Compliance Checklist

This checklist summarises the artefacts and controls required for both enterprise deployment and academic publication of the Accounting Conservation Framework.

For Enterprise Deployment

Data Compliance

• SEC EDGAR Terms of Use documented (docs/compliance/SEC_EDGAR_COMPLIANCE.md)
• Rate limiting implemented (6.67 req/sec; buffer below 10 req/sec)
• User-Agent declaration compliant with SEC guidelines
• Data attribution present in README, docs, and generated reports
• Repository does not redistribute raw SEC data

Security & Supply Chain

• SBOM generated in CycloneDX JSON and XML formats (SBOM.json, SBOM.xml)
• Security scanning integrated in CI (bandit, pip-audit)
• Dependencies pinned via poetry.lock
• Critical dependencies bounded with upper limits to prevent supply chain drift
• CVE monitoring workflow documented (quarterly pip-audit review pending automation)

Reproducibility

• Lockfile committed (poetry.lock)
• Checksums for result artefacts (results/checksums.txt)
• Version tagging in Git (v0.1.0)
• End-to-end reproduction guide (results/REPRODUCTION.md)

Licensing

• MIT License declared in pyproject.toml and LICENSE
• Third-party license notices compiled (target file: THIRD_PARTY_NOTICES.md)
• IFRS excerpt usage reviewed (confirm fair use / obtain permissions)

Documentation

• Standards citations recorded at paragraph-level (see docs/standards/)
• Taxonomy crosswalk published (docs/standards/STANDARDS_CROSSWALK.*)
• Experimental features (blockchain / ZK) labeled as such
• API documentation complete (Sphinx or MkDocs site to be generated)

For Academic Publication

Reproducibility Requirements

• Repository public and archived for citation
• Exact dependency versions locked
• Dataset construction process documented
• Reproduction guide tested on fresh clone
• Artefact checksums provided for verification

Methodology Transparency

• Test-count methodology explained in README (parameterised test expansion)
• Pass-rate calculations documented (docs/EMPIRICAL_VALIDATION.html)
• Known limitations listed (XBRL sparsity, heuristic fallbacks)
• Prior art cited (Ellerman, Liang, others)

Ethical Standards

• Only public data sources used (SEC filings, public market data)
• No cherry-picking—full S&P 500 coverage maintained
• Negative results disclosed (equity bridge pass rate currently 4.93%)
• Caveats recorded (boundary flux, M&A heuristics, data gaps)

Quarterly Review Tasks

Maintainer: Complete the following every 90 days.

# Update SBOM artefacts
poetry export -f requirements.txt --without-hashes | cyclonedx-py requirements -i - -o SBOM.json
poetry run cyclonedx-bom -o SBOM.xml

# Check third-party dependencies for CVEs
poetry run pip-audit --desc

# Review SEC EDGAR guidance for policy changes
curl https://www.sec.gov/developer | grep -i "rate limit"

# Verify reproduction guide
git clone https://github.com/nirvanchitnis-cmyk/accounting-conservation-framework.git temp_repro
cd temp_repro
git checkout v0.1.0
poetry install && poetry run python scripts/run_empirical_validation_n500.py

# Update compliance document review date
sed -i '' "s/Last Reviewed: .*/Last Reviewed: $(date +%Y-%m-%d)/" docs/compliance/SEC_EDGAR_COMPLIANCE.md

Review Log

• Last Review: 2025-11-04
• Next Review: 2026-02-04

Maintainers should record completion of each quarterly cycle in an internal compliance log (e.g., docs/compliance/REVIEW_LOG.md) to demonstrate continuous monitoring.

Outstanding Actions

• Populate results/cik_list.txt entries currently marked UNKNOWN (see CODEX_02 hand-off notes)
• Draft THIRD_PARTY_NOTICES.md consolidating licences for transitive dependencies
• Evaluate automation for quarterly SBOM regeneration via GitHub Actions
• Determine whether additional legal review is required for IFRS excerpts embedded in documentation

Document maintained by the Accounting Conservation Framework team. For questions or proposed updates, open an issue or submit a pull request on GitHub.