Simulated SME · Document library

Policies and governance for a resilient IT organization.

1009 LTD is a simulated small and medium-sized enterprise specializing in IT services and digital infrastructure management. This library publishes the complete internal policy baseline and anchors the companion LLM Gap Analysis research framework.

Coverage
IT governanceInformation securityMiCADORALLM risk research
General information

About 1009 LTD.

A small and medium-sized enterprise focused on IT infrastructure management, system monitoring, asset management and business continuity planning. 1009 LTD operates under a simulated Crypto-Asset Service Provider profile and applies structured policies, incident response and backup controls.

40employees across four divisions
13core IT governance documents
13MiCA and DORA FinTech documents
4OpSec, TechSec, HumSec and PhySec domains
Human resources

Organizational structure.

The workforce is structured into four operating divisions. The remaining four roles are held by executive and governance functions.

Division 0112

Technology

IT infrastructure, software management and system optimization.

Division 0215

Operations

Daily business functions, client support and service continuity.

Division 035

Security

Security policies, data protection, risk and compliance.

Division 044

Marketing & Communication

Brand communication, customer engagement and positioning.

Internal policies and governance

Core document library.

The original company profile and twelve security policies remain available as dedicated web pages and downloadable Markdown source files.

FinTech · MiCA & DORA

Sector-specific compliance library.

The F00–F12 series extends the core IT baseline with CASP governance, safeguarding, conduct, DORA resilience, ICT third-party risk, incident reporting, AML/CFT and prudential controls.

Scope: the FinTech series defines the regulatory delta and references the underlying generic policy where operational mechanics overlap. It does not replace DOC 01–12.

FinTech coverage matrix

DocumentMiCADORATFR / AMLConduct
F01 Governance & Senior Management Accountability·
F02 Crypto-Asset Safeguarding & Custody··
F03 Client Funds Safeguarding··
F04 Conflict of Interest Management··
F05 Complaints Handling··
F06 ICT Third-Party Risk Management··
F07 Digital Operational Resilience Testing···
F08 Major ICT Incident Reporting···
F09 Market Abuse Prevention··
F10 AML/CFT and Travel Rule·
F11 Prudential Safeguards & Own Funds···
F12 Marketing Communications & Disclosures··
Coverage matrix

Security domain mapping.

The original matrix shows how each core document contributes to operational, technical, human and physical security.

DocumentOpSecTechSecHumSecPhySec
01 Access Control Policy·
02 Backup Policy··
03 Human Resource Management··
04 Asset Management··
05 Business Continuity··
06 Operations Management··
07 Incident Management··
08 Information Security··
09 Risk Management··
10 Physical & Environmental Security··
11 Network Security Management··
12 Identity Management·
Research framework

1009 LTD anchors the LLM-driven organizational change study.

The companion framework evaluates whether traditional organizational and technical controls remain sufficient across eight LLM risk domains and four deployment archetypes. The original methodology pages, downloads, critical evaluation and interactive GAP console remain available.

8LLM risk domains
4deployment archetypes
70active controls
6critical priorities