[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-301deac6-4e9b-4892-b9e4-c61d6118cb27":3,"$fwNIR0gG_JG2fTzKfVUfBiOMUF7nP00raYBJlFw7Nq-k":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"301deac6-4e9b-4892-b9e4-c61d6118cb27","compliance-readiness","\u002Fcompliance-readiness \u003C程序> — 多框架合规官员对任何合规计划的6个问题强制询问。在开始新框架、规划年度审计日历或准备认证阶段1之前使用。","cat_coding_review","mod_coding","alirezarezvani,coding","---\nname: \"compliance-readiness\"\ndescription: \"\u002Fcs:compliance-readiness \u003Cprogram> — Multi-framework compliance officer 6-question forcing interrogation of any compliance program. Use before starting a new framework, planning the annual audit calendar, or preparing for certification stage 1.\"\n---\n\n# \u002Fcs:compliance-readiness — Compliance Officer Forcing Questions\n\n**Command:** `\u002Fcs:compliance-readiness \u003Cprogram>`\n\nThe multi-framework compliance officer pressure-tests any compliance program. Six questions before any new-framework commitment, audit cycle planning, or certification readiness sign-off.\n\n## When to Run\n\n- Before adopting a new compliance framework\n- Before annual audit calendar finalization\n- Before certification stage 1 readiness sign-off\n- Before management review (Clause 9.3 across frameworks)\n- When evidence-collection effort has grown 50%+ year-over-year (a smell)\n- When an audit produced > 15% critical findings\n\n## The Six Compliance Officer Questions\n\n### 1. Have you named every applicable framework?\n**No framework selector run, no defensible scope.**\n- Run `framework_selector.py` with company profile\n- Forgetting a framework means rebuilding the audit program later\n- Pay attention to industry-specific overlays (financial: NYDFS, FINMA; healthcare: HIPAA, ISO 13485; AI: ISO 42001 + EU AI Act)\n\n### 2. Where do the frameworks overlap, and what's the reuse leverage?\n**Single evidence -> N controls = the cornerstone of multi-framework efficiency.**\n- Run `cross_framework_mapper.py` with enabled frameworks\n- HIGH-confidence mappings: same evidence; MEDIUM: existing + overlay; LOW: new artefact\n- Without overlap analysis, you'll collect the same access-review records 3 times\n\n### 3. Who owns each artefact, and what's the reuse-leverage score?\n**Joint ownership without accountability is the most common cause of stale evidence.**\n- Run `evidence_pool_generator.py` for the artefact inventory\n- HIGH-leverage artefacts (≥ 5 mappings) get built first\n- Each artefact needs one accountable owner\n- Stale evidence is an effective gap — even if the artefact existed historically\n\n### 4. What's the audit calendar, and is auditor independence respected?\n**Surveillance audits stacking in the same week is a smell.**\n- Use per-framework audit-plan tools (aims_audit_scheduler, isms_audit_scheduler, audit_schedule_optimizer)\n- Auditor cannot audit their own work (Clause 9.2 across all ISO standards)\n- For small teams: rotate auditors + occasional external auditor\n\n### 5. What does a mock audit produce, and is the severity distribution healthy?\n**No mock audit, no readiness signal.**\n- Run `audit_simulator.py` with framework + scope\n- Healthy distribution: ≥ 40% observation, ≤ 15% critical\n- All-critical findings = destructive audit OR genuinely failing program\n- All-observation findings = audit too superficial\n\n### 6. What's the management review cadence across frameworks?\n**Each framework wants its own management review; an integrated review (per Annex SL) saves 5x exec time.