Compliance

Skill packages tagged with “Compliance”

10-K Risk Factors (Item 1A)

Draft and validate the Risk Factors section of a Form 10-K under Reg S-K Item 105: organize by materiality, write company-specific narratives, add a two-page summary when the section exceeds 15 pages, and validate structure and compliance.

SEC Securities Regulatory Form 10-K Risk Factors Reg S-K Compliance

Learn More

Accreditation self-study section

Draft and validate accreditation self-study sections (criterion ID, narrative, evidence reference) for audit.

Education Accreditation Self-study Compliance

Learn More

ADR Dangerous Goods Transport Documentation

Draft and validate transport documentation for the carriage of dangerous goods by road under ADR. Covers transport document §5.4.1, packing certificate, emergency information, and instructions in writing.

ADR Dangerous Goods Transport EU Compliance

Learn More

Aged Care Quality Compliance

Draft and validate Quality Care Advisory Body reports and Continuous Improvement plans for Australian aged care. Aligns with the Aged Care Quality Standards and SIRS (Serious Incident Response Scheme). Includes SIRS notification validation and standards mapping for clinical outcomes.

Australia Aged Care Compliance Aged Care Quality Standards SIRS Quality Care Advisory Body Continuous Improvement

Learn More

AI Bias Narrative Auditor

Document risk, bias, and transparency for Algorithmic Impact Assessment (AIA). Critique Human-in-the-loop descriptions against EU AI Act Art. 14 and Canadian Directive thresholds; verify dataset provenance and copyright/privacy compliance.

EU AI Act Algorithmic Impact Assessment Compliance Bias Human oversight Canadian Directive Data governance

Learn More

AI Risk & Transparency Auditor

Draft and validate a Fundamental Rights Impact Assessment (FRIA) for high-risk AI systems under the EU AI Act. Validates Instructions for Use against Art. 13 transparency requirements and audits technical documentation for bias mitigation and data governance per Art. 10.

AI Compliance EU AI Act Transparency Bias Governance Validation

Learn More

Alcohol Licensing (Operating Schedules)

Draft Operating Schedules for UK Premises Licence applications under the Licensing Act 2003. Covers licensable activities, times, premises description, and steps to promote the four licensing objectives for bars, restaurants, hotels and hospitality.

Licensing Act 2003 UK Hospitality Compliance Alcohol

Learn More

AML/BSA Compliance Program (Fintech & MSB)

Draft a complete AML/BSA compliance program for non-bank financial institutions — fintechs, MSBs, crypto exchanges, and insurance companies. Covers all five BSA pillars: compliance officer, policies, independent testing, training, and CDD. Includes CTR filing, transaction monitoring, SAR filing, OFAC screening (50% Rule, proliferation financing), and information sharing procedures.

Compliance Financial Services AML BSA FinCEN Fintech MSB OFAC SAR CTR CDD KYC Crypto

Learn More

AML/CTF Program (AUSTRAC)

Create and validate Part A and Part B of the Anti-Money Laundering and Counter-Terrorism Financing Program for Australian reporting entities. Covers risk management, CDD, transaction monitoring, SMR, and Safe Harbour verification procedures for individual customers. Works with austrac_risk_profiler for customer risk; includes kyc_procedure_audit to flag missing Safe Harbour steps.

AUSTRAC Australia AML CTF Compliance Finance KYC Safe Harbour

Learn More

AML/CTF Program Manual

Draft and validate an Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Program Manual covering KYC/CDD/EDD, transaction monitoring, sanctions screening (including PF-TFS), SAR/STR filing, and governance. Aligned with FATF Recommendations and the EU 6th Anti-Money Laundering Directive (6AMLD). Includes red_flag_library for industry-specific transaction monitoring indicators across 8 sectors, and sanctions_list_frequency_check to validate screening cadences, CTF/PF content, record retention, and board governance against the firm's risk appetite.

AML CTF FATF 6AMLD Compliance Finance KYC Sanctions Transaction Monitoring Proliferation Financing

Learn More

Annex 1 CCS Validator

Draft and validate a Contamination Control Strategy (CCS) for pharmaceutical sterile manufacturing per EU GMP Annex 1 (2023). Maps cleanroom classifications to grades A/B/C/D, validates environmental monitoring limits against the stricter 2023 microbial thresholds, and checks airflow patterns, pressure cascades, and CCS element coverage.

Pharmaceutical Manufacturing GMP Compliance Validation EU GMP Annex 1

Learn More

AOP/AOC Cahier des Charges

Maintain and update Cahier des Charges for French AOP/AOC protected designations (INAO). Validates geographical area and production methods in specifications and audits AOP/AOC logo and mandatory mentions on packaging drafts.

Agriculture France INAO AOP AOC Compliance Cahier des Charges Labelling Agri-food

Learn More

AS9100 Procedure Author

Guided elaboration of AS9100-aligned procedures and risk-based thinking documentation: quality manual sections, process procedures (design, purchasing, production, NCM), and key objective evidence for AS9100 Rev D.

AS9100 Aerospace Defense QMS Compliance

Learn More

ASME Design Spec Author

Guided elaboration of design and construction documentation per ASME BPVC or B31 — design basis, material selection, weld and NDE requirements, pressure/temperature limits.

ASME Pressure Equipment Piping Design Compliance

Learn More

ASTM Material Spec Author

Guided elaboration of material specifications and test/acceptance documentation that reference ASTM standards — material designation, test methods, acceptance criteria, and COC requirements.

ASTM Materials Test Methods Compliance Specifications

Learn More

Auditoría de Conformidad EIA

Valida Estudios de Impacto Ambiental (EsIA) frente a los umbrales regionales y nacionales de la Ley 21/2013 de evaluación ambiental (España): matriz de impacto, medidas preventivas y correctoras, Programa de Vigilancia Ambiental.

Spain Environment EIA Ley 21/2013 Infrastructure Compliance Regulated Sector

Learn More

Auditoria de Rotulagem de Alimentos e Suplementos

Revisão completa de arte e tabelas nutricionais frente à regulamentação ANVISA. Valida aplicação da Lupa (excesso de açúcar, sódio ou gordura saturada), formato da tabela nutricional (ordem dos nutrientes, %VD, porções), avisos ALÉRGICOS: CONTÉM... (caixa alta, negrito, posicionamento, 2 mm), e requisitos específicos de suplementos alimentares (designação, frases obrigatórias, alegações, advertências). Mercado: indústria de alimentos e suplementos. Regulação: ANVISA — RDC 429/2020, IN 75/2020, RDC 727/2022, RDC 243/2018, IN 28/2018.

ANVISA Food Industry Supplements Labelling Compliance Brazil Nutritional labelling Allergens RDC 429 RDC 243 IN 75 IN 28

Learn More

B Corp Policy Evidence Author

Guided elaboration of B Corp BIA support documentation — policy evidence and narratives for Governance, Workers, Community, Environment, and Customers; improvement plans for low-scoring areas.

B Corp BIA Sustainability Certification Compliance

Learn More

BACEN GRSAC - Relatórios de Risco e Capital

Use quando o usuário precisar criar relatórios de gerenciamento de riscos e ativos padronizados conforme as normas de supervisão do Banco Central do Brasil (BACEN). Use para elaborar relatórios GRSAC, análises de risco de crédito, liquidez, mercado e operacional, adequação de capital, e documentos de governança corporativa. Use sempre que o usuário mencionar BACEN, supervisão bancária, gestão de riscos, adequação de capital, Basileia III, relatórios regulamentares, RGR, RAC, ou qualquer documento exigido pelo sistema financeiro brasileiro.

BACEN Regulamentação Gestão de Riscos Capital Compliance Supervisão Bancária Basileia III Sistema Financeiro

Learn More

BCB 520/2025 — PSAVs: Funcionamento e Compliance

Elaboração e revisão de documentação de funcionamento, proteção ao cliente, AML, governança, segurança e supervisão prudencial das PSAVs.

BACEN BCB VASP PSAV Compliance AML Brazil

Learn More

BCMS BIA & Plan Author

Guided elaboration of BCMS documentation for ISO 22301: scope and context (Clause 4), BC policy (Clause 5), risk assessment for disruption (Clause 8.3), business impact analysis with MTPD/MBCO/RTO/RPO (Clause 8.4), continuity strategies and BC/DR plans, and plan testing and exercising (Clause 8.5). Validates that critical activities have MTPD, MBCO, and RTO defined; checks RPO for IT/data-dependent activities; and flags missing dependency or SPOF notes.

Business Continuity ISO 22301 BCMS BIA RTO RPO MTPD MBCO Compliance

Learn More

BCP Audit Evidence Pack

Create a consolidated Business Continuity Evidence Pack for SOC 2, ISO 22301, or ISO 27001 audits. Combines BIA summary, RTO/RPO targets, recovery plans, DR test matrix, and auditor checklist into a single audit-ready document with cross-validation.

Business Continuity SOC 2 ISO 22301 ISO 27001 Audit Compliance Disaster Recovery

Learn More

BEP & EIR Elaborator

Guided elaboration of BIM Execution Plan (BEP — pre-appointment and post-appointment), OIR/AIR/PIR, EIR, MIDP/TIDP, and CDE workflow per ISO 19650-1/2. Verifies required BEP sections including LOIN, MIDP/TIDP, CDE states, and naming convention; checks deliverables map to project stages and responsibility matrix.

BIM ISO 19650 Construction Information Management Compliance

Learn More

Board Committee Charters

Define and review board committee charters (Audit, Risk, Compensation) with clear scope and responsibilities aligned to NYSE, NASDAQ, and LSE listing rules. Detects overlapping responsibilities and gaps in oversight; validates quorum and voting rules against local corporate law.

Governance Compliance Listing Rules Audit Committee Risk Committee Compensation Committee

Learn More

Business Ethics & Code of Conduct

Draft and validate Codes of Conduct as the high-level cultural guide for employee behavior. Creates industry-specific ethical-dilemma Scenario boxes (e.g. facilitation payments, conflicts of interest, gifts) and validates readability for a global workforce. Aligned with Federal Sentencing Guidelines (USA) and Sapin II (France).

Ethics Compliance Code of Conduct Federal Sentencing Guidelines Sapin II Governance

Learn More

Business Impact Analysis (BIA)

Conduct structured Business Impact Analyses per ISO 22301. Guides interviews, maps process dependencies, determines RTO/RPO targets, and validates consistency across the dependency chain with automated tools that flag timing conflicts and circular dependencies.

Business Continuity Risk Management ISO 22301 Compliance

Learn More

Canada Privacy & PIA

Guide to Canadian privacy law (PIPEDA, provincial private-sector laws, Bill C-27 status) and Privacy Impact Assessments for federal and private-sector data handling. Use with PIA outline and references to elaborate PIAs.

Canada Privacy PIPEDA CPPA Bill C-27 PIA Compliance

Learn More

CCPA/CPRA Privacy Program — Compliance Documentation Package

Draft and validate the core privacy compliance documentation package required under the California Consumer Privacy Act as amended by CPRA. Covers the privacy policy, DSAR procedures, data inventory, privacy impact assessment, opt-out mechanisms, and service provider/contractor agreements.

CCPA CPRA Privacy California Compliance Data Protection DSAR

Learn More

CE Technical File Author

Guided elaboration of CE technical documentation and Declaration of Conformity (DoC): applicable directives/regulations (e.g. RED, LVD, EMC, MDR, IVDR, Machinery), risk assessment, essential requirements checklist, and DoC content per product.

CE Marking EU Compliance Technical Documentation Declaration of Conformity

Learn More

CFPB — Consumer Complaint Response & UDAAP Compliance

Draft and validate consumer complaint management programme and UDAAP compliance documentation for CFPB-supervised entities. Covers complaint response timelines, UDAAP risk assessment, fair lending, and board reporting.

CFPB UDAAP United States Financial Services Compliance

Learn More

Charities Governance Code Compliance

Prepare the Charities Governance Code Compliance Record Form for the annual report to the Charities Regulator (Ireland). Aligns board minutes and policies with the six core principles and validates trustee term limits and rotation in the constitution.

Ireland Governance Charities Compliance Non-Profit Regulator

Learn More

Chemical Safety (SDS Author)

Author and validate Safety Data Sheets (SDS / FISPQ) compliant with REACH Annex II, GHS, CLP Regulation, and ABNT NBR 14725-4 for EU and Brazilian markets. Validates the 16 mandatory sections and cross-checks chemical concentrations against CLP thresholds to auto-suggest H and P phrases.

Chemicals Compliance REACH GHS NBR 14725 Safety Validation Brazil European Union

Learn More

CIS Controls Implementation Author

Guided elaboration of CIS Controls v8 implementation plan — safeguard selection, IG1/IG2/IG3 alignment, and mapping to existing policies or controls.

