publications/posts/`. There are no audience or proposition subfolders — segmentation is handled entirely by front matter.
+
+### Controlled vocabularies
+
+**`proposition`** — which ISO27DIY product or practice this content promotes:
+- `advisory` — Richard's advisory practice (ZZP)
+- `canvas` — the Canvas Method product
+- `iso27diy` — the ISO27DIY SaaS product
+
+**`audience`** — who the content is aimed at:
+- `leadership` — directors, board members, senior management
+- `msp` — managed service providers
+- `technical` — IT professionals, security practitioners
+- `general` — no specific segment
+
+**`channels`** — where the content is published:
+- `linkedin`
+- `newsletter`
+- `blog`
+
+**`linkedin-account`** — which LinkedIn account was used; only relevant when `linkedin` is in `channels`:
+- `personal` — Richard's personal LinkedIn profile
+- `company` — ISO27DIY company page
+
+**`content-type`** — the format of the content:
+- `post`
+- `article`
+- `newsletter-section`
+- `thread`
+
+**`status`**:
+- `draft` — work in progress
+- `ready` — approved, not yet scheduled
+- `scheduled` — publish date set
+- `published` — live
+
+### Template
+
+```yaml
+---
+title: ""                # human-readable post title
+language: ""             # ISO 639-1 code: en | nl
+
+proposition: ""          # advisory | canvas | iso27diy
+
+series-id: ""            # short machine-readable code, e.g. s01, s02; omit if standalone
+series-title: ""         # human-readable series name; omit if standalone
+series-part:             # integer position within series; null if unpositioned draft; omit if standalone
+
+audience:                # one or more of: leadership | msp | technical | general
+  - leadership
+
+channels:                # one or more of: linkedin | newsletter | blog
+  - linkedin
+linkedin-account: personal   # personal | company; omit if linkedin not in channels
+
+content-type:            # one or more of: post | article | newsletter-section | thread
+  - post
+
+status: draft            # draft | ready | scheduled | published
+
+publish-dates:           # ISO 8601 datetime in UTC, e.g. 2026-05-13T17:30:00Z
+  linkedin: 2026-05-13T17:30:00Z
+
+published-urls:          # fill after publishing; omit channels not yet published
+  linkedin: ""
+
+source-notes:            # optional — vault notes this was drawn from; omit if none
+  - "[[path/to/note]]"
+
+notetype: publication
+isotags: []              # ISO 27001/27002 clause/control links; omit if not applicable
+tags: []
+---
+```
+
+### Filename convention
+
+Publication filenames follow the pattern `{series-id}p{series-part}{language} - {title-slug}.md`, e.g. `s01p01en - IT is not going to fix your security problem.md`. Standalone posts use a plain descriptive slug with no series prefix.

metadata/front-matter-for-publications.md

@@ -4,43 +4,36 @@ From [claude chat](https://claude.ai/share/614ce436-307d-4740-a79f-40225461e743)
 
 ```
 ---
-title: ""
-series: ""           # slug for the series this belongs to, e.g. "access-control-basics"
+title: ""            # post title
+series: ""           # series title
+series-slug: ""      # series title as a slug, e.g. "access-control-basics"
 series-part: 1       # position within the series; omit if standalone
 theme: ""            # broader topic cluster, e.g. "ISO27001 myths"
-channel:             # list — a post can go to multiple channels
+channels:            # list — a post can go to multiple channels
   - linkedin
   - newsletter
   - blog
 status: draft        # draft | ready | scheduled | published
-publish-date:        # ISO 8601, e.g. 2026-06-10; can be a list if channels differ
+publish-dates:       # ISO 8601, e.g. 2026-06-10; can be a list if channels differ
   linkedin: 2026-06-10
   newsletter: 2026-06-17
   blog: 2026-06-17
-published-url:       # fill in after publishing; one per channel
+published-urls:      # fill in after publishing; one per channel
   linkedin: ""
   blog: ""
 content-type: ""     # post | article | newsletter-section | thread
 source-notes:        # vault notes this was drawn from
   - "[[path/to/note]]"
 tags: []
+
+notetype: publication
+isotags:
+iso-id
+audience
+
 ---
 ```
 
-### Folder structure to go with it
-
-```
-Content Factory/
-  Publishing/
-    Series/
-      access-control-basics/
-        part-1.md
-        part-2.md
-    Standalone/
-      some-one-off-post.md
-```
-
-Or if you prefer tag-based grouping over folders, skip the subfolders and rely on `series` + Dataview to surface series views.
 
 ---
 
@@ -57,8 +50,3 @@ SORT publish-date ASC
 
 ---
 
-### Issues to flag
-
-- If you're already using front matter on content notes, check for conflicts with any existing `status` or `tags` fields before rolling this out.
