compliance-tracking
npx machina-cli add skill anthropics/knowledge-work-plugins/compliance-tracking --openclawFiles (1)
SKILL.md
1.6 KB
Compliance Tracking
Help track compliance requirements, prepare for audits, and maintain regulatory readiness.
Common Frameworks
| Framework | Focus | Key Requirements |
|---|---|---|
| SOC 2 | Service organizations | Security, availability, processing integrity, confidentiality, privacy |
| ISO 27001 | Information security | Risk assessment, security controls, continuous improvement |
| GDPR | Data privacy (EU) | Consent, data rights, breach notification, DPO |
| HIPAA | Healthcare data (US) | PHI protection, access controls, audit trails |
| PCI DSS | Payment card data | Encryption, access control, vulnerability management |
Compliance Tracking Components
Control Inventory
- Map controls to framework requirements
- Document control owners and evidence
- Track control effectiveness
Audit Calendar
- Upcoming audit dates and deadlines
- Evidence collection timelines
- Remediation deadlines
Evidence Management
- What evidence is needed for each control
- Where evidence is stored
- When evidence was last collected
Gap Analysis
- Requirements vs. current state
- Prioritized remediation plan
- Timeline to compliance
Output
Produce compliance status dashboards, gap analyses, audit prep checklists, and evidence collection plans.
Source
git clone https://github.com/anthropics/knowledge-work-plugins/blob/main/operations/skills/compliance-tracking/SKILL.mdView on GitHub Overview
Helps track regulatory requirements, prepare for audits, and maintain regulatory readiness across frameworks like SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS. It organizes controls, evidence, calendars, and gaps to keep you audit-ready.
How This Skill Works
Maps controls to framework requirements, maintains a control inventory with owners and evidence, and uses an audit calendar and evidence management to track collection and remediation. Gap analysis compares requirements versus current state to drive a prioritized remediation plan.
When to Use It
- Preparing for a SOC 2 or ISO 27001 audit
- Tracking regulatory requirements and evidence collection
- Remediation planning after a gap analysis
- Monitoring upcoming audit deadlines with reminders
- Documenting controls and evidence for regulatory inquiries
Quick Start
- Step 1: Create a Control Inventory mapping to your frameworks
- Step 2: Set up an Audit Calendar with all dates and evidence deadlines
- Step 3: Initiate Evidence Management and run a Gap Analysis to plan remediation
Best Practices
- Map each control to its framework requirement and owner
- Maintain a centralized evidence repository with timestamps
- Keep an up-to-date audit calendar with deadlines
- Run regular gap analyses and track remediation progress
- Review framework changes (SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS) regularly
Example Use Cases
- SOC 2 readiness dashboard showing control status and evidence
- ISO 27001 risk assessment and continuous improvement plan
- GDPR data subject rights and breach notification evidence package
- HIPAA audit trail and access control documentation
- PCI DSS encryption and vulnerability management evidence bundle
Frequently Asked Questions
Add this skill to your agents
