privacy-audit-skills
By mukul975
Guide privacy audits, certifications for ISO 27701, SOC 2, APEC CBPR, GDPR schemes and codes of conduct, internal audits, maturity assessments across 10 domains, remediation tracking by severity, continuous compliance monitoring on AWS/Azure/GCP with dashboards and alerts, privacy metrics dashboards, and DPA inspection preparations.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-audit-skillsComponent Overview
Component Details
Skills (11)
Guides APEC Cross-Border Privacy Rules system certification process including self-assessment against the APEC Privacy Framework principles, accountability agent selection, intake questionnaire completion, certification decision, annual recertification, and Global CBPR Forum transition. Keywords: APEC, CBPR, cross-border privacy, accountability agent, certification, Global CBPR.
Guides audit findings remediation program management including finding prioritization by severity (critical, high, medium, low), owner assignment, remediation planning, deadline tracking, verification testing, closure criteria, escalation protocols, and management reporting. Covers remediation lifecycle from finding issuance to verified closure. Keywords: audit remediation, finding management, prioritization, verification testing, closure criteria, remediation tracking.
Guides continuous privacy compliance monitoring implementation including automated control testing, evidence collection automation, real-time compliance dashboards, alert-based remediation workflows, regulatory change integration, and deviation management. Covers GRC platform configuration, control framework mapping, and compliance-as-code approaches. Keywords: continuous compliance, automated monitoring, evidence collection, dashboard, regulatory change, compliance-as-code.
Guides preparation for supervisory authority (DPA) inspections and investigations including document readiness checklists, interview preparation for key personnel, technical demonstration procedures, on-site logistics, response protocols, and post-inspection follow-up. Covers unannounced inspections, formal audits, and complaint-triggered investigations. Keywords: DPA inspection, supervisory authority, investigation, readiness, interview preparation, response protocol.
Guides EU Code of Conduct adherence under GDPR Articles 40-41 including EDPB approval requirements, monitoring body accreditation, code drafting, adherence declaration, compliance verification, and complaint handling. Covers sector-specific codes, transnational codes, and Art. 40(3) approval by supervisory authorities. Keywords: code of conduct, Article 40, Article 41, EDPB, monitoring body, adherence.
Guides GDPR certification mechanism implementation per Articles 42-43 including accredited certification body selection, certification criteria per EDPB guidelines, certification scope, periodic audit requirements, seal and mark usage rules, and relationship to codes of conduct. Covers EDPB/ENISA certification framework and national accreditation. Keywords: GDPR certification, Article 42, Article 43, certification body, EDPB, seal, mark, accreditation.
Guides internal privacy audit program design and execution including risk-based audit planning, scope definition, fieldwork procedures, finding classification, evidence gathering, remediation tracking, and management reporting. Covers audit universe definition, annual audit plan, working papers, and closure verification. Keywords: internal audit, privacy audit, fieldwork, remediation, findings, audit plan.
Guides ISO 27701 Privacy Information Management System implementation extending ISO 27001/27002. Covers Clause 5 PIMS-specific requirements, Clause 6 PIMS guidance for ISO 27002, Clause 7 PII controller guidance (Annex A), Clause 8 PII processor guidance (Annex B), gap assessment, and certification path. Keywords: ISO 27701, PIMS, privacy management system, ISO 27001 extension, certification, Annex A, Annex B.
Guides privacy program maturity assessment using the AICPA/CIPT Privacy Maturity Model with five levels: Ad Hoc, Repeating, Defined, Managed, and Optimized. Covers assessment methodology across ten privacy domains, scoring criteria, gap analysis, maturity roadmap generation, and benchmarking against industry peers. Keywords: privacy maturity, AICPA, maturity model, assessment, roadmap, benchmarking.
Guides privacy program effectiveness measurement including leading and lagging indicators, KPI definition, benchmarking methodology, executive reporting formats, board-level privacy dashboards, and metric-driven program improvement. Covers operational, compliance, risk, and strategic privacy metrics across the program lifecycle. Keywords: privacy metrics, KPIs, benchmarking, executive reporting, dashboard, program effectiveness.
Guides SOC 2 Type II Privacy Trust Services Criteria preparation and audit execution. Covers AICPA TSP Section 100 Privacy criteria P1-P8 including notice, choice/consent, collection, use/retention/disposal, access, disclosure, security, and quality. Includes evidence collection, control testing, and report review. Keywords: SOC 2, privacy criteria, TSP, AICPA, Type II, trust services.
README
Similar Plugins
caveman
Ultra-compressed communication mode. Cuts ~75% of tokens while keeping full technical accuracy by speaking like a caveman.