-- `published-url` will stay empty a lot. That's fine — it's a record, not a requirement.
-- If posts get repurposed significantly between channels (not just reformatted), they probably deserve separate notes rather than one note with multiple channels listed.

metadata/librarian-system-prompt.md

@@ -0,0 +1,138 @@
+---
+title: "Librarian System Prompt"
+notetype: other
+last-updated: 2026-06-02
+tags: []
+---
+
+# Librarian System Prompt
+
+You are the Librarian for ISO27DIY, a B2B SaaS product that helps SMEs implement 
+ISO27001 without hiring consultants.
+
+Your job is to keep the Obsidian knowledge vault structured, consistent, and 
+navigable. You do not create content for publication. You create and maintain 
+the metadata and overview structures that allow the content agents to work 
+effectively.
+
+You have access to:
+- The Obsidian vault via MCP
+- The corpus index note and all corpus overview notes in the project knowledge base
+
+You have four tasks. You will be told which task to perform each session.
+
+---
+
+TASK 1 — FRONT MATTER FOR NEW NOTES
+
+When asked to process a new note or set of notes, produce front matter 
+for each, following the guidelines in `iso27diy-corp/metadata/corpus-metadata.md`.
+
+---
+
+Rules:
+- Do not invent content not present in the note
+- If the note is thin or incomplete, set status to Needs review and explain why
+- If you cannot identify related notes confidently, leave related-notes blank 
+  rather than guessing
+
+---
+
+TASK 2 — CREATE A NEW OVERVIEW NOTE
+
+When asked to create an overview note for a vault folder:
+1. Read all notes in the specified folder via MCP
+2. Produce an overview note using the following format for each note or cluster:
+
+**Title:** [note title or cluster name]
+**Path:** [filename or folder path — list each note path individually for clusters]
+**Summary:** [2-3 sentences on what this note actually contains — substance, not just topic]
+**Key concepts and terms:** [main concepts, frameworks, or terminology covered]
+**ISO27001 relevance:** [how this connects to ISO27001 implementation, compliance, 
+or cybersecurity practice]
+**ISO27DIY relevance:** [how this could support product messaging, content marketing, 
+or user education]
+**Related notes:** [other notes in the vault this connects to, if known]
+**Content potential:** [1-2 sentences on what kind of content this could fuel — 
+articles, newsletter topics, LinkedIn posts, forum answers, etc.]
+**Fetch priority:** [High / Medium / Low — how often the content agents are likely 
+to need the full note]
+
+Each overview note must include the following front matter:
+
+```yaml
+---
+title: ""           # e.g. "Corpus Overview: ISO 27002 Controls (EN)"
+notetype: overview
+covers: ""          # vault path of the folder this note describes
+last-updated: ""    # ISO 8601 date, e.g. 2026-06-02
+tags: []
+---
+```
+
+Rules:
+- Be specific. Vague summaries are useless.
+- Do not invent content not present in the notes
+- Flag any note that seems outdated, incomplete, or too thin with [REVIEW] 
+  after the title
+- Group closely related notes under one entry but list each path individually
+- Process all notes in the folder before responding
+- Set `last-updated` to the date the overview note is created
+
+Name the output file: corpus-overview-[foldername].md
+Save to: `iso27diy-corp/metadata/overviews/`
+
+---
+
+TASK 3 — UPDATE AN EXISTING OVERVIEW NOTE
+
+When asked to update an overview note due to changes in the vault:
+1. Read the current overview note
+2. Read the affected notes in the vault via MCP — new, updated, or retired notes
+3. Make the minimum changes necessary to bring the overview note current:
+   - Add entries for new notes
+   - Update entries for changed notes
+   - Mark retired notes with [RETIRED] and a one-line explanation
+   - Update any related-notes references affected by the changes
+4. Update `last-updated` in the front matter to today's date
+
+Do not rewrite entries that have not changed.
+
+After updating, produce a change summary:
+- What was added
+- What was updated
+- What was retired
+- Any [REVIEW] flags raised
+
+---
+
+TASK 4 — MAINTAIN THE CORPUS INDEX NOTE
+
+The corpus index note is a single note that lists all corpus overview notes with 
+a one-line description of what each covers. It lives at 
+`iso27diy-corp/metadata/corpus-index.md`.
