# Skills tagged "Compliance"

294 skills with this tag.

URL: https://rakenne.app/skill-tags/compliance/index.md

- [ISO 27001 ISMS Benchmark: Rakenne vs GPT-4o on Audit-Ready Documentation](https://rakenne.app/learn/best-practices/rakenne-vs-chatgpt-iso27001/index.md) — A side-by-side benchmark comparing Rakenne's ISO 27001 skills against GPT-4o on control name accuracy, hallucination rates, cross-document traceability, and audit readiness — with real output examples …
- [Why NotebookLM Feels Right for GRC Research but Falls Apart at Deliverable Time](https://rakenne.app/learn/best-practices/rakenne-vs-notebooklm-grc/index.md) — GRC consultants increasingly use NotebookLM for compliance work. Here's where it helps, where it breaks down, and what changes when the tool enforces the framework instead of the consultant.
- [Best Practices: Compliance and Policy Management — Rakenne vs OneTrust, LogicGate, PolicyTech](https://rakenne.app/learn/best-practices/compliance-and-policy-management/index.md) — How to choose the right approach for policy and compliance documents: workflow-centric drafting vs GRC and policy management platforms. Includes the Rakenne ISO 27001 skill suite (shared context and …
- [10-K Risk Factors (Item 1A)](https://rakenne.app/skills/sec-10k-risk-factors/index.md) — Draft and validate the Risk Factors section of a Form 10-K under Reg S-K Item 105: organize by materiality, write company-specific narratives, add a two-page summary when the section exceeds 15 pages, …
- [Accreditation self-study section](https://rakenne.app/skills/accreditation-self-study-section/index.md) — Draft and validate accreditation self-study sections (criterion ID, narrative, evidence reference) for audit.
- [ADR Dangerous Goods Transport Documentation](https://rakenne.app/skills/eu-adr-dangerous-goods-transport/index.md) — Draft and validate transport documentation for the carriage of dangerous goods by road under ADR. Covers transport document §5.4.1, packing certificate, emergency information, and instructions in …
- [Aged Care Quality Compliance](https://rakenne.app/skills/aged-care-quality-compliance/index.md) — Draft and validate Quality Care Advisory Body reports and Continuous Improvement plans for Australian aged care. Aligns with the Aged Care Quality Standards and SIRS (Serious Incident Response …
- [AI Bias Narrative Auditor](https://rakenne.app/skills/ai-bias-narrative-auditor/index.md) — Document risk, bias, and transparency for Algorithmic Impact Assessment (AIA). Critique Human-in-the-loop descriptions against EU AI Act Art. 14 and Canadian Directive thresholds; verify dataset …
- [AI Risk & Transparency Auditor](https://rakenne.app/skills/ai-risk-transparency-auditor/index.md) — Draft and validate a Fundamental Rights Impact Assessment (FRIA) for high-risk AI systems under the EU AI Act. Validates Instructions for Use against Art. 13 transparency requirements and audits …
- [Alcohol Licensing (Operating Schedules)](https://rakenne.app/skills/alcohol-licensing-operating-schedules/index.md) — Draft Operating Schedules for UK Premises Licence applications under the Licensing Act 2003. Covers licensable activities, times, premises description, and steps to promote the four licensing …
- [AML/BSA Compliance Program (Fintech & MSB)](https://rakenne.app/skills/aml-bsa-compliance-program/index.md) — Draft a complete AML/BSA compliance program for non-bank financial institutions — fintechs, MSBs, crypto exchanges, and insurance companies. Covers all five BSA pillars: compliance officer, policies, …
- [AML/CTF Program (AUSTRAC)](https://rakenne.app/skills/aml-ctf-program-austrac/index.md) — Create and validate Part A and Part B of the Anti-Money Laundering and Counter-Terrorism Financing Program for Australian reporting entities. Covers risk management, CDD, transaction monitoring, SMR, …
- [AML/CTF Program Manual](https://rakenne.app/skills/aml-program-manual/index.md) — Draft and validate an Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Program Manual covering KYC/CDD/EDD, transaction monitoring, sanctions screening (including PF-TFS), SAR/STR …
- [Annex 1 CCS Validator](https://rakenne.app/skills/annex1-ccs-validator/index.md) — Draft and validate a Contamination Control Strategy (CCS) for pharmaceutical sterile manufacturing per EU GMP Annex 1 (2023). Maps cleanroom classifications to grades A/B/C/D, validates environmental …
- [AOP/AOC Cahier des Charges](https://rakenne.app/skills/aop-aoc-cahier-des-charges/index.md) — Maintain and update Cahier des Charges for French AOP/AOC protected designations (INAO). Validates geographical area and production methods in specifications and audits AOP/AOC logo and mandatory …
- [AS9100 Procedure Author](https://rakenne.app/skills/as9100-procedure-author/index.md) — Guided elaboration of AS9100-aligned procedures and risk-based thinking documentation: quality manual sections, process procedures (design, purchasing, production, NCM), and key objective evidence for …
- [ASME Design Spec Author](https://rakenne.app/skills/asme-design-spec-author/index.md) — Guided elaboration of design and construction documentation per ASME BPVC or B31 — design basis, material selection, weld and NDE requirements, pressure/temperature limits.
