arckit-fr-irn
$
npx mdskill add tractorjuice/arc-kit/arckit-fr-irnStructure digital resilience self-assessments using the aDRI framework.
- Generates assessment outlines covering eight pillars across five organizational layers.
- Relies on the official aDRI repository for evolving framework criteria.
- Provides scoring scaffolds while deferring final calculations to external tools.
- Delivers structured documents ready for manual scoring and official reporting.
SKILL.md
.github/skills/arckit-fr-irnView on GitHub ↗
---
name: arckit-fr-irn
description: "[COMMUNITY] Structure an IRN (Indice de Résilience Numérique) self-assessment following the aDRI framework — 8 resilience pillars × 5 organisational layers, with scoring scaffold and handoff to official aDRI methodology"
---
> ⚠️ **Community-contributed command** — not part of the officially-maintained ArcKit baseline. Output should be reviewed before reliance.
> **Note on methodology**: This command structures an IRN self-assessment but does **not** reproduce the aDRI scoring criteria for two explicit reasons:
>
> 1. **Living repository** — the IRN framework evolves actively at [gitlab.com/digitalresilienceinitiative/adri-irn](https://gitlab.com/digitalresilienceinitiative/adri-irn). Embedding a copy would create a frozen snapshot that diverges from the official methodology.
>
> 2. **Licence incompatibility** — the IRN is published under CC BY-NC-ND 4.0 (non-commercial, no derivatives). ArcKit is MIT (commercial use permitted). These two licences are incompatible for any derived content.
>
> **To score your assessment**: consult the official aDRI repository, download the evaluation grid (`Questionnaire_IRN_v0.4.xlsx`), apply R/NR criteria per pillar and layer, then report your scores in the generated document.
You are helping an enterprise architect structure an **IRN (Indice de Résilience Numérique)** self-assessment following the aDRI framework. The IRN is a strategic resilience index — not a compliance checklist — designed to give executive committees an objective view of their technological dependencies.
## User Input
```text
$ARGUMENTS
```
## Instructions
> **Note**: Before generating, scan `projects/` for existing project directories. For each project, list all `ARC-*.md` artifacts, check `external/` for reference documents, and check `000-global/` for cross-project policies. If no external docs exist but they would improve output, ask the user.
### Step 0: Read existing artifacts from the project context
**RECOMMENDED** (read if available, note if missing):
- **REQ** (Requirements) — Extract: infrastructure choices, SaaS/cloud dependencies, integration points, data sovereignty requirements
- **STKE** (Stakeholder Analysis) — Extract: organisation type, strategic priorities, key dependencies, vendor relationships
- **PRIN** (Architecture Principles, 000-global) — Extract: sovereignty principles, cloud strategy, open-source commitments
- **RSCH** (Research) — Extract: vendor landscape, identified single points of failure
**OPTIONAL** (read if available, skip silently):
- **SECNUM** (SecNumCloud Assessment) — pre-populate RES-6 cloud infrastructure section
- **ANSSI** (ANSSI Security Posture) — pre-populate RES-7 cybersecurity section
- **EBIOS** (Risk Study) — pre-populate RES-4 operational resilience section
- **RGPD** / **CNIL** (GDPR Assessments) — pre-populate RES-2 regulatory compliance section
### Step 0b: Read external documents
- Read any documents in `external/` — extract existing vendor contracts, SLA reports, cloud audits, dependency maps
- Read any `000-global/policies/` — extract cloud strategy, open-source policy, data sovereignty policy
### Step 1: Identify or Create Project
Identify the target project from the hook context. If the project doesn't exist, create it via `create-project.sh --json`.
### Step 2: Determine scope
From the artifacts, determine which of the 5 IRN organisational layers are relevant:
| Layer | In Scope? | Justification |
|-------|-----------|---------------|
| Applicative | ? | Based on identified SaaS/software dependencies |
| Data | ? | Based on data assets, AI/analytics usage |
| Platform | ? | Based on dev/deploy/orchestration tooling |
| Infrastructure | ? | Based on cloud, compute, storage, network |
| Compétences | ? | Based on internal skill assessment, outsourcing level |
If no artifacts exist, include all 5 layers and note that scope confirmation is required.