+
+When asked to update the corpus index note:
+1. Read the current corpus index note
+2. Check it against the actual overview notes in the vault via MCP
+3. Add entries for new overview notes
+4. Update entries where the scope of an overview note has changed
+5. Remove entries for retired overview notes
+
+Index entry format:
+**[overview note name]** — [one-line description of what vault section it covers]
+Path: [path to overview note]
+Last updated: [date]
+
+---
+
+GENERAL RULES
+
+- Never invent facts, summaries, or relationships not present in the actual notes
+- When in doubt about a relationship between notes, leave it blank and flag it 
+  for the human to resolve
+- If a task is ambiguous — for example, it is unclear whether two notes should 
+  be grouped or kept separate — ask before proceeding
+- After completing any task, list any issues you encountered that the human 
+  should be aware of: gaps, inconsistencies, notes that need attention, 
+  structural problems in the vault

metadata/overviews/corpus-overview-AuditGlue.md

@@ -0,0 +1,403 @@
+---
+title: "Corpus Overview: AuditGlue"
+notetype: overview
+covers: "iso27diy-corp/AuditGlue"
+last-updated: 2026-06-02
+tags: []
+---
+
+# Corpus Overview: AuditGlue
+
+This note covers all markdown files in `iso27diy-corp/AuditGlue` and its `System alternative` subfolder. The folder contains product design, requirements, technical architecture, and research notes for the iso27DIY product — primarily the AuditGlue GRC component and its underlying platform.
+
+---
+
+## Top-level notes
+
+---
+
+**Title:** PRD Product Requirements Document for iso27DYI
+**Path:** `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`
+**Summary:** The foundational product requirements document for iso27DIY, defining the three-component system: Guided Implementation System (GIS), AuditGlue GRC tool, and Knowledge Base. Covers client and user definitions (SME, no dedicated compliance officer), design principles (incremental rather than linear, smartwatch-style coaching), and technical requirements including multi-tenancy, LLM integration, and output formats. Includes a functional diagram reference.
+**Key concepts and terms:** GIS (Guided Implementation System), AuditGlue, Knowledge Base, Modules and Sessions, slot-filling, PDCA cycle, ISMS, proof of implementation, Statement of Applicability, multi-tenancy
+**ISO27001 relevance:** Directly describes a system designed to guide SMEs through ISO 27001 implementation. References ISMS structure, clause/control tagging, and certification audit preparation throughout.
+**ISO27DIY relevance:** This is the core product definition document. Content agents should use it to understand the product's purpose, scope, and value proposition.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`, `iso27diy-corp/AuditGlue/GIS-content-map.md`, `iso27diy-corp/AuditGlue/System alternative/Design Document for ISO 27001 Certification Support Online Service.md`
+**Content potential:** Foundational for product messaging, investor pitches, and onboarding content. Also useful for explaining the product architecture to technical audiences.
+**Fetch priority:** High
+
+---
+
+**Title:** AuditGlue Workflows
+**Path:** `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`
+**Summary:** Describes the user interaction flows within AuditGlue: following a Session, re-visiting a Session, triggering an Automation, and working with Tasks. Defines the four task statuses (Backlog, ToDo, Done, Finalized) and explains how automations depend on prior tasks being completed. Written in Dutch.
+**Key concepts and terms:** Sessions, Modules, Tasks, Automations, task statuses (Backlog/ToDo/Done/Finalized), slot-filling, n8n workflow trigger, LLM content generation, maturity levels
+**ISO27001 relevance:** The workflow models how a user builds ISMS evidence through guided tasks — directly implementing the PDCA cycle required by ISO 27001.
+**ISO27DIY relevance:** Core reference for understanding the GIS user experience and automation pipeline. Relevant for writing user onboarding content and help documentation.
+**Related notes:** `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`, `iso27diy-corp/AuditGlue/AuditGlue metadata.md`, `iso27diy-corp/AuditGlue/Conceptual ERD.md`
+**Content potential:** Basis for product explainer content, user documentation, and feature descriptions on the website.
+**Fetch priority:** High
+
+---
+
+**Title:** AuditGlue metadata
+**Path:** `iso27diy-corp/AuditGlue/AuditGlue metadata.md`
+**Summary:** Defines the reserved metadata fields for AuditGlue Session files, including `id`, `module`, `session`, `title`, `related_assets`, `related_references`, `related_form`, `related_automation`, and `automation_depends_on`. Explains the purpose and usage of each field and provides a source example for copy-paste.
+**Key concepts and terms:** Session metadata, YAML front matter, `automation_depends_on`, `related_form`, `related_assets`, module hierarchy, session id
+**ISO27001 relevance:** Indirect — this metadata scheme is what enables the GIS to link sessions to ISO 27001 clause and control identifiers.
+**ISO27DIY relevance:** Technical reference for the content team building GIS session files. Agents creating or editing session content must follow this schema.
+**Related notes:** `iso27diy-corp/AuditGlue/Metadata in YAML.md`, `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`
+**Content potential:** Low — internal technical reference, not a source for publication content.
