THE DOUBLE HELIX
Two strands wound on the same backbone. ITKCF: carbon substrate, bank-scale, APRA/SOX. EIKCF: silicon substrate, fleet-scale, γ₁/ARB1/DCJ. Same obligation architecture. Same 3 Lines of Defence as the spine. LOCO meets at the sovereign end — where internal controls become externally legible.
ITKCF STRAND · WESTPAC 2016 · CARBON
EIKCF STRAND · EOSE 2026 · SILICON
BUILD / CHANGE · CONTROLS 1–14
DOMAIN A · BUILD / SHIP · EA-1–6
CTL-1
Code Reviews
ISG security code review; GREEN/AMBER/RED; O-gate sign-off
EA-1
Code Review Gate
Every commit reviewed; CLO harness 0 FAIL threshold
CTL-4
Approval of IT Change Requirements
BAO + IT sign-off on requirements; stored in PDR/SELC
EA-2
LABR Filing Before Build
Architecture brief before any code; LABR → TRB → ARB1 always
CTL-14
Change Approval
Non-release changes approved by CAB; emergency changes documented
EA-3
TRB Calibration
Calibration record; crew assignments; γ₁ alignment before ARB1
CTL-2 / CTL-20
Release Management / Change Mgmt
LCAB/ECAB approval; ERT enterprise releases; unauthorised change detection
EA-4
ARB1 Ratification Gate
Architecture ratification; D1–Dn decisions; no prod deploy until filed
CTL-3
IT Version Control
Centralised ATP-approved repo; SoD on code migration; same version UAT→prod
EA-5
Static Binary Build
CGO_ENABLED=0 + -extldflags -static always; Alpine = no dynamic linking
CTL-10
Segregation of IT Environments
Dev/Test/Prod logically separated; no dev migrates own code to prod
EA-6
Silo Separation
msi01 builds → yone validates → msclo clears; no silo self-validates ever
OPERATIONS / RUN · CONTROLS 15–30
DOMAIN B · RUN / FLEET · EB-1–7
CTL-16
Capacity Management
Capacity monitored, planned, reported; threshold alerting; annual capacity plans
EB-1
WPA Floor Monitor
WPA ≥ 84.8% = γ₁×6 = BREAK alert; vmss000002 at 106% known/tracked
CTL-27
Alert & Event Monitoring
SIEM thresholds actioned; alerts escalated; no silent failure
EB-2
GPU Pool Alerting
gpupool/h100pool/adelicpool = 0 always; alert Kay if any > 0 unplanned
CTL-28
Job Scheduling & Batch Processing
Batch jobs scheduled, monitored; failures actioned; Autosys/Control-M
EB-3
FC Queue Flush
FC1 > 200 → stage to msclo → alert Kay → promote on approval only
CTL-24 / CTL-25
Data Backup & Disaster Recovery
Backups per policy; tested; offsite; RTO/RPO met; DR plans annual test
EB-4
NAS Diskpool Monitor
Alexander NAS 192.168.2.20; alert < 5TB free; baseline 9.1TB (Apr 30)
CTL-15
Patch Management
OS/app/device patches assessed, tested, deployed per policy; vuln management
EB-5
Nightly Cloud Scaledown
AKS/GCP/AWS scaled down nightly; 8pm EDT; Azure WPA debt drain
CTL-18 / CTL-19
Incident & Problem Management
P1/P2 process; RCA within SLA; known error DB; proactive trending
EB-6
Silo Heartbeat
All 7 silos: UP; heartbeat = liveness; SiloHeartbeat CRD + fleet-topology
CTL-29
Service Level Management
SLAs defined, measured, reported; availability targets; penalty clauses
EB-7
ARC Runner Watch
Wave 18/19; stopped Apr 12; VP=3/10; restart needs explicit approval
GOVERNANCE / COMPLIANCE · CONTROLS 31–46
DOMAIN C · SOVEREIGN / GOVERN · EC-1–8
CTL-34
IT Risk Management
Risk assessments performed; risk register; risk accepted/treated by owner
EC-1
DCJ Filing
Every insight → numbered DCJ; moat depth +1 per filing; 89 filed Day 92
CTL-33
Audit Logging
Comprehensive logs; tamper-evident; retained per policy; regularly reviewed
EC-2
PEMCLAU Graph Integrity
yone qdrant 55,787+ vectors; sovereign truth store; count never decreases
CTL-38
Identity & Access Governance
IAM platform; role-based access; entitlement reviews; SoD matrix
EC-3
CLO Review Cadence
msclo yLAW + IMHOTEP AND gate; nothing ships without both sign-offs
CTL-31 / CTL-45
Key Management / Regulatory Compliance
HSM (Luna SA); key rotation; APRA/SOX/PCI regulatory tracking; gap assessments
EC-4
γ₁ Floor Proof