CIS Controls Cybersecurity Implementation Compliance

Learn More

Clinical Report Writing

Write comprehensive clinical reports including case reports (CARE guidelines), diagnostic reports (radiology, pathology, lab), clinical trial reports (ICH-E3, SAE, CSR), and patient documentation (SOAP notes, H&P, discharge summaries). Includes regulatory compliance and validation tools.

Healthcare Reports Compliance

Learn More

Clinical Trial Protocol (ICH E6(R3) GCP)

Draft and validate clinical trial protocols per ICH E6(R3) Good Clinical Practice and ICH E8(R1) General Considerations for Clinical Studies. Ensures the protocol contains all required elements for ethics committee / IRB submission and regulatory filing (EMA, FDA IND, ANVISA).

Healthcare Clinical Trials Compliance ICH GCP

Learn More

CMMC Assessment Scoping

Define CMMC assessment scope, authorization boundary, and network architecture for Level 1 or Level 2. Documents in-scope assets and network diagram narrative for the SSP.

CMMC NIST DoD Compliance Scoping

Learn More

CMMC Asset Inventory

Create and maintain the CMMC asset inventory: CUI assets, security protection assets, and contractor risk-managed assets for assessment scope.

CMMC CMMC 2.0 NIST DoD Compliance Asset Inventory

Learn More

CMMC Plan of Action & Milestones

Draft and validate the CMMC POA&M: track control deficiencies, remediation plans, owners, and due dates for Conditional Level 2 or Level 3.

CMMC CMMC 2.0 NIST DoD Compliance POA&M

Learn More

CMMC Policies and Procedures

Draft CMMC-aligned security policies and procedures for all NIST 800-171 domains: Access Control, Audit, Awareness, Configuration Management, and others.

CMMC NIST DoD Compliance Policies

Learn More

CMMC Readiness Gap Analysis

Map controls to NIST SP 800-171 practices, identify CMMC coverage gaps, and build a prioritized remediation roadmap for Level 1 or Level 2.

CMMC CMMC 2.0 NIST DoD Compliance Gap Analysis

Learn More

CMMC System Security Plan

Draft and validate the CMMC SSP for Level 1 or Level 2: system description, boundary, and implementation narratives for each NIST 800-171 practice with evidence pointers.

CMMC CMMC 2.0 NIST DoD Compliance SSP

Learn More

CMS Obligations Elaborator

Guided elaboration of ISO 37301:2021 CMS documentation: organizational context and scope, compliance policy, measurable objectives, obligations register (with shall/should distinction), compliance risk assessment, controls mapping, and performance evaluation. Validates that mandatory obligations have controls and review dates, objectives are documented, high risks have mitigation, and monitoring arrangements are in place.

Compliance Management ISO 37301 CMS Compliance Risk

Learn More

Codex Product & Labelling Author

Guided elaboration of product standards or labelling documentation aligned to Codex commodity standards, General Standard for Labelling, or Codex guidelines. Complements HACCP skill (Codex 7 principles).

Codex Alimentarius Labelling Food Compliance HACCP

Learn More

Contrato com Operador — LGPD (Art. 39 e 42)

Elaboração de contrato ou cláusulas entre controlador e operador de dados pessoais nos termos dos Art. 39 e 42 da LGPD. Cobre instruções do controlador, medidas de segurança, suboperadores, incidentes e responsabilidade. Inclui validação dos itens mínimos recomendados.

LGPD ANPD Contrato Operador Art. 39 Art. 42 Compliance Brasil Privacidade

Learn More

CQC Statement of Purpose

Draft, update, and validate the legally required Statement of Purpose for CQC-registered healthcare providers in England. Maps service descriptions to the Five Key Questions (Safe, Effective, Caring, Responsive, Well-led) and validates regulated activities against CQC registration categories. Covers care homes, GP practices, dental surgeries, domiciliary care, and hospitals.

Healthcare CQC Compliance United Kingdom Care Homes Statement of Purpose

Learn More

Credenciamento Open Finance (PSTI)

Documentação técnica e validação de conformidade para Provedores de Serviços de Tecnologia da Informação no Open Finance Brasil (BCB, Res. 10/2026). Mapeia arquitetura de segurança e compara a API do cliente com o manual técnico do diretório central.

Open Finance PSTI BCB Fintech Compliance API Brazil

Learn More

CRICOS Provider Registration

Prepare the Quality Management System for CRICOS registration in Australia. Covers Cancellation of Enrolment policy and the mandatory 20-day appeal period (National Code 2018); validates policy with validate_cancellation_appeal_period. Complements student support and attendance (cricos_compliance_shield).

Australia Compliance International Education CRICOS ASQA TEQSA National Code 2018

Learn More

Cybersecurity Incident Response Plan (Sector & State-Specific)

Draft a cybersecurity Incident Response Plan aligned with NIST SP 800-61r3, tailored to industry sector (HIPAA, GLBA, PCI DSS, FERPA, NERC CIP) and state breach notification laws. Includes detection playbooks, escalation procedures, and state-by-state notification timeline matrix.

Cybersecurity Incident Response NIST 800-61 Compliance Breach Notification CIRCIA HIPAA PCI DSS NYDFS NERC CIP

Learn More

Data Privacy — AIPD (CNIL Standard)

Conduct a Privacy Impact Assessment (AIPD) under the CNIL standard for France (RGPD). Three-step methodology: Context, Principles, Risks. Validates retention periods against CNIL 'droit à l'oubli' (right to erasure).

RGPD CNIL AIPD Privacy Data Protection France Compliance Droit à l'oubli

Learn More

Data Processing Agreement (DPA) — SCC & sub-processor sync

Draft the legal annex for DPAs governing controller–processor data transfers under GDPR and CCPA. Inserts the correct Standard Contractual Clauses by data importer country and validates sub-processor list against the privacy portal.

GDPR CCPA DPA Privacy Standard Contractual Clauses Sub-processors Data Protection Compliance

Learn More

Design Dossier Elaborator

Guided elaboration of design dossier, technical file, or device master record sections for medical devices: device classification, risk summary (ISO 14971:2019), essential principles (GSPR), labelling/IFU, clinical evaluation, post-market surveillance, and traceability per EU MDR 2017/745 Annex II and FDA QMSR (21 CFR Part 4).

Medical Devices ISO 13485 EU MDR FDA Technical Documentation Compliance ISO 14971 GSPR IEC 62304 IEC 62366

Learn More

DORA Information Register (ICT Third-Party Arrangements)

Create and maintain the Register of Information on ICT third-party service arrangements required by DORA Art. 28(3) and ITS 2024/2956. Covers entity identification, TPP data, contractual arrangements, function mapping, sub-outsourcing chains, and ICT concentration risk assessment.

DORA Information Register ICT Third-Party EU Regulation Financial Services Compliance

Learn More

DORA Policy Generator

Generate the complete set of policies required by DORA from organizational context. Covers ICT security, risk management, incident management, business continuity, third-party risk, access control, encryption, and more.

DORA Policy Generator Compliance EU Regulation Financial Services ICT Policies

Learn More

DPC GDPR Accuracy and Retention

Accuracy and retention for DPC self-assessment: purpose limitation, minimisation, accuracy, retention policies, secure destruction, and no unregulated duplication.

DPC GDPR Ireland Compliance

Learn More

DPC GDPR Breach Notification

Breach notification and response under Ireland DPC and GDPR Art. 33–34: 72h to DPC, data subject communication for high risk, risk levels, form, and internal record.

DPC GDPR Ireland Compliance Breach

Learn More

DPC GDPR Certification

GDPR certification under Ireland DPC and Art. 42–43: DPC-approved criteria, INAB-accredited certification bodies, and documentation for certification readiness.

DPC GDPR Ireland Compliance Certification

Learn More

DPC GDPR Controller Obligations

Other controller obligations for DPC checklist: processor/supplier agreements (Art. 28–29), DPO (37–39), DPIA (35).

DPC GDPR Ireland Compliance

Learn More

DPC GDPR Data Breaches (Self-Assessment)

Breach preparedness for DPC checklist: incident response plan, procedures to notify DPC and individuals, documentation, and cooperation. For actual notification use DPC GDPR Breach Notification skill.

DPC GDPR Ireland Compliance Breach

Learn More

DPC GDPR Data Security

Data security (Art. 32) for DPC self-assessment: risk assessment, technical and organisational measures, encryption, recovery, and secure destruction.

DPC GDPR Ireland Compliance Security

Learn More

DPC GDPR Data Subject Rights

Data subject rights (Art. 15–23) for DPC self-assessment: SAR, portability, deletion/rectification, restriction, object, profiling, and restrictions.

DPC GDPR Ireland Compliance Data subject rights

Learn More

DPC GDPR International Transfers

International data transfers (Art. 44–50) for DPC self-assessment: adequacy, SCCs, documentation, and transparency to data subjects.

DPC GDPR Ireland Compliance International transfers

Learn More

DPC GDPR Personal Data (Legal Basis)

Personal data for DPC self-assessment: consent (Art. 7–9), children (Art. 8), and legitimate interest assessment.

DPC GDPR Ireland Compliance Consent

Learn More

DPC GDPR Readiness

GDPR readiness and self-assessment aligned to the Ireland DPC Self-Assessment Checklist: data mapping, legal basis, retention, and links to the eight detailed checklist areas.

DPC GDPR Ireland Compliance Self-assessment

Learn More

DPC GDPR Transparency

Transparency (Art. 12–14) for DPC self-assessment: information to data subjects, Art. 13/14 lists, and proactive rights information.

DPC GDPR Ireland Compliance Transparency

Learn More

Ecocert Scope Author

Guided elaboration of Ecocert (or equivalent) certification application and scope documentation — scope of operation, input lists, conversion plan (if applicable), and traceability/CoC for organic or ethical claims.

Ecocert Organic Certification Sustainability Compliance

Learn More

eCTD Cross-Module Verifier

Verify consistency and data integrity of eCTD pharmaceutical dossiers. Cross-checks Module 2 (Summaries) against Module 5 (Clinical Study Reports) to ensure study references, p-values, N-counts, endpoints, and safety data are aligned before regulatory submission to FDA, EMA, or PMDA.

Healthcare Pharmaceutical Regulatory Compliance ICH GCP FDA

Learn More

EMS Context & Obligations Author

Guided elaboration of EMS context, environmental aspects/impacts, compliance obligations register, and environmental objectives and plans for ISO 14001. Ensures significant aspects are linked to obligations and objectives and flags obligations without review date or compliance evidence.

Environmental Management ISO 14001 EMS Compliance Obligations

Learn More

EN Conformity Documentation Author

Guided elaboration of conformity documentation for products or systems against selected EN (or ETSI) standards — scope, normative references, conformity route, and clause-by-clause or test-based evidence.

CEN CENELEC ETSI EN Standards Compliance EU

Learn More

Encarregado (DPO) — LGPD (Art. 41)

Documentação e divulgação do encarregado (DPO) nos termos do Art. 41 da LGPD. Cobre designação, canal público, atribuições perante titulares e ANPD, e integração com política de privacidade e registro de operações.

LGPD ANPD Encarregado DPO Art. 41 Compliance Brasil Privacidade

Learn More

EnMS Energy Review Author

Guided elaboration of EnMS documentation for ISO 50001: energy review, baseline, EnPIs, objectives and action plans. Ensures baseline and EnPIs have scope and units and flags objectives without measurement method or review period.

Energy Management ISO 50001 EnMS EnPI Compliance

Learn More

Environmental Referrals (EPBC Act)

Draft Referral of Proposed Action for developments affecting matters of national environmental significance (MNES) under the EPBC Act. Covers Ramsar wetlands, threatened species, mitigation and offsets, and DCCEEW submission. Australia; land development and infrastructure.

Australia EPBC Act DCCEEW Environment Land Development Infrastructure Regulatory Compliance

Learn More

ERISA Summary Plan Description (SPD)

Draft and validate the Summary Plan Description required by ERISA §102 for employee benefit plans. Covers plan identification, participation, benefits, claims procedure, and ERISA rights per 29 CFR §2520.102-3.

ERISA Benefits Pensions United States Compliance

Learn More

ESG Report (CSRD / ISSB)

Compile Environmental, Social, and Governance reports aligned with CSRD/ESRS and ISSB/IFRS S1-S2. Guides double materiality assessment, GHG emissions accounting (Scope 1, 2, 3), and structured report drafting with automated validation tools that check materiality logic and emissions math against GHG Protocol standards.

Sustainability Compliance CSRD ISSB GHG Protocol Environment

Learn More

Executive Readiness Report

Generate a board-ready executive summary of compliance posture, readiness scores by area, critical gaps, and timeline to audit. Designed for C-suite, board members, and auditors. Synthesizes data from dashboard metrics, gap assessments, risk registers, and policy status into a single exportable document.

