Track compliance requirements and audit readiness. Trigger with "compliance", "audit prep", "SOC 2", "ISO 27001", "GDPR", "regulatory requirement", or when the user needs help tracking, preparing for, or documenting compliance activities.
Install with the open skills CLI (global, non-interactive — available in every Claude Code session):
npx skills add anthropics/knowledge-work-plugins --skill "compliance-tracking" -g -a claude-code -yOr manually — copy the SKILL.md below into:
~/.claude/skills/compliance-tracking/SKILL.md---
name: compliance-tracking
description: Track compliance requirements and audit readiness. Trigger with "compliance", "audit prep", "SOC 2", "ISO 27001", "GDPR", "regulatory requirement", or when the user needs help tracking, preparing for, or documenting compliance activities.
---
# Compliance Tracking
Help track compliance requirements, prepare for audits, and maintain regulatory readiness.
## Common Frameworks
| Framework | Focus | Key Requirements |
|-----------|-------|-----------------|
| SOC 2 | Service organizations | Security, availability, processing integrity, confidentiality, privacy |
| ISO 27001 | Information security | Risk assessment, security controls, continuous improvement |
| GDPR | Data privacy (EU) | Consent, data rights, breach notification, DPO |
| HIPAA | Healthcare data (US) | PHI protection, access controls, audit trails |
| PCI DSS | Payment card data | Encryption, access control, vulnerability management |
## Compliance Tracking Components
### Control Inventory
- Map controls to framework requirements
- Document control owners and evidence
- Track control effectiveness
### Audit Calendar
- Upcoming audit dates and deadlines
- Evidence collection timelines
- Remediation deadlines
### Evidence Management
- What evidence is needed for each control
- Where evidence is stored
- When evidence was last collected
### Gap Analysis
- Requirements vs. current state
- Prioritized remediation plan
- Timeline to compliance
## Output
Produce compliance status dashboards, gap analyses, audit prep checklists, and evidence collection plans.
You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.
Use when you have a written implementation plan to execute in a separate session with review checkpoints
Use when executing implementation plans with independent tasks in the current session