● Compliance & Security
security-compliance-audit
Conduct comprehensive security compliance audits for SOC 2, GDPR, HIPAA, PCI-DSS, and ISO 27001. Use when preparing for certification, annual audits, or compliance validation.
Security Compliance Audit
Table of Contents
Overview
Systematic evaluation of security controls, policies, and procedures to ensure compliance with industry standards and regulatory requirements.
When to Use
- Annual compliance audits
- Pre-certification assessments
- Regulatory compliance validation
- Security posture evaluation
- Third-party audits
- Gap analysis
Quick Start
Minimal working example:
# compliance_auditor.py
from dataclasses import dataclass, field
from typing import List, Dict
from enum import Enum
import json
from datetime import datetime
class ComplianceFramework(Enum):
SOC2 = "SOC 2"
GDPR = "GDPR"
HIPAA = "HIPAA"
PCI_DSS = "PCI-DSS"
ISO_27001 = "ISO 27001"
class ControlStatus(Enum):
COMPLIANT = "compliant"
NON_COMPLIANT = "non_compliant"
PARTIALLY_COMPLIANT = "partially_compliant"
NOT_APPLICABLE = "not_applicable"
@dataclass
class Control:
control_id: str
framework: ComplianceFramework
category: str
// ... (see reference guides for full implementation)
Reference Guides
Detailed implementations in the references/ directory:
| Guide | Contents |
|---|---|
| Automated Compliance Checker | Automated Compliance Checker |
| Node.js Compliance Automation | Node.js Compliance Automation |
Best Practices
✅ DO
- Automate compliance checks
- Document all controls
- Maintain evidence repository
- Conduct regular audits
- Track remediation progress
- Involve stakeholders
- Keep policies updated
❌ DON'T
- Skip documentation
- Ignore findings
- Delay remediation
- Cherry-pick controls
- Forget evidence collection