MoReq2010 — Modular Requirements for Records Systems
MoReq2010 — Modular Requirements for Records Systems — 60% covered.
5 requirements · 3 enforced · 0 designed · 0 advisory · 0 deferred.
Source: MoReq2010 specifies modular, testable requirements for records systems — a core services module (classification, retention-and-disposition, searching, access control) plus pluggable functional modules, every requirement backed by an entity-event audit. KYE Protocol™ is NOT a records system — Iron Mountain InSight DXP plus a records system is. KYE Protocol™ governs ACTION authority at the boundary where a managed record drives a consequential AI action. The records-system core-service requirements (classification, retention/disposition, search) map out-of-scope; the access-control decision and entity-event audit-of-the-action overlay maps enforced. · License: MoReq2010 is published by the DLM Forum Foundation under its own licence; KYE registry cites its module/service structure for mapping purposes (no normative text reproduced).
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Access-control service at the action boundary (authority overlay) | 2 | 2 | 0 | 0 | 0 | 100% |
| Entity-event audit of the action decision (authority overlay) | 1 | 1 | 0 | 0 | 0 | 100% |
| Classification & search core service (records-system) | 1 | 0 | 0 | 0 | 0 | 0% |
| Retention & disposition core service (records-system) | 1 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
moreq-2010.access-control-service-overlay |
Access-control service at the action boundary: refuse a consequential AI action on a records-system entity without authority | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:chain-of-authority-insightconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
moreq-2010.custody-to-authority-binding |
Custody-to-authority binding: the records-system custody context is bound into the named-authority decision | enforced | audit_events: kye.purpose.request.v1, kye.evidence.pack.v1engines: internal, internalrule_packs: kye:rule-pack:chain-of-authority-insightconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
moreq-2010.entity-event-action-audit |
Entity-event audit of the action decision: an immutable governance audit entry for every consequential action | enforced | audit_events: kye.evidence.pack.v1, kye.replay.proof.v1, kye.compliance.attestation.v1engines: internal, internalrule_packs: kye:rule-pack:chain-of-authority-insightconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
moreq-2010.classification-search-service |
Classification & search core service (records-system — owned by Iron Mountain InSight DXP, not KYE™) | out-of-scope | constitution_refs: constitution/15-MCP-AND-SDK.md |
moreq-2010.retention-disposition-service |
Retention & disposition core service (records-system — owned by Iron Mountain, not KYE™) | out-of-scope | constitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |