Skill

grc-compliance-privacy-program

Guides governance, risk, compliance, and privacy work including control mapping, audit readiness, and remediation planning for frameworks like SOC 2, ISO 27001, NIST CSF, CIS, GDPR.

security

npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkit

Popularity

Stars

Forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/cybersec-toolkit:grc-compliance-privacy-program

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Use this skill when the task is about proving security, governing risk, mapping controls, privacy obligations, audit readiness, or legal/regulatory scoping.

SKILL.md

39 lines · ~429 tokens

Similar Skills

compliance-mapping

Map security controls to compliance framework requirements (NIST, CIS, ISO 27001, PCI-DSS, HIPAA, GDPR, SOC 2).

compliance-governance

grc-knowledge

145

Provides senior GRC analyst expertise across 15 frameworks including NIST 800-53, FedRAMP, FISMA, CMMC, SOC 2, ISO 27001. Supports control lookups, cross-mapping, document review, audit prep, compliance workflows.

20 files

grc

compliance-tracking

12.3k

Tracks compliance for SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS. Manages controls, audit calendars, evidence, gap analyses, checklists.

operations

Stats

LanguagePython

Stars11

Forks2

MaintenanceExcellent

Last CommitJun 10, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

GRC, compliance, and privacy program workflow

Use this skill when the task is about proving security, governing risk, mapping controls, privacy obligations, audit readiness, or legal/regulatory scoping.

Guardrails

Do not provide legal advice. For region-specific legal obligations, check current official sources and recommend counsel review.

Do not claim certification, compliance, or audit pass/fail without evidence from the user's environment.

Prefer control intent, evidence, owner, frequency, and test procedure over vague policy language.

Workflow

Scope the organization, jurisdiction, sector, data classes, systems, third parties, and target frameworks.

Build a control crosswalk only for relevant frameworks; avoid mapping everything to everything.

For each control, define:

control objective
owner
implementation evidence
operating evidence
test method
cadence
gap/risk

Separate policy existence from operational effectiveness.

Produce a remediation plan with risk, effort, owner, and evidence needed to close.

Output pattern

Use a table like:

Area

Requirement

Current evidence

Gap

Risk

Owner

Next action

For privacy work, include data inventory, lawful basis/processing purpose, retention, access, transfer, processor/subprocessor, DSAR, deletion, breach notification, and logging requirements.

GRC, compliance, and privacy program workflow

Use this skill when the task is about proving security, governing risk, mapping controls, privacy obligations, audit readiness, or legal/regulatory scoping.

Guardrails

Do not provide legal advice. For region-specific legal obligations, check current official sources and recommend counsel review.
Do not claim certification, compliance, or audit pass/fail without evidence from the user's environment.
Prefer control intent, evidence, owner, frequency, and test procedure over vague policy language.

Workflow

Scope the organization, jurisdiction, sector, data classes, systems, third parties, and target frameworks.
Build a control crosswalk only for relevant frameworks; avoid mapping everything to everything.
For each control, define:
- control objective
- owner
- implementation evidence
- operating evidence
- test method
- cadence
- gap/risk
Separate policy existence from operational effectiveness.
Produce a remediation plan with risk, effort, owner, and evidence needed to close.

Output pattern

Use a table like:

Area	Requirement	Current evidence	Gap	Risk	Owner	Next action

For privacy work, include data inventory, lawful basis/processing purpose, retention, access, transfer, processor/subprocessor, DSAR, deletion, breach notification, and logging requirements.

grc-compliance-privacy-program

Popularity

Invocation

Context Preview

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

grc-compliance-privacy-program

Popularity

Invocation

Context Preview

SKILL.md

GRC, compliance, and privacy program workflow

Guardrails

Workflow

Output pattern

Similar Skills

Help us improve

GRC, compliance, and privacy program workflow

Guardrails

Workflow

Output pattern