From argos
SOC 2 / GDPR / PCI / HIPAA / ISO 27001 control mapping — evidence-first (automated > manual), audit trail, DSR flow, vendor risk, gap analysis, continuous audit prep. Kutucuk değil gerçek kontrol.
npx claudepluginhub resultakak/argos --plugin argosThis skill uses the workspace's default tool permissions.
`agents/shared/severity-rubric.md` ve `agents/shared/escalation-matrix.md` default-load
Mandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.
Share bugs, ideas, or general feedback.
agents/shared/severity-rubric.md ve agents/shared/escalation-matrix.md default-load
sayılır (agents/coordination.md §11). Bu skill'in çıktısı Critical / High / Medium /
Low + kanıt formatında olmak zorunda — spekülatif Critical yasak. Sahiplik dışı bulgu
ilgili agent'a delege; karar yetkisi eşiği aşılırsa kullanıcı onayı zorunlu.
| Asset | Veri Tipi | Hassasiyet | Lokasyon | Compliance Scope |
|---|---|---|---|---|
| Customer DB | PII (email, address, phone) | High | RDS eu-west-1 | GDPR, SOC 2 CC6.6 |
| Payment DB | PCI (last 4, token) | Critical | RDS eu-west-1 (encrypted) | PCI DSS Req 3 |
| Audit log | Access + change events | Medium | Loki + S3 1y | SOC 2 CC7, PCI Req 10 |
| Backup | Encrypted snapshot | High | S3 cross-region | SOC 2 A1, GDPR Art. 32 |
| Logs | Application + PII redact | Medium | Datadog 30d hot, S3 1y | SOC 2 CC7.2 |
Her kontrol için plugin yüzey + evidence kaynak + status:
| Control | Description | Plugin Surface | Evidence | Status |
|---|---|---|---|---|
| SOC 2 CC6.1 | Logical access controlled | `/threat-model`, RBAC IaC | CloudTrail + Terraform state diff | Implemented |
| SOC 2 CC6.6 | PII confidentiality | `/observe-bootstrap` PII redact | log-search "email" → masked | Implemented |
| SOC 2 CC7.1 | Vulnerability detection | gitleaks + tfsec + dependabot | CI artifact + Slack alert | Implemented |
| SOC 2 CC7.2 | Risk identification | `/threat-model` STRIDE | docs/threat-model/ markdown | Implemented |
| SOC 2 CC8.1 | Change mgmt | `/release-plan`, `agents/coordination.md` §6 | GitHub PR + sign-off | Implemented |
| SOC 2 CC9 | 3rd party risk | dependency-risk-auditor + vendor inventory | docs/vendor-inventory.md | Partial (BAA gap 2 vendor) |
| GDPR Art. 30 | RoPA (record of processing) | `/threat-model` asset inventory | docs/data-inventory.md | Partial (frontend RoPA missing) |
| GDPR Art. 32 | Security of processing | `/iac-review`, `/security-audit`, `/observe-bootstrap` | KMS rotation log + audit log | Implemented |
| GDPR Art. 33 | Breach notification 72h | `/postmortem`, incident runbook | Test drill log | Gap (drill yok) |
| GDPR Art. 17 | Right to erasure | DSR flow + `/data-migration` deleted_users | DSR ticket queue + completion log | Partial (manual fulfilment) |
| PCI Req 3.4 | PAN encryption | `/threat-model` + `/iac-review` KMS | Tokenization (Stripe) — full PAN yok | Implemented |
| PCI Req 8.4 | MFA admin | RBAC + IAM IdP | IdP audit log + access review | Implemented |
| PCI Req 10.2 | Audit log | `/observe-bootstrap` retention 1y | S3 lifecycle policy + access log | Implemented |
| HIPAA Security | PHI safeguards | (proje uygulanmıyor) | n/a | Not applicable |
Status: Implemented / Partial / Gap / Not applicable.
| Control | Automated evidence komut |
|---|---|
| Access change | aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=AssumeRole |
| Code change | git log --since=90d --pretty='%h %s %an %ai' --signature |
| Deploy change | argocd app history <app> + release-manager PR audit |
| Config change | terraform state list + state diff history |
| Secret rotation | KMS aws kms list-key-rotations + sealed-secret commit log |
| Vulnerability scan | CI artifact retention (tfsec.json, gitleaks.json, trivy.json) |
| Backup + restore | aws backup list-backup-jobs + drill log Datadog event |
| Access review | quarterly script audit-access-review.py (group + role) |
| Vendor BAA/DPA | docs/vendor-inventory.md expiry tracker (CI alert 30 gün önce) |
| Incident response | PagerDuty + runbooks/postmortems/ |
| DSR fulfilment | DSR queue (Linear / Jira) + completion timestamp |
[Customer Request] ──→ [DSR Inbox]
│
▼
[Identity Verification] (KYC standartı)
│
▼
┌─────────────┴─────────────┐
│ │
[Access (Art. 15)] [Erasure (Art. 17)]
│ │
▼ ▼
[Cross-system search] [Cascade delete script]
- app DB - app DB (cascade FK)
- analytics - analytics (anonymize)
- logs (rolling 30-90d) - logs (retention exception?)
