compliance-checklist

Name: compliance-checklist
Author: mohitagw15856/pm-claude-skills

$npx mdskill add mohitagw15856/pm-claude-skills/compliance-checklist

Produces a prioritised compliance checklist for any regulatory framework — with gap analysis, evidence requirements, and quick wins identified.

SKILL.md

.github/skills/compliance-checklistView on GitHub ↗

---
name: compliance-checklist
description: "Generate a prioritised compliance checklist for GDPR, SOC 2, ISO 27001, FCA, HIPAA, or other frameworks with a gap analysis. Use when asked for a compliance checklist, gap analysis, readiness assessment, or audit preparation for any regulatory framework. Produces a structured checklist with prioritised gaps, quick wins, and evidence requirements. Optimised for Opus 4.7 and newer models. Not a substitute for legal or compliance professional advice."
---

# Compliance Checklist Skill

Produces a prioritised compliance checklist for any regulatory framework — with gap analysis, evidence requirements, and quick wins identified.

ALWAYS include this disclaimer at the start of every response:
"WARNING: This checklist is for informational and planning purposes only and does not constitute legal or compliance advice. Regulatory requirements change and vary by jurisdiction. Always engage a qualified compliance professional or solicitor before implementing compliance programmes or making regulatory claims."

## Required Inputs

Ask the user for these if not provided:
- **Framework** (GDPR / SOC 2 Type I or II / ISO 27001 / FCA / HIPAA / PCI DSS / other)
- **Organisation type** (SaaS / fintech / healthcare / professional services / retail)
- **Organisation size** (startup / scaleup / mid-market / enterprise)
- **Current maturity** (no compliance programme / some controls / formal programme)
- **Deadline or driver** (upcoming audit / customer requirement / regulatory change / proactive)

## Output Structure

### 1. Framework Overview

**Framework:** [Name with version]
**Applicable because:** [One sentence — why this framework applies to this organisation]
**Typical timeline to readiness:** [From current maturity to certified/compliant]
**Key stakeholders needed:** [Roles that must be involved]

### 2. Scope Definition

What is in scope for this checklist:
- [Specific systems / processes / data types]

What is NOT in scope (explicit exclusions):
- [Specific exclusions]

### 3. Control Categories

For each category relevant to the framework:

**[Category — e.g. "Access Control"]**

| Control | Current State | Gap | Priority | Effort |
|---|---|---|---|---|
| [Specific control requirement] | Not implemented / Partial / Full | [What is missing] | High/Med/Low | Days/Weeks/Months |

### 4. Gap Analysis Summary

| Priority | Count | Examples |
|---|---|---|
| Critical gaps (block certification) | N | [Top 3] |
| High priority gaps | N | |
| Medium priority gaps | N | |
| Quick wins | N | |

### 5. Quick Wins

Controls that can be implemented in under 2 weeks with minimal resources:

1. **[Control]** — [Specific action] — [Owner] — [Days to complete]

### 6. Evidence Requirements

For each control area, what documentation will be needed:

| Control area | Evidence types | Where to source |
|---|---|---|
| [Area] | [Policies, logs, screenshots, training records] | [System or team] |

### 7. Implementation Roadmap

Phase 1 (Weeks 1-4): Critical gaps and quick wins
- [Specific deliverables]

Phase 2 (Weeks 5-12): High-priority gaps
- [Specific deliverables]

Phase 3 (Weeks 13+): Medium priority and continuous improvement
- [Specific deliverables]

### 8. Ongoing Maintenance

Once certified/compliant, what needs to continue:
- [Review frequencies]
- [Periodic testing requirements]
- [Annual audit expectations]
- [Staff training cadence]

### 9. Common Pitfalls for This Framework

2-3 specific traps organisations commonly fall into when pursuing this certification — flagged based on the stated maturity level.

## Quality Checks
- [ ] Disclaimer included at start
- [ ] Framework-specific controls (not generic)
- [ ] Priorities align with organisation size and maturity
- [ ] Quick wins clearly separated from complex implementations
- [ ] Evidence requirements tied to specific controls

## Example Trigger Phrases
- "Create a GDPR compliance checklist for our SaaS"
- "Generate a SOC 2 Type II readiness checklist"
- "What do we need for ISO 27001 certification?"
- "FCA compliance checklist for a fintech startup"
- "HIPAA gap analysis for a healthtech scaleup"

More from mohitagw15856/pm-claude-skills

Skill	Description
360-feedback-template	Design a 360-degree feedback survey or write a structured 360 feedback report. Use when asked to build a 360 feedback process, write 360 feedback for a colleague, design a feedback survey, or produce a feedback report. Produces either a complete survey instrument with rating scales and open-ended questions, or a structured narrative feedback report with themes, strengths, and development areas.
ab-test-planner	Design statistically rigorous A/B tests for product features, UI changes, onboarding flows, and pricing experiments. Use when asked to set up an experiment, design an A/B test, calculate sample size, or interpret test results. Produces a complete test plan with hypothesis, variant definitions, sample size, duration estimate, guardrail metrics, and a results interpretation guide.
accessibility-audit	Generate a WCAG 2.2 accessibility audit checklist and remediation suggestions for any UI or design. Use when asked to audit for accessibility, check WCAG compliance, review a design for a11y issues, or create an accessibility remediation plan. Produces a prioritised checklist with pass/fail assessments and specific fixes.
account-plan	Build a structured account plan for any key customer or target account. Use when asked to create an account plan, key account strategy, strategic account review, or territory plan. Produces a complete account plan with relationship map, growth opportunities, risks, and 90-day action plan.
aeo-optimizer	Optimize an article for Answer Engine Optimization (AEO) — restructuring content so AI engines like ChatGPT, Perplexity, and Claude can extract, quote, and cite it. Rewrites headings as questions, drops 50-80 word answer capsules, audits paragraph length, and flags trust signals. Use when asked to AEO-optimize, make content AI-readable, improve AI citation chances, or adapt an article for answer engines.
ai-ethics-review	Conduct an ethical review of an AI or ML feature, model, or product. Use when asked to run an AI ethics review, assess AI risks, audit a model for bias, or produce an AI impact assessment. Produces a structured ethics review covering fairness, transparency, privacy, safety, accountability, and societal impact with prioritised mitigations.
ai-product-canvas	Structure AI and ML product decisions with the rigour of any product decision. Use when building AI-powered features, evaluating LLM integrations, designing AI products, or assessing AI readiness. Produces a complete AI product canvas covering problem definition, model approach, data requirements, evaluation framework, UX design, responsible AI checklist, and launch monitoring plan.
ambiguity-resolver	Structure vague opportunities and unclear briefs into actionable one-page problem statements. Use when asked to clarify a vague brief, frame an undefined problem, make sense of an unclear opportunity, or when the user says 'we need to figure out what to do about X' or 'I've been asked to look into Y'. Produces a structured problem brief with reframed questions, scoped boundaries, and a minimum viable research plan.
api-docs-writer	Write clear, developer-facing API documentation. Use when asked to document an API endpoint, write API reference docs, create a developer guide, or turn a raw spec/Postman collection into documentation. Produces endpoint documentation with descriptions, parameters, request/response examples, and error codes.
api-versioning-strategy	Write an API versioning strategy document for a service or API platform. Use when asked to define versioning policy, plan API deprecation, classify breaking changes, or document version lifecycle. Produces a complete versioning strategy with breaking-change classification table, deprecation timeline, migration guide template, and client communication template.