Compliance
Skill packages tagged with “Compliance”
10-K Risk Factors (Item 1A)
Draft and validate the Risk Factors section of a Form 10-K under Reg S-K Item 105: organize by materiality, write company-specific narratives, add a two-page summary when the section exceeds 15 pages, and validate structure and compliance.
Accreditation self-study section
Draft and validate accreditation self-study sections (criterion ID, narrative, evidence reference) for audit.
ADR Dangerous Goods Transport Documentation
Draft and validate transport documentation for the carriage of dangerous goods by road under ADR. Covers transport document §5.4.1, packing certificate, emergency information, and instructions in writing.
Aged Care Quality Compliance
Draft and validate Quality Care Advisory Body reports and Continuous Improvement plans for Australian aged care. Aligns with the Aged Care Quality Standards and SIRS (Serious Incident Response Scheme). Includes SIRS notification validation and standards mapping for clinical outcomes.
AI Bias Narrative Auditor
Document risk, bias, and transparency for Algorithmic Impact Assessment (AIA). Critique Human-in-the-loop descriptions against EU AI Act Art. 14 and Canadian Directive thresholds; verify dataset provenance and copyright/privacy compliance.
AI Risk & Transparency Auditor
Draft and validate a Fundamental Rights Impact Assessment (FRIA) for high-risk AI systems under the EU AI Act. Validates Instructions for Use against Art. 13 transparency requirements and audits technical documentation for bias mitigation and data governance per Art. 10.
Alcohol Licensing (Operating Schedules)
Draft Operating Schedules for UK Premises Licence applications under the Licensing Act 2003. Covers licensable activities, times, premises description, and steps to promote the four licensing objectives for bars, restaurants, hotels and hospitality.
AML/BSA Compliance Program (Fintech & MSB)
Draft a complete AML/BSA compliance program for non-bank financial institutions — fintechs, MSBs, crypto exchanges, and insurance companies. Covers all five BSA pillars: compliance officer, policies, independent testing, training, and CDD. Includes CTR filing, transaction monitoring, SAR filing, OFAC screening (50% Rule, proliferation financing), and information sharing procedures.
AML/CTF Program (AUSTRAC)
Create and validate Part A and Part B of the Anti-Money Laundering and Counter-Terrorism Financing Program for Australian reporting entities. Covers risk management, CDD, transaction monitoring, SMR, and Safe Harbour verification procedures for individual customers. Works with austrac_risk_profiler for customer risk; includes kyc_procedure_audit to flag missing Safe Harbour steps.
AML/CTF Program Manual
Draft and validate an Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Program Manual covering KYC/CDD/EDD, transaction monitoring, sanctions screening (including PF-TFS), SAR/STR filing, and governance. Aligned with FATF Recommendations and the EU 6th Anti-Money Laundering Directive (6AMLD). Includes red_flag_library for industry-specific transaction monitoring indicators across 8 sectors, and sanctions_list_frequency_check to validate screening cadences, CTF/PF content, record retention, and board governance against the firm's risk appetite.
Annex 1 CCS Validator
Draft and validate a Contamination Control Strategy (CCS) for pharmaceutical sterile manufacturing per EU GMP Annex 1 (2023). Maps cleanroom classifications to grades A/B/C/D, validates environmental monitoring limits against the stricter 2023 microbial thresholds, and checks airflow patterns, pressure cascades, and CCS element coverage.
AOP/AOC Cahier des Charges
Maintain and update Cahier des Charges for French AOP/AOC protected designations (INAO). Validates geographical area and production methods in specifications and audits AOP/AOC logo and mandatory mentions on packaging drafts.
AS9100 Procedure Author
Guided elaboration of AS9100-aligned procedures and risk-based thinking documentation: quality manual sections, process procedures (design, purchasing, production, NCM), and key objective evidence for AS9100 Rev D.
ASME Design Spec Author
Guided elaboration of design and construction documentation per ASME BPVC or B31 — design basis, material selection, weld and NDE requirements, pressure/temperature limits.
ASTM Material Spec Author
Guided elaboration of material specifications and test/acceptance documentation that reference ASTM standards — material designation, test methods, acceptance criteria, and COC requirements.
Auditoría de Conformidad EIA
Valida Estudios de Impacto Ambiental (EsIA) frente a los umbrales regionales y nacionales de la Ley 21/2013 de evaluación ambiental (España): matriz de impacto, medidas preventivas y correctoras, Programa de Vigilancia Ambiental.
Auditoria de Rotulagem de Alimentos e Suplementos
Revisão completa de arte e tabelas nutricionais frente à regulamentação ANVISA. Valida aplicação da Lupa (excesso de açúcar, sódio ou gordura saturada), formato da tabela nutricional (ordem dos nutrientes, %VD, porções), avisos ALÉRGICOS: CONTÉM... (caixa alta, negrito, posicionamento, 2 mm), e requisitos específicos de suplementos alimentares (designação, frases obrigatórias, alegações, advertências). Mercado: indústria de alimentos e suplementos. Regulação: ANVISA — RDC 429/2020, IN 75/2020, RDC 727/2022, RDC 243/2018, IN 28/2018.
B Corp Policy Evidence Author
Guided elaboration of B Corp BIA support documentation — policy evidence and narratives for Governance, Workers, Community, Environment, and Customers; improvement plans for low-scoring areas.
BACEN GRSAC - Relatórios de Risco e Capital
Use quando o usuário precisar criar relatórios de gerenciamento de riscos e ativos padronizados conforme as normas de supervisão do Banco Central do Brasil (BACEN). Use para elaborar relatórios GRSAC, análises de risco de crédito, liquidez, mercado e operacional, adequação de capital, e documentos de governança corporativa. Use sempre que o usuário mencionar BACEN, supervisão bancária, gestão de riscos, adequação de capital, Basileia III, relatórios regulamentares, RGR, RAC, ou qualquer documento exigido pelo sistema financeiro brasileiro.
BCB 520/2025 — PSAVs: Funcionamento e Compliance
Elaboração e revisão de documentação de funcionamento, proteção ao cliente, AML, governança, segurança e supervisão prudencial das PSAVs.
BCMS BIA & Plan Author
Guided elaboration of BCMS documentation for ISO 22301: business impact analysis (BIA), risk assessment for disruption, continuity strategies, and BC/DR plans with RTO/RPO. Verifies critical activities have RTO/RPO and recovery options and flags missing dependency or SPOF notes.
BCP Audit Evidence Pack
Create a consolidated Business Continuity Evidence Pack for SOC 2, ISO 22301, or ISO 27001 audits. Combines BIA summary, RTO/RPO targets, recovery plans, DR test matrix, and auditor checklist into a single audit-ready document with cross-validation.
BEP & EIR Elaborator
Guided elaboration of BIM Execution Plan (BEP), OIR/AIR/PIR, EIR, and exchange information requirements per ISO 19650. Verifies required BEP sections and that deliverables map to project stages and responsibility matrix.
Board Committee Charters
Define and review board committee charters (Audit, Risk, Compensation) with clear scope and responsibilities aligned to NYSE, NASDAQ, and LSE listing rules. Detects overlapping responsibilities and gaps in oversight; validates quorum and voting rules against local corporate law.
Business Ethics & Code of Conduct
Draft and validate Codes of Conduct as the high-level cultural guide for employee behavior. Creates industry-specific ethical-dilemma Scenario boxes (e.g. facilitation payments, conflicts of interest, gifts) and validates readability for a global workforce. Aligned with Federal Sentencing Guidelines (USA) and Sapin II (France).