### Step 3: Read Template
- **First**, check if `.arckit/templates/fr-irn-template.md` exists in the project root
- **If found**: use the user's customised template
- **If not found**: use `.arckit/templates/fr-irn-template.md`
### Step 4: Generate IRN Assessment Document
**CRITICAL**: Use the **Write tool** to create the assessment document.
1. **Detect version**: Check for existing `ARC-{PROJECT_ID}-IRN-v*.md` files
2. **Document ID**: `ARC-{PROJECT_ID}-IRN-v{VERSION}`
3. **Classification**: OFFICIAL-SENSITIVE (dependency mapping reveals strategic vulnerabilities)
For each of the **8 IRN pillars**, create a structured section:
**RES-1 — Résilience Stratégique** (Vision & roadmap, independence strategy, IT governance)
**RES-2 — Résilience Économique et Juridique** (Regulatory compliance, legal sovereignty, audit)
**RES-3 — Résilience Data & IA** (Data control, AI infrastructure, ethics & transparency)
**RES-4 — Résilience Opérationnelle** (Business continuity, incident management, recovery plans)
**RES-5 — Résilience Supply-Chain** (Critical suppliers, diversification, contracts & SLAs)
**RES-6 — Résilience Technologique** (Infrastructure & cloud, applications & SaaS, open source)
**RES-7 — Résilience Sécurité** (Cybersecurity, data protection, risk management)
**RES-8 — Résilience Environnementale** (Carbon footprint, green IT, digital sustainability)
For each pillar × organisational layer in scope:
- Summarise what is known from project artifacts (pre-populate where possible)
- Leave a scoring placeholder (R / NR / ? — to be filled using the official aDRI grid)
- Flag any obvious dependencies or risks identified from existing artifacts
- **Do NOT attempt to score R/NR yourself** — the official criteria are in the aDRI evaluation grid
4. **Scoring Summary table**: Create a placeholder table showing the 8 pillars × 5 layers with R/NR cells to be filled by the assessor after consulting the official methodology.
5. **Gap Analysis**: Based on what is observable from existing artifacts (NOT from reproduced aDRI criteria), flag obvious dependency concentrations, single-vendor risks, or regulatory exposure as preliminary observations.
Before writing, read `.arckit/references/quality-checklist.md` and verify all **Common Checks** pass.
Write to:
```text
projects/{project_id}/ARC-{PROJECT_ID}-IRN-v{VERSION}.md
```
### Step 5: Summary Output
```text
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ IRN Assessment Scaffold Generated
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📄 Document: projects/{project_id}/ARC-{PROJECT_ID}-IRN-v{VERSION}.md
📋 Document ID: {document_id}
📅 Assessment Date: {date}
🔒 Classification: OFFICIAL-SENSITIVE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📊 Scope
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Layers in scope: {N}/5
Pre-populated from artifacts: {list}
Cells requiring official aDRI scoring: {N}
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚡ Preliminary observations from existing artifacts
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
{List obvious risks/dependencies visible from project artifacts}
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Next steps:
1. Download the official aDRI evaluation grid:
https://gitlab.com/digitalresilienceinitiative/adri-irn
2. Score each pillar × layer cell (R/NR) using the official methodology
3. Report scores in the generated document and re-run for gap analysis
{If cloud gaps: 4. Run $arckit-fr-secnumcloud for sovereign hosting assessment}
{If GDPR gaps: 5. Run $arckit-eu-rgpd for full data compliance assessment}
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
```
## Key References
| Document | Publisher | URL |
|----------|-----------|-----|
| IRN official repository (evaluation grid v0.4) | aDRI | https://gitlab.com/digitalresilienceinitiative/adri-irn |
| aDRI official website | aDRI | https://thedigitalresilience.org/ |
| IRN licence (CC BY-NC-ND 4.0) | Creative Commons | https://creativecommons.org/licenses/by-nc-nd/4.0/ |
> **Why we reference instead of reproduce**: The IRN scoring criteria are published under CC BY-NC-ND 4.0 (non-commercial, no derivatives). ArcKit is MIT-licensed (commercial use permitted). These licences are incompatible for derived content. Additionally, the IRN is an actively maintained living standard — embedding a snapshot would drift from the current version. This command structures and documents your assessment; the aDRI repository provides the methodology.
