compliance-management

📁 spjoshis/claude-code-plugins 📅 8 days ago

总安装量

周安装量

#65991

全站排名

安装命令

npx skills add https://github.com/spjoshis/claude-code-plugins --skill compliance-management

Agent 安装分布

opencode 2

gemini-cli 2

claude-code 2

github-copilot 2

codex 2

kimi-cli 2

Skill 文档

Compliance Management

Ensure compliance with security regulations and standards through proper controls, documentation, and audit preparation.

When to Use This Skill

Audit preparation
Compliance certification
Risk assessments
Policy development
Control implementation
Vendor assessments
Compliance reporting
Regulatory requirements

Core Concepts

1. GDPR Compliance Checklist

# GDPR Compliance Checklist

## Lawful Basis
- [ ] Document lawful basis for processing
- [ ] Obtain consent where required
- [ ] Provide clear privacy notice

## Data Subject Rights
- [ ] Right to access (data export)
- [ ] Right to rectification (data correction)
- [ ] Right to erasure (data deletion)
- [ ] Right to portability (data download)
- [ ] Right to object (opt-out)

## Data Protection
- [ ] Encryption in transit (TLS 1.2+)
- [ ] Encryption at rest
- [ ] Access controls
- [ ] Data minimization
- [ ] Retention policies

## Accountability
- [ ] Privacy by design
- [ ] Data Protection Impact Assessment (DPIA)
- [ ] Data processing agreements (DPAs)
- [ ] Breach notification process (<72 hours)
- [ ] Data protection officer (if required)

## Documentation
- [ ] Record of processing activities
- [ ] Privacy policy
- [ ] Cookie policy
- [ ] Data breach procedures

2. SOC 2 Control Framework

# SOC 2 Trust Service Criteria

## Security (Required)
- Access controls
- Encryption
- Firewall management
- Intrusion detection
- Vulnerability management
- Incident response

## Availability
- System monitoring
- Backup procedures
- Disaster recovery
- Capacity planning

## Processing Integrity
- Data validation
- Error handling
- Quality assurance

## Confidentiality
- Access restrictions
- Encryption
- Non-disclosure agreements

## Privacy
- Consent management
- Data retention
- Third-party sharing

Best Practices

Gap analysis – Current vs required state
Document policies – Clear, comprehensive
Implement controls – Technical and operational
Train staff – Awareness and procedures
Continuous monitoring – Ongoing compliance
Regular audits – Internal and external
Remediation tracking – Close gaps systematically
Evidence collection – Audit-ready documentation

Resources

GDPR.eu: Official GDPR resource
SOC 2 Academy: SOC 2 compliance guide
ISO 27001 Toolkit: Implementation guide

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台