Business Impact Analysis (BIA)
Conduct structured Business Impact Analyses per ISO 22301. Guides interviews, maps process dependencies, determines RTO/RPO targets, and validates consistency across the dependency chain with automated tools that flag timing conflicts and circular dependencies.
Canada Privacy & PIA
Guide to Canadian privacy law (PIPEDA, provincial private-sector laws, Bill C-27 status) and Privacy Impact Assessments for federal and private-sector data handling. Use with PIA outline and references to elaborate PIAs.
CCPA/CPRA Privacy Program — Compliance Documentation Package
Draft and validate the core privacy compliance documentation package required under the California Consumer Privacy Act as amended by CPRA. Covers the privacy policy, DSAR procedures, data inventory, privacy impact assessment, opt-out mechanisms, and service provider/contractor agreements.
CE Technical File Author
Guided elaboration of CE technical documentation and Declaration of Conformity (DoC): applicable directives/regulations (e.g. RED, LVD, EMC, MDR, IVDR, Machinery), risk assessment, essential requirements checklist, and DoC content per product.
CFPB — Consumer Complaint Response & UDAAP Compliance
Draft and validate consumer complaint management programme and UDAAP compliance documentation for CFPB-supervised entities. Covers complaint response timelines, UDAAP risk assessment, fair lending, and board reporting.
Charities Governance Code Compliance
Prepare the Charities Governance Code Compliance Record Form for the annual report to the Charities Regulator (Ireland). Aligns board minutes and policies with the six core principles and validates trustee term limits and rotation in the constitution.
Chemical Safety (SDS Author)
Author and validate Safety Data Sheets (SDS / FISPQ) compliant with REACH Annex II, GHS, CLP Regulation, and ABNT NBR 14725-4 for EU and Brazilian markets. Validates the 16 mandatory sections and cross-checks chemical concentrations against CLP thresholds to auto-suggest H and P phrases.
CIS Controls Implementation Author
Guided elaboration of CIS Controls v8 implementation plan — safeguard selection, IG1/IG2/IG3 alignment, and mapping to existing policies or controls.
Clinical Report Writing
Write comprehensive clinical reports including case reports (CARE guidelines), diagnostic reports (radiology, pathology, lab), clinical trial reports (ICH-E3, SAE, CSR), and patient documentation (SOAP notes, H&P, discharge summaries). Includes regulatory compliance and validation tools.
Clinical Trial Protocol (ICH E6(R3) GCP)
Draft and validate clinical trial protocols per ICH E6(R3) Good Clinical Practice and ICH E8(R1) General Considerations for Clinical Studies. Ensures the protocol contains all required elements for ethics committee / IRB submission and regulatory filing (EMA, FDA IND, ANVISA).
CMMC Assessment Scoping
Define CMMC assessment scope, authorization boundary, and network architecture for Level 1 or Level 2. Documents in-scope assets and network diagram narrative for the SSP.
CMMC Asset Inventory
Create and maintain the CMMC asset inventory: CUI assets, security protection assets, and contractor risk-managed assets for assessment scope.
CMMC Plan of Action & Milestones
Draft and validate the CMMC POA&M: track control deficiencies, remediation plans, owners, and due dates for Conditional Level 2 or Level 3.
CMMC Policies and Procedures
Draft CMMC-aligned security policies and procedures for all NIST 800-171 domains: Access Control, Audit, Awareness, Configuration Management, and others.
CMMC Readiness Gap Analysis
Map controls to NIST SP 800-171 practices, identify CMMC coverage gaps, and build a prioritized remediation roadmap for Level 1 or Level 2.
CMMC System Security Plan
Draft and validate the CMMC SSP for Level 1 or Level 2: system description, boundary, and implementation narratives for each NIST 800-171 practice with evidence pointers.
CMS Obligations Elaborator
Guided elaboration of CMS documentation for ISO 37301: compliance obligations register, compliance risk assessment, compliance policy and objectives, and controls mapping. Ensures each obligation has controls and review date and flags high compliance risks without mitigation.
Codex Product & Labelling Author
Guided elaboration of product standards or labelling documentation aligned to Codex commodity standards, General Standard for Labelling, or Codex guidelines. Complements HACCP skill (Codex 7 principles).
Contrato com Operador — LGPD (Art. 39 e 42)
Elaboração de contrato ou cláusulas entre controlador e operador de dados pessoais nos termos dos Art. 39 e 42 da LGPD. Cobre instruções do controlador, medidas de segurança, suboperadores, incidentes e responsabilidade. Inclui validação dos itens mínimos recomendados.
CQC Statement of Purpose
Draft, update, and validate the legally required Statement of Purpose for CQC-registered healthcare providers in England. Maps service descriptions to the Five Key Questions (Safe, Effective, Caring, Responsive, Well-led) and validates regulated activities against CQC registration categories. Covers care homes, GP practices, dental surgeries, domiciliary care, and hospitals.
Credenciamento Open Finance (PSTI)
Documentação técnica e validação de conformidade para Provedores de Serviços de Tecnologia da Informação no Open Finance Brasil (BCB, Res. 10/2026). Mapeia arquitetura de segurança e compara a API do cliente com o manual técnico do diretório central.
CRICOS Provider Registration
Prepare the Quality Management System for CRICOS registration in Australia. Covers Cancellation of Enrolment policy and the mandatory 20-day appeal period (National Code 2018); validates policy with validate_cancellation_appeal_period. Complements student support and attendance (cricos_compliance_shield).
Cybersecurity Incident Response Plan (Sector & State-Specific)
Draft a cybersecurity Incident Response Plan aligned with NIST SP 800-61r3, tailored to industry sector (HIPAA, GLBA, PCI DSS, FERPA, NERC CIP) and state breach notification laws. Includes detection playbooks, escalation procedures, and state-by-state notification timeline matrix.
Data Privacy — AIPD (CNIL Standard)
Conduct a Privacy Impact Assessment (AIPD) under the CNIL standard for France (RGPD). Three-step methodology: Context, Principles, Risks. Validates retention periods against CNIL 'droit à l'oubli' (right to erasure).
Data Processing Agreement (DPA) — SCC & sub-processor sync
Draft the legal annex for DPAs governing controller–processor data transfers under GDPR and CCPA. Inserts the correct Standard Contractual Clauses by data importer country and validates sub-processor list against the privacy portal.
Design Dossier Elaborator
Guided elaboration of design dossier, technical file, or device master record sections for medical devices: risk summary, essential principles (GSPR), labelling, and traceability to risk file and standards per MDR Annex II/III and FDA design control.
DPC GDPR Accuracy and Retention
Accuracy and retention for DPC self-assessment: purpose limitation, minimisation, accuracy, retention policies, secure destruction, and no unregulated duplication.
DPC GDPR Breach Notification
Breach notification and response under Ireland DPC and GDPR Art. 33–34: 72h to DPC, data subject communication for high risk, risk levels, form, and internal record.
DPC GDPR Certification
GDPR certification under Ireland DPC and Art. 42–43: DPC-approved criteria, INAB-accredited certification bodies, and documentation for certification readiness.
DPC GDPR Controller Obligations
Other controller obligations for DPC checklist: processor/supplier agreements (Art. 28–29), DPO (37–39), DPIA (35).
DPC GDPR Data Breaches (Self-Assessment)
Breach preparedness for DPC checklist: incident response plan, procedures to notify DPC and individuals, documentation, and cooperation. For actual notification use DPC GDPR Breach Notification skill.
