IT AI Skill

Security Compliance

Manage security compliance frameworks, continuous monitoring, evidence collection, and audit preparation for SOC 2, ISO 27001, HIPAA, GDPR, PCI-DSS. Use when mapping controls, running compliance scans, collecting audit evidence, preparing for audits, monito...

Security Compliance & Audit Management

Maintain continuous compliance with security frameworks and streamline audit preparation through automation.

Workflow

1. Compliance Framework Mapping

Framework selection and scoping:

Identify applicable frameworks: SOC 2 Type I/II, ISO 27001, HIPAA, GDPR, PCI-DSS, CCPA
Define trust services criteria scope (Security, Availability, Confidentiality, Processing Integrity, Privacy)
Map each framework control to technical and procedural requirements
Assign control owners (engineering, security, HR, legal)

Control implementation plan:

Create control register documenting each control, owner, evidence type, and test frequency
Prioritize controls by risk severity and audit timeline
Define automated vs manual control testing approach
Establish control testing cadence: continuous (automated), quarterly, annually

Policy documentation:

Draft and maintain security policies: Access Control, Incident Response, Data Classification, Acceptable Use, Remote Work, Vendor Risk
Version control all policies; annual review cycle
Employee acknowledgment tracking for mandatory policies
Align policies with framework requirements (cross-reference control IDs)

2. Continuous Compliance Monitoring

Automated control testing:

Deploy compliance monitoring agents across infrastructure
Automated checks: encryption status, MFA enforcement, password complexity, patch compliance, backup verification
Configuration drift detection against security baselines
Real-time compliance score dashboards per framework

Vulnerability and risk tracking:

Continuous vulnerability scanning aligned with compliance requirements
Track remediation SLAs: Critical (7 days), High (14 days), Medium (30 days), Low (90 days)
Risk acceptance workflow: documented risk acceptance with expiry date
Risk register maintenance with quarterly review

Access and identity compliance:

Quarterly access certification campaigns
Automated user access reviews (UAR) with manager approval workflow
Service account and privileged access review
Termination access revocation tracking (within 1 hour)

3. Evidence Collection & Management

Automated evidence gathering:

Auto-collect evidence: screenshots, configuration exports, logs, scan results, policy documents
Timestamp and cryptographically sign all evidence
Organize evidence by control domain and framework
Version control evidence artifacts

Evidence retention management:

Define retention periods by evidence type and framework requirement
Automated archival of expired evidence
Ensure evidence availability for audit window (typically 12-month observation period)
Backup evidence repository with integrity verification

Evidence gap identification:

Weekly gap analysis: controls missing evidence or evidence outdated
Alert control owners of upcoming evidence deadlines
Track evidence completeness percentage
Pre-audit readiness score (target: >95% evidence coverage)

4. Audit Preparation & Execution

Pre-audit readiness assessment:

Internal audit 30 days before external audit
Gap analysis against framework requirements
Remediation sprint for open findings
Mock audit with simulated auditor questions
Evidence package organization and accessibility check

Audit execution support:

Assign audit liaison to field auditor questions within 24 hours
Provide evidence packages organized by control domain
Track auditor requests and response SLA
Daily audit standup to review progress and issues
Escalation process for challenging auditor findings

Post-audit management:

Review and validate all audit findings
Dispute inaccurate findings with supporting evidence
Develop remediation plans for valid findings (with deadlines)
Track remediation progress to closure
Update controls and processes based on lessons learned

5. Configuration Compliance & Hardening

Security baseline enforcement:

Define CIS benchmarks for OS, databases, cloud services
Automated configuration scanning (weekly minimum)
Auto-remediation for common drift (file permissions, service configurations)
Manual remediation workflow for complex drift

Network security compliance:

Firewall rule review and optimization (quarterly)
Network segmentation validation
Encryption in transit verification (TLS 1.2+ enforcement)
DMZ and perimeter security validation

Cloud security posture management:

CSPM scanning across all cloud accounts
CIS benchmark compliance for cloud services
Public access detection and remediation
Encryption at rest verification

Templates & Frameworks

Control Register Template

CONTROL REGISTER — SOC 2 2025
===============================

CC6.1 — Logical and Physical Access Controls
  Owner: Security Team
  Evidence Type: Automated scan results, access logs
  Test Frequency: Continuous
  Current Status: ✓ Compliant
  Last Tested: 2025-04-15
  Evidence Location: /evidence/soc2/cc6.1/