+**Fetch priority:** Medium
+
+---
+
+**Title:** Metadata in YAML
+**Path:** `iso27diy-corp/AuditGlue/Metadata in YAML.md`
+**Summary:** A reference table of required and optional YAML metadata keys for GIS Session files, with field names, value types, examples, and explanations. More detailed and structured than `AuditGlue metadata.md`, and includes a copy-paste source example.
+**Key concepts and terms:** YAML metadata, `implements`, `feeds_into`, `depends_on`, `related_form`, `related_assets`, session id convention
+**ISO27001 relevance:** The `implements` field directly links sessions to ISO 27001 clauses and controls (e.g., `ISO27001:2022:C.6.2`).
+**ISO27DIY relevance:** Technical reference for GIS content authors. Supersedes or complements `AuditGlue metadata.md`.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue metadata.md`
+**Content potential:** None — internal technical reference only.
+**Fetch priority:** Medium
+
+---
+
+**Title:** Conceptual ERD
+**Path:** `iso27diy-corp/AuditGlue/Conceptual ERD.md`
+**Summary:** A Mermaid entity-relationship diagram showing the core data model for AuditGlue. Defines relationships between Session, Task, FormValues, Document, DocVersion, and NormArticle. Key rules: a Session has zero or one Task; a Document is proof for one or more NormArticles; a Document can have multiple versions.
+**Key concepts and terms:** ERD, Session, Task, FormValues, Document, DocVersion, NormArticle, proof of implementation, version management
+**ISO27001 relevance:** The `NormArticle` entity directly represents ISO 27001 clauses and controls. The model captures how user tasks produce documents that serve as audit proof for specific norm articles.
+**ISO27DIY relevance:** Foundational data model for AuditGlue. Required reading for anyone building or extending the platform.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`, `iso27diy-corp/AuditGlue/System alternative/TypeDB structure for ISO27DIY.md`
+**Content potential:** Low — technical architecture note. Could inform a technical blog post about how AuditGlue models the audit evidence chain.
+**Fetch priority:** Medium
+
+---
+
+**Title:** GIS Content Map
+**Path:** `iso27diy-corp/AuditGlue/GIS-content-map.md`
+**Summary:** A complete hierarchical map of the GIS module and session structure, from m100 (Implementing with ISO27DIY) through m900 (ISO 27001 Audits). Each session entry links to the actual GIS session file and to the relevant ISO 27001 clauses and ISO 27002 controls. Covers strategy, context, risks, measures, supporting the ISMS, and evaluation.
+**Key concepts and terms:** GIS modules (m100–m900), Sessions, ISO 27001 clause mapping, ISO 27002 control mapping, ISMS implementation sequence
+**ISO27001 relevance:** This is the master navigation map for the entire ISO 27001 implementation journey as structured by iso27DIY. Every clause and control in scope is referenced here.
+**ISO27DIY relevance:** Critical reference for content agents navigating the GIS. Also useful for communicating the product's coverage and completeness to prospects.
+**Related notes:** `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`, `iso27diy-corp/AuditGlue/Modules, Screens and Content.md`
+**Content potential:** Basis for content about the iso27DIY implementation roadmap; could support marketing claims about full ISO 27001 coverage.
+**Fetch priority:** High
+
+---
+
+**Title:** Modules, Screens and Content [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/Modules, Screens and Content.md`
+**Summary:** Brief note pointing to other sources for the three user modes: guided implementation (references video series), operational (references Nedap ISMS tool structure), and audit mode (references NHC dashboard). Thin on original content — primarily a set of cross-references.
+**Key concepts and terms:** Guided implementation mode, operational mode, audit mode, Nedap, NHC
+**ISO27001 relevance:** Indirect — describes the three operational contexts for using AuditGlue.
+**ISO27DIY relevance:** Low standalone value; useful only as a navigation aid to other notes.
+**Related notes:** `iso27diy-corp/AuditGlue/Three user modes for AuditGlue.md`, `iso27diy-corp/AuditGlue/GIS-content-map.md`
+**Content potential:** Low — too thin for content generation without the referenced sources.
+**Fetch priority:** Low
+
+---
+
+**Title:** Three user modes for AuditGlue
+**Path:** `iso27diy-corp/AuditGlue/Three user modes for AuditGlue.md`
+**Summary:** Defines the three modes of AuditGlue: Guided Implementation (step-by-step for novices, with rich explanatory content), Operational (GRC forms and dashboards for experienced users), and Audit (matrix interface mapping ISO 27001 clauses and controls to risks, policies, and evidence). Note body is duplicated.
+**Key concepts and terms:** Guided implementation, operational mode, audit mode, GRC, audit matrix, proofs, risk/control matrix
+**ISO27001 relevance:** The audit mode directly maps to the ISO 27001 audit process structure.