DPC GDPR Data Security
Data security (Art. 32) for DPC self-assessment: risk assessment, technical and organisational measures, encryption, recovery, and secure destruction.
DPC GDPR Data Subject Rights
Data subject rights (Art. 15–23) for DPC self-assessment: SAR, portability, deletion/rectification, restriction, object, profiling, and restrictions.
DPC GDPR International Transfers
International data transfers (Art. 44–50) for DPC self-assessment: adequacy, SCCs, documentation, and transparency to data subjects.
DPC GDPR Personal Data (Legal Basis)
Personal data for DPC self-assessment: consent (Art. 7–9), children (Art. 8), and legitimate interest assessment.
DPC GDPR Readiness
GDPR readiness and self-assessment aligned to the Ireland DPC Self-Assessment Checklist: data mapping, legal basis, retention, and links to the eight detailed checklist areas.
DPC GDPR Transparency
Transparency (Art. 12–14) for DPC self-assessment: information to data subjects, Art. 13/14 lists, and proactive rights information.
Ecocert Scope Author
Guided elaboration of Ecocert (or equivalent) certification application and scope documentation — scope of operation, input lists, conversion plan (if applicable), and traceability/CoC for organic or ethical claims.
eCTD Cross-Module Verifier
Verify consistency and data integrity of eCTD pharmaceutical dossiers. Cross-checks Module 2 (Summaries) against Module 5 (Clinical Study Reports) to ensure study references, p-values, N-counts, endpoints, and safety data are aligned before regulatory submission to FDA, EMA, or PMDA.
EMS Context & Obligations Author
Guided elaboration of EMS context, environmental aspects/impacts, compliance obligations register, and environmental objectives and plans for ISO 14001. Ensures significant aspects are linked to obligations and objectives and flags obligations without review date or compliance evidence.
EN Conformity Documentation Author
Guided elaboration of conformity documentation for products or systems against selected EN (or ETSI) standards — scope, normative references, conformity route, and clause-by-clause or test-based evidence.
Encarregado (DPO) — LGPD (Art. 41)
Documentação e divulgação do encarregado (DPO) nos termos do Art. 41 da LGPD. Cobre designação, canal público, atribuições perante titulares e ANPD, e integração com política de privacidade e registro de operações.
EnMS Energy Review Author
Guided elaboration of EnMS documentation for ISO 50001: energy review, baseline, EnPIs, objectives and action plans. Ensures baseline and EnPIs have scope and units and flags objectives without measurement method or review period.
Environmental Referrals (EPBC Act)
Draft Referral of Proposed Action for developments affecting matters of national environmental significance (MNES) under the EPBC Act. Covers Ramsar wetlands, threatened species, mitigation and offsets, and DCCEEW submission. Australia; land development and infrastructure.
ERISA Summary Plan Description (SPD)
Draft and validate the Summary Plan Description required by ERISA §102 for employee benefit plans. Covers plan identification, participation, benefits, claims procedure, and ERISA rights per 29 CFR §2520.102-3.
ESG Report (CSRD / ISSB)
Compile Environmental, Social, and Governance reports aligned with CSRD/ESRS and ISSB/IFRS S1-S2. Guides double materiality assessment, GHG emissions accounting (Scope 1, 2, 3), and structured report drafting with automated validation tools that check materiality logic and emissions math against GHG Protocol standards.
Export Control Redactor
Scan technical manuals for ITAR-controlled Defense Articles on the USML and flag content requiring export licenses. For USA defense sector; supports USML category tagging, Technical Data identification, ITAR vs EAR jurisdiction analysis, and redaction recommendations for export license submissions.
Fairtrade CoC Author
Guided elaboration of Fairtrade supply chain and Chain of Custody (CoC) documentation — product scope, trader license scope, CoC procedures, and mass balance or physical separation evidence.
FAR Clause Analyzer
Ensure federal contract proposals contain mandatory FAR and agency-supplement clauses. For USA government contracting; supports prime and subcontract proposals under the Federal Acquisition Regulation, with contract-type and threshold-aware analysis.
- Version: 1.0.0
- Author: Rakenne
FDA Submission Wizard
Draft and validate FDA medical device submissions. Supports 510(k) Premarket Notifications (eSTAR format) with predicate comparison and substantial equivalence arguments, and PMA (Premarket Approval) dossiers with clinical and non-clinical data sections.
FedRAMP Authorization Package
Draft and validate FedRAMP authorization packages for cloud service providers: System Security Plan (SSP) with all required attachments, Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Action & Milestones (POA&M). Supports Low, Moderate, and High baselines.
Financial Services Statement of Advice
Generate and validate personalised Statements of Advice (SoA) for retail clients in Australia. Ensures Best Interests Duty (BID) and FOFA ongoing fee compliance; includes soa_logic_validator and fee_disclosure_checker.
Food Labeling & Claims (FDA / USDA)
Draft and validate U.S. food product labels and labeling claims compliant with FDA 21 CFR 101, USDA FSIS, NLEA, FALCPA, and FASTER Act. Validates required label elements, allergen declarations, nutrient content claims against nutrition data, health claims, and organic/bioengineered disclosures.
FSAI Agri-Food Traceability
Draft Recall and Withdrawal procedures for meat and dairy in Ireland (FSAI), with One-Step-Back/Forward traceability and validation of the 14 allergens list against Irish S.I. No. 489/2014 font and highlighting requirements.
FSMS Manual & PRP/OPRP Author
Guided elaboration of FSMS documentation for ISO 22000: food safety policy, PRPs, OPRPs, HACCP plan linkage, and operational control procedures. Ensures PRPs and OPRPs are documented and linked to hazards and flags CCPs without critical limits or monitoring.
GDPR Consent Form (Art. 7)
Draft consent forms and consent notices for personal data processing under GDPR Article 7. Covers all conditions for valid consent: freely given, specific, informed, unambiguous. Includes validation against EDPB Guidelines 05/2020.
GDPR ROPA & DPIA Author
Guided elaboration of Records of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIA): processing purposes, legal basis, data categories, recipients, retention, safeguards, and DPIA necessity assessment and risk mitigation.
GMP SOP & Validation Author
Guided elaboration of GMP documentation — SOPs, validation protocol (IQ/OQ/PQ), and batch record template sections aligned to FDA 21 CFR 211 / EU EudraLex Vol 4 / WHO GMP.
GRI Sustainability Report Author
Guided elaboration of a GRI Standards-aligned sustainability report: material topics, GRI Universal Standards (2–3) and topic-specific disclosures (200/300/400 series), and management approach per material topic.
GwG Anti-Money Laundering Risk Analysis
Erstellt Risikoanalysen gemaess §5 GwG (Geldwaeschegesetz) fuer den Nichtfinanzsektor. Weist Kunden anhand von Transparenzregister-Daten Risikostufen zu und validiert PEP-Sorgfaltspflichten (§15 GwG) fuer Immobilienmakler und Gueterhaendler.
HACCP Food Safety Plan
Draft and validate a HACCP Food Safety Plan for Food & Beverage operations aligned with Codex Alimentarius (CXC 1-1969, revised 2020) and FDA FSMA (21 CFR Part 117). Covers all seven HACCP principles across 12 Codex steps, defines CCPs and critical limits, and includes FSMA-required programs (allergen controls — including sesame per FASTER Act 2023, recall plan under 21 CFR 117.139, and supply-chain program under 21 CFR 117 Subpart G). Validates flow-chart-to-plan consistency and supports EU Reg 852/2004, 853/2004, and 2073/2005 compliance.