CC7.2 — System Monitoring
  Owner: Infrastructure Team
  Evidence Type: Monitoring screenshots, alert logs
  Test Frequency: Quarterly
  Current Status: ✓ Compliant
  Last Tested: 2025-04-01
  Evidence Location: /evidence/soc2/cc7.2/

CC8.1 — Change Management
  Owner: DevOps Team
  Evidence Type: Change tickets, approval records, rollback logs
  Test Frequency: Quarterly
  Current Status: ⚠ Partial — 2 changes lacked formal approval
  Last Tested: 2025-04-01
  Evidence Location: /evidence/soc2/cc8.1/

Audit Readiness Checklist

PRE-AUDIT READINESS — [Framework, Audit Date]
==============================================

POLICIES AND PROCEDURES:
  [ ] All required policies documented and versioned
  [ ] Annual policy review completed
  [ ] Employee acknowledgment records current
  [ ] Policy cross-reference to control IDs complete

TECHNICAL CONTROLS:
  [ ] Latest vulnerability scan completed (within 14 days)
  [ ] Critical/High vulnerabilities remediated or accepted with documentation
  [ ] Encryption verification scan passed
  [ ] MFA enforcement confirmed across all systems
  [ ] Patch compliance at 95%+ for critical patches

ACCESS MANAGEMENT:
  [ ] Quarterly access certification completed
  [ ] No orphaned accounts
  [ ] Privileged access review current
  [ ] Termination process tested and documented

INCIDENT MANAGEMENT:
  [ ] Incident response plan tested (within 12 months)
  [ ] All incidents from audit period documented and closed
  [ ] Post-incident reviews completed
  [ ] Security awareness training records current

EVIDENCE PACKAGE:
  [ ] Evidence coverage > 95%
  [ ] All evidence timestamped and accessible
  [ ] Control owner contacts current
  [ ] Mock audit completed — findings remediated

Integration Points

Compliance automation platforms (Vanta, Drata, Secureframe): Continuous monitoring, evidence collection
Vulnerability scanners (Qualys, Tenable, Rapid7): Security scanning, compliance checks
SIEM/SOAR (Splunk, Sentinel, QRadar): Log collection, security monitoring
Cloud security (AWS Security Hub, Azure Security Center, GCP Security Command Center): Cloud compliance
ITSM platforms (ServiceNow, Jira): Change management, incident records
Identity platforms (Okta, Azure AD, CyberArk): Access reviews, privileged access
GRC platforms (ServiceNow GRC, RSA Archer): Risk management, policy management
HRIS (Workday, BambooHR): Employee onboarding/offboarding, training records

Edge Cases

Multi-framework audits: Map shared controls across frameworks to minimize duplicate evidence collection; maintain unified control register
Remote/distributed audits: Ensure evidence accessible via secure portal; prepare for virtual auditor walkthroughs
Material change during audit period: Document and assess impact on compliance; may require scope adjustment or extension
Failed audit findings: Prioritize remediation by severity; implement compensating controls where technical fix requires extended timeline
Regulatory changes: Monitor framework updates (e.g., SOC 2 2026 revisions); impact assessment within 30 days of update announcement

Output

Compliance Dashboard

COMPLIANCE STATUS — April 2025
===============================

FRAMEWORK SCORES:
  SOC 2 Type II:  94% compliant (47/50 controls ✓)
  ISO 27001:      91% compliant (82/90 controls ✓)
  HIPAA:          96% compliant (24/25 controls ✓)
  GDPR:           89% compliant (17/19 controls ✓)

EVIDENCE STATUS:
  Total controls requiring evidence: 127
  Evidence collected: 122 (96%)
  Evidence overdue: 3
  Next evidence due: May 1 (CC7.2 — System Monitoring)

OPEN FINDINGS:
  🔴 1 Critical: Unpatched server in production (SLA: 7 days — overdue 2 days)
  ⚠  3 High: Access certifications pending for Engineering team
  ✓  7 Medium: All within remediation SLA

AUDIT CALENDAR:
  SOC 2 Type II Audit: June 1-15, 2025 (ready: 92%)
  ISO 27001 Surveillance: August 2025 (ready: 88%)
  HIPAA Annual Review: October 2025

Trigger Phrases

"compliance scan", "SOC 2", "ISO 27001", "HIPAA compliance", "GDPR audit", "PCI-DSS", "audit preparation", "control mapping", "evidence collection", "compliance monitoring", "security baseline", "CIS benchmark", "configuration drift", "audit finding", "remediation plan", "access certification", "compliance dashboard", "framework mapping", "risk register"