How does this skill help with SOC 2 compliance?

It provides specific requirements for serverless encryption standards, centralized access logging, least-privilege IAM roles, and automated change management procedures.

Does this support multiple cloud providers?

Yes, the skill offers guidance for major providers including AWS, Azure, and GCP, focusing on their native security, logging, and key management services.

Can it help me prepare for a HIPAA audit?

Yes, it outlines mandatory BAA requirements, PHI encryption at rest and in transit, audit logging retention periods, and strict network isolation protocols.

What common security mistakes can this skill identify?

It provides 'wrong vs. correct' patterns for public S3 buckets, overly permissive IAM policies, hardcoded secrets, and missing database encryption.

Compliance Architecture Expert

Name: Compliance Architecture Expert
Author: Activer007

byActiver007

0•

安全与测试

Designs enterprise-grade compliant architectures for SOC 2, HIPAA, GDPR, and PCI-DSS using industry-standard security controls.

This skill acts as a specialized consultant for building and maintaining cloud-native architectures that adhere to rigorous regulatory standards. It provides actionable checklists, security control mappings, and audit-ready implementation patterns specifically tailored for serverless and cloud environments. By utilizing this skill, developers and architects can ensure their infrastructure meets the strict requirements of SOC 2 Type II, HIPAA, GDPR, and PCI-DSS, significantly reducing audit risk and avoiding common security misconfigurations like public S3 buckets or permissive IAM roles.

主要功能

01Comprehensive compliance checklists for SOC 2, HIPAA, GDPR, and PCI-DSS

02Best practices for PHI data protection and Business Associate Agreements (BAA)

030 GitHub stars

04Standardized encryption and key management (KMS/HSM) configurations

05Cloud-specific security patterns for AWS, Azure, and Google Cloud Platform

06Detailed guidance on data residency, portability, and the right to erasure

使用场景

01Implementing GDPR-mandated data localization and consent management workflows

02Preparing a SaaS platform for a SOC 2 Type II security audit

03Architecting a HIPAA-compliant backend for a healthcare application

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add activer007/ordinary-claude-skills compliance-architecture

For use in Claude.ai and ChatGPT

Download Skill