- backups - backups (logical delete pointer)
- 3rd party (Stripe, ...) - 3rd party API call
│ │
▼ ▼
[JSON/CSV bundle export] [Confirmation + audit log]
│ │
└─────────────┬──────────────┘
▼
[Response < 30 gün]
[Audit log entry]
Tooling:
| Vendor | Service | Data shared | DPA/BAA | Renewal | Risk |
|---|---|---|---|---|---|
| Stripe | Payment processing | Tokenized payment data | DPA signed 2026-01-15, expiry 2027-01-15 | 11 ay | Low |
| Datadog | Logging + APM | Logs (PII redact) + traces | DPA signed 2025-08-01, expiry 2026-08-01 | 3 ay (renewal!) | Medium |
| Cloudflare | CDN + WAF | Request metadata | DPA standard | 6 ay | Low |
| ... |
Action:
docs/vendor-inventory.md.## Gap Tablosu (current snapshot)
| Control | Status | Gap | Mitigation | Sahip | Bitiş |
|---|---|---|---|---|---|
| GDPR Art. 33 (breach 72h) | Gap | Drill yapılmamış | Tabletop exercise + runbook | @sre | 2026-06-15 |
| SOC 2 CC9 | Partial | 2 vendor BAA expire 30 gün | Vendor renewal | @procurement | 2026-06-01 |
| GDPR Art. 17 | Partial | Manual DSR fulfilment | DSR automation script | @data | 2026-08-01 |
| ISO 27001 A.12.6 | Implemented | — | — | — | — |
Ekibe atanmış gap'ler issue olarak açık (tracking).
| Cadence | Aksiyon |
|---|---|
| Weekly | Vulnerability scan rapor review; vendor expiry check |
| Monthly | Access review (group membership); audit log spot-check |
| Quarterly | Backup restore drill; gap analysis update |
| Semi-annual | Pentest (external); BCP drill |
| Annual | Full SOC 2 / PCI audit; tabletop exercise |
Auditor sorgu örneği + cevap pattern:
Auditor: "How do you ensure access changes are logged for SOC 2 CC6.3?"
Engineer: Tüm AWS access change CloudTrail'de log'lanır; 1 yıl S3 + 7 yıl Glacier retention. Slack alert privileged operasyon. Quarterly access review script (
audit-access-review.py) IdP group membership doğrular. Evidence: bu CloudTrail query, bu Slack alert, bu access review log."
Cevap: kanıt + sistem + log retention + automation.
User: /compliance-review soc2-type2
Agent (security-reviewer):
1. Scope: SOC 2 Type II, Security + Confidentiality + Availability principles.
12 ay denetim period (2025-06-01 → 2026-05-31).
2. Asset inventory: 5 ana asset (customer DB, payment DB, audit log, backup, logs).
3. Control map: 15 CC kontrol; 11 Implemented, 3 Partial, 1 Gap.
4. Evidence:
- CC6.1 access: CloudTrail 12 ay full retention ✓
- CC6.6 PII: log search masked email ✓
- CC7.1 vulnerability: gitleaks + tfsec + dependabot CI artifact ✓
- CC7.2 risk: docs/threat-model/ 3 servis ✓
- CC8.1 change: GitHub PR + ArgoCD history + release notes ✓
- CC9 3rd party: vendor inventory ✓ ama 2 vendor DPA expire 30 gün → Critical
5. Gap: GDPR Art. 33 breach drill yok (denetim kapsamında olmasa da customer
sorduğunda).
6. Action: 8 issue açıldı (sahip + tarih).
7. Auditor response prep: 5 sample sorgu + cevap pattern dokumented.
8. Continuous prep: weekly + monthly + quarterly cadence aktive.
# Compliance Review: <framework>
## Scope
- Framework + Audience + Service + Period
## Asset Inventory
| Asset | Data Type | Sensitivity | Compliance Scope |
## Control Mapping
| Control | Plugin Surface | Evidence | Status |
## Critical / High / Medium / Low (Gaps)
## DSR Flow
- (varsa)
## Vendor Risk
| Vendor | DPA/BAA | Expiry | Risk |
## Continuous Audit Prep
| Cadence | Aksiyon |
## Action Items
| P | Aksiyon | Sahip | Bitiş | Issue |