sourcentis/deming — reverse-engineered prompt

Build me a self hosted web app for managing an information security management system for a small or mid sized organization. I want it to feel like a practical tool a CISO would actually use, not just a checklist app.

The app should let people manage security controls, plan and schedule reviews, track measurements over time, follow action plans, and see clear charts and summary dashboards about how effective the controls are. It should also generate a simple steering or management meeting report view. I want support for common compliance frameworks like ISO 27001, NIS2, DORA, PCI DSS, and NIST style catalogs, with the ability to import a framework from a spreadsheet in an admin area.

Please make it easy to run locally with Docker, and keep it ready for normal SQL databases or SQLite for simple setups. A clean web interface matters a lot. If anything is unclear, look up the current docs online and fill in the gaps in a sensible way.