Compliance Executive Report GRC Readiness Board Report

Learn More

Export Control Redactor

Scan technical manuals for ITAR-controlled Defense Articles on the USML and flag content requiring export licenses. For USA defense sector; supports USML category tagging, Technical Data identification, ITAR vs EAR jurisdiction analysis, and redaction recommendations for export license submissions.

Defense Aerospace ITAR EAR Export Control USML Compliance

Learn More

Fairtrade CoC Author

Guided elaboration of Fairtrade supply chain and Chain of Custody (CoC) documentation — product scope, trader license scope, CoC procedures, and mass balance or physical separation evidence.

Fairtrade Chain of Custody Supply Chain Certification Compliance

Learn More

FAR Clause Analyzer

Ensure federal contract proposals contain mandatory FAR and agency-supplement clauses. For USA government contracting; supports prime and subcontract proposals under the Federal Acquisition Regulation, with contract-type and threshold-aware analysis.

Version: 1.0.0
Author: Rakenne

Government Procurement FAR Compliance Federal DFARS

Learn More

FDA Submission Wizard

Draft and validate FDA medical device submissions. Supports 510(k) Premarket Notifications (eSTAR format) with predicate comparison and substantial equivalence arguments, and PMA (Premarket Approval) dossiers with clinical and non-clinical data sections.

Healthcare Regulatory FDA Compliance

Learn More

FedRAMP Authorization Package

Draft and validate FedRAMP authorization packages for cloud service providers: System Security Plan (SSP) with all required attachments, Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Action & Milestones (POA&M). Supports Low, Moderate, and High baselines.

FedRAMP NIST Compliance Government Cloud Security ATO

Learn More

Financial Services Statement of Advice

Generate and validate personalised Statements of Advice (SoA) for retail clients in Australia. Ensures Best Interests Duty (BID) and FOFA ongoing fee compliance; includes soa_logic_validator and fee_disclosure_checker.

Australia Financial Planning Wealth Management ASIC Compliance SoA BID FOFA

Learn More

Food Labeling & Claims (FDA / USDA)

Draft and validate U.S. food product labels and labeling claims compliant with FDA 21 CFR 101, USDA FSIS, NLEA, FALCPA, and FASTER Act. Validates required label elements, allergen declarations, nutrient content claims against nutrition data, health claims, and organic/bioengineered disclosures.

Food Labeling FDA USDA NLEA FALCPA Nutrition Facts Claims Allergens Compliance Food & Beverage

Learn More

FSAI Agri-Food Traceability

Draft Recall and Withdrawal procedures for meat and dairy in Ireland (FSAI), with One-Step-Back/Forward traceability and validation of the 14 allergens list against Irish S.I. No. 489/2014 font and highlighting requirements.

FSAI Ireland Food Safety Agriculture Traceability Recall Allergens Labelling Compliance

Learn More

FSMS Manual & PRP/OPRP Author

Guided elaboration of FSMS documentation for ISO 22000: food safety policy, PRPs, OPRPs, HACCP plan linkage, and operational control procedures. Ensures PRPs and OPRPs are documented and linked to hazards and flags CCPs without critical limits or monitoring.

Food Safety ISO 22000 FSMS PRP OPRP HACCP Compliance

Learn More

GDPR Consent Form (Art. 7)

Draft consent forms and consent notices for personal data processing under GDPR Article 7. Covers all conditions for valid consent: freely given, specific, informed, unambiguous. Includes validation against EDPB Guidelines 05/2020.

GDPR Privacy Consent Art. 7 Art. 9 EDPB ePrivacy Compliance Data Protection

Learn More

GDPR Gap Assessment

Perform a structured gap assessment against GDPR (Regulation 2016/679). Mandatory artifact detector scans for missing compliance documents; maturity rater suggests 0-5 maturity per domain across all compliance domains (principles, lawful basis, transparency, data subject rights including Art. 19, controller obligations, security, breach notification, DPIA including Art. 36 prior consultation, DPO governance, processor management, international transfers, training). Produces findings register and prioritized remediation roadmap with Art. 83 fine tier analysis.

GDPR Privacy Gap Assessment Compliance Data Protection Audit Readiness DPO DPIA International Transfers

Learn More

GDPR Legitimate Interest Assessment (Art. 6(1)(f))

Conduct a three-part Legitimate Interest Assessment (LIA) under GDPR Art. 6(1)(f): purpose test, necessity test, and balancing test. Validates against EDPB Opinion 08/2024, WP217, and CJEU case law (Rigas, Fashion ID, Meta/Bundeskartellamt).

GDPR Privacy Legitimate Interest LIA Art. 6 Art. 6(1)(f) Balancing Test EDPB Compliance Data Protection Lawful Basis

Learn More

GDPR Privacy by Design & Default (Art. 25)

Assess and document data protection by design and by default measures per GDPR Article 25 and EDPB Guidelines 4/2019. Covers the seven foundational principles, Hoepman's eight design strategies, Art. 25(2) four-dimension default settings review, controller/processor scope, DPIA necessity assessment (EDPB WP248 rev.01), and organisational measures.

GDPR Privacy Privacy by Design Privacy by Default Art. 25 Art. 35 EDPB DPbD Compliance Data Protection DPIA Privacy Engineering EU

Learn More

GDPR ROPA & DPIA Author

Guided elaboration of Records of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIA): processing purposes, legal basis, data categories, recipients, retention, safeguards, and DPIA necessity assessment and risk mitigation.

GDPR Privacy ROPA DPIA Compliance Data Protection

Learn More

GDPR Vendor & Processor Audit (Art. 28)

Plan and document processor audits under GDPR Art. 28(3)(h). Covers Art. 28(3)(a-h) contract compliance, sub-processor chain review, international transfer assessment (SCCs, adequacy, BCRs, TIA), Art. 32 technical measures evaluation, Art. 28(5) certification review, and corrective action tracking.

GDPR Privacy Processor Vendor Audit Art. 28 SCCs TIA Compliance Data Protection

Learn More

GMP SOP & Validation Author

Guided elaboration of GMP documentation — SOPs, validation protocol (IQ/OQ/PQ), and batch record template sections aligned to FDA 21 CFR 211 / EU EudraLex Vol 4 / WHO GMP.

GMP Pharmaceutical FDA Validation Compliance

Learn More

GRI Sustainability Report Author

Guided elaboration of a GRI Standards-aligned sustainability report: material topics, GRI Universal Standards (2–3) and topic-specific disclosures (200/300/400 series), and management approach per material topic.

GRI Sustainability ESG Reporting Compliance

Learn More

GwG Anti-Money Laundering Risk Analysis

Erstellt Risikoanalysen gemaess §5 GwG (Geldwaeschegesetz) fuer den Nichtfinanzsektor. Weist Kunden anhand von Transparenzregister-Daten Risikostufen zu und validiert PEP-Sorgfaltspflichten (§15 GwG) fuer Immobilienmakler und Gueterhaendler.

GwG Anti-Money Laundering Risk Analysis Compliance Germany Real Estate KYC

Learn More

HACCP Food Safety Plan

Draft and validate a HACCP Food Safety Plan for Food & Beverage operations aligned with Codex Alimentarius (CXC 1-1969, revised 2020) and FDA FSMA (21 CFR Part 117). Covers all seven HACCP principles across 12 Codex steps, defines CCPs and critical limits, and includes FSMA-required programs (allergen controls — including sesame per FASTER Act 2023, recall plan under 21 CFR 117.139, and supply-chain program under 21 CFR 117 Subpart G). Validates flow-chart-to-plan consistency and supports EU Reg 852/2004, 853/2004, and 2073/2005 compliance.

Food Safety HACCP FDA FSMA Codex Alimentarius Compliance Food & Beverage Allergen Control GFSI EU Food Safety

Learn More

Health Canada & MDSAP

Align QMS documentation to MDSAP and Health Canada expectations. Guides users to map procedures and records to MDSAP/ISO 13485, prepare for audits, and use the mdsap_audit_aligner skill when available.

Healthcare Regulatory Canada MDSAP Compliance Quality Management

Learn More

HIPAA Security Risk Assessment (SRA)

Draft and validate the Security Risk Assessment required by the HIPAA Security Rule (45 CFR §164.308(a)(1)). Defines scope and ePHI boundaries, inventories assets and Business Associate relationships, maps threats and vulnerabilities, assesses Required and Addressable safeguards, and produces the SRA report and risk register aligned with HHS/OCR audit protocol.

HIPAA HITECH Security Risk Assessment ePHI Healthcare Compliance SRA HHS/OCR Business Associate NIST

Learn More

HIQA Care/Support Plan

Draft or update an individual care or support plan for a resident or child in a designated centre aligned with HIQA standards.

HIQA Ireland Designated centres Care planning Compliance

Learn More

HIQA Complaints Procedure

Draft or update a complaints procedure for healthcare services aligned with HIQA NSSBH and national complaints guidance.

HIQA Ireland Healthcare Complaints Compliance

Learn More

HIQA Consent Policy

Draft or update a consent policy for healthcare services aligned with HIQA NSSBH and Irish consent law.

HIQA Ireland Healthcare Consent Compliance

Learn More

HIQA Data Protection and Confidentiality Policy

Draft or update a data protection and confidentiality policy aligned with HIQA, GDPR, and Irish law.

HIQA Ireland Information management GDPR Compliance

Learn More

HIQA Designated Centre Complaints

Draft or update a complaints procedure for a designated centre aligned with HIQA standards.

HIQA Ireland Designated centres Complaints Compliance

Learn More

HIQA Designated Centre Health and Safety

Draft or update a health and safety policy for a designated centre aligned with HIQA and health and safety law.

HIQA Ireland Designated centres Health and safety Compliance

Learn More

HIQA Designated Centre Medication

Draft or update a medication policy for a designated centre aligned with HIQA standards.

HIQA Ireland Designated centres Medication Compliance

Learn More

HIQA Designated Centre Safeguarding

Draft or update a safeguarding policy for a designated centre aligned with HIQA and national safeguarding guidance.

HIQA Ireland Designated centres Safeguarding Compliance

Learn More

HIQA Healthcare Governance

Draft or update a governance and accountability framework for healthcare services aligned with HIQA NSSBH Theme 5.

HIQA Ireland Healthcare Governance Compliance

Learn More

HIQA Incident Investigation Report

Draft an incident investigation report for healthcare services aligned with HIQA NSSBH and learning from incidents.

HIQA Ireland Healthcare Incidents Compliance

Learn More

HIQA Incident Reporting Procedure

Draft or update an incident reporting procedure for healthcare services aligned with HIQA NSSBH (internal reporting; for notifiable incidents use hiqa-notifiable-incidents-reporting).

HIQA Ireland Healthcare Incidents Compliance

Learn More

HIQA Information Governance Policy

Draft or update an information governance policy aligned with HIQA National Standards for Information Management and NSSBH Theme 8.

HIQA Ireland Information management Compliance

Learn More

HIQA Notifiable Incidents Reporting

Draft or update the process for reporting notifiable incidents to HIQA/Chief Inspector under the Patient Safety Act 2023.

HIQA Ireland Healthcare Patient Safety Act Compliance

Learn More

HIQA Open Disclosure Policy

Draft or update an open disclosure policy aligned with the Patient Safety Act 2023 and HIQA NSSBH.

HIQA Ireland Healthcare Open disclosure Compliance

Learn More

HIQA Quality Improvement Plan

Draft or update a quality improvement plan for healthcare services aligned with HIQA NSSBH.

HIQA Ireland Healthcare Quality Compliance

Learn More

HIQA Record-Keeping and Retention

Draft or update record-keeping and retention procedures aligned with HIQA National Standards for Information Management.

HIQA Ireland Information management Compliance

Learn More

HIQA Risk Register

Draft or update a risk register for healthcare services aligned with HIQA NSSBH (safe care, governance).

HIQA Ireland Healthcare Risk Compliance

Learn More

HIQA Safeguarding Policy

Draft or update a safeguarding policy for healthcare services aligned with HIQA NSSBH and national safeguarding guidance.

HIQA Ireland Healthcare Safeguarding Compliance

Learn More

HIQA Statement of Purpose

Draft or update a Statement of Purpose for a designated centre (older people, disability, or children) for HIQA registration.

HIQA Ireland Designated centres Compliance

Learn More

HIQA Workforce Performance Management Policy

Draft or update a workforce performance management policy for healthcare services aligned with HIQA NSSBH Theme 6.

HIQA Ireland Healthcare Workforce Compliance

Learn More

HIQA Workforce Recruitment Policy

Draft or update a workforce recruitment policy for healthcare services aligned with HIQA NSSBH Theme 6.

HIQA Ireland Healthcare Workforce Compliance

Learn More

HIQA Workforce Supervision Policy

Draft or update a workforce supervision policy for healthcare services aligned with HIQA NSSBH Theme 6.

HIQA Ireland Healthcare Workforce Compliance

Learn More

HIQA Workforce Training Policy

Draft or update a workforce training policy for healthcare services aligned with HIQA NSSBH Theme 6.