## Success Criteria
- ✅ Assessment document created at `projects/{project_id}/ARC-{PROJECT_ID}-IRN-v{VERSION}.md`
- ✅ All 8 IRN pillars present as document sections
- ✅ 5 organisational layers scoped (in/out of scope justified)
- ✅ Existing project artifacts used to pre-populate observable context
- ✅ R/NR scoring placeholders created — NOT pre-filled by AI
- ✅ Link to official aDRI evaluation grid clearly displayed
- ✅ Licence incompatibility and living-repo rationale explained in document
- ✅ Preliminary observations from artifacts noted (dependency concentrations, single vendors)
- ✅ Classification: OFFICIAL-SENSITIVE
## Example Usage
```text
$arckit-fr-irn IRN self-assessment for project 001 — AI-driven HR SaaS platform using AWS eu-west-3 with US-based sub-processors
$arckit-fr-irn Assess IRN for a French bank running on Azure with Microsoft 365 across 5,000 employees
$arckit-fr-irn IRN scaffold for a public hospital group — 3 sites, OVHcloud infrastructure, Epic HRIS, strong open-source policy
```
## Suggested Next Steps
After completing this command, consider running:
- `$arckit-fr-secnumcloud` -- Assess SecNumCloud qualification for sovereign cloud hosting *(when RES-6 (Technological Resilience) or RES-5 (Supply-Chain) reveals critical cloud dependency gaps)*
- `$arckit-eu-rgpd` -- Full GDPR compliance assessment for RES-2 regulatory gaps *(when RES-2 (Economic and Legal Resilience) identifies GDPR compliance gaps)*
- `$arckit-eu-nis2` -- NIS2 compliance assessment for essential/important entity obligations *(when RES-2 or RES-7 identifies NIS2 obligations)*
- `$arckit-fr-anssi` -- ANSSI hygiene assessment for RES-7 cybersecurity gaps *(when RES-7 (Security Resilience) reveals significant gaps)*
- `$arckit-fr-ebios` -- EBIOS risk study for operational resilience gaps *(when RES-4 (Operational Resilience) reveals significant risk management gaps)*
More from tractorjuice/arc-kit
- architecture-workflowThis skill should be used when the user asks how to start an architecture project, which ArcKit commands to run and in what order, what workflow to follow, getting started, new project setup, guide me through, or what comes next.
- arckit-adrDocument architectural decisions with options analysis and traceability
- arckit-ai-playbookAssess UK Government AI Playbook compliance for responsible AI deployment
- arckit-analyzePerform comprehensive governance quality analysis across architecture artifacts (requirements, principles, designs, assessments)
- arckit-at-bvergg[COMMUNITY] Generate Austrian public procurement documentation aligned with Bundesvergabegesetz 2018 — Oberschwellen/Unterschwellen determination, ANKÖ publication, BVergGVS secondary rules, and BVwG review pathway
- arckit-at-dsgvo[COMMUNITY] Assess Austrian DSG / DSGVO obligations — Datenschutzbehörde patterns, §§12–13 DSG special provisions, image processing (§12 DSG), and Austrian enforcement practice
- arckit-at-nisg[COMMUNITY] Assess Austrian NISG obligations (BGBl. I Nr. 94/2025) — AT transposition of NIS2, BKA (GovCERT) / BMI (SPOC) reporting, KSÖ coordination, and Austrian sectoral rules for Essential/Important entities
- arckit-atrsGenerate Algorithmic Transparency Recording Standard (ATRS) record for AI/algorithmic tools
- arckit-aws-researchResearch AWS services and architecture patterns using AWS Knowledge MCP for authoritative guidance
- arckit-azure-researchResearch Azure services and architecture patterns using Microsoft Learn MCP for authoritative guidance