Health Canada & MDSAP
Align QMS documentation to MDSAP and Health Canada expectations. Guides users to map procedures and records to MDSAP/ISO 13485, prepare for audits, and use the mdsap_audit_aligner skill when available.
HIPAA Security Risk Assessment (SRA)
Draft and validate the Security Risk Assessment required by the HIPAA Security Rule (45 CFR §164.308(a)(1)). Defines scope and ePHI boundaries, inventories assets and Business Associate relationships, maps threats and vulnerabilities, assesses Required and Addressable safeguards, and produces the SRA report and risk register aligned with HHS/OCR audit protocol.
HIQA Care/Support Plan
Draft or update an individual care or support plan for a resident or child in a designated centre aligned with HIQA standards.
HIQA Complaints Procedure
Draft or update a complaints procedure for healthcare services aligned with HIQA NSSBH and national complaints guidance.
HIQA Consent Policy
Draft or update a consent policy for healthcare services aligned with HIQA NSSBH and Irish consent law.
HIQA Data Protection and Confidentiality Policy
Draft or update a data protection and confidentiality policy aligned with HIQA, GDPR, and Irish law.
HIQA Designated Centre Complaints
Draft or update a complaints procedure for a designated centre aligned with HIQA standards.
HIQA Designated Centre Health and Safety
Draft or update a health and safety policy for a designated centre aligned with HIQA and health and safety law.
HIQA Designated Centre Medication
Draft or update a medication policy for a designated centre aligned with HIQA standards.
HIQA Designated Centre Safeguarding
Draft or update a safeguarding policy for a designated centre aligned with HIQA and national safeguarding guidance.
HIQA Healthcare Governance
Draft or update a governance and accountability framework for healthcare services aligned with HIQA NSSBH Theme 5.
HIQA Incident Investigation Report
Draft an incident investigation report for healthcare services aligned with HIQA NSSBH and learning from incidents.
HIQA Incident Reporting Procedure
Draft or update an incident reporting procedure for healthcare services aligned with HIQA NSSBH (internal reporting; for notifiable incidents use hiqa-notifiable-incidents-reporting).
HIQA Information Governance Policy
Draft or update an information governance policy aligned with HIQA National Standards for Information Management and NSSBH Theme 8.
HIQA Notifiable Incidents Reporting
Draft or update the process for reporting notifiable incidents to HIQA/Chief Inspector under the Patient Safety Act 2023.
HIQA Open Disclosure Policy
Draft or update an open disclosure policy aligned with the Patient Safety Act 2023 and HIQA NSSBH.
HIQA Quality Improvement Plan
Draft or update a quality improvement plan for healthcare services aligned with HIQA NSSBH.
HIQA Record-Keeping and Retention
Draft or update record-keeping and retention procedures aligned with HIQA National Standards for Information Management.
HIQA Risk Register
Draft or update a risk register for healthcare services aligned with HIQA NSSBH (safe care, governance).
HIQA Safeguarding Policy
Draft or update a safeguarding policy for healthcare services aligned with HIQA NSSBH and national safeguarding guidance.
HIQA Statement of Purpose
Draft or update a Statement of Purpose for a designated centre (older people, disability, or children) for HIQA registration.
HIQA Workforce Performance Management Policy
Draft or update a workforce performance management policy for healthcare services aligned with HIQA NSSBH Theme 6.
HIQA Workforce Recruitment Policy
Draft or update a workforce recruitment policy for healthcare services aligned with HIQA NSSBH Theme 6.
HIQA Workforce Supervision Policy
Draft or update a workforce supervision policy for healthcare services aligned with HIQA NSSBH Theme 6.
HIQA Workforce Training Policy
Draft or update a workforce training policy for healthcare services aligned with HIQA NSSBH Theme 6.
HITRUST CSF Assessment
Draft HITRUST CSF Validated Assessment deliverables for e1, i1, or r2 certification: control requirement responses at all maturity levels, evidence artifacts, Corrective Action Plans, and the Validated Assessment Report.
IATF 16949 Process & CSR Author
Guided elaboration of IATF 16949 process documentation and customer-specific requirements (CSR) matrix: process maps, turtle diagrams, and evidence of conformity to OEM CSR.
IEC 62304 Software Lifecycle Author
Guided elaboration of medical device software lifecycle documentation per IEC 62304 — SDP, SOUP identification, SRS, design, verification/validation, and risk control integration.
IEC 62443 Zone & SR Elaborator
Guided elaboration of IACS security documentation per IEC 62443: zone/conduit model, Security Level (SL) targets, Security Requirements (SR) for components and systems, and gap remediation. Verifies each zone has an SL target and SR/FR are allocated.
IEEE Software Design Author
Guided elaboration of software or systems design documentation per IEEE standards (e.g. 1016 for design description, 829 for test documentation) — design views, traceability to requirements, and test plan/report structure.
Individual Accountability Framework (IAF/SEAR) — Ireland
Draft and validate Statements of Responsibility and Management Responsibilities Maps for the Central Bank of Ireland IAF and SEAR. Supports banks, insurers, and investment firms. Includes gap detection for prescribed responsibilities and SEAR role mapping.
Information Security Policy (ISO 27001)
Draft and validate an Information Security Policy aligned with ISO 27001:2022. Builds a complete Statement of Applicability covering all 93 Annex A controls, validates enforceability of policy language, and maps every policy section to the relevant controls. Includes SoA cross-referencing and jargon-simplification tools.
Insurance policy summary
Produce and validate structured insurance policy summaries (coverage, limits, exclusions, conditions, notice). Reduces E&O risk by ensuring critical sections and notice provisions are present.
ISMS Internal Audit Report (Clause 9.2)
Plan and execute ISO 27001 internal audits: create audit plans with sampling strategies, draft structured audit reports with findings mapped to clauses, validate finding completeness (severity, evidence, clause, CAPA), classify finding severity, and verify auditor impartiality.
ISMS Scope Statement (ISO 27001 Clause 4.3)
Define and validate the ISMS scope boundaries (physical, organizational, technical) with justified exclusions and no Shadow IT gaps. Includes boundary integrity checker and exclusion logic validator for audit-ready scope statements.
ISO 14971 Risk File Author
Guided elaboration of risk management file for medical devices per ISO 14971: hazard identification, risk analysis, risk control, residual risk acceptability, and benefit–risk rationale. Flags risks above acceptability thresholds without control or justification.
ISO 27001 Asset Inventory & Classification Register
Build and validate an Asset Inventory & Classification Register for ISO 27001:2022 Control A.5.9. Catalog information assets with Ownership and Classification (Public, Internal, Confidential, Restricted), suggest classification from sensitivity descriptions, and verify that every asset has a named Information Owner and that Confidential/Restricted assets have handling procedures.
ISO 27001 Gap Assessment
Perform a structured gap assessment against ISO 27001:2022 clauses 4-10 and 93 Annex A controls. Mandatory artifact detector scans for missing ISMS documents; maturity rating tool suggests 0-5 maturity levels per clause area. Produces findings register and remediation roadmap.
ISO 27001 Management Review
Prepare, validate, and document the ISO 27001:2022 management review per Clause 9.3. Compiles input pack from workspace ISMS artifacts, validates all 10 mandatory input categories (Clause 9.3.2) and 3 required output decisions (Clause 9.3.3), and checks that every action has an owner, due date, and expected outcome. Produces review agenda, input pack, minutes, and action tracker.
