Hugging Face's logo

Spaces:
mehtabchandio
/
temp-policy
Sleeping

App Files Community
mehtabchandio commited on
Commit
715927e
Β·
verified Β·
1 Parent(s): 023861e

Update app.py

Browse files
Files changed (1) hide show
  1. app.py +354 -0
app.py CHANGED
@@ -0,0 +1,354 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import streamlit as st
2
+ import pandas as pd
3
+ from docx import Document
4
+ import io
5
+ import json
6
+
7
+ # Page configuration
8
+ st.set_page_config(
9
+ page_title="Cybersecurity Compliance Checklist Creator",
10
+ page_icon="πŸ”’",
11
+ layout="wide"
12
+ )
13
+
14
+ # Sample compliance frameworks data
15
+ COMPLIANCE_FRAMEWORKS = {
16
+ "ISO27001": {
17
+ "name": "ISO/IEC 27001:2022",
18
+ "controls": [
19
+ {"id": "A.5.1", "description": "Information security policies", "category": "Organizational"},
20
+ {"id": "A.5.2", "description": "Information security roles and responsibilities", "category": "Organizational"},
21
+ {"id": "A.5.3", "description": "Segregation of duties", "category": "Organizational"},
22
+ {"id": "A.5.4", "description": "Management responsibilities", "category": "Organizational"},
23
+ {"id": "A.6.1", "description": "Information security in project management", "category": "Organizational"},
24
+ {"id": "A.7.1", "description": "Personnel screening", "category": "Human Resources"},
25
+ {"id": "A.7.2", "description": "Terms and conditions of employment", "category": "Human Resources"},
26
+ {"id": "A.8.1", "description": "Inventory of assets", "category": "Asset Management"},
27
+ {"id": "A.8.2", "description": "Ownership of assets", "category": "Asset Management"},
28
+ {"id": "A.9.1", "description": "Access control policy", "category": "Access Control"},
29
+ {"id": "A.9.2", "description": "User access management", "category": "Access Control"},
30
+ {"id": "A.9.3", "description": "User responsibilities", "category": "Access Control"},
31
+ {"id": "A.9.4", "description": "System and application access control", "category": "Access Control"},
32
+ {"id": "A.10.1", "description": "Cryptographic controls", "category": "Cryptography"},
33
+ {"id": "A.11.1", "description": "Physical security perimeters", "category": "Physical Security"},
34
+ {"id": "A.11.2", "description": "Physical entry controls", "category": "Physical Security"},
35
+ {"id": "A.12.1", "description": "Operational procedures", "category": "Operations Security"},
36
+ {"id": "A.12.2", "description": "Protection from malware", "category": "Operations Security"},
37
+ {"id": "A.12.3", "description": "Backup", "category": "Operations Security"},
38
+ {"id": "A.12.4", "description": "Logging and monitoring", "category": "Operations Security"},
39
+ {"id": "A.12.5", "description": "Control of operational software", "category": "Operations Security"},
40
+ {"id": "A.12.6", "description": "Technical vulnerability management", "category": "Operations Security"},
41
+ {"id": "A.12.7", "description": "Information systems audit considerations", "category": "Operations Security"},
42
+ {"id": "A.13.1", "description": "Network security management", "category": "Communications Security"},
43
+ {"id": "A.13.2", "description": "Information transfer", "category": "Communications Security"},
44
+ {"id": "A.14.1", "description": "Security requirements of information systems", "category": "System Development"},
45
+ {"id": "A.14.2", "description": "Security in development and support processes", "category": "System Development"},
46
+ {"id": "A.14.3", "description": "Test data", "category": "System Development"},
47
+ {"id": "A.15.1", "description": "Information security in supplier relationships", "category": "Supplier Relationships"},
48
+ {"id": "A.15.2", "description": "Supplier service delivery management", "category": "Supplier Relationships"},
49
+ {"id": "A.16.1", "description": "Management of information security incidents and improvements", "category": "Incident Management"},
50
+ {"id": "A.17.1", "description": "Information security continuity", "category": "Business Continuity"},
51
+ {"id": "A.17.2", "description": "Redundancies", "category": "Business Continuity"},
52
+ {"id": "A.18.1", "description": "Compliance with legal and contractual requirements", "category": "Compliance"}
53
+ ]
54
+ },
55
+ "NIST": {
56
+ "name": "NIST Cybersecurity Framework",
57
+ "controls": [
58
