Stats

Actions

Tags

Help us improve

Share bugs, ideas, or general feedback.

compliance-framework | architecture-governance | ClaudePluginHub

Skill

compliance-framework

From architecture-governance

Implement compliance requirements (SOC2, GDPR, HIPAA). Design architecture for regulations. Map technical controls to compliance requirements. Use when building regulated systems.

$

npx claudepluginhub sethdford/claude-skills --plugin architect-governance

Popularity

Parent stars

13

Parent forks

2

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/architecture-governance:compliance-framework

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Design systems that meet regulatory requirements and establish continuous compliance monitoring.

SKILL.md

48 lines · ~779 tokens

Similar Skills

security-compliance-compliance-check

38.2k

Performs compliance audits for GDPR, HIPAA, SOC2, PCI-DSS in software systems, delivers gap analysis, implementation plans, technical controls, and monitoring procedures.

1 file

antigravity-awesome-skills

Harness Compliance

12

Scans codebases for compliance-relevant patterns, classifies data sensitivity, audits against SOC2/HIPAA/GDPR controls, and generates gap analysis reports with remediation plans.

1 file

compliance

173

Translates regulations like HIPAA, FERPA, SOC 2, PCI, GDPR into concrete technical requirements for tech stacks in regulated industries like healthcare, fintech, edtech.

solo-founder-superpowers

Stats

Parent stars13

Parent forks2

MaintenanceFair

Last CommitMar 11, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Compliance Framework

Design systems that meet regulatory requirements and establish continuous compliance monitoring.

Context

You are implementing compliance for regulated systems. Map regulations to technical controls. Design for audit readiness. Read requirements, existing controls, certification timelines.

Domain Context

Based on compliance frameworks and regulatory standards:

SOC2: Security, availability, processing integrity, confidentiality. Requires audit trail, access control, encryption.
GDPR: Protects EU citizens' personal data. Requires consent, data portability, right-to-be-forgotten, breach notification.
HIPAA: Health information privacy (US). Requires encryption, audit logs, access controls, business associate agreements.
PCI DSS: Payment card data protection. Requires segmentation, encryption, monitoring, vendor management.

Instructions

Identify Applicable Standards: Which regulations apply? GDPR (EU users)? HIPAA (health data)? SOC2 (enterprise customers)? PCI DSS (payment processing)?
Map Controls to Architecture: For each regulation, what technical controls needed? GDPR: encryption at rest/transit, audit logs, consent tracking. HIPAA: role-based access, encrypted backups, breach detection.
Design for Audit: Audit logs must be immutable, encrypted, sent to separate system. Log all data access, configuration changes, admin actions. Retention per regulation (GDPR: 3 years minimum).
Build Operational Processes: Change management: approve all changes, test in staging, audit trail. Incident response: detect, contain, notify (GDPR: 72 hours). Annual training on compliance.
Plan for Verification: Audit readiness: document controls, gather evidence. Penetration testing annually. Vulnerability scanning continuous. Third-party assessments (SOC2, HIPAA).

Anti-Patterns

Compliance as Afterthought: Build system, then add compliance controls. Result: hard to retrofit, costly. Guard: Design for compliance from start; embed controls in architecture.
Over-Compliance: Implement controls for regulations you don't need. Result: cost, complexity. Guard: Identify exact requirements; implement only what's needed.
No Automation: Manual evidence gathering for audits. Result: slow, error-prone. Guard: Automate log collection, evidence gathering, control testing.
Forgotten After Certification: Achieve compliance, then relax. Result: drift, recertification failure. Guard: Continuous monitoring; treat compliance as ongoing, not one-time.

Further Reading

SOC2 Compliance — security audit framework for service providers
GDPR Compliance — European data protection regulation
HIPAA Security Rule — health information protection (US)
Compliance is Not Security by James Ranall — compliance mindset and culture