ISO 27001 Monitoring, Measurement & Evaluation
Draft and validate the Clause 9.1 report (PDCA 'Check'): KPIs that measure control effectiveness, executive insight from raw data, CAPA linkage for every failed control, and CAPA field completeness validation (root cause, corrective action, owner, date, effectiveness review).
ISO 27001 Organization Profile
Build and validate a shared organization profile for ISO 27001 certification. Captures organizational facts (industry, locations, technology stack, regulations, suppliers) that feed into scope, risk assessment, SoA, and policy generation. Technology stack normalizer classifies systems; profile completeness checker validates all required sections.
ISO 27001 Policy Generator
Generate, validate, and maintain the core ISMS policy and procedure set for ISO 27001:2022 certification. Produces 10 document types (information security policy, ISMS manual, risk management, access control, incident management, asset management, change management, business continuity, document control, corrective action) with clause-aware templates and organization-specific tailoring.
ISO 27001 Risk Assessment
Complete ISO 27001:2022 risk assessment workflow covering methodology definition, risk identification using a 12-category threat taxonomy, risk analysis with 5×5 matrix scoring, treatment planning with Annex A control mapping, and residual risk validation. Produces auditor-ready risk methodology, risk register, treatment plan, and acceptance forms per Clause 6.1.2 and 6.1.3.
ISO 27001 Statement of Applicability
Build and validate the SoA (Clause 6.1.3): map 93 Annex A controls to In/Out with justification and implementation evidence. SoA mapping engine suggests inclusions from risk assessment; control justification audit ensures excluded controls have valid reasons and included controls link to active policies.
ISO 27001 Supplier Information Security Policy
Draft and validate supplier security requirements and annexes for ISO 27001:2022 Control 5.21. Tier-based Minimum Security Baseline (Cloud vs Janitorial), Right to Audit and Breach Notification validation.
ISO 27701 PIMS Extension Author
Guided elaboration of PIMS documentation as an extension to ISMS: PII processing inventory, privacy objectives, processing purposes and legal basis, controller/processor annex controls, and privacy policy drafting aligned to Clause 6 controller obligations.
ISO 42001 AI Policy
Draft and validate the formal AI Policy for ISO/IEC 42001:2023, covering all mandatory Clause 5.2 elements: organizational purpose alignment, compliance commitment, continual improvement, risk management, transparency, data governance, and ethical use including human rights.
ISO 42001 AI Risk Assessment Methodology
Draft the AI risk assessment methodology for ISO/IEC 42001:2023.
ISO 42001 AI Risk Register
Draft and validate the AI risk register for ISO/IEC 42001:2023 with ownership, treatment, and residual risk.
ISO 42001 AIMS Scope and Context
Draft and validate AIMS scope statement and organizational context for ISO/IEC 42001:2023 certification (Clause 4).
ISO 42001 Data Governance
Draft data governance procedures for AI systems under ISO/IEC 42001:2023.
ISO 42001 Incident Response
Draft AI incident response procedure and documentation for ISO/IEC 42001:2023.
ISO 42001 Internal Audit
Draft internal audit procedure and audit report structure for the AIMS under ISO/IEC 42001:2023.
ISO 42001 Nonconformity & Corrective Action
Draft nonconformity and corrective action procedure and records for the AIMS under ISO/IEC 42001:2023.
ISO 42001 Statement of Applicability
Build and validate the SoA for ISO/IEC 42001:2023 Annex A with justification and implementation evidence.
ISO 42001 Supplier & Third-Party AI
Draft supplier and third-party AI evaluation, contracts, and documentation for ISO/IEC 42001:2023.
ITU Recommendation Conformity Author
Guided elaboration of implementation or compliance documentation for a selected ITU-T (or ITU-R) recommendation — scope, normative references, implementation statement, and conformance checklist.
JIT PAM Zero Trust (NIST 800-207)
Document and audit Just-in-Time privileged access management aligned to Zero Trust and NIST SP 800-207. Defines no-standing-privilege, time-bound elevation, and MFA for privileged sessions.
King IV Apply and Explain
Draft or validate the King IV 'apply and explain' governance disclosure (all 16 principles) for South Africa.
LAC — Licenciamento Ambiental Simplificado
Apoia a elaboracao e revisao de requerimentos de LAC (Licenca por Adesao e Compromisso) para licenciamento ambiental no Brasil, com foco em CONAMA e orgaos estaduais de meio ambiente. Inclui enquadramento de atividades, template de requerimento, checklist de conformidade e validacao automatica.
LAE — Licença Ambiental Especial (Obras Estratégicas)
Estruturação de Termos de Referência (TR) e Relatórios de Impacto Ambiental (EIA/RIMA) para Licença Ambiental Especial (Lei 15.300/2025), com foco em obras e empreendimentos estratégicos. Garante vínculo entre cronograma de instalação e condicionantes ambientais. Inclui template TR, checklist e validação de enquadramento para tramitação prioritária de 12 meses.
Law 25 — Governance Policy
Draft the policy on practices governing the protection of personal information under Quebec Law 25. Covers complaints process, staff roles and responsibilities, retention and destruction rules, and review cycle.
Law 25 — Privacy Officer Designation
Draft the formal designation of the person in charge of the protection of personal information (Privacy Officer) under Quebec Law 25 (Bill 64). Board resolution or CEO/MD letter; validation for required elements.
Law 25 — Privacy Policy
Draft and update a public privacy policy in line with Quebec Law 25 (Bill 64). Covers purposes, rights, retention, complaints, and Privacy Officer contact. Includes validation for required elements.
LEED Credit Documentation Author
Guided elaboration of LEED credit documentation — credit intent, compliance path, calculations, and evidence checklist for submission.
LkSG Supply Chain Due Diligence
Erstellt Grundsatzerklaerungen (Policy Statements) und Jahresberichte gemaess dem Lieferkettensorgfaltspflichtengesetz (LkSG). Mappt Lieferantenaudits auf die 11 geschuetzten Rechtspositionen und validiert die BAFA-Berichtskonformitaet.
MaRisk Risikomanagement-Handbuch
Erstellt und prueft Risikomanagement-Handbuecher fuer Finanzinstitute in Deutschland gemaess MaRisk (BaFin). Unterstuetzt die vollstaendige Ausarbeitung aller MaRisk-Module (AT, BT, BTR), Konformitaetspruefungen und Identifikation von Dokumentationsluecken.
MAS TRM — Technology Risk Management Framework
Draft and validate the Technology Risk Management framework for MAS-regulated financial institutions. Covers governance, IT resilience, cyber security, data loss prevention, and technology audit per MAS TRM Guidelines (2021).
MD&A — Driver-Based Drafting (Item 303)
Draft Management's Discussion and Analysis for 10-K or 10-Q with a driver-based structure: results of operations, liquidity and capital resources, known trends and uncertainties, and critical accounting estimates. Includes validation for required subsections, causation language, and non-GAAP reconciliation.
MFA Exception Rationalizer (CISA CPG 1.1)
Document the transition to phishing-resistant MFA and draft MFA-exception rationales for Critical Infrastructure. Identifies legacy systems that cannot support MFA, proposes compensating controls (e.g. jump hosts), and validates authentication hardware against the FIDO2 standard required by CPG 1.1.
Mining & Exploration — Reserve Estimate Validator
Guided elaboration and compliance validation of mineral resource and reserve technical reports under NI 43-101 (Canada) and JORC Code (Australia/South Africa), with QP/CP certificate checking and resource classification integrity verification.