+ {"id": "ID.AM-1", "description": "Physical devices and systems within the organization are inventoried", "category": "Identify"},
59
+ {"id": "ID.AM-2", "description": "Software platforms and applications within the organization are inventoried", "category": "Identify"},
60
+ {"id": "ID.AM-3", "description": "Organizational communication and data flows are mapped", "category": "Identify"},
61
+ {"id": "ID.AM-4", "description": "External information systems are catalogued", "category": "Identify"},
62
+ {"id": "ID.AM-5", "description": "Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value", "category": "Identify"},
63
+ {"id": "ID.AM-6", "description": "Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders are established", "category": "Identify"},
64
+ {"id": "PR.AC-1", "description": "Identities and credentials are managed for authorized devices and users", "category": "Protect"},
65
+ {"id": "PR.AC-2", "description": "Physical access to assets is managed and protected", "category": "Protect"},
66
+ {"id": "PR.AC-3", "description": "Remote access is managed", "category": "Protect"},
67
+ {"id": "PR.AC-4", "description": "Access permissions are managed, incorporating the principles of least privilege and separation of duties", "category": "Protect"},
68
+ {"id": "PR.AC-5", "description": "Network integrity is protected, incorporating network segregation where appropriate", "category": "Protect"},
69
+ {"id": "PR.AT-1", "description": "All users are informed and trained", "category": "Protect"},
70
+ {"id": "PR.AT-2", "description": "Privileged users understand their roles and responsibilities", "category": "Protect"},
71
+ {"id": "PR.AT-3", "description": "Third-party stakeholders understand their roles and responsibilities", "category": "Protect"},
72
+ {"id": "PR.AT-4", "description": "Senior executives understand their roles and responsibilities", "category": "Protect"},
73
+ {"id": "PR.AT-5", "description": "Physical and cybersecurity personnel understand their roles and responsibilities", "category": "Protect"},
74
+ {"id": "PR.DS-1", "description": "Data-at-rest is protected", "category": "Protect"},
75
+ {"id": "PR.DS-2", "description": "Data-in-transit is protected", "category": "Protect"},
76
+ {"id": "PR.DS-3", "description": "Assets are formally managed throughout removal, transfers, and disposition", "category": "Protect"},
77
+ {"id": "PR.DS-4", "description": "Adequate capacity to ensure availability is maintained", "category": "Protect"},
78
+ {"id": "PR.DS-5", "description": "Protections against data leaks are implemented", "category": "Protect"},
79
+ {"id": "PR.DS-6", "description": "Integrity checking mechanisms are used to verify software, firmware, and information integrity", "category": "Protect"},
80
+ {"id": "PR.DS-7", "description": "The development and testing environment(s) are separate from the production environment", "category": "Protect"},
81
+ {"id": "PR.IP-1", "description": "A baseline configuration of information technology/industrial control systems is created and maintained", "category": "Protect"},
82
+ {"id": "PR.IP-2", "description": "A System Development Life Cycle to manage systems is implemented", "category": "Protect"},
83
+ {"id": "PR.IP-3", "description": "Configuration change control processes are in place", "category": "Protect"},
84
+ {"id": "PR.IP-4", "description": "Backups of information are conducted, maintained, and tested periodically", "category": "Protect"},
85
+ {"id": "PR.IP-5", "description": "Policy and regulations regarding the physical operating environment for organizational assets are met", "category": "Protect"},
86
+ {"id": "PR.IP-6", "description": "Data is destroyed according to policy", "category": "Protect"},
87
+ {"id": "PR.IP-7", "description": "Protection processes are continuously improved", "category": "Protect"},
88
+ {"id": "PR.IP-8", "description": "Effectiveness of protection technologies is shared with appropriate parties", "category": "Protect"},
89
+ {"id": "PR.IP-9", "description": "Response plans (Incident Response and Business Continuity) and recovery plans (Disaster Recovery) are in place and managed", "category": "Protect"},
90
+ {"id": "PR.IP-10", "description": "Response and recovery plans are tested", "category": "Protect"},
91
