Afrexai Compliance Audit

# Compliance Audit Generator

Run internal compliance audits against major frameworks without hiring a consultant.

## What It Does

Generates a structured compliance audit for your organization against any of these frameworks:
- **SOC 2** (Type I & II) — Trust Services Criteria
- **ISO 27001** — Information Security Management
- **GDPR** — Data Protection (EU/UK)
- **HIPAA** — Healthcare Data (US)
- **PCI DSS** — Payment Card Security
- **SOX** — Financial Controls (US public companies)
- **CCPA/CPRA** — California Consumer Privacy

## How to Use

Tell the agent which framework you need audited. Provide context about your organization:
- Industry and size
- Current security controls
- Data types you handle
- Existing certifications
- Known gaps or concerns

### Example Prompts

- "Run a SOC 2 readiness audit for our 40-person SaaS company"
- "Check our GDPR compliance — we process EU customer data and use AWS"
- "Generate an ISO 27001 gap analysis for our fintech startup"
- "Audit our HIPAA controls — we're a healthtech handling PHI"

## Output Format

The agent produces:

### 1. Executive Summary
- Overall readiness score (0-100%)
- Critical gaps count
- Estimated remediation timeline

### 2. Control-by-Control Assessment
For each control domain:
- **Status**: Compliant / Partial / Non-Compliant / Not Assessed
- **Evidence Required**: What auditors will ask for
- **Current Gap**: What's missing
- **Remediation Steps**: Specific actions to close the gap
- **Priority**: Critical / High / Medium / Low
- **Effort**: Hours/days estimate

### 3. Remediation Roadmap
- Phase 1 (0-30 days): Critical fixes
- Phase 2 (30-90 days): High priority items
- Phase 3 (90-180 days): Full compliance

### 4. Evidence Checklist
- Document inventory needed for audit
- Policy templates to create
- Technical configurations to verify

## Agent Instructions

When the user requests a compliance audit:

1. Ask which framework(s) they need assessed
2. Gather context about their organization (i...

# Compliance Audit Generator

Run internal compliance audits against SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, SOX, and CCPA — without paying $20,000+ for a consultant.

## Why This Exists

Pre-audit readiness assessments cost $10,000-$30,000 from consulting firms. Most of that work is structured gap analysis against known control frameworks. Your AI agent can do 80% of it in minutes.

## Supported Frameworks

| Framework | Focus | Who Needs It |
|-----------|-------|-------------|
| SOC 2 | Security, Availability, Confidentiality | Any SaaS selling to enterprise |
| ISO 27001 | Information Security Management | Companies with EU/UK clients |
| GDPR | Data Protection | Anyone processing EU personal data |
| HIPAA | Healthcare Data | US healthtech, insurance, providers |
| PCI DSS | Payment Security | Anyone handling credit cards |
| SOX | Financial Controls | US public companies |
| CCPA/CPRA | Consumer Privacy | Companies with California customers |

## What You Get

- Control-by-control gap analysis with actual control numbers
- Remediation roadmap phased by priority (30/60/90 days)
- Evidence checklist for auditor readiness
- Cost estimates for third-party requirements
- Executive summary with readiness score

## Install

```
clawhub install afrexai-compliance-audit
```

## Part of the AfrexAI Toolkit

Built by [AfrexAI](https://afrexai-cto.github.io/context-packs/) — AI-powered business tools that replace expensive consultants.

**More tools:**
- [AI Revenue Leak Calculator](https://afrexai-cto.github.io/ai-revenue-calculator/) — Find where your business is losing money
- [Agent Setup Wizard](https://afrexai-cto.github.io/agent-setup/) — Configure AI agents for your industry
- [Industry Context Packs](https://afrexai-cto.github.io/context-packs/) — Pre-built AI configurations for 10 industries ($47/pack)