soc2-compliance-automator

# SOC 2 Compliance Automator Skill ## Purpose Automate SOC 2 Trust Services Criteria (TSC) compliance activities including control mapping, evidence collection, audit preparation, and continuous compliance monitoring. ## Capabilities ### Control Mapping - Map organizational controls to SOC 2 TSC requirements - Cover all five Trust Services Categories: - Security (Common Criteria) - Availability - Processing Integrity - Confidentiality - Privacy - Generate control matrices with evidence requirements - Identify control gaps and coverage ### Evidence Collection - Automate evidence gathering from cloud providers - Collect access control configurations (IAM, RBAC) - Capture security configurations and policies - Document change management processes - Archive audit logs and monitoring data - Screenshot automation for manual controls ### Audit Preparation - Generate Type I and Type II audit packages - Prepare management assertion documents - Create system description documents - Organize evidence by control objective - Generate auditor-ready reports ### Control Effectiveness Tracking - Monitor control implementation status - Track control testing results - Document control exceptions - Manage remediation activities - Calculate compliance scores ### Continuous Compliance - Monitor control drift and changes - Alert on compliance deviations - Track evidence freshness - Generate compliance dashboards - Automate periodic control testing ## Trust Services Categories ##...