+ {"id": "PR.IP-11", "description": "Cybersecurity is included in human resources practices", "category": "Protect"},
92
+ {"id": "PR.IP-12", "description": "A vulnerability management plan is developed and implemented", "category": "Protect"},
93
+ {"id": "PR.PT-1", "description": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy", "category": "Protect"},
94
+ {"id": "PR.PT-2", "description": "Removable media is protected and its use restricted according to policy", "category": "Protect"},
95
+ {"id": "PR.PT-3", "description": "Access to systems and assets is controlled, incorporating the principle of least functionality", "category": "Protect"},
96
+ {"id": "PR.PT-4", "description": "Communications and control networks are protected", "category": "Protect"},
97
+ {"id": "PR.PT-5", "description": "Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations", "category": "Protect"},
98
+ {"id": "DE.AE-1", "description": "A baseline of network operations and expected data flows for users and systems is established and managed", "category": "Detect"},
99
+ {"id": "DE.AE-2", "description": "Detected events are analyzed to understand attack targets and methods", "category": "Detect"},
100
+ {"id": "DE.AE-3", "description": "Event data are aggregated and correlated from multiple sources and sensors", "category": "Detect"},
101
+ {"id": "DE.AE-4", "description": "Impact of events is determined", "category": "Detect"},
102
+ {"id": "DE.AE-5", "description": "Incident alert thresholds are established", "category": "Detect"},
103
+ {"id": "DE.CM-1", "description": "The network is monitored to detect potential cybersecurity events", "category": "Detect"},
104
+ {"id": "DE.CM-2", "description": "The physical environment is monitored to detect potential cybersecurity events", "category": "Detect"},
105
+ {"id": "DE.CM-3", "description": "Personnel activity is monitored to detect potential cybersecurity events", "category": "Detect"},
106
+ {"id": "DE.CM-4", "description": "Malicious code is detected", "category": "Detect"},
107
+ {"id": "DE.CM-5", "description": "Unauthorized mobile code is detected", "category": "Detect"},
108
+ {"id": "DE.CM-6", "description": "External service provider activity is monitored to detect potential cybersecurity events", "category": "Detect"},
109
+ {"id": "DE.CM-7", "description": "Monitoring for unauthorized personnel, connections, devices, and software is performed", "category": "Detect"},
110
+ {"id": "DE.CM-8", "description": "Vulnerability scans are performed", "category": "Detect"},
111
+ {"id": "DE.DP-1", "description": "Roles and responsibilities for detection are well defined to ensure accountability", "category": "Detect"},
112
+ {"id": "DE.DP-2", "description": "Detection activities comply with all applicable requirements", "category": "Detect"},
113
+ {"id": "DE.DP-3", "description": "Detection processes are tested", "category": "Detect"},
114
+ {"id": "DE.DP-4", "description": "Event detection information is communicated to appropriate parties", "category": "Detect"},
115
+ {"id": "DE.DP-5", "description": "Detection processes are continuously improved", "category": "Detect"},
116
+ {"id": "RS.RP-1", "description": "Response plan is executed during or after an event", "category": "Respond"},
117
+ {"id": "RS.CO-1", "description": "Personnel know their roles and order of operations when a response is needed", "category": "Respond"},
118
+ {"id": "RS.CO-2", "description": "Events are reported consistent with established criteria", "category": "Respond"},
119
+ {"id": "RS.CO-3", "description": "Information is shared consistent with response plans", "category": "Respond"},
120
+ {"id": "RS.CO-4", "description": "Coordination with stakeholders occurs consistent with response plans", "category": "Respond"},
121
+ {"id": "RS.CO-5", "description": "Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness", "category": "Respond"},
122
+ {"id": "RS.AN-1", "description": "Notifications from detection systems are investigated", "category": "Respond"},
123
+ {"id": "RS.AN-2", "description": "The impact of the incident is understood", "category": "Respond"},
124
+ {"id": "RS.AN-3", "description": "Forensics are performed", "category": "Respond"},
125
+ {"id": "RS.AN-4", "description": "Incidents are categorized consistent with response plans", "category": "Respond"},
126
+ {"id": "RS.MI-1", "description": "Incidents are contained", "category": "Respond"},