HIQA Ireland Healthcare Workforce Compliance

Learn More

HITRUST CSF Assessment

Draft HITRUST CSF Validated Assessment deliverables for e1, i1, or r2 certification: control requirement responses at all maturity levels, evidence artifacts, Corrective Action Plans, and the Validated Assessment Report.

HITRUST Compliance Cybersecurity Healthcare Audit

Learn More

HR & Personnel Security

Draft and validate HR security documents covering the full employment lifecycle: pre-employment screening, employment contract security clauses, management security responsibilities, disciplinary process framework, and termination/exit security procedures aligned with ISO 27001:2022 Annex A controls A.6.1, A.6.2, A.6.4, A.6.5, and A.5.4.

ISO 27001 A.6.1 A.6.2 A.6.4 A.6.5 A.5.4 ISMS HR Security Personnel Security Compliance

Learn More

IATF 16949 Process & CSR Author

Guided elaboration of IATF 16949 process documentation and customer-specific requirements (CSR) matrix: process maps, turtle diagrams, and evidence of conformity to OEM CSR.

IATF 16949 Automotive QMS CSR Compliance

Learn More

ICT Risk Management Framework (DORA)

Draft the complete ICT risk management framework required by the EU Digital Operational Resilience Act (DORA), covering governance, asset identification, protection, detection, response, recovery, and continuous improvement per Articles 5-16 and RTS 2024/1774.

DORA ICT Risk Management EU Regulation Financial Services Digital Operational Resilience Compliance

Learn More

IEC 62304 Software Lifecycle Author

Guided elaboration of medical device software lifecycle documentation per IEC 62304 — SDP, SOUP identification, SRS, design, verification/validation, and risk control integration.

IEC 62304 Medical Device Software Lifecycle Compliance

Learn More

IEC 62443 Zone & SR Elaborator

Guided elaboration of IACS security documentation per IEC 62443: zone/conduit model, Security Level (SL) targets, Security Requirements (SR) for components and systems, and gap remediation. Verifies each zone has an SL target and SR/FR are allocated.

Industrial Cybersecurity IEC 62443 IACS OT Compliance

Learn More

IEEE Software Design Author

Guided elaboration of software or systems design documentation per IEEE standards (e.g. 1016 for design description, 829 for test documentation) — design views, traceability to requirements, and test plan/report structure.

IEEE Software Design Systems Engineering Compliance Traceability

Learn More

Individual Accountability Framework (IAF/SEAR) — Ireland

Draft and validate Statements of Responsibility and Management Responsibilities Maps for the Central Bank of Ireland IAF and SEAR. Supports banks, insurers, and investment firms. Includes gap detection for prescribed responsibilities and SEAR role mapping.

Compliance Financial Services Ireland Regulation SEAR Governance

Learn More

Information Security Policy (ISO 27001)

Draft and validate an Information Security Policy aligned with ISO 27001:2022. Builds a complete Statement of Applicability covering all 93 Annex A controls, validates enforceability of policy language, and maps every policy section to the relevant controls. Includes SoA cross-referencing and jargon-simplification tools.

Compliance Security ISO 27001 ISMS Policy

Learn More

Insurance policy summary

Produce and validate structured insurance policy summaries (coverage, limits, exclusions, conditions, notice). Reduces E&O risk by ensuring critical sections and notice provisions are present.

Insurance Policy Summary Coverage Compliance

Learn More

ISMS Internal Audit Report (Clause 9.2)

Plan and execute ISO 27001 internal audits: create audit plans with sampling strategies, draft structured audit reports with findings mapped to clauses, validate finding completeness (severity, evidence, clause, CAPA), classify finding severity, and verify auditor impartiality.

Information Security ISO 27001 ISMS Internal Audit Compliance Clause 9.2

Learn More

ISMS Scope Statement (ISO 27001 Clause 4.3)

Define and validate the ISMS scope boundaries (physical, organizational, technical) with justified exclusions and no Shadow IT gaps. Includes boundary integrity checker and exclusion logic validator for audit-ready scope statements.

ISO 27001 ISMS Compliance Scope Clause 4.3

Learn More

ISO 14001 EMS Documentation

Draft ISO 14001:2015 Environmental Management System documentation: organization environmental profiling, gap assessment against clauses 4-10 with maturity ratings, and environmental policy creation. Includes tools for aspect significance evaluation, profile completeness checking, maturity scoring, remediation prioritization, and policy validation.

ISO 14001 EMS Environment Compliance GRC

Learn More

ISO 14971 Risk File Author

Guided elaboration of risk management file for medical devices per ISO 14971: hazard identification, risk analysis, risk control, residual risk acceptability, and benefit–risk rationale. Flags risks above acceptability thresholds without control or justification.

Medical Devices ISO 14971 Risk Management Compliance Benefit-Risk

Learn More

ISO 20000 Internal Audit (Clause 4.5.4.2)

Plan and execute SMS internal audits for ISO/IEC 20000-1:2011. Create annual audit programs, plan individual engagements, document findings with classifications (Major NC, Minor NC, Observation, OFI), and prepare corrective action plans.

ISO 20000 SMS Internal Audit Compliance IT Service Management GRC

Learn More

ISO 27001 Asset Inventory & Classification Register

Build and validate an Asset Inventory & Classification Register for ISO 27001:2022 Control A.5.9. Catalog information assets with Ownership and Classification (Public, Internal, Confidential, Restricted), suggest classification from sensitivity descriptions, and verify that every asset has a named Information Owner and that Confidential/Restricted assets have handling procedures.

ISO 27001 ISMS Compliance Asset Management Classification A.5.9

Learn More

ISO 27001 Awareness and Training Plan

Create, validate, and maintain the ISO 27001:2022 awareness and training plan per Clauses 7.2 (Competence), 7.3 (Awareness), and Annex A control A.6.3. Defines target audiences with role-based training requirements, training modules, delivery methods, annual schedule with quarterly phishing simulations, and effectiveness evaluation metrics. Validates section completeness, audience coverage, and schedule gaps. Produces a standalone audit-ready training plan document.

ISO 27001 ISMS Training Awareness GRC Compliance Clause 7.2 Clause 7.3 A.6.3

Learn More

ISO 27001 Business Continuity & Disaster Recovery Plan

Create operationally detailed Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) with BIA-driven recovery sequences, RTO/RPO validation, failover procedures, and exercise records per ISO 27001 Controls A.5.29/A.5.30.

ISO 27001 ISMS Compliance Business Continuity Disaster Recovery BCP DRP A.5.29 A.5.30

Learn More

ISO 27001 Confidentiality & NDA Agreements

Create and manage confidentiality and non-disclosure agreement templates with a tracking register per ISO 27001 Control A.6.6. Covers both employee and third-party scenarios.

ISO 27001 ISMS Compliance NDA Confidentiality A.6.6

Learn More

ISO 27001 Critical Supplier Register

Operational register of critical suppliers with data access, SLA thresholds, BCP dependencies, security assessment history, and internal ownership. The auditor-expected evidence document that proves supply chain operational knowledge per Clause 7.5.1(b) and Controls A.5.19–A.5.22.

ISO 27001 ISMS Compliance Supplier Management A.5.19 A.5.21 A.5.22 Supply Chain

Learn More

ISO 27001 Gap Assessment

Perform a structured gap assessment against ISO 27001:2022 clauses 4-10 and 93 Annex A controls. Mandatory artifact detector scans for missing ISMS documents; maturity rating tool suggests 0-5 maturity levels per clause area. Produces findings register and remediation roadmap.

ISO 27001 ISMS Compliance Gap Assessment GRC Audit Readiness

Learn More

ISO 27001 ISMS Annual Maintenance & Surveillance Audit Prep

Prepare for annual ISO 27001 surveillance audits by reviewing and updating existing ISMS documents. Scans documents for freshness, assesses organizational changes, performs delta risk re-assessment, updates SoA, reconciles CAPAs from prior audits, assembles surveillance audit evidence pack, scores audit readiness across 10 dimensions, and produces a year-over-year ISMS health report. Designed for certified organizations maintaining their ISMS between recertification cycles.

ISO 27001 ISMS Annual Review Surveillance Audit Maintenance PDCA GRC Compliance

Learn More

ISO 27001 Legal & Regulatory Requirements Register

Identify, document, and track all legal, statutory, regulatory, and contractual requirements relevant to information security per ISO 27001 Control A.5.31.

ISO 27001 ISMS Compliance Legal Regulatory A.5.31

Learn More

ISO 27001 Management Review

Prepare, validate, and document the ISO 27001:2022 management review per Clause 9.3. Compiles input pack from workspace ISMS artifacts, validates all 10 mandatory input categories (Clause 9.3.2) and 3 required output decisions (Clause 9.3.3), and checks that every action has an owner, due date, and expected outcome. Produces review agenda, input pack, minutes, and action tracker.

ISO 27001 ISMS Management Review GRC Compliance Clause 9.3

Learn More

ISO 27001 Monitoring, Measurement & Evaluation

Draft and validate the Clause 9.1 report (PDCA 'Check') and Clause 6.2 objectives register: six validation tools covering KPI effectiveness, CAPA linkage for every failed control, CAPA field completeness (root cause, corrective action, owner, date, effectiveness review), cross-document audit NC reconciliation, and objectives completeness (including Clause 6.2(c) risk register linkage and Clause 6.2(h) resources).

ISO 27001 ISMS Compliance Monitoring Metrics CAPA Clause 9.1 Clause 10.2 Clause 6.2

Learn More

ISO 27001 Operating Procedures (SOPs)

Create, validate, and index standard operating procedures (SOPs) for information processing facilities per ISO 27001 Control A.5.37. Produces step-by-step procedures with traceability to Annex A controls.

ISO 27001 ISMS Compliance SOP Operating Procedures A.5.37 Clause 7.5

Learn More

ISO 27001 Organization Profile

Build and validate a shared organization profile for ISO 27001 certification. Captures organizational facts (industry, locations, technology stack, regulations, suppliers) that feed into scope, risk assessment, SoA, and policy generation. Technology stack normalizer classifies systems; profile completeness checker validates all required sections.

ISO 27001 ISMS Compliance Organization GRC

Learn More

ISO 27001 Policy Generator

Generate, validate, and maintain the core ISMS policy and procedure set for ISO 27001:2022 certification. Produces 22 document types (information security policy, ISMS manual, risk management, access control, incident management, asset management, change management, business continuity, document control, corrective action, classification and handling, cryptography, secure development, vulnerability management, remote working, backup, management responsibilities, intellectual property, data leakage prevention, network security, secure disposal, cabling security) with clause-aware templates and organization-specific tailoring.

ISO 27001 ISMS GRC Compliance Policy Procedure Documentation

Learn More

ISO 27001 Risk Assessment

Complete ISO 27001:2022 risk assessment workflow covering methodology definition, risk identification using a 12-category threat taxonomy, risk analysis with 5×5 matrix scoring, treatment planning with Annex A control mapping, and residual risk validation. Produces auditor-ready risk methodology, risk register, treatment plan, and acceptance forms per Clause 6.1.2 and 6.1.3.

ISO 27001 Risk Assessment ISMS GRC Compliance Information Security Risk Management

Learn More

ISO 27001 Secure Architecture Principles

Document secure system architecture and engineering principles per ISO 27001 Control A.8.27. Produces a principles catalog with rationale, implementation guidance, and technology-stack applicability for development and infrastructure teams.

ISO 27001 ISMS Compliance Secure Architecture Engineering Principles A.8.27

Learn More

ISO 27001 Statement of Applicability

Build and validate the SoA (Clause 6.1.3): map 93 Annex A controls to In/Out with justification and implementation evidence. SoA mapping engine suggests inclusions from risk assessment; control justification audit ensures excluded controls have valid reasons and included controls link to active policies.

ISO 27001 ISMS Compliance SoA Clause 6.1.3 Annex A

Learn More

ISO 27001 Supplier Information Security Policy

Draft and validate supplier security requirements and annexes for ISO 27001:2022 Control 5.21. Tier-based Minimum Security Baseline (Cloud vs Janitorial), Right to Audit and Breach Notification validation.

ISO 27001 ISMS Compliance Supplier Security A.5.19 A.5.21

Learn More

ISO 27701 Controller Controls (Annex A)

Implement and document ISO 27701 Clause 7 and Annex A controls specific to PII controllers. Covers conditions for collection/processing, obligations to PII principals, privacy by design/default, and PII sharing/transfer/disclosure with implementation status, evidence, and justification for exclusions.

ISO 27701 Privacy Controller Annex A PII Compliance

Learn More

ISO 27701 DPIA Program

Establish a Data Protection Impact Assessment (DPIA) program aligned to ISO 27701 Clause 7.2.5 and GDPR Article 35. Create DPIA methodology with WP29/EDPB screening criteria, screen processing activities for high-risk triggers, conduct individual DPIAs, and track risk mitigation with residual risk assessment.