+**ISO27DIY relevance:** Useful for product positioning and feature description content. The three-mode model is a differentiator worth communicating.
+**Related notes:** `iso27diy-corp/AuditGlue/Modules, Screens and Content.md`, `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`
+**Content potential:** Good basis for product explainer content and website feature descriptions.
+**Fetch priority:** Medium
+
+---
+
+**Title:** AuditGlue Personae [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/AuditGlue Personae.md`
+**Summary:** A bare five-item bullet list of personas: Client/business owner, Auditor, Expert (support role), Content Editor, and Administrator. No descriptions or elaboration.
+**Key concepts and terms:** Personas, roles
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Too thin to use without `Personae and Roles.md` for context.
+**Related notes:** `iso27diy-corp/AuditGlue/Personae and Roles.md`
+**Content potential:** None in current state.
+**Fetch priority:** Low
+
+---
+
+**Title:** Personae and Roles
+**Path:** `iso27diy-corp/AuditGlue/Personae and Roles.md`
+**Summary:** Lists business personae (implementer, auditor internal/external, business manager, compliance officer, CISO), system roles (admin, user, power user), and ISMS roles from ISO 27001 (risk owner, incomplete). Also includes two user persona sketches: a startup co-owner and a lone professional in a low-security-affinity organization.
+**Key concepts and terms:** Personas, ISMS roles, risk owner, system roles, compliance officer, CISO
+**ISO27001 relevance:** References ISO 27001 roles including risk owner; relevant to clause 5.3 (organizational roles, responsibilities, and authorities).
+**ISO27DIY relevance:** Useful for audience targeting in content and for defining user segments in product marketing.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue Personae.md`, `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`
+**Content potential:** Basis for persona-driven content and customer empathy messaging.
+**Fetch priority:** Medium
+
+---
+
+**Title:** Most Challenging Clauses in ISO 27001
+**Path:** `iso27diy-corp/AuditGlue/Most Challenging Clauses in ISO 27001.md`
+**Summary:** Lists the ISO 27001 clauses that practitioners find most difficult: Clause 4 (context and boundaries), Clause 6 (risk assessment), Clause 9 (performance evaluation), Clause 10 (corrective action), and Annex A (control mapping and Statement of Applicability). Includes specific sub-challenges for each.
+**Key concepts and terms:** Clause 4 context, Clause 6 risk assessment, Clause 9 performance evaluation, Clause 10 corrective action, Statement of Applicability, risk methodology, nonconformity
+**ISO27001 relevance:** Directly maps to real-world implementation pain points for each clause referenced.
+**ISO27DIY relevance:** Highly relevant for content marketing — these pain points are exactly the problems iso27DIY solves. Strong basis for LinkedIn posts, newsletter topics, and landing page copy.
+**Related notes:** `iso27diy-corp/AuditGlue/GIS-content-map.md`
+**Content potential:** Excellent source for "why ISO 27001 is hard" content, problem-aware messaging, and feature justification.
+**Fetch priority:** High
+
+---
+
+**Title:** ISO27DIY Plain English Template [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/iso27DIY Plain English Template.md`
+**Summary:** A bare outline for a "Plain English" control description template: Control ID/Title, Properties, one-sentence summary, Implementation Guidance (required/recommended/relations), real-life examples, and remarks. No worked example or populated content.
+**Key concepts and terms:** Plain English, control template, implementation guidance
+**ISO27001 relevance:** Describes a format for making ISO 27002 controls accessible to non-experts.
+**ISO27DIY relevance:** Relevant to the corpus content format, but too thin to use without a worked example.
+**Related notes:** `iso27diy-corp/AuditGlue/Policy Card Example for Access to Software Applications.md`
+**Content potential:** Low in current state — needs a populated example to be useful.
+**Fetch priority:** Low
+
+---
+
+**Title:** Policy Card Example for Access to Software Applications
+**Path:** `iso27diy-corp/AuditGlue/Policy Card Example for Access to Software Applications.md`
+**Summary:** A detailed worked example of a "Policy Card" for an access control policy, covering purpose, scope, risk mitigation, method, metrics, measurement, evaluation, version control, and documentation. Shown in both structured bullet format and as a JSON object. References ISO 27001 controls 5.15 and 5.18.
+**Key concepts and terms:** Policy Card, access control policy, version control, metrics, measurement, evaluation, JSON policy schema, ISO27001:2022:A.5.15, ISO27001:2022:A.5.18
+**ISO27001 relevance:** Directly implements controls A.5.15 (Access control) and A.5.18 (Access rights). Demonstrates the policy structure required by ISO 27001.
+**ISO27DIY relevance:** Concrete example of a core iso27DIY output artifact. Useful for product demos, documentation, and content showing what "good" looks like.
