SOC 2 Compliance

Skill Verified Active

Use when the user asks to prepare for SOC 2 audits, map Trust Service Criteria, build control matrices, collect audit evidence, perform gap analysis, or assess SOC 2 Type I vs Type II readiness.

Purpose

To streamline and professionalize the preparation for SOC 2 audits, ensuring organizations can effectively map controls, identify compliance gaps, and gather necessary evidence.

Features

SOC 2 Type I vs Type II comparison
Trust Service Criteria mapping and documentation
Control matrix generation (SEC, AVL, CON, PRI, PRV)
Gap analysis for design and operating effectiveness
Evidence collection guidance and automation strategies
Audit readiness checklist and common findings

Use Cases

Use when preparing for a SOC 2 Type I or Type II audit.
Use when mapping your organization's controls to SOC 2 Trust Service Criteria.
Use for conducting internal gap analyses against SOC 2 requirements.
Use to understand evidence collection requirements for SOC 2.

Non-Goals

Performing the actual SOC 2 audit or issuing the report.
Providing legal advice on compliance matters.
Automating the remediation of identified gaps (focus is on analysis and preparation).

Practices

Compliance Management
Information Security
Audit Preparation
Risk Management

Installation

First, add the marketplace

/plugin marketplace add alirezarezvani/claude-skills

/plugin install ra-qm-team@claude-code-skills

Quality Score

Verified

98 /100

Analyzed about 20 hours ago

Trust Signals

Last commit1 day ago

GitHub owner alirezarezvani

Stars14.6k

LicenseMIT

Websitealirezarezvani.medium.com

Status

View Source

Similar Extensions

TradeMemory Protocol

100

Domain knowledge for the Evolution Engine — LLM-powered autonomous strategy discovery from raw OHLCV data. Covers the generate-backtest-select-evolve loop, vectorized backtesting, out-of-sample validation, and strategy graduation. Use when discovering trading patterns, running backtests, evolving strategies, or reviewing evolution logs. Triggers on "evolve", "discover patterns", "backtest", "evolution", "strategy generation", "candidate strategy".

Skill

mnemox-ai

Gdpr Dsgvo Expert

100

GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.

Skill

alirezarezvani

Ship Gate

100

Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.

Skill

alirezarezvani

Context Mode Ops

100

Manage context-mode GitHub issues, PRs, releases, and marketing with parallel subagent army. Orchestrates 10-20 dynamic agents per task. Use when triaging issues, reviewing PRs, releasing versions, writing LinkedIn posts, announcing releases, fixing bugs, merging contributions, validating ENV vars, testing adapters, or syncing branches.

Skill

mksglu

Refactor Plan

100

Prioritized redesign action plan covering quick wins, medium effort, major rework

Skill

Aboudjem

Type Audit

100

Typography-only audit covering font selection, type scale, readability, hierarchy, performance

Skill

Aboudjem