Skip to content

scale600/it-compliance-framework

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

IT Compliance Framework — Manufacturing

Wonhee Richard Lee | Senior Cloud Systems Administrator

This repository publicly documents the GDPR/CCPA Compliance, Annual IT & OT Audit, and TPRM (Third-Party Risk Management) frameworks built at Sena Technologies. It serves as verifiable evidence for the compliance experience listed on my resume.


Framework Architecture

flowchart TB
    subgraph Inputs["INPUTS"]
        Mfg["🏭 Manufacturing Environment<br/>IT/OT Systems, IoT, Supply Chain"]
        Regs["📜 Regulations<br/>GDPR, CCPA/CPRA, IEC 62443"]
    end

    subgraph Pillars["THREE PILLARS"]
        direction LR
        P1["🛡️ GDPR / CCPA<br/>Compliance<br/><br/>Policy · RoPA · DPA<br/>DSAR · Privacy Notice"]
        P2["📋 Annual IT & OT<br/>Audit<br/><br/>10-Domain Checklist<br/>CAP · IEC 62443"]
        P3["🔗 TPRM<br/>Vendor Risk<br/><br/>Lifecycle · Due Diligence<br/>SDLC · Scorecards"]
    end

    subgraph Cycle["CONTINUOUS IMPROVEMENT"]
        C1["🔍 Annual Audit<br/>Q4 Full Assessment"]
        C2["📊 Findings & CAP<br/>Risk-Rated Remediation"]
        C3["🔄 Policy Updates<br/>RoPA · DPA · Training"]
    end

    Inputs --> Pillars
    P1 <-..->|"verify"| P2
    P2 <-..->|"verify"| P3
    P3 <-..->|"enforce DPA"| P1
    Pillars --> Cycle
    C3 -->|"feedback"| P1
Loading

Key Achievements

  • GDPR/CCPA Framework — Designed and implemented the full compliance architecture during IPO preparation, covering IT/OT systems, global supply chain data flows, and employee biometric data. Achieved 20–25% cloud cost reduction while maintaining compliance posture.
  • Annual IT Audit — Designed and led integrated IT & OT audit programs covering GDPR/CCPA, Zero-Trust controls, and IEC 62443 operational technology security.
  • TPRM — Led vendor security assessment for the Bose project, achieving "Trusted Software Developer Partner" status and unlocking a multi-million dollar partnership.

Repository Sections

Section Description
GDPR & CCPA Policy templates, RoPA, Data Mapping, DPA, DSAR procedure
Annual IT Audit Audit program, 10-domain checklist, report template, CAP tracker, OT/IEC 62443
TPRM Vendor lifecycle framework, tiering matrix, due diligence questionnaire, secure SDLC checklist
Evidence Anonymized artifacts — audit findings, TPRM case study, compliance dashboard
Resources Glossary, reference standards, tooling recommendations
Docs Framework overview, manufacturing-specific use cases

Manufacturing Focus Areas

  • IT/OT Convergence — Privacy and security controls spanning enterprise IT (ERP, CRM, HRIS) and operational technology (MES, PLC/SCADA, IoT sensors)
  • Global Supply Chain — Cross-border data flows with EU-US DPF/SCC compliance, multi-tier vendor data sharing
  • Zero-Trust Architecture — Intune + Okta integration with RBAC, MFA, and conditional access across factory and cloud environments
  • Cloud Cost Optimization — Compliance-aligned cloud architecture reducing infrastructure spend by 20–25%

Quick Links


About This Repository

This repository is part of my professional portfolio. All content is based on real methodologies developed and implemented in a manufacturing environment. Company names and specific data have been anonymized or fictionalized.

Disclaimer: These documents are reference frameworks and general guidance. They do not constitute legal advice. Always consult qualified legal counsel and data protection professionals for your specific compliance needs.


Portfolio: project.techcloudup.com
Contact: wonhee.eng@gmail.com
LinkedIn: linkedin.com/in/wonheelee

About

IT Compliance Framework for Manufacturing: GDPR/CCPA, Annual IT & OT Audit, TPRM (Third-Party Risk Management) — templates, checklists, and methodology

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors