Getting Started =============== Welcome to Thinkwerke Documentation. This documentation provides **technical, architectural, and operational guidance** for building, operating, and proving secure and compliant cloud systems in **regulated EU business environments**. It is designed for practitioners who need to **implement**, **operate**, and **evidence** security and compliance not for marketing or high-level positioning. What this documentation is -------------------------- This site contains **implementation-focused documentation**, including: - Reference architectures for secure cloud and software delivery - Practical implementation guidance for security controls - Compliance mappings translated into executable technical controls - Evidence models used for audits, tenders, and customer assurance - Whitepapers and deep-dive research for regulated environments - Templates, workflows, and operating models Everything here is written with the assumption that: - You operate in a **regulated or high-assurance environment** - You need **verifiable proof**, not only policy statements - Security and compliance must work **inside real systems and CI/CD pipelines** What this documentation is not ------------------------------ This documentation intentionally does **not** contain: - Marketing content or sales messaging - General introductions to cybersecurity concepts - Vendor comparison or product reviews - Compliance checklists without technical grounding For an overview of Thinkwerke’s services, positioning, and engagement models, refer to: https://www.thinkwerke.com Who this documentation is for ----------------------------- This documentation is written for: - Security Architects and Cloud Architects - Senior Software and Platform Engineers - DevSecOps and SRE teams - Compliance, Risk, and GRC practitioners - Audit and assurance stakeholders - Technical leadership supporting regulated business domains Typical use cases include: - Designing secure cloud and CI/CD architectures - Preparing for ISO 27001, NIS2, CRA, GDPR or customer audits - Building evidence models for tenders and assurance - Aligning vendor-hosted environments with shared responsibility requirements - Standardising security operating models across teams How to use this documentation ----------------------------- The documentation is structured to support **progressive depth**: 1. **Solutions & Architectures** Start here if you need reference designs and system-level patterns. 2. **Compliance Mapping** Use these sections to understand how regulatory requirements map to technical controls and implementations. 3. **Evidence Library** Use this when preparing audits, tenders, or customer security assessments. 4. **Whitepapers & Research** Deep dives into regulatory interpretation and engineering approaches. Each section is designed to stand alone, while remaining consistent with the overall operating model. Guiding principles ------------------ All content in this documentation follows these principles: - **Execution over theory** Controls are shown as implemented systems, not abstract requirements. - **Evidence by design** Proof is generated continuously through workflows and pipelines. - **Clear ownership** Responsibilities are explicit across vendors, platforms, and teams. - **Audit realism** Content reflects real-world scrutiny from auditors, regulators, and customers. - **No tool dependency** Patterns are vendor-agnostic unless explicitly stated. Where to go next ---------------- If you are new to this documentation: - Start with :doc:`how-to-use-this-docs` - Review key terminology in :doc:`glossary` - Explore architectural patterns under :doc:`solutions/index` If you are preparing for compliance or audits: - Go directly to :doc:`compliance/index` - Review the :doc:`evidence-library/index` If you are evaluating or designing implementations: - Begin with the relevant solution under **Solutions & Architectures**