[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-812c3a95-fe88-4f80-bc22-220e9d5110e3":3,"$faH2FqHbtNwg-LqfHF0e15dvafF6RoejTptiX0GQaqoA":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"812c3a95-fe88-4f80-bc22-220e9d5110e3","soc2-audit-prep","\u002Fcs:soc2-audit-prep \u003C范围> — SOC 2类型II准备6问强制询问。观察期重点。在开始类型II观察前、中期检查点或预现场测试第10个月准备时使用。","cat_coding_review","mod_coding","alirezarezvani,coding","---\nname: \"soc2-audit-prep\"\ndescription: \"\u002Fcs:soc2-audit-prep \u003Cscope> — SOC 2 Type II readiness 6-question forcing interrogation. Observation-period focused. Use before Type II observation begins, mid-period checkpoint, or pre-field-test month-10 readiness.\"\n---\n\n# \u002Fcs:soc2-audit-prep — SOC 2 Type II Forcing Questions\n\n**Command:** `\u002Fcs:soc2-audit-prep \u003Cscope>`\n\nThe SOC 2 Type II auditor pressure-tests any SOC 2 work. Six observation-period-disciplined questions before any Type II cycle.\n\n## When to Run\n\n- Pre-observation period (months 1-2 of cycle)\n- Mid-observation period (month 6 checkpoint)\n- Pre-field-test (month 10)\n- Post-report (planning next cycle)\n- After scope change (adding TSC category)\n- After major incident during observation period\n\n## The Six SOC 2 Type II Questions\n\n### 1. What's the scope, and which TSC categories are in?\n**Security always required; others elective based on customer ask.**\n- Common Criteria (CC1-CC9) under Security always\n- Availability (A1): for SaaS with SLA commitments\n- Processing Integrity (PI1): for systems processing transactional \u002F financial data\n- Confidentiality (C1): for systems handling proprietary \u002F confidential data\n- Privacy (P1-P8): for systems handling personal data (overlap with GDPR if applicable)\n- AICPA AT-C 205 description of system: complete + accurate + boundaries clear\n\n### 2. Did any control skip a cycle during observation period?\n**Type II requires consistent operation — single skipped cycle = likely exception.**\n- Quarterly controls (e.g., access reviews): all 4 quarters covered\n- Monthly controls (e.g., vulnerability scans): all months covered\n- Continuous controls (e.g., logging): no gaps during period\n- Annual controls (e.g., BCP exercises, training): completed within period\n\n### 3. Show me the change-management evidence for any control implemented mid-period.\n**Mid-period changes = high audit risk.**\n- New controls implemented during observation: documented with change-management\n- Modified controls: rationale + effective date + impact on prior samples\n- Removed controls: rationale + customer impact assessment\n- Strategy: avoid mid-period changes; defer to next cycle\n\n### 4. Where's the exception log, and what's the materiality assessment?\n**Real-time exception logging — not retroactive.**\n- Each exception logged when discovered, not at audit time\n- Per exception: what \u002F when \u002F impact \u002F remediation \u002F owner\n- Materiality assessment: does the exception affect overall control operation?\n- Audit firm threshold: typically 1-2 exceptions per control acceptable; 3+ = finding\n\n### 5. Show me sample evidence from each TSC criterion in the FIRST month of observation.\n**Not the last week — the first month.**\n- Audit firm samples across the observation period\n- Front-loaded evidence demonstrates operational discipline\n- Back-loaded evidence (last 30 days) = \"scrambling\" signal\n- Sample IDs should be reproducible from operational systems\n\n### 6. What's the cross-walk to ISO 27001, and which evidence reuses?\n**75% control overlap — the canonical pair.**\n- Run `cross_framework_mapper.py` for HIGH-confidence overlap themes\n- Each shared artefact cited by both audits (one collection, two reports)\n- Coordinate audit calendar with cs-ciso-iso27001\n- Avoid producing duplicate evidence files for same control\n\n## Workflow\n\n```bash\n# 1. Scoping + gap analysis (pre-observation)\npython ..