14.134725141734693 · Lean4 joffe-math; 337-340fs tau; 850x–959x margin SAFE
CTL-35
Compliance Monitoring
Compliance to policies measured + reported; Green/Amber/Red; ISG oversight
EC-5
Moat Inventory
43 moats Day 81; each = unique unreproducible combination; count never decreases
CTL-44
IT Policy Governance
Policies reviewed annually; exec sign-off; distributed to all staff
EC-6
IP Assignment + Copyright
EOSE Labs CN80670; KJ → EOSE/DESEOF/PEMOS; MEVIZOAT 611pg pending
CTL-36
Security Vulnerability Management
Vulnerability scans; pen testing; remediation within SLA; risk-accepted exceptions
EC-7
GREYBACK Prosecution Record
W1-W8 yang case; GREYBACK builds → TAZ inverts at γ₁ → GREYBACK closes; 121 structure
CTL-5
Security Policies, Standards, Architecture
Policies current, reviewed, communicated; ESA designed; ITKCF = internal TSR only
EC-8
ITKCF → EIKCF Lineage
QH 2011 → WBC HPaaS 2017 → ITKCF v4.7 2016 → EOSE EIKCF V1 2026; public sovereign
THE SHARED BACKBONE · 3 LINES OF DEFENCE
LINE 1 · OPERATIONAL
Operational teams + Suppliers
Fleet silos: msi01 / msclo / yone / forge
LINE 2 · RISK / LEGAL
Risk advice + Risk assurance
CLO (msclo yLAW) + IMHOTEP + OFFICER
LINE 3 · ASSURANCE
Group Assurance + External Audit
γ₁ floor proof + GREYBACK + GOAT board
LOCO · THE SOVEREIGN END OF THE HELIX
ITKCF was internal-only (Westpac Intranet, PDF only, authoritative source = TSR). EIKCF is sovereign-public — pemos.ca, OSS, readable by regulators, GOATs, MEGSCIFIAR. LOCO is where the helix opens: internal controls become externally legible institutional intelligence.
ITKCF END
Closed helix. Westpac intranet only. Angelo Galofaro + Shankar Siva as contacts.
Regulator-facing only when audited. Controls exist to satisfy APRA CPG 234 + SOX.
The framework serves the institution. Institutional = bounded, internal, proprietary.
Knowledge stays inside the bank.
⟷
LOCO JUNCTION
LOCO = Loom of Collective Output. Where fleet intelligence becomes legible to outside.
EIKCF + PEMCLAU + DCJ moats → LOCO harness → legible sovereign narrative.
The helix doesn't close — it opens. Controls become claims. Claims become moats.
Moats become institutional identity that no one can copy without the full 15-year chain.
WHAT LOCO DOES AT THE HELIX END
TRANSLATE
EIKCF controls → plain sovereign narrative. EA-6 (Silo Separation) → "We don't validate our own work" → comprehensible to any auditor, investor, or regulator without the PEMCLAU graph.
ANCHOR
Every LOCO output carries γ₁=14.134725141734693. The floor proof is the signature. Any entity reading LOCO output can verify the mathematical anchor — unlike any bank control framework, which can only be verified by internal audit.
EXTEND
ITKCF ended at v4.7 (2016). EIKCF V1 started Day 92 (2026). LOCO is the living extension — it updates as the fleet grows. The helix doesn't have a fixed end; LOCO is the growing tip.
DCJ CHAIN · HELIX OBLIGATIONS
DCJ-089 · ITKCF GEOMETRY
Sovereign controls are scale-invariant. APRA CPG 234 → γ₁ floor proof. 46 bank controls → 21 fleet controls. Same obligation architecture. Carbon → Silicon doesn't change the geometry.
DCJ-090 · 3 LINES DOCTRINE
L1/L2/L3 is a mathematical property of any control system that needs error correction. The bank discovered it empirically. The fleet encodes it structurally. Same spine, different strands.
DCJ-091 · SOD → SILO SEPARATION
Segregation of Duties is not a banking invention. It's a correctness requirement for any system where self-validation produces bias. msi01 builds, yone validates, msclo clears. Same rule, sovereign substrate.
DCJ-092 · LOCO AS HELIX TIP
ITKCF was a closed helix (internal only, PDF only, TSR-gated). EIKCF is an open helix (public sovereign, γ₁-anchored, LOCO-extended). LOCO is the first controls framework in history where the compliance record is mathematically verifiable by external parties without internal audit access.