127
+ {"id": "RS.MI-2", "description": "Incidents are mitigated", "category": "Respond"},
128
+ {"id": "RS.MI-3", "description": "Newly identified vulnerabilities are mitigated or documented as accepted risks", "category": "Respond"},
129
+ {"id": "RS.IM-1", "description": "Response plans incorporate lessons learned", "category": "Respond"},
130
+ {"id": "RS.IM-2", "description": "Response strategies are updated", "category": "Respond"},
131
+ {"id": "RC.RP-1", "description": "Recovery plan is executed during or after an event", "category": "Recover"},
132
+ {"id": "RC.IM-1", "description": "Recovery plans incorporate lessons learned", "category": "Recover"},
133
+ {"id": "RC.IM-2", "description": "Recovery strategies are updated", "category": "Recover"},
134
+ {"id": "RC.CO-1", "description": "Public relations are managed", "category": "Recover"},
135
+ {"id": "RC.CO-2", "description": "Reputation is repaired after an incident", "category": "Recover"},
136
+ {"id": "RC.CO-3", "description": "Recovery activities are communicated to internal stakeholders and executive and management teams", "category": "Recover"}
137
+ ]
138
+ },
139
+ "PCIDSS": {
140
+ "name": "PCI DSS v4.0",
141
+ "controls": [
142
+ {"id": "1.1.1", "description": "Establish and implement firewall and router configuration standards", "category": "Network Security"},
143
+ {"id": "1.2.1", "description": "Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment", "category": "Network Security"},
144
+ {"id": "1.3.1", "description": "Implement DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports", "category": "Network Security"},
145
+ {"id": "1.4.1", "description": "Do not allow unauthorized outbound traffic from the cardholder data environment to the internet", "category": "Network Security"},
146
+ {"id": "2.1.1", "description": "Change vendor-supplied defaults before installing a system on the network", "category": "Vendor Defaults"},
147
+ {"id": "2.2.1", "description": "Develop configuration standards for all system components", "category": "System Configuration"},
148
+ {"id": "3.1.1", "description": "Keep cardholder data storage to a minimum", "category": "Data Protection"},
149
+ {"id": "3.2.1", "description": "Do not store sensitive authentication data after authorization", "category": "Data Protection"},
150
+ {"id": "4.1.1", "description": "Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks", "category": "Encryption"},
151
+ {"id": "5.1.1", "description": "Deploy anti-virus software on all systems commonly affected by malicious software", "category": "Malware Protection"},
152
+ {"id": "6.1.1", "description": "Establish a process to identify security vulnerabilities", "category": "Vulnerability Management"},
153
+ {"id": "7.1.1", "description": "Limit access to system components and cardholder data to only those individuals whose job requires such access", "category": "Access Control"},
154
+ {"id": "8.1.1", "description": "Assign all users a unique ID before allowing them to access system components or cardholder data", "category": "Access Control"},
155
+ {"id": "9.1.1", "description": "Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment", "category": "Physical Security"},
156
+ {"id": "10.1.1", "description": "Implement audit trails to link all access to system components to each individual user", "category": "Monitoring"},
157
+ {"id": "11.1.1", "description": "Test for the presence of wireless access points and detect and identify all authorized and unauthorized wireless access points", "category": "Testing"},
158
+ {"id": "12.1.1", "description": "Establish, publish, maintain, and disseminate a security policy", "category": "Policy"}
159
+ ]
160
+ }
161
+ }
162
+
163
+ def main():
164
+ st.title("πŸ”’ Cybersecurity Compliance Checklist Creator")
165
+ st.markdown("Create customized checklists for various cybersecurity compliance frameworks")
166
+
167
+ # Sidebar for framework selection
168
+ st.sidebar.header("Framework Selection")
169
+ selected_frameworks = st.sidebar.multiselect(
170
+ "Select Compliance Frameworks:",
171
+ list(COMPLIANCE_FRAMEWORKS.keys()),
172
+ default=["ISO27001"]
173
+ )
174
+
175
+ # Main content area
176
+ if not selected_frameworks:
177
+ st.warning("Please select at least one compliance framework from the sidebar.")