Mobile Device & Teleworking Policy (ISO 27001)
Draft and validate a Mobile Device & Teleworking Policy for ISO 27001:2022 (A.5.17, A.6.7, A.8.1). Covers BYOD, VPN, disk encryption, remote wipe consent, endpoint leakage risk, and compliance with Right to Disconnect (France, Brazil, Ireland). Includes labor-law overlap check.
Modern Slavery Statements (AU)
Annual drafting of Modern Slavery Statements for the Australian regime under the Modern Slavery Act 2018 (Cth). Covers the seven mandatory criteria (s16), approval by the principal governing body, and submission to the ABF Online Register. For entities with consolidated revenue ≥ A$100m.
Monitoramento de Infecções (IRAS) e RAM
Padroniza relatórios mensais de infecção hospitalar e resistência microbiana para hospitais e clínicas, com foco em notificação de indicadores nacionais obrigatórios e detecção de discrepâncias estatísticas. Regulação: ANVISA, Notas Técnicas 02/2026 e 03/2026.
Multi-State Employee Handbook
Draft a multi-state employee handbook with jurisdiction-specific policy language for each state of operation, covering at-will employment, paid leave, anti-discrimination, wage and hour, and workplace safety requirements.
NDB Incident Drafter
Draft and validate the Statement to the Commissioner and Notification to Individuals under Australia's Notifiable Data Breaches (NDB) scheme. Ensures the four mandatory sections under Privacy Act s 26WK are present and supports assessment of likelihood of serious harm by data type (e.g. TFN, Medicare).
NDIS Provider Quality Audit
Elaborate and validate the Provider Policy & Procedures manual for NDIS registration in Australia. Ensures the Reportable Incidents procedure includes the mandatory 24-hour notification to the NDIS Quality and Safeguards Commission and covers required incident types. Works alongside NDIS Practice Standardizer for Core Module alignment.
NIST CSF Profile Author
Guided elaboration of a NIST Cybersecurity Framework (CSF) assessment: current profile (Identify, Protect, Detect, Respond, Recover, Govern), target profile, gap analysis, and prioritized implementation plan with outcomes and metrics.
NIST Password Logic Adapter (CISA CPG 1.2)
Rewrite legacy password policies to prioritize length and entropy over complexity and aging, and draft the Compromised Password Detection Protocol. Aligns with NIST SP 800-63B and CISA CPG 1.2; validates that procedures include a recurring check against leaked-credential APIs (e.g. Have I Been Pwned).
Nordic AML/CFT — Enterprise-Wide Risk Assessment
Draft and validate the enterprise-wide AML/CFT risk assessment for Nordic supervisors. Covers inherent risk, control effectiveness, residual risk, and risk appetite per Joint ESA Guidelines and AMLD6.
OHSMS Hazard & Legal Author
Guided elaboration of OH&S management system documentation for ISO 45001: context, hazard identification, risk assessment, legal and other requirements register, consultation and participation, and OH&S objectives. Verifies hazard–legal linkage and flags missing review dates or compliance status.
OT Asset Integrity Register (CISA CPG 2.1)
Maintain and validate an OT Asset Integrity Register for CISA CPG 2.1: catalog ICS, PLCs, HMIs, and sensors with firmware versions and physical locations; link assets to CISA KEV and vendor advisories (Siemens, Rockwell, etc.); cross-reference inventory with network discovery to flag unauthorized devices.
PAM Standard (PR.AA)
Draft and validate a Privileged Access Management standard aligned to NIST CSF 2.0 PR.AA. Defines JIT, least privilege, SoD boundaries, and break-glass workflow; ensures MFA for 100% of privileged sessions.
PCI DSS Report on Compliance (ROC)
Author PCI DSS v4.0 ROC documentation for Level 1 QSA assessments: scope workpapers, requirement-by-requirement findings, Compensating Controls Worksheets (CCWs), Customized Approach Worksheets (CAWs), and the Attestation of Compliance (AOC).
PCI-DSS SAQ & Scope Author
Guided elaboration of PCI-DSS scope documentation and SAQ support: cardholder data environment (CDE), network segmentation narrative, and control evidence mapping to SAQ requirements.
Pharmacy QMS (ApBetrO)
Pflege und Erstellung des Qualitaetsmanagementsystems (QMS) fuer oeffentliche Apotheken gemaess Apothekenbetriebsordnung (ApBetrO). Erstellt QMS-Handbuecher, Hygieneplaeane nach RKI-Richtlinien, Rezepturprotokolle nach DAB/Ph.Eur. und prueft die Compliance.
Physical Security Perimeter (ISO 27001)
Define and document physical security perimeters and physical entry controls for ISO 27001:2022 Annex A 7.1 and 7.2. Structures the Defense in Depth narrative for offices, data centers, and secure areas: entry controls, visitor management, anti-tailgating, and environmental protection. Validation tool checks for anti-passback and visual badge identification steps.
PMS — Plan de Maîtrise Sanitaire (France)
Elaborate the sanitation master plan (PMS) for restaurants and food production in France. Align with Paquet Hygiène, sector GBPH, and DDPP controls. Covers traceability (étiquettes de traçabilité) and retrait-rappel (recall) procedures.
Política de Privacidade — LGPD
Elaboração de políticas de privacidade em conformidade com a LGPD (Lei 13.709/2018) e orientações da ANPD. Cobre transparência (Art. 9), princípios (Art. 6º), direitos do titular (Art. 18), bases legais (Art. 7), retenção e canal do encarregado. Inclui validação de presença dos direitos do titular e do canal do encarregado.
POPIA Information Officer Authorization
Draft the formal authorization (board resolution or CEO/MD letter) designating the Information Officer and Deputy IOs for submission to the Information Regulator.
POPIA Registration Form Part A — Information Officer
Draft Part A of the POPIA Information Officer registration form with full name, designation, and contact details including direct email for the Information Regulator.
POPIA Registration Form Part B — Deputy Information Officers
Draft Part B of the POPIA Information Officer registration form with contact details for each Deputy Information Officer (DIO) for the Information Regulator.
POPIA Registration Form Part C — Organisation Details
Draft Part C of the POPIA Information Officer registration form with registered company name, address, and registration number for the Information Regulator.
Privilege Training Mapper (CISA CPG 4.3)
Map privileged job functions to role-specific training modules and validate training compliance. Cross-reference Privileged User List with HR training log to flag missing or overdue certifications.
Procedimentos de Notificação à ANPD — LGPD
Documentação e execução dos procedimentos de notificação à ANPD: comunicação de RIPD (Art. 38), incidente de segurança (Art. 48), consulta prévia e demais obrigações. Inclui quando e como notificar, prazos e canais.
Professional Fees for Architects (HOAI)
Phase-by-phase billing and documentation of service achievements for architects and engineers per HOAI (Honorarordnung für Architekten und Ingenieure). Validates Grundleistungen completeness before billing, calculates Honorarzonen from building complexity criteria, and produces structured Leistungsnachweis documentation.
QMS CAPA Tracker
Draft and validate CAPA (Corrective and Preventive Action) reports for medical device quality management systems. Standardizes root cause analysis using 5 Whys or Fishbone (Ishikawa) methods, enforces Effectiveness Check completeness, and validates CAPA structure against ISO 13485 and FDA 21 CFR Part 820 requirements.
QMS Procedure Elaborator
Guided elaboration of QMS procedures, process maps, and quality objectives aligned to ISO 9001 clauses and context of the organization. Verifies required clause topics are addressed and objectives are measurable.
