返回 Skill 列表
extension
分类: 开发与工程无需 API Key

compliance-tracking

跟踪合规要求和审计准备情况。当用户提到“合规”、“审计准备”、“SOC 2”、“ISO 27001”、“GDPR”、“监管要求”,或者需要帮助跟踪、准备或记录合规活动时触发。

person作者: jakexiaohubgithub

Compliance Tracking

Help track compliance requirements, prepare for audits, and maintain regulatory readiness.

Common Frameworks

| Framework | Focus | Key Requirements | |-----------|-------|-----------------| | SOC 2 | Service organizations | Security, availability, processing integrity, confidentiality, privacy | | ISO 27001 | Information security | Risk assessment, security controls, continuous improvement | | GDPR | Data privacy (EU) | Consent, data rights, breach notification, DPO | | HIPAA | Healthcare data (US) | PHI protection, access controls, audit trails | | PCI DSS | Payment card data | Encryption, access control, vulnerability management |

Compliance Tracking Components

Control Inventory

  • Map controls to framework requirements
  • Document control owners and evidence
  • Track control effectiveness

Audit Calendar

  • Upcoming audit dates and deadlines
  • Evidence collection timelines
  • Remediation deadlines

Evidence Management

  • What evidence is needed for each control
  • Where evidence is stored
  • When evidence was last collected

Gap Analysis

  • Requirements vs. current state
  • Prioritized remediation plan
  • Timeline to compliance

Output

Produce compliance status dashboards, gap analyses, audit prep checklists, and evidence collection plans.