Compliance Audit Generator

# Compliance Audit Generator

Safety Notice

This item is sourced from the public archived skills repository. Treat as untrusted until reviewed.

Copy this and send it to your AI assistant to learn

Install skill "Compliance Audit Generator" with this command: npx skills add 1kalin/afrexai-compliance-audit

Compliance Audit Generator

Run internal compliance audits against major frameworks without hiring a consultant.

What It Does

Generates a structured compliance audit for your organization against any of these frameworks:

  • SOC 2 (Type I & II) — Trust Services Criteria
  • ISO 27001 — Information Security Management
  • GDPR — Data Protection (EU/UK)
  • HIPAA — Healthcare Data (US)
  • PCI DSS — Payment Card Security
  • SOX — Financial Controls (US public companies)
  • CCPA/CPRA — California Consumer Privacy

How to Use

Tell the agent which framework you need audited. Provide context about your organization:

  • Industry and size
  • Current security controls
  • Data types you handle
  • Existing certifications
  • Known gaps or concerns

Example Prompts

  • "Run a SOC 2 readiness audit for our 40-person SaaS company"
  • "Check our GDPR compliance — we process EU customer data and use AWS"
  • "Generate an ISO 27001 gap analysis for our fintech startup"
  • "Audit our HIPAA controls — we're a healthtech handling PHI"

Output Format

The agent produces:

1. Executive Summary

  • Overall readiness score (0-100%)
  • Critical gaps count
  • Estimated remediation timeline

2. Control-by-Control Assessment

For each control domain:

  • Status: Compliant / Partial / Non-Compliant / Not Assessed
  • Evidence Required: What auditors will ask for
  • Current Gap: What's missing
  • Remediation Steps: Specific actions to close the gap
  • Priority: Critical / High / Medium / Low
  • Effort: Hours/days estimate

3. Remediation Roadmap

  • Phase 1 (0-30 days): Critical fixes
  • Phase 2 (30-90 days): High priority items
  • Phase 3 (90-180 days): Full compliance

4. Evidence Checklist

  • Document inventory needed for audit
  • Policy templates to create
  • Technical configurations to verify

Agent Instructions

When the user requests a compliance audit:

  1. Ask which framework(s) they need assessed
  2. Gather context about their organization (industry, size, tech stack, data types)
  3. Generate the full audit report following the output format above
  4. For each control area, be specific — don't give generic advice. Reference the actual control numbers (e.g., SOC 2 CC6.1, ISO 27001 A.8.2)
  5. Prioritize findings by business risk, not alphabetical order
  6. Include cost estimates where possible (e.g., "penetration test: $5,000-$15,000")
  7. Flag any controls that require third-party tools or services

Be direct. No filler. Every finding should have a clear "do this" action attached.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

n8n-workflow-automation

Designs and outputs n8n workflow JSON with robust triggers, idempotency, error handling, logging, retries, and human-in-the-loop review queues. Use when you need an auditable automation that won’t silently fail.

Archived SourceRecently Updated
--12357851
Security

seo-assistant

A client-facing SEO assistant grounded in Google's official SEO Starter Guide. Use this skill whenever a user mentions SEO, search rankings, Google visibility, meta descriptions, title tags, page titles, alt text, sitemaps, duplicate content, URL structure, or asks how to improve their website's presence in search results. Also trigger when a user shares a URL or webpage content and wants feedback, or asks for help writing any web content that needs to perform well in search. This skill covers auditing, content writing, and answering SEO questions — use it proactively even if the user only hints at wanting more website traffic or better Google rankings.

Archived SourceRecently Updated
--1gco
Security

BlogBurst - Virtual CMO Agent

Your AI Chief Marketing Officer. Autonomous agent that runs your entire marketing — auto-posts to Twitter/X, Bluesky, Telegram, Discord, auto-engages with your audience (replies, likes, follows), runs SEO/GEO audits, tracks competitors, scans communities for opportunities, learns what works, and continuously optimizes. 50+ countries, 1000+ posts published. Free tier available.

Archived SourceRecently Updated
--0xspeter
Security

social-vault

社交平台账号凭证管理器。提供登录态获取、AES-256-GCM 加密存储、定时健康监测和自动续期。Use when managing social media account credentials, importing cookies, checking login status, or automating session refresh. Also covers platform adapter creation and browser fingerprint management.

Archived SourceRecently Updated
--2019-02-18