178
+ return
179
+
180
+ # Display selected frameworks
181
+ st.header("Selected Frameworks")
182
+ cols = st.columns(len(selected_frameworks))
183
+ for i, framework in enumerate(selected_frameworks):
184
+ with cols[i]:
185
+ st.info(f"**{COMPLIANCE_FRAMEWORKS[framework]['name']}**")
186
+
187
+ # Checklist creation section
188
+ st.header("πŸ“‹ Checklist Items")
189
+
190
+ all_controls = []
191
+ for framework in selected_frameworks:
192
+ framework_controls = COMPLIANCE_FRAMEWORKS[framework]['controls']
193
+ for control in framework_controls:
194
+ control['framework'] = framework
195
+ all_controls.append(control)
196
+
197
+ # Create a DataFrame for better display
198
+ df_controls = pd.DataFrame(all_controls)
199
+
200
+ # Add selection checkboxes
201
+ selected_controls = []
202
+
203
+ # Group by category for better organization
204
+ categories = df_controls['category'].unique()
205
+
206
+ for category in sorted(categories):
207
+ st.subheader(f"Category: {category}")
208
+ category_controls = df_controls[df_controls['category'] == category]
209
+
210
+ for _, control in category_controls.iterrows():
211
+ col1, col2 = st.columns([1, 4])
212
+ with col1:
213
+ selected = st.checkbox(
214
+ f"Select {control['id']}",
215
+ key=f"{control['framework']}_{control['id']}"
216
+ )
217
+ with col2:
218
+ st.write(f"**{control['id']}** - {control['description']}")
219
+ st.caption(f"Framework: {control['framework']}")
220
+
221
+ if selected:
222
+ selected_controls.append(control.to_dict())
223
+
224
+ # Export options
225
+ if selected_controls:
226
+ st.header("πŸ“€ Export Checklist")
227
+
228
+ col1, col2, col3 = st.columns(3)
229
+
230
+ with col1:
231
+ if st.button("πŸ“„ Export to Word Document"):
232
+ export_to_word(selected_controls)
233
+
234
+ with col2:
235
+ if st.button("πŸ“Š Export to Excel"):
236
+ export_to_excel(selected_controls)
237
+
238
+ with col3:
239
+ if st.button("πŸ“‹ Export to CSV"):
240
+ export_to_csv(selected_controls)
241
+
242
+ # Display selected items
243
+ st.subheader("Selected Items Summary")
244
+ df_selected = pd.DataFrame(selected_controls)
245
+ st.dataframe(df_selected[['framework', 'id', 'description', 'category']])
246
+
247
+ st.success(f"βœ… Selected {len(selected_controls)} controls for your checklist")
248
+
249
+ def export_to_word(controls):
250
+ doc = Document()
251
+ doc.add_heading('Cybersecurity Compliance Checklist', 0)
252
+
253
+ # Group by framework
254
+ frameworks = {}
255
+ for control in controls:
256
+ framework = control['framework']
257
+ if framework not in frameworks:
258
+ frameworks[framework] = []
259
+ frameworks[framework].append(control)
260
+
261
+ for framework, framework_controls in frameworks.items():
262
+ doc.add_heading(f'Framework: {COMPLIANCE_FRAMEWORKS[framework]["name"]}', level=1)
263
+
264
+ # Group by category within framework
265
