From arckit-uk-gcloud
Answers questions about cloud security certifications (ISO 27001, Cyber Essentials, SOC 2), NCSC principles, UK GDPR, and evidence requirements for G-Cloud service providers.
How this skill is triggered — by the user, by Claude, or both
Slash command
/arckit-uk-gcloud:cloud-securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Conversational knowledge about security certifications, NCSC principles, compliance frameworks, evidence requirements, and UK government security standards relevant to G-Cloud service providers.
Conversational knowledge about security certifications, NCSC principles, compliance frameworks, evidence requirements, and UK government security standards relevant to G-Cloud service providers.
Provide instant answers to common questions about security and compliance requirements for G-Cloud without requiring document generation. This covers certifications, frameworks, clearances, and evidence guidance.
Activate when users ask about:
| Certification | G-Cloud Importance | Validity | Typical Cost |
|---|---|---|---|
| ISO 27001 | High — expected by most buyers | 3 years (annual surveillance) | £5K–£50K+ |
| Cyber Essentials | High — mandatory for personal data | 12 months | £300–£500 |
| Cyber Essentials Plus | High — independent verification | 12 months | £1,500–£5,000 |
| SOC 2 Type II | Medium-High — sophisticated buyers | Annual reports | £20K–£80K |
| CSA STAR | Medium — cloud-native services | Varies by level | Varies |
| PCI DSS | Required for payment processing | Annual | Varies by level |
| # | Principle | Category |
|---|---|---|
| 1 | Data in transit protection | Data Protection |
| 2 | Asset protection and resilience | Data Protection |
| 3 | Separation between users | Separation |
| 4 | Governance framework | Governance |
| 5 | Operational security | Operations |
| 6 | Personnel security | Personnel |
| 7 | Secure development | Development |
| 8 | Supply chain security | Supply Chain |
| 9 | Secure user management | Access |
| 10 | Identity and authentication | Access |
| 11 | External interface protection | Infrastructure |
| 12 | Secure service administration | Administration |
| 13 | Audit information for users | Audit |
| 14 | Secure use of the service | Usage |
| Level | Typical Use | Timeline |
|---|---|---|
| BPSS | Standard government access | 1–2 weeks |
| CTC | Airport, defence | 6–8 weeks |
| SC | OFFICIAL-SENSITIVE data | 6–8 weeks |
| DV | SECRET classification | 6–12 months |
| eDV | TOP SECRET classification | 12+ months |
| Certification | Provide | Do NOT Provide |
|---|---|---|
| ISO 27001 | Certificate (scope must cover service) | Full audit reports |
| Cyber Essentials | Certificate with badge | Internal assessments |
| SOC 2 | Management assertion letter | Full SOC 2 report |
| CSA STAR | Registry entry link | Detailed assessment |
| NHS DSPT | Published status | Internal toolkit data |
| PCI DSS | Attestation of Compliance (AOC) | Pen test findings |
General rule: never provide full audit reports, pen test findings, detailed vulnerability data, internal policy documents, or unredacted contracts.
When answering security and compliance questions:
references/compliance-frameworks.md for detailed requirements, the Technology Code of Practice (13 points), AI Playbook (10 principles), NHS DSPT assertion areas, UK GDPR specifics, and certification renewal schedulesThese ArcKit commands generate security-related documents:
| Command | Security Area |
|---|---|
/arckit:security | Comprehensive security evidence document |
/arckit:sdd-lot1, sdd-lot2, sdd-lot3 | Security sections within SDDs |
/arckit:declaration | Legal compliance and exclusion grounds |
references/compliance-frameworks.md — Complete reference covering all certifications (ISO 27001, Cyber Essentials, SOC 2, CSA STAR, PCI DSS, ISO 22301, ISO 20000-1), UK government frameworks (NCSC principles, Technology Code of Practice, AI Playbook, NHS DSPT), data protection (UK GDPR, DPA requirements), security clearances, evidence guidance, and certification renewal schedules. Consult for any detail not covered by the quick reference tables above.npx claudepluginhub lllc-lllc/arc-kit --plugin arckit-uk-gcloudAssesses vendor privacy certifications like ISO 27701, SOC 2 Privacy, APEC CBPR for GDPR equivalence, scope analysis, and gap supplementation needs.
Provides senior GRC analyst expertise across 15 frameworks including NIST 800-53, FedRAMP, FISMA, CMMC, SOC 2, ISO 27001. Supports control lookups, cross-mapping, document review, audit prep, compliance workflows.
Provides deep expertise in CSA Cloud Controls Matrix (CCM v4.0): 197 controls across 17 domains, CAIQ questionnaire, cloud service models, shared responsibility, mappings to ISO 27001, SOC 2, PCI-DSS, NIST. For cloud security audits and compliance.