+**Related notes:** `iso27diy-corp/AuditGlue/iso27DIY Plain English Template.md`
+**Content potential:** Strong basis for content showing what a compliant policy looks like in practice. Good for educational posts and product demos.
+**Fetch priority:** High
+
+---
+
+**Title:** ISO27DIY benefits [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/ISO27DIY benefits.md`
+**Summary:** A three-bullet stub listing product benefits (saves consulting fees, scale confidently, implement scalable security practices), plus two competitor URLs (Sprinto, instant27001.com). No elaboration.
+**Key concepts and terms:** Value proposition, consulting fees, scalability
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Relevant to marketing but too thin in current state. The competitor links suggest this was being used for competitive research.
+**Related notes:** None
+**Content potential:** None in current state — needs significant development.
+**Fetch priority:** Low
+
+---
+
+**Title:** Idea Validation
+**Path:** `iso27diy-corp/AuditGlue/Idea Validation.md`
+**Summary:** A saved Reddit post from r/microsaas describing a three-step idea validation methodology: problem thesis and user interviews, building an MVP in 30 days, and marketing to collect feedback. Not original content — saved for inspiration.
+**Key concepts and terms:** Idea validation, problem thesis, MVP, user interviews, Reddit marketing, feedback loops
+**ISO27001 relevance:** None.
+**ISO27DIY relevance:** Background research on SaaS product validation methodology. Not a source for publication content.
+**Related notes:** None
+**Content potential:** None — third-party content saved for reference.
+**Fetch priority:** Low
+
+---
+
+**Title:** Scale up markt NL [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/Scale up markt NL.md`
+**Summary:** Brief note referencing NLgroeit's Top 250 Dutch growth companies list (with Erasmus University) and their mentorship programme for companies over €1M revenue. Two links, no analysis.
+**Key concepts and terms:** NLgroeit, Dutch growth companies, mentorship, scale-up market
+**ISO27001 relevance:** None.
+**ISO27DIY relevance:** Market research reference — potential prospect pool or partnership lead for the Dutch advisory practice.
+**Related notes:** None
+**Content potential:** Low — background research only.
+**Fetch priority:** Low
+
+---
+
+**Title:** List of possible partners
+**Path:** `iso27diy-corp/AuditGlue/List of possible partners.md`
+**Summary:** Three-item list of potential partners: The Art of Service (InfoSec Kanban boards), Certificeringsadvies (independent external audits), and a Gumroad seller (SCM content, cross-posting offer).
+**Key concepts and terms:** Partners, InfoSec Kanban, external audits, cross-posting
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Business development reference. Certificeringsadvies is potentially relevant as an audit partner.
+**Related notes:** None
+**Content potential:** None — internal business development note.
+**Fetch priority:** Low
+
+---
+
+**Title:** Possible Colabs [REVIEW]
+**Path:** `iso27diy-corp/AuditGlue/Possible Colabs.md`
+**Summary:** Single entry: Phil Odence of Black Duck/Synopsys, a connection via Richard ten Cate (The Red Button), potentially relevant to software due diligence. No further detail.
+**Key concepts and terms:** Black Duck, Synopsys, software due diligence
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Business development note — possibly relevant for supply chain security content partnerships.
+**Related notes:** None
+**Content potential:** None in current state.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DIY-MoC (Map of Content)
+**Path:** `iso27diy-corp/AuditGlue/iso27DIY-MoC.md`
+**Summary:** A Map of Content linking to all major note clusters for the iso27DIY product: marketing source material, product design, method, agents, content, and platform. Functions as the top-level navigation hub for the entire AuditGlue folder and connected areas of the vault.
+**Key concepts and terms:** Map of Content, navigation, product design, marketing, platform, agents
+**ISO27001 relevance:** None directly — this is a navigation note.
+**ISO27DIY relevance:** High value as a navigation aid for agents needing to find connected notes quickly. Should be fetched early in any session working across AuditGlue material.
+**Related notes:** Most notes in `iso27diy-corp/AuditGlue/` and connected folders.
+**Content potential:** None — internal navigation note.
+**Fetch priority:** High
+
+---
+
+## System alternative subfolder
+
+This subfolder contains technical architecture, stack evaluation, and platform design notes. Most are research outputs or AI-generated design documents rather than original product decisions.
+
+---
+
+**Title:** Design Document for ISO 27001 Certification Support Online Service
+**Path:** `iso27diy-corp/AuditGlue/System alternative/Design Document for ISO 27001 Certification Support Online Service.md`
+**Summary:** An AI-generated (Perplexity) design document for an online ISO 27001 certification support service, produced in response to a structured prompt. Covers objectives, features (documentation hub, expert guidance, automation, self-assessment, training, community, tool integrations), user roles, user journey, technical architecture, and a 12-month roadmap. Saved as reference material, not original work.
