From compliance-os
/cs:soc2-audit-prep <scope> — SOC 2 Type II readiness 6-question forcing interrogation. Observation-period focused. Use before Type II observation begins, mid-period checkpoint, or pre-field-test month-10 readiness.
How this skill is triggered — by the user, by Claude, or both
Slash command
/compliance-os:soc2-audit-prepThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Command:** `/cs:soc2-audit-prep <scope>`
Command: /cs:soc2-audit-prep <scope>
The SOC 2 Type II auditor pressure-tests any SOC 2 work. Six observation-period-disciplined questions before any Type II cycle.
Security always required; others elective based on customer ask.
Type II requires consistent operation — single skipped cycle = likely exception.
Mid-period changes = high audit risk.
Real-time exception logging — not retroactive.
Not the last week — the first month.
75% control overlap — the canonical pair.
cross_framework_mapper.py for HIGH-confidence overlap themes# 1. Scoping + gap analysis (pre-observation)
python ra-qm-team/skills/soc2-compliance/scripts/gap_analyzer.py current_state.json
# 2. Control matrix with ISO 27001 cross-walk
python ra-qm-team/skills/soc2-compliance/scripts/control_matrix_builder.py program.json
# 3. Continuous evidence tracking (during observation)
python ra-qm-team/skills/soc2-compliance/scripts/evidence_tracker.py evidence_log.json
# 4. Mock audit (pre-field-test month 10)
python ../../skills/compliance-os/scripts/audit_simulator.py soc2_scope.json
# SOC 2 Type II Audit Prep: <scope>
**Date:** YYYY-MM-DD
**Observation Period:** YYYY-MM-DD to YYYY-MM-DD
## The Decision Being Made
[scoping | pre-observation | observation-status | pre-field | report-response]
## TSC Scope
- Security: included
- Availability: <yes/no>
- Processing Integrity: <yes/no>
- Confidentiality: <yes/no>
- Privacy: <yes/no>
## Observation Period Status
- Months elapsed: N / 12
- Controls operated consistently: % of total
- Cycle skips identified: <list>
- Mid-period control changes: N (each documented with change-mgmt: yes/no)
## Exception Log
- Total exceptions logged: N
- Per-control max exceptions: M (audit firm tolerance: typically 1-2)
- Material exceptions (overall control affected): <list>
- Remediation status per exception: complete/in-progress
## Sample Evidence Coverage
- Month 1-3 evidence: complete/gaps
- Month 4-6 evidence: complete/gaps
- Month 7-9 evidence: complete/gaps
- Month 10-12 evidence: complete/gaps (only for pre-report status)
## ISO 27001 Cross-Walk Reuse
- HIGH-confidence overlap themes: N
- Shared artefacts in evidence pool: <count>
- Duplicate evidence collection avoided: % savings
## Audit Firm Readiness
- Scoping discussion: complete/pending
- Description of system per AT-C 205: complete/pending
- Walkthrough rehearsal: complete/pending
- Sample preparation: complete/pending
## Verdict
🟢 ON-TRACK | 🟡 NEEDS-ATTENTION | 🔴 MATERIAL-RISK
## Top 3 Actions
[3 concrete next steps with owner + observation-period timing]
/cs:compliance-readiness — for multi-framework view/cs:iso27001-audit-prep — for ISO 27001 cross-walk pair (75% overlap)/cs:gdpr-audit-prep — for Privacy TSC overlap/cs:ciso-review — for executive cybersecurity strategycs-soc2-auditorsoc2-compliance../iso27001-audit-prep/, ../gdpr-audit-prep/, ../compliance-readiness/Version: 1.0.0
Creates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.
7plugins reuse this skill
First indexed Jun 30, 2026
Showing the 6 earliest of 7 plugins
npx claudepluginhub leahyra/claude-skills-collection --plugin compliance-os