Afrexai Compliance Engine

# Compliance & Audit Readiness Engine

Your AI compliance officer. Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — from zero to audit-ready. No consultants needed.

---

## Phase 1 — Compliance Discovery

### Framework Selection Matrix

| Framework | Who Needs It | Trigger | Timeline | Cost Range |
|-----------|-------------|---------|----------|------------|
| **SOC 2 Type I** | Any B2B SaaS | Enterprise prospect asks | 3-6 months | $20K-$80K |
| **SOC 2 Type II** | Established SaaS | After Type I, or direct | 6-12 months | $30K-$100K |
| **ISO 27001** | Global/EU-facing SaaS | EU enterprise deals | 6-12 months | $40K-$120K |
| **GDPR** | Anyone with EU users | Day 1 if EU data | 1-3 months | $5K-$30K |
| **HIPAA** | Health data handlers | Before first PHI | 3-6 months | $20K-$60K |
| **PCI DSS** | Payment processors | Before card data | 3-9 months | $15K-$50K |
| **SOX** | Public companies | IPO prep | 12-18 months | $100K-$500K |

### Readiness Assessment Brief

```yaml
company_profile:
  name: ""
  industry: ""
  employee_count: 0
  annual_revenue: ""
  data_types_handled:
    - PII (names, emails, addresses)
    - Financial (payment cards, bank accounts)
    - Health (PHI, medical records)
    - Children (COPPA scope)
    - Biometric
    - Government/classified
  customer_segments:
    - SMB
    - Mid-market
    - Enterprise
    - Government
  geographic_scope:
    - US only
    - US + EU
    - Global
  current_state:
    existing_frameworks: []
    security_team_size: 0
    has_written_policies: false
    has_asset_inventory: false
    has_risk_assessment: false
    has_incident_response: false
    has_vendor_management: false
    previous_audits: []
    known_gaps: []
  drivers:
    - Customer requirement
    - Board/investor mandate
    - Regulatory obligation
    - Competitive advantage
    - Insurance requirement
  target_frameworks: []
  target_date: ""
  budget_range: ""
```

### Priority Decision Rules

1. **Customer a...

# 🛡️ AfrexAI Compliance & Audit Readiness Engine

Your AI compliance officer. Takes startups and scale-ups from zero to audit-ready across SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — without expensive consultants.

## What This Does

- **Framework selection** — Figures out which compliance frameworks you actually need
- **SOC 2 deep dive** — Complete Trust Service Criteria checklists, 16-week project plan, all 15 required policies
- **ISO 27001 ISMS** — Full implementation roadmap with Annex A control mapping
- **GDPR program** — 12 core requirements with ROPA templates and data subject rights processes
- **HIPAA compliance** — Security Rule safeguards (administrative, physical, technical)
- **PCI DSS 4.0** — 12 requirements with scope reduction strategies (SAQ A vs D decision)
- **Multi-framework mapping** — Build controls once, map to all frameworks (40-60% overlap)
- **Audit preparation** — 90-day countdown checklist, evidence organization, interview prep
- **Continuous compliance** — Monthly dashboard, compliance calendar, debt tracking
- **Readiness scoring** — 7-dimension rubric (0-100) to know exactly where you stand

## Install

```bash
clawhub install afrexai-compliance-engine
```

## Quick Start

Tell your agent:
- *"Assess our compliance readiness for SOC 2"*
- *"Create a 16-week SOC 2 project plan"*
- *"Write our Information Security Policy"*
- *"Map our controls across SOC 2 and ISO 27001"*
- *"Prepare us for audit in 90 days"*

## Who This Is For

- **SaaS companies** getting their first enterprise customer asking for SOC 2
- **HealthTech startups** needing HIPAA before handling PHI
- **Any company** expanding to EU and needing GDPR compliance
- **CTOs/CISOs** building a compliance program from scratch
- **Founders** who can't afford $50K+ compliance consultants yet

## ⚡ Level Up

This free skill covers frameworks and methodology. For industry-specific compliance playbooks with pre-built policies, vendor templates, and audit-ready evidence packs:

-...