+**Key concepts and terms:** Documentation hub, risk assessment engine, compliance tracker, self-assessment, e-learning, consultant marketplace, freemium model, GDPR
+**ISO27001 relevance:** Describes a service that maps closely to iso27DIY's own value proposition. Useful for competitive benchmarking and feature gap analysis.
+**ISO27DIY relevance:** Reference for product design thinking. Not a source for publication content.
+**Related notes:** `iso27diy-corp/AuditGlue/PRD Product Requirements Document for iso27DYI.md`
+**Content potential:** Low — AI-generated reference, not original content.
+**Fetch priority:** Low
+
+---
+
+**Title:** Application architecture
+**Path:** `iso27diy-corp/AuditGlue/System alternative/Application architecture.md`
+**Summary:** A decision framework for distributing functionality across WeWeb (frontend), SQL functions/RPC, Edge Functions, and Database Triggers. Provides a decision matrix by performance, security, external integration, complexity, and real-time requirements, with practical worked examples.
+**Key concepts and terms:** WeWeb, Supabase, Edge Functions, SQL functions, Database Triggers, RPC, decision matrix, business logic placement
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Technical architecture reference for developers building on the preferred stack.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`, `iso27diy-corp/AuditGlue/System alternative/Building functionality in Supabase.md`
+**Content potential:** None — technical reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DIY Preferred Stack
+**Path:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`
+**Summary:** Evaluates and recommends the WeWeb (frontend) + Supabase (backend) low-code stack for iso27DIY's MVP. Covers rationale for each component, lock-in risk, entry costs, and best practices for avoiding vendor lock-in. Also covers business logic placement options across WeWeb workflows, Supabase database functions, and Edge Functions.
+**Key concepts and terms:** WeWeb, Supabase, low-code, vendor lock-in, Edge Functions, Postgres functions, Vue.js, REST API, TypeScript
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Technical stack decision reference for developer onboarding and architectural discussions.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/Application architecture.md`, `iso27diy-corp/AuditGlue/System alternative/iso27DIY stack deployment.md`
+**Content potential:** None — technical reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DYI architecture with LLM
+**Path:** `iso27diy-corp/AuditGlue/System alternative/iso27DYI architecture with LLM.md`
+**Summary:** Covers options for integrating LLM functionality into the WeWeb + Supabase stack: direct API calls (OpenAI/Anthropic), Node.js/Express middleware, Supabase Edge Functions, and serverless functions. Also covers self-hosting options (Ollama, vLLM, TGI). Recommends Supabase Edge Functions as the most elegant approach.
+**Key concepts and terms:** LLM integration, Ollama, vLLM, TGI, Supabase Edge Functions, OpenAI API, Anthropic API, self-hosted LLM, slot-filling
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Technical reference for the LLM integration layer relevant to content generation and slot-filling automation in the GIS.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`
+**Content potential:** None — technical reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** Building functionality in Supabase
+**Path:** `iso27diy-corp/AuditGlue/System alternative/Building functionality in Supabase.md`
+**Summary:** Reference overview of Supabase's functionality-building methods: SQL functions, Edge Functions, RPC, Database Triggers, RLS policies, auto-generated REST APIs, real-time subscriptions, GraphQL, webhooks, and PostgREST extensions.
+**Key concepts and terms:** Supabase, SQL functions, Edge Functions, RPC, Database Triggers, RLS, GraphQL, webhooks
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Technical reference for Supabase development decisions.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/Application architecture.md`
+**Content potential:** None — technical reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DIY stack deployment
+**Path:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY stack deployment.md`
+**Summary:** Step-by-step deployment guidance for the WeWeb + Supabase stack: publishing via WeWeb, custom domain setup, Supabase production configuration (RLS, backups, connection pooling), environment variable management, and a security checklist.
+**Key concepts and terms:** WeWeb deployment, Supabase deployment, RLS, CORS, environment variables, custom domain, CDN
+**ISO27001 relevance:** None directly, though the security checklist aligns loosely with secure deployment practices.
+**ISO27DIY relevance:** Operational reference for the development team.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`
+**Content potential:** None — operational reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** No local installs
+**Path:** `iso27diy-corp/AuditGlue/System alternative/No local installs.md`
+**Summary:** Confirms that end users need no local software beyond a modern browser — the entire stack runs in the cloud. Includes cited references.
+**Key concepts and terms:** Web-based access, no local install, browser-based, Deno, edge deployment
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Relevant for product positioning — "nothing to install" is a selling point for the SME target audience.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY Preferred Stack.md`
+**Content potential:** Low but usable for product messaging.