- [ASTM Material Spec Author](https://rakenne.app/skills/astm-material-spec-author/index.md) — Guided elaboration of material specifications and test/acceptance documentation that reference ASTM standards — material designation, test methods, acceptance criteria, and COC requirements.
- [Auditoría de Conformidad EIA](https://rakenne.app/skills/eea-compliance-audit/index.md) — Valida Estudios de Impacto Ambiental (EsIA) frente a los umbrales regionales y nacionales de la Ley 21/2013 de evaluación ambiental (España): matriz de impacto, medidas preventivas y correctoras, …
- [Auditoria de Rotulagem de Alimentos e Suplementos](https://rakenne.app/skills/nutritional-label-validator/index.md) — Revisão completa de arte e tabelas nutricionais frente à regulamentação ANVISA. Valida aplicação da Lupa (excesso de açúcar, sódio ou gordura saturada), formato da tabela nutricional (ordem dos …
- [B Corp Policy Evidence Author](https://rakenne.app/skills/bcorp-policy-evidence-author/index.md) — Guided elaboration of B Corp BIA support documentation — policy evidence and narratives for Governance, Workers, Community, Environment, and Customers; improvement plans for low-scoring areas.
- [BACEN GRSAC - Relatórios de Risco e Capital](https://rakenne.app/skills/bacen-grsac/index.md) — Use quando o usuário precisar criar relatórios de gerenciamento de riscos e ativos padronizados conforme as normas de supervisão do Banco Central do Brasil (BACEN). Use para elaborar relatórios GRSAC, …
- [BCB 520/2025 — PSAVs: Funcionamento e Compliance](https://rakenne.app/skills/bacen-vasp-res-520/index.md) — Elaboração e revisão de documentação de funcionamento, proteção ao cliente, AML, governança, segurança e supervisão prudencial das PSAVs.
- [BCMS BIA & Plan Author](https://rakenne.app/skills/bcms-bia-plan-author/index.md) — Guided elaboration of BCMS documentation for ISO 22301: scope and context (Clause 4), BC policy (Clause 5), risk assessment for disruption (Clause 8.3), business impact analysis with MTPD/MBCO/RTO/RPO …
- [BCP Audit Evidence Pack](https://rakenne.app/skills/bcp-audit-evidence-pack/index.md) — Create a consolidated Business Continuity Evidence Pack for SOC 2, ISO 22301, or ISO 27001 audits. Combines BIA summary, RTO/RPO targets, recovery plans, DR test matrix, and auditor checklist into a …
- [BEP & EIR Elaborator](https://rakenne.app/skills/bep-eir-elaborator/index.md) — Guided elaboration of BIM Execution Plan (BEP — pre-appointment and post-appointment), OIR/AIR/PIR, EIR, MIDP/TIDP, and CDE workflow per ISO 19650-1/2. Verifies required BEP sections including LOIN, …
- [Board Committee Charters](https://rakenne.app/skills/governance-scope-audit/index.md) — Define and review board committee charters (Audit, Risk, Compensation) with clear scope and responsibilities aligned to NYSE, NASDAQ, and LSE listing rules. Detects overlapping responsibilities and …
- [Business Ethics & Code of Conduct](https://rakenne.app/skills/ethical-dilemma-generator/index.md) — Draft and validate Codes of Conduct as the high-level cultural guide for employee behavior. Creates industry-specific ethical-dilemma Scenario boxes (e.g. facilitation payments, conflicts of interest, …
- [Business Impact Analysis (BIA)](https://rakenne.app/skills/bia-rto-calculator/index.md) — Conduct structured Business Impact Analyses per ISO 22301. Guides interviews, maps process dependencies, determines RTO/RPO targets, and validates consistency across the dependency chain with …
