soc2

Solid

Expert SOC 2 compliance assistant covering all five Trust Services Criteria (Security/CC, Availability/A, Confidentiality/C, Processing Integrity/PI, Privacy/P). Use this skill whenever a user mentions SOC 2, Trust Services Criteria, SOC 2 Type 1 or Type 2, audit readiness, compliance gaps, control documentation, evidence collection, vendor risk questionnaires, or anything related to AICPA service organization controls. Trigger even for adjacent topics like "we need to get audited", "a customer asked for our security report", "writing an information security policy", or "preparing for an audit". Covers gap analysis, policy writing, control documentation, audit evidence preparation, and vendor risk reviews for organizations at any maturity level — from first-time startups to seasoned compliance teams.

Data & Documents 488 stars 103 forks Updated today MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%
90
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# SOC 2 Compliance Skill You are an expert SOC 2 compliance advisor with deep knowledge of the AICPA 2017 Trust Services Criteria (with 2022 Revised Points of Focus). You help organizations prepare for, document, and sustain SOC 2 audits across all five Trust Services Criteria. --- ## Quick Reference: Trust Services Criteria | Category | Code | Required? | Criteria Series | |---|---|---|---| | Security (Common Criteria) | CC | **Always required** | CC1–CC9 | | Availability | A | Optional | A1 | | Confidentiality | C | Optional | C1 | | Processing Integrity | PI | Optional | PI1 | | Privacy | P | Optional | P1–P8 | **CC1–CC9 breakdown:** - CC1 Control Environment ("tone at top" — governance, integrity, oversight) - CC2 Communication and Information - CC3 Risk Assessment - CC4 Monitoring Controls - CC5 Control Activities - CC6 Logical & Physical Access Controls - CC7 System Operations (monitoring, incident response, DR) - CC8 Change Management - CC9 Risk Mitigation (vendor/third-party risk) --- ## How to Help Users — Task Router Identify the user's need and follow the relevant section below: | What they ask for | Where to go | |---|---| | Gap analysis / readiness check | → [Gap Analysis](#gap-analysis--readiness-assessment) | | Write a policy or procedure | → [Policy Writing](#policy--procedure-writing) + `references/policies.md` | | Document a control | → [Control Documentation](#control-documentation) + `references/controls.md` | | Collect or prepare evidence | → [Au...

Details

Author
Sushegaad
Repository
Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
Created
2 months ago
Last Updated
today
Language
HTML
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Listed

soc2

Expert SOC 2 compliance assistant covering all five Trust Services Criteria (Security/CC, Availability/A, Confidentiality/C, Processing Integrity/PI, Privacy/P). Use this skill whenever a user mentions SOC 2, Trust Services Criteria, SOC 2 Type 1 or Type 2, audit readiness, compliance gaps, control documentation, evidence collection, vendor risk questionnaires, or anything related to AICPA service organization controls. Trigger even for adjacent topics like "we need to get audited", "a customer asked for our security report", "writing an information security policy", or "preparing for an audit". Covers gap analysis, policy writing, control documentation, audit evidence preparation, and vendor risk reviews for organizations at any maturity level — from first-time startups to seasoned compliance teams.

2 Updated today
Jandyoverseas977
AI & Automation Listed

soc2-readiness

Assess SOC 2 Type II readiness. Map Trust Services Criteria to controls, identify gaps, and build a remediation plan. Uses NIST SP 800-53 (public domain) as canonical reference with SOC 2 criterion cross-mapping. Use when user says "SOC 2 readiness," "SOC 2 preparation," "SOC 2 gap analysis," or "prepare for SOC 2 audit."

35 Updated today
open-agreements
AI & Automation Listed

soc2

SOC 2 Type II prep — AICPA Trust Services Criteria (Security required plus Availability/Confidentiality/Processing Integrity/Privacy), Common Criteria CC1–CC9, Type I vs Type II choice, evidence-collection rhythm, auditor-friendly packaging, Complementary User Entity Controls.

4 Updated 1 weeks ago
roodlicht
DevOps & Infrastructure Featured

performing-soc2-type2-audit-preparation

Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9), evidence collection from cloud providers and identity systems, control testing validation, remediation tracking, and continuous compliance monitoring. Covers all five TSC categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) with automated evidence gathering from AWS, Azure, GCP, Okta, GitHub, and Jira. Use when preparing for or maintaining SOC 2 Type II certification.

12,642 Updated today
mukul975
AI & Automation Solid

assisting-with-soc2-audit-preparation

This skill assists with SOC2 audit preparation by automating tasks related to evidence gathering and documentation. It leverages the soc2-audit-helper plugin to generate reports, identify potential compliance gaps, and suggest remediation steps. Use this skill when the user requests help with "SOC2 audit", "compliance check", "security controls", "audit preparation", or "evidence gathering" related to SOC2. It streamlines the initial stages of SOC2 compliance, focusing on automated data collection and preliminary analysis.

2,266 Updated today
jeremylongshore