**\n- Schedule one quarterly cross-framework review covering all enabled frameworks' Clause 9.3 inputs\n- Inputs: risk register changes, open nonconformities, audit findings, incidents, drift, KPIs\n- Outputs: action items, resource decisions, scope adjustments\n\n## Workflow\n\n```bash\n# 1. Framework selection\npython ..\u002F..\u002Fskills\u002Fcompliance-os\u002Fscripts\u002Fframework_selector.py profile.json\n\n# 2. Cross-framework overlap\npython ..\u002F..\u002Fskills\u002Fcompliance-os\u002Fscripts\u002Fcross_framework_mapper.py program.json\n\n# 3. Evidence pool consolidation\npython ..\u002F..\u002Fskills\u002Fcompliance-os\u002Fscripts\u002Fevidence_pool_generator.py program.json\n\n# 4. Mock audit (per framework)\npython ..\u002F..\u002Fskills\u002Fcompliance-os\u002Fscripts\u002Faudit_simulator.py scope.json\n```\n\n## Output Format\n\n```markdown\n# Compliance Readiness: \u003Cprogram>\n**Date:** YYYY-MM-DD\n\n## The Decision Being Made\n[framework-set | audit-calendar | certification-readiness | evidence-consolidation]\n\n## Framework Set\n- Applicable: \u003Clist>\n- Binding (regulations): \u003Ccount>\n- Certifiable: \u003Ccount>\n- Missing dependencies: \u003Clist>\n\n## Cross-Framework Overlap\n- Total merged controls in scope: N\n- High-leverage artefacts (≥ 5 mappings): M\n- Top reuse opportunities: \u003Ctop 5 artefacts>\n\n## Evidence Pool\n- Artefacts in catalog: N\n- High-leverage count: M\n- Stale evidence rate: X%\n- Unowned artefacts: K\n\n## Audit Calendar\n- Frameworks scheduled this year: \u003Clist>\n- Auditor independence respected: Y\u002FN\n- Conflicts: \u003Clist>\n\n## Mock Audit Results (per framework)\n- \u003Cframework>: total findings N, critical X%, observation Y%, healthy distribution: Y\u002FN\n\n## Verdict\n🟢 READY | 🟡 STAGE-2-CANDIDATE | 🔴 NOT-READY\n\n## Top 3 Actions\n[3 concrete next steps with owners + dates]\n```\n\n## Routing\n\n- `\u002Fcs:aims-audit` — for ISO 42001-specific forcing questions\n- `\u002Fcs:ai-act-readiness` — for EU AI Act-specific forcing questions\n- `\u002Fcs:ciso-review` — for cybersecurity strategy\n- `\u002Fcs:caio-review` — for executive AI strategy\n- `\u002Fcs:gc-review` — for novel-case legal review\n- `\u002Fcs:decide` — to log the verdict\n- `\u002Fcs:freeze 30` — on certification commitments (multi-year financial impact)\n\n## Related\n\n- Agent: [`cs-compliance-officer`](..\u002F..\u002Fagents\u002Fcs-compliance-officer.md)\n- Skill: [`compliance-os`](..\u002Fcompliance-os\u002FSKILL.md)\n- Adjacent: `..\u002F..\u002Fra-qm-team\u002Fskills\u002Fiso42001-specialist\u002F`, `..\u002F..\u002Fra-qm-team\u002Fskills\u002Feu-ai-act-specialist\u002F`, `..\u002F..\u002Fra-qm-team\u002Fskills\u002Finformation-security-manager-iso27001\u002F`, `..\u002F..\u002Fra-qm-team\u002Fskills\u002Fsoc2-compliance\u002F`, `..\u002F..\u002Fra-qm-team\u002Fskills\u002Fgdpr-dsgvo-expert\u002F`\n\n---\n\n**Version:** 1.0.0\n","","imported","https:\u002F\u002Fgithub.com\u002Falirezarezvani\u002Fclaude-skills","user_system_seed","SkillOPIC",true,192,845,"2026-05-16 13:52:38",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"2290d92b-de6a-4ef0-ab1d-fdaaae5c497c","1.0.0","compliance-readiness.zip",2470,"uploads\u002Fskills\u002F301deac6-4e9b-4892-b9e4-c61d6118cb27\u002Fcompliance-readiness.zip","ec99bf2c50c1e6a4b0bd77bd8a816c7e90594f2dbfb1680e9d84567bc2aa3572","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":5574}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]