DokShield — 2026 Database Compliance Map

161

Total DB Tables

155 app + 6 temporal

156

Application Tables

Active across 18 modules

240

FK Constraints

Full referential integrity

197

Findings Resolved

0 open — 100% rate

Functional Modules

Fully audited

Frameworks

SOC 2 · ISO · GDPR · APPs

Module Compliance Matrix

🗺️

Functional Module Compliance Matrix 18 modules · 4 frameworks

Module	SOC 2 Type II Trust Service Criteria	ISO 27001:2022 Annex A Controls	GDPR Data Protection Regulation	Australian Privacy Act Privacy Principles APPs
🔐01Security Officer — SAR	CC6, CC7	—	—	—
🏢02Data Hall Occupancy Management	CC6	—	—	—
🚶03Patrols Management	CC7	A.12.1	—	—
⚠️04Incidents Management	CC6	—	Art. 6	—
👁️05Visitor Management	CC6	—	—	—
📋06Screening Supervisor — SAR	CC6, CC7	—	—	—
📊07Dashboard & Reports	← No dedicated tables — reads across all 18 modules →
💳08Billing Access	CC6, CC9	—	Art. 5	APP 11
🔑09Identity & Access Management	CC6	A.9	Art. 17	—
🖥️10Data Centre Management	—	—	Art. 5	APP 13
🎫11Issue Resolution Tracking (Ticketing)	CC6	—	Art. 16, 5	—
🚪12Access Control & DCAT Management	—	A.12.4	Art. 5	—
📝13Audit & System Logs	CC7	A.7	—	—
⭐14Supervisor Audit & Quality Assurance	—	—	—	—
🔄15Shift Handover Intelligence	CC6	—	—	—
🏭16Contractor & Vendor Lifecycle	CC6, CC7, CC9	—	Art. 6	—
🚨17Emergency & Drill Management	CC9	—	Art. 6	—
🎓18Training & Evaluation Module	CC6	—	Art. 6	—

Database Architecture

🗄️

Database Table Architecture 161 total · 156 application tables

161

Total Database Tables

Complete schema including all system-versioned temporal history tables in the DokShield database

156

Application Tables

Tables actively read and written by the application across all 18 functional modules

Reference / Lookup Tables

ref_* prefix — status enums, type classifiers, rating scales, and permission scope tables

Temporal History Tables

System-versioned tables providing immutable change history for 6 critical operational modules

SAR Module Tables

Security Officer and Screening Supervisor Shift Activity Report tables in HDR/DTL pattern

Training Module Tables

Courses, materials, questions, options, assignments, attempts, answers, certificates, acknowledgements

Vendor & Drill Tables

Contractor lifecycle, site visits, work permits, vendor contacts, documents, incidents, visit zones

Privacy & Compliance Tables

ConsentRecord, DataSubjectRequest, PrivacyPolicyVersion, CorrectionTickets and workflow tables

Framework Detail & Design Highlights

🏛️

The Four Compliance Pillars

🔒

SOC 2 Type II

Logical Access (CC6), System Monitoring (CC7), Risk Mitigation (CC9). MFA enforcement, brute-force detection, and complete UTC audit trail throughout.

📜

ISO 27001:2022

Access Control (A.9), Cryptography (A.10), Operations Security (A.12), Compliance (A.18). AES-256-GCM secrets and schema change management.

🦘

Australian Privacy Act

APPs 1–13. Per-tenant PrivacyActApplicable flag. APP 11 security via AES-256-GCM. APP 12/13 access and correction via dedicated workflow tables.

🌐

Universal Compliance Layer 3 cross-module tables

ConsentRecord

Records user consent per processing purpose across 6 constrained categories. Captures consent text, linked policy version, withdrawal timestamp, and reason. A filtered unique index enforces one active consent per user per purpose.

DataSubjectRequest

Manages all 7 GDPR and APP rights: Access, Correct, Erase, Export, Restrict, Withdraw Consent, Object. DeadlineAt enforces the 30-day response window with a full status audit trail.

PrivacyPolicyVersion

Version-controls the privacy policy with effective date ranges. The RequiresReConsent flag triggers re-consent flows when policy changes materially. Links every consent record to the exact policy version active at time of consent.

These three tables provide simultaneous GDPR and Australian Privacy Act coverage across all 18 modules without any duplication.

⏱️

Immutable Audit History 6 temporal table pairs

Security Officer — SAR TEMPORAL

Shift Handover Intelligence TEMPORAL

Supervisor QA — Evaluations TEMPORAL

Contractor & Vendor Lifecycle TEMPORAL

Emergency & Drill Management TEMPORAL

Training & Evaluation TEMPORAL

6 modules use SQL Server System-Versioned Temporal Tables. Every row change is automatically preserved with exact timestamps — an unalterable record of all data modifications satisfying SOC 2 CC7 and ISO 27001 A.12.4.

Engineering a Clean Baseline

100%

Remediation Rate

All 197 audit findings — including 2 Critical and 10 High severity — were fully resolved prior to production approval. Zero open findings remain across all four frameworks.

✓ Pass — All Findings Closed

240

Enforced Constraints

240 foreign keys and 18 CHECK constraints enforce complete referential integrity and data validation rules across all 161 tables. 6 new foreign keys were added during this audit.

Resolved — Integrity Confirmed

AES

Advanced Encryption Standard

MFA secrets, system configuration credentials, and payment gateway references are protected by AES-256-GCM encryption at the database level with formally documented extended properties.

AES-256-GCM · Documented