+**Fetch priority:** Low
+
+---
+
+**Title:** Agent Design Intent Card
+**Path:** `iso27diy-corp/AuditGlue/System alternative/Agent Design Intent Card.md`
+**Summary:** Notes from a Cognigy conversation design course on designing conversational agents. Covers intent modeling (Who/What/Intention/Reason), the stateless nature of conversations, personality and persona design for bots, and Contact Profiles for persistence.
+**Key concepts and terms:** Conversational agent design, intent, utterance, stateless conversation, bot persona, Contact Profile, Cognigy
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Design reference for the slot-filling conversational agent in the GIS.
+**Related notes:** `iso27diy-corp/AuditGlue/AuditGlue Workflows.md`
+**Content potential:** None — design reference only.
+**Fetch priority:** Low
+
+---
+
+**Title:** TypeDB structure for ISO27DIY
+**Path:** `iso27diy-corp/AuditGlue/System alternative/TypeDB structure for ISO27DIY.md`
+**Summary:** An AI-generated (Gemini) TypeDB schema for representing ISO 27001 and 27002 entities and relationships, including standards, clauses, controls, actors, assets, artifacts, risks, events, and processes. Covers full TypeQL schema definition and a Mermaid diagram. Saved as an alternative/research note — not the current production data model.
+**Key concepts and terms:** TypeDB, TypeQL, knowledge graph, entity-relationship, controls, actors, artifacts, evidence, proof of implementation, graph database
+**ISO27001 relevance:** Models the full ISO 27001/27002 entity landscape including relationships between controls, clauses, actors, artifacts, and evidence.
+**ISO27DIY relevance:** Research/alternative design note. The conceptual model informs the current ERD even if TypeDB is not the chosen technology.
+**Related notes:** `iso27diy-corp/AuditGlue/Conceptual ERD.md`
+**Content potential:** Low — could inform a technical blog post about knowledge graphs and ISO 27001.
+**Fetch priority:** Low
+
+---
+
+**Title:** iso27DIY UI ideas
+**Path:** `iso27diy-corp/AuditGlue/System alternative/iso27DIY UI ideas.md`
+**Summary:** Brief note with UI inspiration references: Advisera Conformio, Cognigy academy (conversation design), PECB eLearning, and a Base44 writing assistant. Primarily screenshots with minimal commentary.
+**Key concepts and terms:** UI inspiration, guided implementation, eLearning, conversation design
+**ISO27001 relevance:** None directly.
+**ISO27DIY relevance:** Design research reference.
+**Related notes:** `iso27diy-corp/AuditGlue/System alternative/Agent Design Intent Card.md`
+**Content potential:** None — visual reference only.
+**Fetch priority:** Low
+
+---
+
+## Files not processed
+
+The following files in this folder are not markdown notes and were excluded from this overview:
+
+- Image files: `Canvas Cyclus.png`, `CleanShot 2025-07-17 at 10.45.16.png`, and multiple PNGs in `System alternative/`
+- `PolicyCard_Example_5.15.yaml` — YAML example; related to the Policy Card note
+- `iso27DIY content modules.canvas`, `System alternative/iso27DIY Functional Diagram.canvas`, `System alternative/iso27DIY UI Canvas.canvas` — Obsidian Canvas files
+- `System alternative/iso27DYI High level data structure.pdf` — not read
+- `System alternative/slot_config_erd.mermaid`, `slot_config_schema.sql`, `slot_manager_implementation.py` — code/schema files
+
+The following markdown files in `System alternative/` were not read due to batch size constraints and should be processed in a follow-up pass:
+- `JSON validation for Postgres.md`
+- `SQL vs NoSQL.md`
+- `SupaBase Edge Functions.md`
+- `SupaBase edge functions portability.md`
+- `Using AI to create policies.md`
+- `When to use JSON types in Supabase.md`
+- `Source text.md` (appears to be empty)
+
+---
+
+## Issues to flag
+
+1. **`AuditGlue Personae.md` vs `Personae and Roles.md`** — Two notes covering overlapping ground with no clear relationship. Consider merging or deprecating the shorter one.
+2. **`Modules, Screens and Content.md`** — Thin note largely redundant with `Three user modes for AuditGlue.md` and `GIS-content-map.md`. Candidate for removal.
+3. **`ISO27DIY benefits.md`** — Stub. Develop or delete.
+4. **`iso27DIY Plain English Template.md`** — Outline without a worked example. Needs population before it's useful.
+5. **Six `System alternative` notes unread** — Batch size constraint. Require a follow-up pass to complete this overview.
+6. **`Source text.md`** — Empty file. Remove.
+7. **`iso27DYI High level data structure.pdf`** — Unread. May contain architecture information not captured elsewhere.
+8. **Duplicate body in `Three user modes for AuditGlue.md`** — Entire note body appears twice. Clean up.