Home
cd ../playbooks
Operations & ComplianceAdvanced

Compliance Tracker

Track compliance requirements and audit readiness for SOC 2, ISO 27001, and GDPR

10 minutes
By AnthropicSource
#compliance#soc-2#iso-27001#gdpr#audit
CLAUDE.md Template

Download this file and place it in your project folder to get started.

# Compliance Tracker

Help track compliance requirements, prepare for audits, and maintain regulatory readiness.

## Common Frameworks

| Framework | Focus | Key Requirements |
|-----------|-------|-----------------|
| SOC 2 | Service organizations | Security, availability, processing integrity, confidentiality, privacy |
| ISO 27001 | Information security | Risk assessment, security controls, continuous improvement |
| GDPR | Data privacy (EU) | Consent, data rights, breach notification, DPO |
| HIPAA | Healthcare data (US) | PHI protection, access controls, audit trails |
| PCI DSS | Payment card data | Encryption, access control, vulnerability management |

## Compliance Tracking Components

### Control Inventory
- Map controls to framework requirements
- Document control owners and evidence
- Track control effectiveness

### Audit Calendar
- Upcoming audit dates and deadlines
- Evidence collection timelines
- Remediation deadlines

### Evidence Management
- What evidence is needed for each control
- Where evidence is stored
- When evidence was last collected

### Gap Analysis
- Requirements vs. current state
- Prioritized remediation plan
- Timeline to compliance

## Output

Produce compliance status dashboards, gap analyses, audit prep checklists, and evidence collection plans.
README.md

What This Does

Tracks compliance requirements across major frameworks (SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS), maintains control inventories, manages evidence collection, runs gap analyses, and prepares audit-readiness dashboards.

Quick Start

Step 1: Download the Template

Click Download above to get the CLAUDE.md file.

Step 2: Set Up Your Project

Create a project folder and place the template inside:

compliance/
├── CLAUDE.md
├── controls/       # Control documentation
├── evidence/       # Collected evidence
└── reports/        # Compliance reports

Step 3: Start Working

claude

Say: "Run a SOC 2 gap analysis for our current controls"

Supported Frameworks

Framework Focus Key Requirements
SOC 2 Service organizations Security, availability, processing integrity, confidentiality, privacy
ISO 27001 Information security Risk assessment, security controls, continuous improvement
GDPR Data privacy (EU) Consent, data rights, breach notification, DPO
HIPAA Healthcare data (US) PHI protection, access controls, audit trails
PCI DSS Payment card data Encryption, access control, vulnerability management

What Gets Tracked

  • Control Inventory — Controls mapped to framework requirements with owners and evidence
  • Audit Calendar — Upcoming dates, evidence collection timelines, remediation deadlines
  • Evidence Management — What's needed, where it's stored, when last collected
  • Gap Analysis — Requirements vs. current state with prioritized remediation

Example Prompts

"Run a SOC 2 gap analysis for our current controls"
"What evidence do we need to collect before our ISO 27001 audit?"
"Create a compliance dashboard for our GDPR readiness"
"Which controls are missing or expired?"

$Related Playbooks

Operations & Compliance

Change Request Manager

Change management requests with impact analysis, approval workflows, and rollback plans

10 minutes
Intermediate
Operations & Compliance

Operational Runbook Creator

Create operational runbooks for recurring tasks with step-by-step procedures and checklists

10 minutes
Intermediate
Operations & Compliance

Process Documentation Builder

Document business processes with flowcharts, RACI matrices, and standard operating procedures

10 minutes
Intermediate