ISO 27701 Privacy DPIA Impact Assessment PII Compliance

Learn More

ISO 27701 PII Processing Inventory

Build the PII processing inventory (Record of Processing Activities / ROPA) and data flow map for ISO 27701. Catalogs every processing activity with purpose, legal basis, data categories, PII principals, recipients, retention periods, and cross-border transfers. Produces a data flow map showing PII flows between systems, parties, and jurisdictions.

ISO 27701 Privacy PII ROPA Data Inventory Compliance

Learn More

ISO 27701 PIMS Extension Author

Guided elaboration of PIMS documentation as an extension to ISMS: PII processing inventory, privacy objectives, processing purposes and legal basis, controller/processor annex controls, and privacy policy drafting aligned to Clause 6 controller obligations.

ISO 27701 Privacy PIMS PII Compliance Privacy Policy

Learn More

ISO 27701 PIMS Internal Audit

Plan and document a PIMS-specific internal audit. Covers audit planning, execution checklist, findings, nonconformities, and corrective actions focused on privacy controls and PII processing compliance.

ISO 27701 Privacy Audit Internal Audit PIMS Compliance ISO 19011

Learn More

ISO 27701 PIMS Scope Definition

Define the Privacy Information Management System (PIMS) scope per ISO/IEC 27701:2019+AMD1:2024 Clauses 5.2.1–5.2.4 — organization role as PII controller, processor, or both (5.2.1); interested parties and their privacy needs (5.2.2); PII principal categories, applicable regulations (GDPR, LGPD, CCPA/CPRA, PIPEDA, PDPA, APPI, POPIA, PIPL), PIMS boundaries, cross-border transfers, privacy objectives, and exclusions (5.2.3); and ISMS linkage (5.2.4). Foundation skill for all ISO 27701 documentation.

ISO 27701 Privacy PIMS Scope Compliance

Learn More

ISO 27701 PIMS Statement of Applicability

Create the PIMS Statement of Applicability covering both Annex A (controller) and Annex B (processor) controls. Maps each control to In/Out with justification, implementation status, and evidence — the PIMS-specific equivalent of the ISO 27001 SoA.

ISO 27701 Privacy SoA Statement of Applicability Annex A Annex B Compliance

Learn More

ISO 27701 Privacy Policy Generator

Generate a comprehensive privacy policy/notice aligned to ISO 27701 Clause 6 controller obligations. Uses PII inventory and controller controls as inputs to produce a legally-grounded, auditable privacy policy covering all 15 mandatory topics, plus a condensed privacy notice for user-facing communication.

ISO 27701 Privacy Privacy Policy Clause 6 Controller Compliance GDPR LGPD CCPA CPRA

Learn More

ISO 27701 Privacy Risk Assessment

Conduct a privacy-specific risk assessment focusing on risks to PII principals per ISO 27701 Clause 5.4 (2019) / Clause 6.6 (2025). Defines all 8 individual-focused privacy impact criteria (physical harm, financial loss, discrimination, reputational damage, emotional distress, loss of autonomy, identity theft, social disadvantage — not organizational CIA-triad categories), identifies privacy threats per processing activity and PII principal category, scores risks on a 5x5 privacy impact matrix, assesses DPIA triggers per GDPR Art. 35 / EDPB WP248 rev.01, and plans treatment using privacy-specific options (minimize, pseudonymize, anonymize, consent, purpose limitation, encryption, deletion).

ISO 27701 ISO 27701:2019 Privacy Risk Assessment PII PII Principals DPIA GDPR Art. 35 Compliance

Learn More

ISO 27701 Processor Controls (Annex B)

Implement and document ISO 27701 Clause 8 and Annex B controls specific to PII processors. Covers conditions for processing, obligations to PII principals, privacy by design/default, sub-processor management, and PII sharing/transfer/disclosure with implementation status, evidence, and justification for exclusions.

ISO 27701 Privacy Processor Annex B PII Compliance

Learn More

ISO 27701 Security Controls Overlay

Create the privacy overlay for the 93 ISO 27002:2022 security controls. For each control in the SoA, document what additional privacy-specific implementation is needed per ISO 27701 Clause 6. Covers all four control themes (Organizational, People, Physical, Technological) with privacy augmentation guidance and evidence mapping.

ISO 27701 Privacy Controls ISO 27002 PIMS Compliance

Learn More

ISO 42001 AI Policy

Draft and validate the formal AI Policy for ISO/IEC 42001:2023, covering all mandatory Clause 5.2 elements: organizational purpose alignment, compliance commitment, continual improvement, risk management, transparency, data governance, and ethical use including human rights.

ISO 42001 AI Policy Governance Compliance AI AIMS

Learn More

ISO 42001 AI Risk Assessment Methodology

Draft the AI risk assessment methodology for ISO/IEC 42001:2023.

ISO 42001 Risk Assessment Methodology Compliance AI

Learn More

ISO 42001 AI Risk Register

Draft and validate the AI risk register for ISO/IEC 42001:2023 with ownership, treatment, and residual risk.

ISO 42001 Risk Register Risk Management Compliance AI

Learn More

ISO 42001 AIMS Scope and Context

Draft and validate AIMS scope statement and organizational context for ISO/IEC 42001:2023 certification (Clause 4).

ISO 42001 AIMS Governance Compliance AI

Learn More

ISO 42001 Data Governance

Draft data governance procedures for AI systems under ISO/IEC 42001:2023.

ISO 42001 Data Governance Data Quality Compliance AI

Learn More

ISO 42001 Incident Response

Draft AI incident response procedure and documentation for ISO/IEC 42001:2023.

ISO 42001 Incident Response Compliance AI

Learn More

ISO 42001 Internal Audit

Draft internal audit procedure and audit report structure for the AIMS under ISO/IEC 42001:2023.

ISO 42001 Internal Audit Compliance AI

Learn More

ISO 42001 Nonconformity & Corrective Action

Draft nonconformity and corrective action procedure and records for the AIMS under ISO/IEC 42001:2023.

ISO 42001 Nonconformity Corrective Action Compliance AI

Learn More

ISO 42001 Statement of Applicability

Build and validate the SoA for ISO/IEC 42001:2023 Annex A with justification and implementation evidence.

ISO 42001 SoA Annex A Compliance AI

Learn More

ISO 42001 Supplier & Third-Party AI

Draft supplier and third-party AI evaluation, contracts, and documentation for ISO/IEC 42001:2023.

ISO 42001 Supplier Third-Party Compliance AI

Learn More

ISO 45001 Gap Assessment

Perform a structured gap assessment against ISO 45001:2018 clauses 4-10. Scans for missing OHSMS documentation, rates clause maturity on a 0-5 scale, and produces a prioritized remediation roadmap for certification readiness.

ISO 45001 OHSMS Gap Assessment Compliance Audit

Learn More

ISO 45001 Organization Profile

Build and validate a shared organization profile for ISO 45001:2018 certification. Captures industry sector, worker demographics, locations, OH&S history, regulatory environment, and contractor relationships that feed into hazard identification, risk assessment, and policy generation.

ISO 45001 OHSMS Occupational Health and Safety Compliance Organization

Learn More

ITU Recommendation Conformity Author

Guided elaboration of implementation or compliance documentation for a selected ITU-T (or ITU-R) recommendation — scope, normative references, implementation statement, and conformance checklist.

ITU Telecommunications Conformity Compliance

Learn More

JIT PAM Zero Trust (NIST 800-207)

Document and audit Just-in-Time privileged access management aligned to Zero Trust and NIST SP 800-207. Defines no-standing-privilege, time-bound elevation, and MFA for privileged sessions.

NIST 800-207 Zero Trust JIT PAM Privileged Access Compliance GRC Identity and Access

Learn More

King IV Apply and Explain

Draft or validate the King IV 'apply and explain' governance disclosure (all 16 principles) for South Africa.

King IV South Africa Governance Compliance Disclosure

Learn More

LAC — Licenciamento Ambiental Simplificado

Apoia a elaboracao e revisao de requerimentos de LAC (Licenca por Adesao e Compromisso) para licenciamento ambiental no Brasil, com foco em CONAMA e orgaos estaduais de meio ambiente. Inclui enquadramento de atividades, template de requerimento, checklist de conformidade e validacao automatica.

Environment Licensing CONAMA LAC Brazil Compliance Regulated Sector

Learn More

LAE — Licença Ambiental Especial (Obras Estratégicas)

Estruturação de Termos de Referência (TR) e Relatórios de Impacto Ambiental (EIA/RIMA) para Licença Ambiental Especial (Lei 15.300/2025), com foco em obras e empreendimentos estratégicos. Garante vínculo entre cronograma de instalação e condicionantes ambientais. Inclui template TR, checklist e validação de enquadramento para tramitação prioritária de 12 meses.

Environment Licensing Infrastructure Energy Brazil IBAMA MMA Lei 15.300/2025 Compliance Regulated Sector

Learn More

Law 25 — Governance Policy

Draft the policy on practices governing the protection of personal information under Quebec Law 25. Covers complaints process, staff roles and responsibilities, retention and destruction rules, and review cycle.

Quebec Law 25 Bill 64 Governance Compliance Canada

Learn More

Law 25 — Privacy Officer Designation

Draft the formal designation of the person in charge of the protection of personal information (Privacy Officer) under Quebec Law 25 (Bill 64). Board resolution or CEO/MD letter; validation for required elements.

Quebec Law 25 Bill 64 Privacy Officer Compliance Canada

Learn More

Law 25 — Privacy Policy

Draft and update a public privacy policy in line with Quebec Law 25 (Bill 64). Covers purposes, rights, retention, complaints, and Privacy Officer contact. Includes validation for required elements.

Quebec Law 25 Bill 64 Privacy Policy Compliance Canada

Learn More

LEED Credit Documentation Author

Guided elaboration of LEED credit documentation — credit intent, compliance path, calculations, and evidence checklist for submission.

LEED Green Building Sustainability USGBC Compliance

Learn More

LkSG Supply Chain Due Diligence

Erstellt Grundsatzerklaerungen (Policy Statements) und Jahresberichte gemaess dem Lieferkettensorgfaltspflichtengesetz (LkSG). Mappt Lieferantenaudits auf die 11 geschuetzten Rechtspositionen und validiert die BAFA-Berichtskonformitaet.

LkSG Supply Chain Due Diligence BAFA Compliance Germany Human Rights

Learn More

MaRisk Risikomanagement-Handbuch

Erstellt und prueft Risikomanagement-Handbuecher fuer Finanzinstitute in Deutschland gemaess MaRisk (BaFin). Unterstuetzt die vollstaendige Ausarbeitung aller MaRisk-Module (AT, BT, BTR), Konformitaetspruefungen und Identifikation von Dokumentationsluecken.

Finance Regulatory BaFin MaRisk Compliance Germany Risk Management

Learn More

MAS TRM — Technology Risk Management Framework

Draft and validate the Technology Risk Management framework for MAS-regulated financial institutions. Covers governance, IT resilience, cyber security, data loss prevention, and technology audit per MAS TRM Guidelines (2021).

Singapore MAS Technology Risk Financial Services Compliance

Learn More

MD&A — Driver-Based Drafting (Item 303)

Draft Management's Discussion and Analysis for 10-K or 10-Q with a driver-based structure: results of operations, liquidity and capital resources, known trends and uncertainties, and critical accounting estimates. Includes validation for required subsections, causation language, and non-GAAP reconciliation.

SEC Securities Regulatory Form 10-K Form 10-Q MD&A Reg S-K Compliance

Learn More

MFA Exception Rationalizer (CISA CPG 1.1)

Document the transition to phishing-resistant MFA and draft MFA-exception rationales for Critical Infrastructure. Identifies legacy systems that cannot support MFA, proposes compensating controls (e.g. jump hosts), and validates authentication hardware against the FIDO2 standard required by CPG 1.1.

Compliance Security Critical Infrastructure CISA MFA FIDO2

Learn More

Mining & Exploration — Reserve Estimate Validator

Guided elaboration and compliance validation of mineral resource and reserve technical reports under NI 43-101 (Canada) and JORC Code (Australia/South Africa), with QP/CP certificate checking and resource classification integrity verification.

Mining Natural Resources Compliance NI 43-101 JORC Code Canada Australia South Africa

Learn More

Mobile Device & Teleworking Policy (ISO 27001)

Draft and validate a Mobile Device & Teleworking Policy for ISO 27001:2022 (A.5.17, A.6.7, A.8.1). Covers BYOD, VPN, disk encryption, remote wipe consent, endpoint leakage risk, and compliance with Right to Disconnect (France, Brazil, Ireland). Includes labor-law overlap check.

Compliance Security ISO 27001 ISMS Remote work BYOD

Learn More

Modern Slavery Statements (AU)

Annual drafting of Modern Slavery Statements for the Australian regime under the Modern Slavery Act 2018 (Cth). Covers the seven mandatory criteria (s16), approval by the principal governing body, and submission to the ABF Online Register. For entities with consolidated revenue ≥ A$100m.

Australia Compliance Supply chain Modern Slavery Act 2018 Regulatory Reporting

Learn More

Monitoramento de Infecções (IRAS) e RAM

Padroniza relatórios mensais de infecção hospitalar e resistência microbiana para hospitais e clínicas, com foco em notificação de indicadores nacionais obrigatórios e detecção de discrepâncias estatísticas. Regulação: ANVISA, Notas Técnicas 02/2026 e 03/2026.

Healthcare Patient Safety ANVISA Brazil Compliance Infection Control

Learn More

Multi-State Employee Handbook

Draft a multi-state employee handbook with jurisdiction-specific policy language for each state of operation, covering at-will employment, paid leave, anti-discrimination, wage and hour, and workplace safety requirements.

Employment HR Compliance US Law Handbook

Learn More

NDB Incident Drafter

Draft and validate the Statement to the Commissioner and Notification to Individuals under Australia's Notifiable Data Breaches (NDB) scheme. Ensures the four mandatory sections under Privacy Act s 26WK are present and supports assessment of likelihood of serious harm by data type (e.g. TFN, Medicare).

Australia Privacy OAIC NDB Compliance Data Breach

Learn More

NDIS Provider Quality Audit

Elaborate and validate the Provider Policy & Procedures manual for NDIS registration in Australia. Ensures the Reportable Incidents procedure includes the mandatory 24-hour notification to the NDIS Quality and Safeguards Commission and covers required incident types. Works alongside NDIS Practice Standardizer for Core Module alignment.

NDIS Australia Disability Services Compliance Quality and Safeguards Commission Policy and Procedures

Learn More

NIS2 Entity Classification

Classify an organization as essential, important, or out-of-scope under the NIS2 Directive (EU 2022/2555). Maps activities to Annex I/II sectors, applies size thresholds (medium/large enterprise criteria), and determines member state jurisdiction. Produces a classification report with regulatory obligations summary.

NIS2 EU Directive Cybersecurity Entity Classification GRC Compliance

Learn More

NIS2 Gap Assessment

Perform a structured gap assessment against all NIS2 Directive Art. 21 cybersecurity risk-management measures. Rates maturity (0-5) per measure, detects missing compliance artifacts, and builds a prioritized remediation roadmap weighted by regulatory severity and entity classification. Produces a comprehensive gap report with interactive dashboard data.

NIS2 Gap Assessment Compliance Cybersecurity GRC Audit Readiness

Learn More

NIS2 Governance & Risk Management

Document management body accountability and cybersecurity risk management measures per NIS2 Directive Art. 20-21. Covers all 11 mandatory measures (a)-(k), governance approval workflows, and management training obligations. Produces a governance and risk management report with measure-by-measure coverage analysis.

NIS2 Governance Risk Management Cybersecurity GRC Compliance

Learn More

NIS2 Incident Reporting

Draft NIS2-compliant incident reports following Art. 23 timelines: early warning within 24 hours, incident notification within 72 hours, and final report within one month. Classifies incident significance, validates report completeness, and tracks notification deadlines. Produces all three report types with CSIRT/competent authority notification content.

NIS2 Incident Reporting Cybersecurity CSIRT GRC Compliance

Learn More

NIS2 Registration & Reporting

Prepare entity registration submissions and annual reports per NIS2 Art. 27-28. Validates registration form completeness against required fields (entity details, sector, IP ranges, contact information) and checks annual report content. Produces registration-ready submissions and structured annual compliance reports.

NIS2 Registration Reporting CSIRT GRC Compliance

Learn More

NIST CSF Profile Author

Guided elaboration of a NIST Cybersecurity Framework (CSF) assessment: current profile (Identify, Protect, Detect, Respond, Recover, Govern), target profile, gap analysis, and prioritized implementation plan with outcomes and metrics.

NIST CSF Cybersecurity Risk Management Compliance USA

Learn More

NIST Password Logic Adapter (CISA CPG 1.2)

Rewrite legacy password policies to prioritize length and entropy over complexity and aging, and draft the Compromised Password Detection Protocol. Aligns with NIST SP 800-63B and CISA CPG 1.2; validates that procedures include a recurring check against leaked-credential APIs (e.g. Have I Been Pwned).

Compliance Security Critical Infrastructure CISA NIST Password Identity

Learn More

NIST SP 800-53 / CSF Crosswalk

Bidirectional crosswalk between NIST Cybersecurity Framework (CSF) 2.0 subcategories and SP 800-53 Rev 5 controls. Maps CSF subcategories to 800-53 controls and vice versa, identifies gaps in either direction, and produces a crosswalk document for dual-framework compliance.

NIST NIST 800-53 NIST CSF Cybersecurity Compliance GRC USA

Learn More

NIST SP 800-53 Baseline Selector

Select and tailor an SP 800-53 Rev 5 control baseline based on FIPS 199 categorization and regulatory overlays (HIPAA, PCI-DSS, GDPR, SOX, FedRAMP, CMMC). Applies the appropriate Low/Moderate/High baseline, adds regulation-specific controls, and supports tailoring with documented justification. Produces tailored-control-catalog.json for all downstream skills.

NIST NIST 800-53 Compliance GRC Baseline USA

Learn More

NIST SP 800-53 Control Standard Author

Author implementation standards for individual NIST SP 800-53 controls. Each standard documents the control objective, implementation narrative, technology and tools, responsible roles, evidence requirements, and review frequency. Validates narrative coverage and quality across control families.

NIST NIST 800-53 Compliance GRC Controls USA

Learn More

NIST SP 800-53 Family Policy Author

Author NIST SP 800-53 family-level policies (the -1 controls) for each control family. Produces structured policy documents with Purpose, Scope, Applicability, Policy Statements, Roles & Responsibilities, Compliance & Enforcement, Review Frequency, and Related Documents sections. Validates completeness and structure.

NIST NIST 800-53 Compliance GRC Policy USA

Learn More

NIST SP 800-53 Gap Analysis

Conduct a gap analysis across the NIST SP 800-53 compliance program. Cross-references tailored control catalog against policies, standards, and mappings to identify coverage gaps. Prioritizes remediation by baseline level, regulatory requirement, and family criticality. Produces a gap analysis report with per-family breakdown and phased remediation roadmap.

NIST NIST 800-53 Compliance GRC Gap Analysis USA

Learn More

NIST SP 800-53 Organization Profile

Build and validate the organizational context profile for NIST SP 800-53 Rev 5 compliance. Captures FIPS 199 security categorization (Confidentiality, Integrity, Availability impact levels), applicable regulations (HIPAA, PCI-DSS, GDPR, SOX, FedRAMP, FISMA, CMMC), existing frameworks, and authorization boundary. Validates completeness of categorization and scope for downstream baseline selection and control implementation.

NIST NIST 800-53 FIPS 199 Compliance GRC USA

Learn More

NIST SP 800-53 Policy-Control Mapper

Map existing policy and standard documents to NIST SP 800-53 controls with AI-assisted quality scoring. Rates each mapping as High/Medium/Low confidence with documented justification. Identifies unmapped controls and low-quality mappings for remediation. Produces policy-control-mapping.json for gap analysis.

NIST NIST 800-53 Compliance GRC Mapping USA

Learn More

Nordic AML/CFT — Enterprise-Wide Risk Assessment

Draft and validate the enterprise-wide AML/CFT risk assessment for Nordic supervisors. Covers inherent risk, control effectiveness, residual risk, and risk appetite per Joint ESA Guidelines and AMLD6.

AML CFT Nordic Financial Services Compliance

Learn More

OH&S Policy & Leadership (ISO 45001 Clauses 5.1–5.3)

Draft and validate the OH&S policy, leadership commitment statement, and roles & responsibilities matrix per ISO 45001:2018. Validates the policy for all six mandatory commitments (prevention of injury, safe working conditions, hazard elimination, continual improvement, worker consultation, legal compliance) and checks role definitions from top management to worker level.

ISO 45001 OHSMS Policy Leadership Compliance

Learn More

OHSMS Hazard & Legal Author

Guided elaboration of OH&S management system documentation for ISO 45001: context, hazard identification and risk assessment (6.1.2), hierarchy of controls (8.1.2), legal and other requirements register (6.1.3), planning action (6.1.4), consultation and participation (5.4), and OH&S objectives (6.2). Verifies hazard–legal linkage, hierarchy of controls documentation, planning action completeness, and flags missing review dates or compliance status.

Occupational Health and Safety ISO 45001 OHSMS Compliance Hazard

Learn More

OHSMS Internal Audit (Clause 9.2)

Plan and execute ISO 45001 OHSMS internal audits: create audit plans with sampling strategies, draft structured audit reports with findings mapped to clauses, validate finding completeness (severity, evidence, clause, corrective action), and verify auditor impartiality.

ISO 45001 OHSMS Internal Audit Compliance Assessment

Learn More

OHSMS Management Review (Clause 9.3)

Prepare, validate, and document the ISO 45001 management review per Clause 9.3. Compile input pack from OHSMS artifacts, validate coverage of all mandatory inputs (9.3.2) and outputs (9.3.3) including OH&S performance, incidents, audit results, worker consultation, and legal compliance. Draft management review minutes with decisions and actions, and verify action completeness.

ISO 45001 OHSMS Management Review Leadership Compliance

Learn More

OT Asset Integrity Register (CISA CPG 2.1)

Maintain and validate an OT Asset Integrity Register for CISA CPG 2.1: catalog ICS, PLCs, HMIs, and sensors with firmware versions and physical locations; link assets to CISA KEV and vendor advisories (Siemens, Rockwell, etc.); cross-reference inventory with network discovery to flag unauthorized devices.

Compliance Security Critical Infrastructure CISA OT ICS Asset management

Learn More

PAM Standard (PR.AA)

Draft and validate a Privileged Access Management standard aligned to NIST CSF 2.0 PR.AA. Defines JIT, least privilege, SoD boundaries, and break-glass workflow; ensures MFA for 100% of privileged sessions.

NIST CSF 2.0 PAM Identity and Access GRC Privileged Access Compliance

Learn More

PCI DSS Report on Compliance (ROC)

Author PCI DSS v4.0 ROC documentation for Level 1 QSA assessments: scope workpapers, requirement-by-requirement findings, Compensating Controls Worksheets (CCWs), Customized Approach Worksheets (CAWs), and the Attestation of Compliance (AOC).

PCI DSS Payment Security ROC QSA Compliance Cybersecurity

Learn More

PCI-DSS SAQ & Scope Author

Guided elaboration of PCI-DSS scope documentation and SAQ support: cardholder data environment (CDE), network segmentation narrative, and control evidence mapping to SAQ requirements.

PCI DSS Payment Security SAQ Compliance Cybersecurity

Learn More

Pharmacy QMS (ApBetrO)

Pflege und Erstellung des Qualitaetsmanagementsystems (QMS) fuer oeffentliche Apotheken gemaess Apothekenbetriebsordnung (ApBetrO). Erstellt QMS-Handbuecher, Hygieneplaeane nach RKI-Richtlinien, Rezepturprotokolle nach DAB/Ph.Eur. und prueft die Compliance.

ApBetrO Pharmacy QMS Healthcare Compliance Germany

Learn More

Physical Security Perimeter (ISO 27001)

Define and document physical security perimeters and physical entry controls for ISO 27001:2022 Annex A 7.1 and 7.2. Structures the Defense in Depth narrative for offices, data centers, and secure areas: entry controls, visitor management, anti-tailgating, environmental protection, and off-site asset security (A.7.9). Validation tools check for anti-passback, visual badge identification, and off-site security steps.

ISO 27001 ISMS Compliance Physical Security Defense in Depth A.7.1 A.7.2 A.7.9

Learn More

PMS — Plan de Maîtrise Sanitaire (France)

Elaborate the sanitation master plan (PMS) for restaurants and food production in France. Align with Paquet Hygiène, sector GBPH, and DDPP controls. Covers traceability (étiquettes de traçabilité) and retrait-rappel (recall) procedures.

Food Safety France PMS Paquet Hygiène GBPH DDPP Hospitality Catering Traceability Recall HACCP Compliance

Learn More

Política de Privacidade — LGPD

Elaboração de políticas de privacidade em conformidade com a LGPD (Lei 13.709/2018) e orientações da ANPD. Cobre transparência (Art. 9), princípios (Art. 6º), direitos do titular (Art. 18), bases legais (Art. 7), retenção e canal do encarregado. Inclui validação de presença dos direitos do titular e do canal do encarregado.

LGPD ANPD Política de Privacidade Compliance Brasil Privacidade Transparência

Learn More

POPIA Information Officer Authorization

Draft the formal authorization (board resolution or CEO/MD letter) designating the Information Officer and Deputy IOs for submission to the Information Regulator.

South Africa POPIA Information Officer Compliance Information Regulator Board Resolution

Learn More

POPIA Registration Form Part A — Information Officer

Draft Part A of the POPIA Information Officer registration form with full name, designation, and contact details including direct email for the Information Regulator.

South Africa POPIA Information Officer Compliance Information Regulator

Learn More

POPIA Registration Form Part B — Deputy Information Officers

Draft Part B of the POPIA Information Officer registration form with contact details for each Deputy Information Officer (DIO) for the Information Regulator.

South Africa POPIA Information Officer Deputy IO Compliance Information Regulator

Learn More

POPIA Registration Form Part C — Organisation Details

Draft Part C of the POPIA Information Officer registration form with registered company name, address, and registration number for the Information Regulator.

South Africa POPIA Information Officer Compliance Information Regulator Company Registration

Learn More

Privacy & PII Protection Program

Build a comprehensive privacy program aligned with ISO 27001:2022 A.5.34 and major privacy regulations (GDPR, LGPD, CCPA). Produces five core privacy documents: external-facing privacy policy, Record of Processing Activities (ROPA), Data Protection Impact Assessment (DPIA) template, data subject rights procedure, and data breach notification procedure with jurisdiction-specific regulatory timelines.

ISO 27001 A.5.34 ISMS Privacy PII GDPR LGPD DPIA ROPA Compliance

Learn More

Privilege Training Mapper (CISA CPG 4.3)

Map privileged job functions to role-specific training modules and validate training compliance. Cross-reference Privileged User List with HR training log to flag missing or overdue certifications.

CISA CPG Critical Infrastructure Training Compliance Privileged Access

Learn More

Procedimentos de Notificação à ANPD — LGPD

Documentação e execução dos procedimentos de notificação à ANPD: comunicação de RIPD (Art. 38), incidente de segurança (Art. 48), consulta prévia e demais obrigações. Inclui quando e como notificar, prazos e canais.

LGPD ANPD Notificação Art. 38 Art. 48 Compliance Brasil Incidentes

Learn More

Professional Fees for Architects (HOAI)

Phase-by-phase billing and documentation of service achievements for architects and engineers per HOAI (Honorarordnung für Architekten und Ingenieure). Validates Grundleistungen completeness before billing, calculates Honorarzonen from building complexity criteria, and produces structured Leistungsnachweis documentation.

Architecture Engineering Billing Germany HOAI Compliance

Learn More

QMS CAPA Tracker

Draft and validate CAPA (Corrective and Preventive Action) reports for medical device quality management systems. Standardizes root cause analysis using 5 Whys or Fishbone (Ishikawa) methods, enforces Effectiveness Check completeness, and validates CAPA structure against ISO 13485 and FDA 21 CFR Part 820 requirements.

Healthcare Quality Management Regulatory ISO 13485 FDA Compliance

Learn More

QMS Procedure Elaborator

Guided elaboration of QMS procedures, process maps, and quality objectives aligned to ISO 9001 clauses and context of the organization. Verifies required clause topics are addressed and objectives are measurable.

Quality Management ISO 9001 QMS Procedures Compliance

Learn More

Qualiopi — Dossier de Certification

Prepare the Dossier de Certification for Qualiopi (France, RNQ). Structure proof-of-service evidence (feuilles d'émargement, enquêtes de satisfaction), validate with proof_of_service_audit, and align with the 7 criteria and 32 indicators of the Référentiel National Qualité.

Education France Qualiopi RNQ Professional Training Compliance

Learn More

R&D Tax Incentive Registration

Draft Core and Supporting Activity descriptions for the R&D Tax Incentive annual registration (Australia, AusIndustry/ATO). Ensures HEOC structure for core activities and salary-to-project nexus; validates descriptions with nexus_expenditure_check.

Australia Tax R&D AusIndustry ATO Compliance

Learn More

Railway RAMS Lifecycle Validator

Elaborate and validate a Safety Case for railway signaling systems per EN 50126. Covers the full V-model lifecycle (Concept to Decommissioning), SIL 1–4 allocation with failure rate consistency checks, hazard analysis, risk assessment, and CENELEC standard compliance for EU railway projects.

Transportation Railway Safety Regulatory Compliance EN 50126

Learn More

RCA — Relatório de Controle Ambiental

Apoia a elaboração e revisão de Relatórios de Controle Ambiental (RCA) para licenciamento ambiental no Brasil, com foco em regularização de empreendimentos e renovação de licenças, incluindo diagnóstico ambiental, plano de controle e validação de completude.

Environment Regulatory CONAMA Licensing Brazil Compliance

Learn More

RCA/PCA — Medidas Mitigadoras e Monitoramento

Redação técnica de medidas mitigadoras para Relatórios de Controle Ambiental (RCA) e Planos de Controle Ambiental (PCA), com vínculo impacto–monitoramento e verificação de efluentes contra CONAMA 430. Foco em mineração e transformação (médio impacto); órgãos CETESB, INEA, SEMAD.

Environment Regulatory CONAMA Brazil Compliance Mining

Learn More

RCT Sub-contractor Agreements

Draft and validate sub-contractor agreements for Irish construction and project management with RCT and VAT reverse charge compliance. Ensures Status of the Worker clauses and mandatory VAT wording.

Ireland Construction Tax RCT VAT Revenue Compliance Contracts

Learn More

RE2020 Compliance

Draft the environmental performance summary for new buildings under France's RE2020. Covers IC construction and IC énergie (kgCO₂/m²), LCA narrative with bio-sourced materials, threshold validation, and ADEME/ministerial alignment. France; construction and HVAC.

France RE2020 ADEME Environment Construction HVAC LCA Compliance

Learn More

Records Retention Schedule

Build records retention schedules defining how long every document type (tax, HR, legal, accounting, medical, contracts) must be kept, with country-specific statutory minimums and validated disposal protocols for physical and digital records.

Records Management Compliance Data Lifecycle Global Tax and Labor Laws

Learn More

Registro de Operações de Tratamento — LGPD (Art. 37)

Elaboração e manutenção do registro de operações de tratamento de dados pessoais em conformidade com o Art. 37 da LGPD. Documenta finalidades, categorias de dados e titulares, bases legais, compartilhamento, retenção e medidas de segurança. Inclui validação dos campos mínimos exigidos.

LGPD ANPD Registro de Operações Art. 37 Compliance Brasil Privacidade

Learn More

Relatório de Impacto à Proteção de Dados (RIPD) — LGPD

Elaboração e validação de Relatórios de Impacto à Proteção de Dados (RIPD) sob a LGPD (Lei 13.709/2018) e orientações da ANPD. Avaliação de riscos para tratamentos de alto risco ou em larga escala (e-commerce, saúde e demais setores). Valida se a base legal escolhida (ex.: Legítimo Interesse — Art. 7, IX) possui o teste de balanceamento documentado conforme Guia Orientativo da ANPD.

LGPD ANPD Proteção de Dados RIPD Compliance Brasil Privacidade Avaliação de Riscos

Learn More

Relatório de Segurança — LGPD (Art. 46 a 49)

Elaboração do relatório de segurança e do procedimento de comunicação de incidentes nos termos dos Art. 46 a 49 da LGPD. Cobre medidas técnicas e organizacionais, registro de incidentes (Art. 47), comunicação à ANPD (Art. 48) e aos titulares (Art. 49).

LGPD ANPD Relatório de Segurança Incidentes Art. 46 Art. 48 Compliance Brasil

Learn More

Relatórios Prudenciais CMN/BCB

Apoia a elaboracao e revisao de divulgacoes prudenciais no Brasil com foco em CMN/BCB (Pilar 3, ICAAP e riscos sociais, ambientais e climaticos), incluindo checklist de conformidade e validacao de completude.

Finance Regulatory BCB CMN Compliance Brazil Prudential

Learn More

Review Legal Clauses

Examine contract clauses for completeness, risks, and compliance issues. Flags potential problems and suggests improvements in plain language.

Legal Compliance Review

Learn More

RI&E — Risico-inventarisatie en -evaluatie (Netherlands)

Draft and validate the mandatory Risk Inventory & Evaluation (RI&E) and Plan van Aanpak under the Dutch Working Conditions Act (Arbowet Art. 5). Covers hazard identification, risk evaluation, PSA, and arbodeskundige review.

Netherlands Arbowet Occupational Health RI&E Compliance

Learn More

Risk & Control Self-Assessment (RCSA)

RCSA support aligned with COSO and Basel III. Front-line managers document risks and control effectiveness; the skill scores control strength (Automated > Manual, Preventative > Detective) and identifies optimistic bias where residual risk is low despite weak controls or thin descriptions.

Risk Management Compliance COSO Basel III RCSA Operational Risk Internal Control

Learn More

Risk Register ISO 31000

Guided elaboration of an ISO 31000:2018-aligned risk register: organizational context, risk criteria (likelihood/impact scales and appetite), structured register entries with cause, existing controls, consequence, treatment, residual risk, implementation deadline and owner, plus automated validation of completeness and L x I consistency.

Risk Management ISO 31000:2018 GRC Risk Register Compliance ERM

Learn More

Sandbox Compliance Expert

Elaboração de propostas para sandbox regulatório e contratos de inovação (CVM, BCB, SUSEP). Define critérios de saída segura e limites de operação; valida proteção ao consumidor e responsabilidade civil conforme LC 182/2021.

Regulatory Compliance Brazil Startups CVM BCB SUSEP Sandbox

Learn More

SBOM Vulnerability Mapper

Generate and validate a Software Bill of Materials (SBOM) and draft CRA-compliant technical documentation for connected products in the EU market. Checks software components against the NIST NVD for known critical vulnerabilities. Covers product classification, Annex I essential cybersecurity requirements, vulnerability handling, conformity assessment, and ENISA reporting readiness.

Cybersecurity IoT Consumer Electronics Compliance SBOM Cyber Resilience Act

Learn More

SDLC Control Drafter (ISO 27001 A.8.28)

Draft and maintain ISO 27001-aligned Secure Development Lifecycle (SDLC) policy: Security by Design, Security by Default, and security gates (SAST/DAST, peer review, threat modeling). Includes OWASP Top 10 alignment check for web and API risks.

ISO 27001 ISMS SDLC Secure development OWASP Security by Design Compliance

Learn More

SEC DEF 14A (Proxy Statement)

Draft and validate annual meeting proxy statements for U.S. domestic issuers: meeting and voting mechanics, proposals, director nominees, beneficial ownership, executive compensation (scaled for SRC/EGC), audit matters, and Part III 10-K incorporation mapping.

SEC Securities Regulatory Proxy Corporate Governance Compliance DEF 14A

Learn More

SEC Form 10-Q (Quarterly Report)

Generate and validate quarterly Form 10-Q narrative sections and checklists, with delta-focused updates, Risk Factors (material changes only), Legal Proceedings, Controls and Procedures, and consistency checks.

SEC Securities Regulatory Form 10-Q Quarterly Compliance

Learn More

SEC Form 4 (Section 16)

Generate Form 4 drafts from insider transaction details: map to transaction codes and tables, draft footnotes (tax withholding, 10b5-1, indirect ownership), and validate for Rule 16a-3 and two-business-day filing.

SEC Securities Section 16 Form 4 Insider Transactions Compliance

Learn More

SEC Form 8-K (Current Report)

Draft and validate SEC Form 8-K filings for any reportable corporate event, with item mapping, compliance checks, and standard legal language.

SEC Securities Regulatory Form 8-K Corporate Governance Compliance

Learn More

SecNumCloud — Dossier d'Homologation

Draft the Dossier d'Homologation for ANSSI SecNumCloud certification. Map infrastructure to the Référentiel, validate EEA data sovereignty for sub-processors, and structure evidence for France's public-sector cloud qualification.

Cybersecurity France ANSSI SecNumCloud Compliance Public Sector

Learn More

SFCR Solvency II (Pillar 3)

Supports preparation and review of the Solvency and Financial Condition Report (SFCR) for EU insurance and reinsurance undertakings under Solvency II Pillar 3, including QRT consistency checks and MCR/SCR ratio validation.

Insurance Regulatory Solvency II EIOPA Compliance Europe Risk Management

Learn More

SOC 2 Audit Readiness Planner

Guided journey dashboard across all SOC 2 skills. Detects which skills have produced their expected outputs, shows progress across 4 phases (Foundation, Assessment, Documentation, Validation), and recommends the next step.

Compliance Security SOC 2 Audit Planning Dashboard

Learn More

SOC 2 Control Narrative Author

Guided elaboration of SOC 2 readiness documentation: control narratives aligned to AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy), control-objective mapping, and evidence placeholders for Type I/II audit.

SOC 2 AICPA Trust Services Criteria Compliance Audit Cybersecurity

Learn More

SOC 2 Internal Audit

Conduct an internal readiness audit for SOC 2 certification. Tests controls per TSC criteria, classifies findings by AICPA severity (Material Weakness, Significant Deficiency, Deficiency, Observation), organizes evidence for auditor handoff, tracks management responses, and produces a readiness assessment. The capstone skill that determines whether the organization is ready to engage an external auditor.

Compliance Security SOC 2 Audit AICPA Internal Audit GRC

Learn More

SOC 2 Monitoring & Testing

Build an ongoing monitoring and testing program for SOC 2 audit readiness. Creates a control testing plan with method, frequency, and tester assignments; an evidence collection matrix mapping controls to TSC criteria; and an exception tracker with root cause analysis and remediation. Validates testing coverage, evidence strength, and exception management.

Compliance Security SOC 2 Audit AICPA Trust Services Criteria Testing

Learn More

SOC 2 Organization Profile

Build and validate the organizational context profile for SOC 2 audit readiness. Captures principal service commitments, system requirements (SCSR), trust services categories, system boundaries, subservice organizations (carved-out/inclusive), and complementary user entity controls (CUECs). Boundary validator checks scope completeness; CUEC mapper validates controls are specific, actionable, and TSC-aligned.

Compliance Security SOC 2 Audit AICPA Trust Services Criteria GRC

Learn More

SOC 2 Policy Generator

Generate Trust Services Criteria-aligned policy documents for SOC 2 audit readiness. Produces 8 core policies (Information Security, Access Control, Change Management, Incident Response, Risk Assessment, Vendor Management, Business Continuity, Data Classification) plus optional Privacy and Processing Integrity policies — each tailored to organizational context with TSC criteria mapping, named roles, and specific systems.

Compliance Security SOC 2 Audit AICPA Trust Services Criteria Policy

Learn More

SOC 2 Policy Review

Interactive statement-by-statement review of SOC 2 policy documents. Walks through each policy statement with approve, reject, or AI rewrite options. Produces a timestamped audit trail that satisfies SOC 2 evidence requirements.

Compliance Security SOC 2 Audit Policy Review

Learn More

SOC 2 Readiness Gap Analysis

Map internal controls against AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy). Identifies unmapped criteria, validates evidence artifacts and tests of effectiveness, and produces a prioritized remediation roadmap for SOC 2 Type I or Type II audit readiness.

Compliance SOC 2 AICPA Audit Security

Learn More

SOC 2 Risk Assessment

Conduct a structured risk assessment aligned to AICPA Trust Services Criteria. Identifies risks per TSC category using a 5x5 likelihood-impact matrix, maps risks to specific TSC criteria (CC/A/PI/C/P), identifies control gaps, validates residual risk scoring, and produces a risk register with treatment plan. Feeds into gap analysis, control narratives, and policy generation.

Compliance Security SOC 2 Risk Assessment AICPA Trust Services Criteria GRC

Learn More

SOC 2 System Description & Management Assertion

Draft the SOC 2 system description narrative (Section III) and management assertion letter per AICPA Trust Services Criteria (TSP Section 100) and DC Section 200 description criteria. Covers system boundaries, components, SCSR, subservice organizations (carved-out and inclusive methods), CUECs, CSOCs, control environment mapped to CC1–CC9, and trust services scope validation.

Compliance Security SOC 2 Audit AICPA Trust Services Criteria

Learn More

SOC 2 Vendor Management

Establish third-party and subservice organization oversight for SOC 2 audit readiness. Risk-tiered assessment framework with vendor register, SOC report review validation, CSOCs validation, and tiered security requirements per CC9.2. Covers vendor risk scoring, SOC report currency checks, and bridge letter tracking.

Compliance Security SOC 2 Audit AICPA Vendor Management GRC

Learn More

SOW & SLA Drafter

Draft professional Statements of Work with Service Level Agreements for B2B engagements. Industry-aware: applies regulatory and compliance sections based on the client's sector (Healthcare, Fintech, SaaS, Government, etc.).

Contract SOW SLA B2B Compliance Governance

Learn More

SOX Section 404 — Internal Control over Financial Reporting Narrative

Draft and validate management's assessment of Internal Control over Financial Reporting (ICFR) per SOX §404, aligned to the COSO 2013 framework and PCAOB AS 2201. Produces process narratives, risk-control matrices (RCMs), and control descriptions for each significant account and business process.

Compliance SOX ICFR COSO PCAOB Audit Internal Controls

Learn More

State Claims Risk Management

Draft and validate Risk Management reports for state-insured entities (hospitals, prisons) in Ireland under the State Claims Agency (SCA/NTMA). Ensures expected sections, tags Protected Disclosure and LPP content, and aligns with NIMS incident reporting.

Ireland Public Sector State Claims Agency NTMA NIMS Risk Management Compliance

Learn More

StateRAMP Authorization Package

Draft and validate StateRAMP authorization packages for cloud service providers serving U.S. state and local government: System Security Plan (SSP) with attachments, Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action & Milestones (POA&M), and the StateRAMP Snapshot for the Authorized Products List.

StateRAMP NIST Compliance Government Cloud Security State Government

Learn More

Structural Steel Specifications (USA / AISC 360)

Guided elaboration of technical specifications for load-bearing steel structures in the USA, with ASTM material cross-referencing, LRFD/ASD safety-factor validation, and compliance checking against AISC 360, ASCE 7, and IBC.

Construction Structural Steel AISC USA Engineering Compliance

Learn More

Supply Chain Code of Conduct

Draft and validate supply chain codes of conduct defining the ethical standards suppliers must sign. Covers labour rights, environmental obligations, Right to Audit clauses, and sub-tier flow-down requirements aligned with Modern Slavery Act (UK/AU), LkSG (Germany), ILO Core Conventions, and EU CSDDD. Automated tools validate audit clause strength and flag Tier 1-only compliance gaps.

Supply chain Compliance Modern Slavery Act 2015 LkSG Ethics ESG Due diligence

Learn More

Termo de Consentimento — LGPD (Art. 8 e 11)

Elaboração de termo ou formulário de consentimento para tratamento de dados pessoais em conformidade com o Art. 8 e 11 da LGPD. Cobre consentimento destacado, finalidades determinadas, revogação gratuita e facilitada, e dados sensíveis quando aplicável. Inclui validação dos requisitos do Art. 8.

LGPD ANPD Consentimento Art. 8 Art. 11 Compliance Brasil Privacidade

Learn More

Third-Party Risk Assessment (TPRA)

Assess vendor security posture by validating SIG questionnaire responses against evidence and auditing SOC 2 reports for coverage gaps. Produces structured TPRA reports aligned with NIST SP 800-161 and GDPR Article 28, with automated tools that flag unsupported vendor claims, expired reports, and bridge-letter gaps.

Risk Management Security Compliance NIST SP 800-161 GDPR

Learn More

Traceability Matrix Auditor

Generate and validate the DO-178C traceability matrix for airborne software. Maps HLR to LLR to source code and runs bidirectional checks for orphan code and dead requirements.

Aviation DO-178C Traceability Aerospace Certification Compliance

Learn More

Tusla Early Years Inspectorate

Draft the Safety Statement and Child Safeguarding Statement for creches and early years services in Ireland. Validates staff-to-child ratios against Tusla’s Schedule 6 (Early Years Services Regulations 2016).

Ireland Childcare Education Tusla Compliance Safeguarding Early Years

Learn More

UK Bribery Act — Adequate Procedures ABC Program

Draft and validate the Anti-Bribery & Corruption (ABC) programme documentation required for the 'adequate procedures' defence under UK Bribery Act 2010 §7. Structures the programme around the Ministry of Justice's six principles: proportionate procedures, top-level commitment, risk assessment, due diligence, communication/training, and monitoring/review.

Compliance UK Bribery Act Anti-Bribery Anti-Corruption MoJ Guidance Due Diligence

Learn More

UK Gambling Commission — Operating Licence Compliance

Draft and validate policies and procedures for Gambling Commission operating licence holders under the Gambling Act 2005 and LCCP. Covers AML/CTF, social responsibility, customer interaction, self-exclusion, and complaints.

United Kingdom Gambling Commission LCCP Compliance AML

Learn More

UK GDPR & DPIA (Data Protection)

Conduct and validate Data Protection Impact Assessments (DPIAs) under the UK GDPR and ICO guidance for high-risk processing. Suggests technical and organisational safeguards aligned with UK Adequacy standards. Validates breach-notification policies against the 72-hour ICO reporting window.

UK GDPR DPIA ICO Data Protection Privacy Compliance Breach Notification Technology

Learn More

UK Modern Slavery Statements

Annual drafting of transparency statements for the UK government registry under the Modern Slavery Act 2015 (s54). Covers the six recommended areas—organisation structure and supply chains, policies, due diligence, risk assessment and management, KPIs, training—and registry requirements (board approval, director sign-off).

UK Compliance Supply chain Modern Slavery Act 2015 Regulatory Reporting

Learn More

UK Public Procurement (Procurement Act 2023)

Draft and validate Selection Questionnaires and Tender Responses under the UK Procurement Act 2023. Covers exclusion grounds (Schedules 6 & 7), debarment list checks, Social Value evaluation per PPN 06/20 with TOMs framework, and SQ completeness validation.

Procurement Regulatory Procurement Act 2023 PPN 06/20 Compliance United Kingdom

Learn More

US Multi-State Employee Handbook

Draft comprehensive employee handbooks compliant with federal law and state-specific requirements for employers with employees in multiple US states, including state addenda for leave laws, meal/rest breaks, pay transparency, non-compete and non-solicitation restrictions, electronic monitoring, biometric data, NLRA Section 7 compliance, and anti-discrimination protections.

HR Employment Law US Law Compliance Leave Compliance Wage and Hour Restrictive Covenants NLRA

Learn More

Validador de Folletos Informativos (CNMV)

Ayuda a elaborar y revisar folletos informativos de fondos de inversión en España conforme a la normativa CNMV, MiFID II y la Ley del Mercado de Valores, con checklist de conformidad y validación de completitud.

Finance Regulatory CNMV MiFID II Compliance España Investment Funds

Learn More

VgV Procurement Note

Erstellt und validiert den Vergabevermerk (Procurement Note) nach VgV § 8 / UVgO § 6 fuer oeffentliche Vergabeverfahren, einschliesslich nachpruefungsfester Zuschlagsbegruendung und XVergabe-Pflichtfeldvalidierung.

Procurement Regulatory VgV GWB XVergabe Compliance Germany

Learn More

VIA Impact Matrix

Struttura i rapporti di Valutazione di Impatto Ambientale (VIA) per progetti infrastrutturali in Italia conformemente al Codice dell'Ambiente (D.Lgs. 152/2006): matrice di impatto, Studio di Impatto Ambientale (SIA), misure di mitigazione, Piano di Monitoraggio Ambientale.

Italy Environment VIA Codice dell'Ambiente Infrastructure Compliance Regulated Sector

Learn More

VOB Contract Enforcer

Validiert Bauausschreibungen und Bauvertraege gegen die VOB (Vergabe- und Vertragsordnung) und DIN-Normen, einschliesslich Klauselpruefung, Leistungsverzeichnis-Struktur und Konformitaets-Checklisten.

Construction Regulatory VOB DIN Compliance Germany

Learn More

Whistleblower System Design (HinSchG)

Erstellt Verfahrensordnungen fuer interne Meldestellen gemaess dem Hinweisgeberschutzgesetz (HinSchG). Validiert Pflichtabschnitte, gesetzliche Fristen (7 Tage Eingangsbestaetigung, 3 Monate Rueckmeldung) und die 3-Jahres-Loeschfrist.

HinSchG Whistleblower Compliance Germany Data Protection

Learn More

Whistleblowing Investigation Report

Document findings of internal ethics or whistleblowing investigations for the board or audit committee, with anonymity and legal-privilege safeguards. Aligns with EU Whistleblowing Directive and Sarbanes-Oxley (SOX). Includes anonymity redactor and legal privilege tagger tools.

Whistleblowing Compliance EU Directive Sarbanes-Oxley Investigation Legal Privilege

Learn More

Works Council Agreements (BetrVG)

Negotiation-based drafting and validation of Betriebsvereinbarungen (Works Agreements) for IT systems under the Betriebsverfassungsgesetz (BetrVG). Ensures Leistungs- und Verhaltenskontrolle (performance and behavior monitoring) clauses comply with §87 Abs. 1 Nr. 6 BetrVG and validates BDSG §26 / DSGVO Art. 88 alignment for employee data protection.

BetrVG Works Council HR Employment BDSG Data Protection Compliance Germany

Learn More

Zero-Knowledge / BYOK Encryption (ABA 477R/512)

Document and validate BYOK and zero-knowledge encryption architecture for legal and compliance contexts. Aligns with ABA 477R (reasonable efforts) and ABA 512 (GAI informed consent).

ABA 477R ABA 512 Encryption BYOK Zero-Knowledge Legal Compliance Key Management

Learn More