Qualiopi — Dossier de Certification
Prepare the Dossier de Certification for Qualiopi (France, RNQ). Structure proof-of-service evidence (feuilles d'émargement, enquêtes de satisfaction), validate with proof_of_service_audit, and align with the 7 criteria and 32 indicators of the Référentiel National Qualité.
R&D Tax Incentive Registration
Draft Core and Supporting Activity descriptions for the R&D Tax Incentive annual registration (Australia, AusIndustry/ATO). Ensures HEOC structure for core activities and salary-to-project nexus; validates descriptions with nexus_expenditure_check.
Railway RAMS Lifecycle Validator
Elaborate and validate a Safety Case for railway signaling systems per EN 50126. Covers the full V-model lifecycle (Concept to Decommissioning), SIL 1–4 allocation with failure rate consistency checks, hazard analysis, risk assessment, and CENELEC standard compliance for EU railway projects.
RCA — Relatório de Controle Ambiental
Apoia a elaboração e revisão de Relatórios de Controle Ambiental (RCA) para licenciamento ambiental no Brasil, com foco em regularização de empreendimentos e renovação de licenças, incluindo diagnóstico ambiental, plano de controle e validação de completude.
RCA/PCA — Medidas Mitigadoras e Monitoramento
Redação técnica de medidas mitigadoras para Relatórios de Controle Ambiental (RCA) e Planos de Controle Ambiental (PCA), com vínculo impacto–monitoramento e verificação de efluentes contra CONAMA 430. Foco em mineração e transformação (médio impacto); órgãos CETESB, INEA, SEMAD.
RCT Sub-contractor Agreements
Draft and validate sub-contractor agreements for Irish construction and project management with RCT and VAT reverse charge compliance. Ensures Status of the Worker clauses and mandatory VAT wording.
RE2020 Compliance
Draft the environmental performance summary for new buildings under France's RE2020. Covers IC construction and IC énergie (kgCO₂/m²), LCA narrative with bio-sourced materials, threshold validation, and ADEME/ministerial alignment. France; construction and HVAC.
Records Retention Schedule
Build records retention schedules defining how long every document type (tax, HR, legal, accounting, medical, contracts) must be kept, with country-specific statutory minimums and validated disposal protocols for physical and digital records.
Registro de Operações de Tratamento — LGPD (Art. 37)
Elaboração e manutenção do registro de operações de tratamento de dados pessoais em conformidade com o Art. 37 da LGPD. Documenta finalidades, categorias de dados e titulares, bases legais, compartilhamento, retenção e medidas de segurança. Inclui validação dos campos mínimos exigidos.
Relatório de Impacto à Proteção de Dados (RIPD) — LGPD
Elaboração e validação de Relatórios de Impacto à Proteção de Dados (RIPD) sob a LGPD (Lei 13.709/2018) e orientações da ANPD. Avaliação de riscos para tratamentos de alto risco ou em larga escala (e-commerce, saúde e demais setores). Valida se a base legal escolhida (ex.: Legítimo Interesse — Art. 7, IX) possui o teste de balanceamento documentado conforme Guia Orientativo da ANPD.
Relatório de Segurança — LGPD (Art. 46 a 49)
Elaboração do relatório de segurança e do procedimento de comunicação de incidentes nos termos dos Art. 46 a 49 da LGPD. Cobre medidas técnicas e organizacionais, registro de incidentes (Art. 47), comunicação à ANPD (Art. 48) e aos titulares (Art. 49).
Relatórios Prudenciais CMN/BCB
Apoia a elaboracao e revisao de divulgacoes prudenciais no Brasil com foco em CMN/BCB (Pilar 3, ICAAP e riscos sociais, ambientais e climaticos), incluindo checklist de conformidade e validacao de completude.
Review Legal Clauses
Examine contract clauses for completeness, risks, and compliance issues. Flags potential problems and suggests improvements in plain language.
RI&E — Risico-inventarisatie en -evaluatie (Netherlands)
Draft and validate the mandatory Risk Inventory & Evaluation (RI&E) and Plan van Aanpak under the Dutch Working Conditions Act (Arbowet Art. 5). Covers hazard identification, risk evaluation, PSA, and arbodeskundige review.
Risk & Control Self-Assessment (RCSA)
RCSA support aligned with COSO and Basel III. Front-line managers document risks and control effectiveness; the skill scores control strength (Automated > Manual, Preventative > Detective) and identifies optimistic bias where residual risk is low despite weak controls or thin descriptions.
Risk Register ISO 31000
Guided elaboration of an ISO 31000:2018-aligned risk register: organizational context, risk criteria (likelihood/impact scales and appetite), structured register entries with cause, existing controls, consequence, treatment, residual risk, implementation deadline and owner, plus automated validation of completeness and L x I consistency.
Sandbox Compliance Expert
Elaboração de propostas para sandbox regulatório e contratos de inovação (CVM, BCB, SUSEP). Define critérios de saída segura e limites de operação; valida proteção ao consumidor e responsabilidade civil conforme LC 182/2021.
SBOM Vulnerability Mapper
Generate and validate a Software Bill of Materials (SBOM) and draft CRA-compliant technical documentation for connected products in the EU market. Checks software components against the NIST NVD for known critical vulnerabilities. Covers product classification, Annex I essential cybersecurity requirements, vulnerability handling, conformity assessment, and ENISA reporting readiness.
SDLC Control Drafter (ISO 27001 A.8.28)
Draft and maintain ISO 27001-aligned Secure Development Lifecycle (SDLC) policy: Security by Design, Security by Default, and security gates (SAST/DAST, peer review, threat modeling). Includes OWASP Top 10 alignment check for web and API risks.
SEC DEF 14A (Proxy Statement)
Draft and validate annual meeting proxy statements for U.S. domestic issuers: meeting and voting mechanics, proposals, director nominees, beneficial ownership, executive compensation (scaled for SRC/EGC), audit matters, and Part III 10-K incorporation mapping.
SEC Form 10-Q (Quarterly Report)
Generate and validate quarterly Form 10-Q narrative sections and checklists, with delta-focused updates, Risk Factors (material changes only), Legal Proceedings, Controls and Procedures, and consistency checks.
SEC Form 4 (Section 16)
Generate Form 4 drafts from insider transaction details: map to transaction codes and tables, draft footnotes (tax withholding, 10b5-1, indirect ownership), and validate for Rule 16a-3 and two-business-day filing.
SEC Form 8-K (Current Report)
Draft and validate SEC Form 8-K filings for any reportable corporate event, with item mapping, compliance checks, and standard legal language.
SecNumCloud — Dossier d'Homologation
Draft the Dossier d'Homologation for ANSSI SecNumCloud certification. Map infrastructure to the Référentiel, validate EEA data sovereignty for sub-processors, and structure evidence for France's public-sector cloud qualification.
SFCR Solvency II (Pillar 3)
Supports preparation and review of the Solvency and Financial Condition Report (SFCR) for EU insurance and reinsurance undertakings under Solvency II Pillar 3, including QRT consistency checks and MCR/SCR ratio validation.
SOC 2 Control Narrative Author
Guided elaboration of SOC 2 readiness documentation: control narratives aligned to AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy), control-objective mapping, and evidence placeholders for Type I/II audit.
SOC 2 Readiness Gap Analysis
Map internal controls against AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy). Identifies unmapped criteria, validates evidence artifacts and tests of effectiveness, and produces a prioritized remediation roadmap for SOC 2 Type I or Type II audit readiness.