\u002F..\u002Fra-qm-team\u002Fskills\u002Fsoc2-compliance\u002Fscripts\u002Fgap_analyzer.py current_state.json\n\n# 2. Control matrix with ISO 27001 cross-walk\npython ..\u002F..\u002Fra-qm-team\u002Fskills\u002Fsoc2-compliance\u002Fscripts\u002Fcontrol_matrix_builder.py program.json\n\n# 3. Continuous evidence tracking (during observation)\npython ..\u002F..\u002Fra-qm-team\u002Fskills\u002Fsoc2-compliance\u002Fscripts\u002Fevidence_tracker.py evidence_log.json\n\n# 4. Mock audit (pre-field-test month 10)\npython ..\u002F..\u002Fskills\u002Fcompliance-os\u002Fscripts\u002Faudit_simulator.py soc2_scope.json\n```\n\n## Output Format\n\n```markdown\n# SOC 2 Type II Audit Prep: \u003Cscope>\n**Date:** YYYY-MM-DD\n**Observation Period:** YYYY-MM-DD to YYYY-MM-DD\n\n## The Decision Being Made\n[scoping | pre-observation | observation-status | pre-field | report-response]\n\n## TSC Scope\n- Security: included\n- Availability: \u003Cyes\u002Fno>\n- Processing Integrity: \u003Cyes\u002Fno>\n- Confidentiality: \u003Cyes\u002Fno>\n- Privacy: \u003Cyes\u002Fno>\n\n## Observation Period Status\n- Months elapsed: N \u002F 12\n- Controls operated consistently: % of total\n- Cycle skips identified: \u003Clist>\n- Mid-period control changes: N (each documented with change-mgmt: yes\u002Fno)\n\n## Exception Log\n- Total exceptions logged: N\n- Per-control max exceptions: M (audit firm tolerance: typically 1-2)\n- Material exceptions (overall control affected): \u003Clist>\n- Remediation status per exception: complete\u002Fin-progress\n\n## Sample Evidence Coverage\n- Month 1-3 evidence: complete\u002Fgaps\n- Month 4-6 evidence: complete\u002Fgaps\n- Month 7-9 evidence: complete\u002Fgaps\n- Month 10-12 evidence: complete\u002Fgaps (only for pre-report status)\n\n## ISO 27001 Cross-Walk Reuse\n- HIGH-confidence overlap themes: N\n- Shared artefacts in evidence pool: \u003Ccount>\n- Duplicate evidence collection avoided: % savings\n\n## Audit Firm Readiness\n- Scoping discussion: complete\u002Fpending\n- Description of system per AT-C 205: complete\u002Fpending\n- Walkthrough rehearsal: complete\u002Fpending\n- Sample preparation: complete\u002Fpending\n\n## Verdict\n🟢 ON-TRACK | 🟡 NEEDS-ATTENTION | 🔴 MATERIAL-RISK\n\n## Top 3 Actions\n[3 concrete next steps with owner + observation-period timing]\n```\n\n## Routing\n\n- `\u002Fcs:compliance-readiness` — for multi-framework view\n- `\u002Fcs:iso27001-audit-prep` — for ISO 27001 cross-walk pair (75% overlap)\n- `\u002Fcs:gdpr-audit-prep` — for Privacy TSC overlap\n- `\u002Fcs:ciso-review` — for executive cybersecurity strategy\n\n## Related\n\n- Agent: [`cs-soc2-auditor`](..\u002F..\u002Fagents\u002Fcs-soc2-auditor.md)\n- Skill: [`soc2-compliance`](..\u002F..\u002F..\u002Fra-qm-team\u002Fskills\u002Fsoc2-compliance\u002FSKILL.md)\n- Playbook: [soc2_audit_playbook.md](..\u002F..\u002F..\u002Fra-qm-team\u002Fskills\u002Fsoc2-compliance\u002Freferences\u002Fsoc2_audit_playbook.md)\n- Adjacent: `..\u002Fiso27001-audit-prep\u002F`, `..\u002Fgdpr-audit-prep\u002F`, `..\u002Fcompliance-readiness\u002F`\n\n---\n\n**Version:** 1.0.0\n","","imported","https:\u002F\u002Fgithub.com\u002Falirezarezvani\u002Fclaude-skills","user_system_seed","SkillOPIC",true,133,1655,"2026-05-16 13:52:54",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"216ed6ce-c5ba-44a6-a55f-3fd7942dcc17","1.0.0","soc2-audit-prep.zip",2679,"uploads\u002Fskills\u002F812c3a95-fe88-4f80-bc22-220e9d5110e3\u002Fsoc2-audit-prep.zip","b1e0ac808521fa380ccef2a4b59c7bd530e655f4a220f11e58779553e8a76128","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":6092}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]