+ categories = {}
266
+ for control in framework_controls:
267
+ category = control['category']
268
+ if category not in categories:
269
+ categories[category] = []
270
+ categories[category].append(control)
271
+
272
+ for category, category_controls in categories.items():
273
+ doc.add_heading(f'Category: {category}', level=2)
274
+
275
+ table = doc.add_table(rows=1, cols=3)
276
+ table.style = 'Table Grid'
277
+ hdr_cells = table.rows[0].cells
278
+ hdr_cells[0].text = 'Control ID'
279
+ hdr_cells[1].text = 'Description'
280
+ hdr_cells[2].text = 'Status'
281
+
282
+ for control in category_controls:
283
+ row_cells = table.add_row().cells
284
+ row_cells[0].text = control['id']
285
+ row_cells[1].text = control['description']
286
+ row_cells[2].text = 'β–‘ Not Implemented β–‘ In Progress β–‘ Implemented'
287
+
288
+ # Save to bytes buffer
289
+ buffer = io.BytesIO()
290
+ doc.save(buffer)
291
+ buffer.seek(0)
292
+
293
+ st.download_button(
294
+ label="⬇️ Download Word Document",
295
+ data=buffer,
296
+ file_name="compliance_checklist.docx",
297
+ mime="application/vnd.openxmlformats-officedocument.wordprocessingml.document"
298
+ )
299
+
300
+ def export_to_excel(controls):
301
+ df = pd.DataFrame(controls)
302
+ df['Status'] = 'Not Started'
303
+ df['Notes'] = ''
304
+ df['Implementation Date'] = ''
305
+ df['Responsible Person'] = ''
306
+
307
+ # Reorder columns for better readability
308
+ df = df[['framework', 'category', 'id', 'description', 'Status', 'Implementation Date', 'Responsible Person', 'Notes']]
309
+
310
+ buffer = io.BytesIO()
311
+ with pd.ExcelWriter(buffer, engine='openpyxl') as writer:
312
+ df.to_excel(writer, sheet_name='Compliance Checklist', index=False)
313
+
314
+ # Auto-adjust columns' width
315
+ worksheet = writer.sheets['Compliance Checklist']
316
+ for column in worksheet.columns:
317
+ max_length = 0
318
+ column_letter = column[0].column_letter
319
+ for cell in column:
320
+ try:
321
+ if len(str(cell.value)) > max_length:
322
+ max_length = len(str(cell.value))
323
+ except:
324
+ pass
325
+ adjusted_width = min(max_length + 2, 50)
326
+ worksheet.column_dimensions[column_letter].width = adjusted_width
327
+
328
+ buffer.seek(0)
329
+
330
+ st.download_button(
331
+ label="⬇️ Download Excel Spreadsheet",
332
+ data=buffer,
333
+ file_name="compliance_checklist.xlsx",
334
+ mime="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
335
+ )
336
+
337
+ def export_to_csv(controls):
338
+ df = pd.DataFrame(controls)
339
+ df['Status'] = 'Not Started'
340
+ df['Notes'] = ''
341
+ df['Implementation Date'] = ''
342
+ df['Responsible Person'] = ''
343
+
344
+ csv = df.to_csv(index=False)
345
+
346
+ st.download_button(
347
+ label="⬇️ Download CSV File",
348
+ data=csv,
349
+ file_name="compliance_checklist.csv",
350
+ mime="text/csv"
351
+ )
352
+
353
+ if __name__ == "__main__":
354
+ main()