From nickcrew-claude-ctx-plugin
Regulatory compliance auditing across GDPR, HIPAA, PCI DSS, SOC 2, and ISO frameworks with automated evidence collection and gap analysis. Use when conducting compliance assessments, preparing for certifications, or implementing regulatory controls.
How this skill is triggered — by the user, by Claude, or both
Slash command
/nickcrew-claude-ctx-plugin:compliance-auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Systematic regulatory compliance auditing with automated evidence collection, control mapping,
Systematic regulatory compliance auditing with automated evidence collection, control mapping, gap analysis, and remediation planning across major compliance frameworks.
| Resource | Purpose | Load when |
|---|---|---|
references/frameworks.md | Key requirements, control mappings, and certification paths for GDPR, HIPAA, PCI DSS, SOC 2, ISO 27001 | Scoping which regulations apply |
references/evidence-collection.md | Automated evidence gathering, artifact organization, retention policies, audit trail patterns | Setting up or running evidence collection |
references/gap-analysis.md | Control mapping methodology, gap identification, risk scoring, remediation planning | Analyzing compliance gaps |
Phase 1: Scope → Identify applicable regulations, data types, and geographical scope
Phase 2: Assess → Map controls, review policies, analyze data flows, test implementations
Phase 3: Evidence → Collect and organize audit artifacts automatically
Phase 4: Gap Analyze → Identify control gaps, score risks, prioritize findings
Phase 5: Remediate → Create remediation plans, assign owners, set timelines
Phase 6: Report → Generate audit-ready documentation and compliance dashboards
Phase 7: Monitor → Establish continuous compliance monitoring and drift detection
Determine the regulatory landscape before testing anything.
Key questions:
Applicability matrix:
| Framework | Applies when |
|---|---|
| GDPR | Processing personal data of EU residents |
| HIPAA | Handling protected health information (PHI) |
| PCI DSS | Storing, processing, or transmitting cardholder data |
| SOC 2 | Providing services where trust principles matter |
| ISO 27001 | Organization wants certified ISMS |
| CCPA/CPRA | Collecting California consumer personal information |
| NIST CSF | Federal systems or voluntary cybersecurity framework adoption |
Map existing controls against the applicable framework requirements:
Load references/evidence-collection.md for detailed patterns.
Automation priorities:
Artifact organization:
evidence/
{framework}/
{control-id}/
artifact-{date}.{ext}
metadata.yaml # source, collection method, timestamp
Load references/gap-analysis.md for the full methodology.
For each framework requirement:
For each identified gap:
| Field | Content |
|---|---|
| Gap ID | Unique identifier |
| Framework Requirement | Specific clause or control |
| Current State | What exists today |
| Target State | What compliance requires |
| Remediation Action | Specific steps to close the gap |
| Owner | Responsible person/team |
| Priority | P0-P4 based on risk score |
| Timeline | Target completion date |
| Dependencies | Other gaps or actions this depends on |
Generate audit-ready documentation:
Establish ongoing compliance posture management:
npx claudepluginhub nickcrew/claude-cortexRun internal compliance audits against major governance and security frameworks, highlighting gaps, risks, and remediation priorities.
Track compliance requirements and maintain audit readiness for SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS. Produces status dashboards, gap analyses, and evidence collection plans.
Conducts security compliance audits for SOC 2, GDPR, HIPAA, PCI-DSS, and ISO 27001. Use for certification preparation, annual audits, or compliance validation.