SOC 2 System Description & Management Assertion
Draft the SOC 2 system description narrative (Section III) and management assertion letter per AICPA Trust Services Criteria (TSP Section 100) and DC Section 200 description criteria. Covers system boundaries, components, SCSR, subservice organizations (carved-out and inclusive methods), CUECs, CSOCs, control environment mapped to CC1–CC9, and trust services scope validation.
SOW & SLA Drafter
Draft professional Statements of Work with Service Level Agreements for B2B engagements. Industry-aware: applies regulatory and compliance sections based on the client's sector (Healthcare, Fintech, SaaS, Government, etc.).
SOX Section 404 — Internal Control over Financial Reporting Narrative
Draft and validate management's assessment of Internal Control over Financial Reporting (ICFR) per SOX §404, aligned to the COSO 2013 framework and PCAOB AS 2201. Produces process narratives, risk-control matrices (RCMs), and control descriptions for each significant account and business process.
State Claims Risk Management
Draft and validate Risk Management reports for state-insured entities (hospitals, prisons) in Ireland under the State Claims Agency (SCA/NTMA). Ensures expected sections, tags Protected Disclosure and LPP content, and aligns with NIMS incident reporting.
StateRAMP Authorization Package
Draft and validate StateRAMP authorization packages for cloud service providers serving U.S. state and local government: System Security Plan (SSP) with attachments, Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action & Milestones (POA&M), and the StateRAMP Snapshot for the Authorized Products List.
Structural Steel Specifications (USA / AISC 360)
Guided elaboration of technical specifications for load-bearing steel structures in the USA, with ASTM material cross-referencing, LRFD/ASD safety-factor validation, and compliance checking against AISC 360, ASCE 7, and IBC.
Supply Chain Code of Conduct
Draft and validate supply chain codes of conduct defining the ethical standards suppliers must sign. Covers labour rights, environmental obligations, Right to Audit clauses, and sub-tier flow-down requirements aligned with Modern Slavery Act (UK/AU), LkSG (Germany), ILO Core Conventions, and EU CSDDD. Automated tools validate audit clause strength and flag Tier 1-only compliance gaps.
Termo de Consentimento — LGPD (Art. 8 e 11)
Elaboração de termo ou formulário de consentimento para tratamento de dados pessoais em conformidade com o Art. 8 e 11 da LGPD. Cobre consentimento destacado, finalidades determinadas, revogação gratuita e facilitada, e dados sensíveis quando aplicável. Inclui validação dos requisitos do Art. 8.
Third-Party Risk Assessment (TPRA)
Assess vendor security posture by validating SIG questionnaire responses against evidence and auditing SOC 2 reports for coverage gaps. Produces structured TPRA reports aligned with NIST SP 800-161 and GDPR Article 28, with automated tools that flag unsupported vendor claims, expired reports, and bridge-letter gaps.
Traceability Matrix Auditor
Generate and validate the DO-178C traceability matrix for airborne software. Maps HLR to LLR to source code and runs bidirectional checks for orphan code and dead requirements.
Tusla Early Years Inspectorate
Draft the Safety Statement and Child Safeguarding Statement for creches and early years services in Ireland. Validates staff-to-child ratios against Tusla’s Schedule 6 (Early Years Services Regulations 2016).
UK Bribery Act — Adequate Procedures ABC Program
Draft and validate the Anti-Bribery & Corruption (ABC) programme documentation required for the 'adequate procedures' defence under UK Bribery Act 2010 §7. Structures the programme around the Ministry of Justice's six principles: proportionate procedures, top-level commitment, risk assessment, due diligence, communication/training, and monitoring/review.
UK Gambling Commission — Operating Licence Compliance
Draft and validate policies and procedures for Gambling Commission operating licence holders under the Gambling Act 2005 and LCCP. Covers AML/CTF, social responsibility, customer interaction, self-exclusion, and complaints.
UK GDPR & DPIA (Data Protection)
Conduct and validate Data Protection Impact Assessments (DPIAs) under the UK GDPR and ICO guidance for high-risk processing. Suggests technical and organisational safeguards aligned with UK Adequacy standards. Validates breach-notification policies against the 72-hour ICO reporting window.
UK Modern Slavery Statements
Annual drafting of transparency statements for the UK government registry under the Modern Slavery Act 2015 (s54). Covers the six recommended areas—organisation structure and supply chains, policies, due diligence, risk assessment and management, KPIs, training—and registry requirements (board approval, director sign-off).
UK Public Procurement (Procurement Act 2023)
Draft and validate Selection Questionnaires and Tender Responses under the UK Procurement Act 2023. Covers exclusion grounds (Schedules 6 & 7), debarment list checks, Social Value evaluation per PPN 06/20 with TOMs framework, and SQ completeness validation.
US Multi-State Employee Handbook
Draft comprehensive employee handbooks compliant with federal law and state-specific requirements for employers with employees in multiple US states, including state addenda for leave laws, meal/rest breaks, pay transparency, non-compete and non-solicitation restrictions, electronic monitoring, biometric data, NLRA Section 7 compliance, and anti-discrimination protections.
Validador de Folletos Informativos (CNMV)
Ayuda a elaborar y revisar folletos informativos de fondos de inversión en España conforme a la normativa CNMV, MiFID II y la Ley del Mercado de Valores, con checklist de conformidad y validación de completitud.
VgV Procurement Note
Erstellt und validiert den Vergabevermerk (Procurement Note) nach VgV § 8 / UVgO § 6 fuer oeffentliche Vergabeverfahren, einschliesslich nachpruefungsfester Zuschlagsbegruendung und XVergabe-Pflichtfeldvalidierung.
VIA Impact Matrix
Struttura i rapporti di Valutazione di Impatto Ambientale (VIA) per progetti infrastrutturali in Italia conformemente al Codice dell'Ambiente (D.Lgs. 152/2006): matrice di impatto, Studio di Impatto Ambientale (SIA), misure di mitigazione, Piano di Monitoraggio Ambientale.
VOB Contract Enforcer
Validiert Bauausschreibungen und Bauvertraege gegen die VOB (Vergabe- und Vertragsordnung) und DIN-Normen, einschliesslich Klauselpruefung, Leistungsverzeichnis-Struktur und Konformitaets-Checklisten.
Whistleblower System Design (HinSchG)
Erstellt Verfahrensordnungen fuer interne Meldestellen gemaess dem Hinweisgeberschutzgesetz (HinSchG). Validiert Pflichtabschnitte, gesetzliche Fristen (7 Tage Eingangsbestaetigung, 3 Monate Rueckmeldung) und die 3-Jahres-Loeschfrist.
Whistleblowing Investigation Report
Document findings of internal ethics or whistleblowing investigations for the board or audit committee, with anonymity and legal-privilege safeguards. Aligns with EU Whistleblowing Directive and Sarbanes-Oxley (SOX). Includes anonymity redactor and legal privilege tagger tools.
Works Council Agreements (BetrVG)
Negotiation-based drafting and validation of Betriebsvereinbarungen (Works Agreements) for IT systems under the Betriebsverfassungsgesetz (BetrVG). Ensures Leistungs- und Verhaltenskontrolle (performance and behavior monitoring) clauses comply with §87 Abs. 1 Nr. 6 BetrVG and validates BDSG §26 / DSGVO Art. 88 alignment for employee data protection.
Zero-Knowledge / BYOK Encryption (ABA 477R/512)
Document and validate BYOK and zero-knowledge encryption architecture for legal and compliance contexts. Aligns with ABA 477R (reasonable efforts) and ABA 512 (GAI informed consent).