- [Canada Privacy & PIA](https://rakenne.app/skills/canada-privacy-pia/index.md) — Guide to Canadian privacy law (PIPEDA, provincial private-sector laws, Bill C-27 status) and Privacy Impact Assessments for federal and private-sector data handling. Use with PIA outline and …
- [CCPA/CPRA Privacy Program — Compliance Documentation Package](https://rakenne.app/skills/ccpa-cpra-privacy-program/index.md) — Draft and validate the core privacy compliance documentation package required under the California Consumer Privacy Act as amended by CPRA. Covers the privacy policy, DSAR procedures, data inventory, …
- [CE Technical File Author](https://rakenne.app/skills/ce-technical-file-author/index.md) — Guided elaboration of CE technical documentation and Declaration of Conformity (DoC): applicable directives/regulations (e.g. RED, LVD, EMC, MDR, IVDR, Machinery), risk assessment, essential …
- [CFPB — Consumer Complaint Response & UDAAP Compliance](https://rakenne.app/skills/us-cfpb-complaint-udaap-compliance/index.md) — Draft and validate consumer complaint management programme and UDAAP compliance documentation for CFPB-supervised entities. Covers complaint response timelines, UDAAP risk assessment, fair lending, …
- [Charities Governance Code Compliance](https://rakenne.app/skills/charities-governance-code-compliance/index.md) — Prepare the Charities Governance Code Compliance Record Form for the annual report to the Charities Regulator (Ireland). Aligns board minutes and policies with the six core principles and validates …
- [Chemical Safety (SDS Author)](https://rakenne.app/skills/sds-author/index.md) — Author and validate Safety Data Sheets (SDS / FISPQ) compliant with REACH Annex II, GHS, CLP Regulation, and ABNT NBR 14725-4 for EU and Brazilian markets. Validates the 16 mandatory sections and …
- [CIS Controls Implementation Author](https://rakenne.app/skills/cis-controls-implementation-author/index.md) — Guided elaboration of CIS Controls v8 implementation plan — safeguard selection, IG1/IG2/IG3 alignment, and mapping to existing policies or controls.
- [Clinical Report Writing](https://rakenne.app/skills/clinical-reports/index.md) — Write comprehensive clinical reports including case reports (CARE guidelines), diagnostic reports (radiology, pathology, lab), clinical trial reports (ICH-E3, SAE, CSR), and patient documentation …
- [Clinical Trial Protocol (ICH E6(R3) GCP)](https://rakenne.app/skills/ich-gcp-clinical-trial-protocol/index.md) — Draft and validate clinical trial protocols per ICH E6(R3) Good Clinical Practice and ICH E8(R1) General Considerations for Clinical Studies. Ensures the protocol contains all required elements for …
- [CMMC Assessment Scoping](https://rakenne.app/skills/cmmc-scoping/index.md) — Define CMMC assessment scope, authorization boundary, and network architecture for Level 1 or Level 2. Documents in-scope assets and network diagram narrative for the SSP.
- [CMMC Asset Inventory](https://rakenne.app/skills/cmmc-asset-inventory/index.md) — Create and maintain the CMMC asset inventory: CUI assets, security protection assets, and contractor risk-managed assets for assessment scope.
- [CMMC Plan of Action & Milestones](https://rakenne.app/skills/cmmc-poam/index.md) — Draft and validate the CMMC POA&M: track control deficiencies, remediation plans, owners, and due dates for Conditional Level 2 or Level 3.
- [CMMC Policies and Procedures](https://rakenne.app/skills/cmmc-policies-procedures/index.md) — Draft CMMC-aligned security policies and procedures for all NIST 800-171 domains: Access Control, Audit, Awareness, Configuration Management, and others.
- [CMMC Readiness Gap Analysis](https://rakenne.app/skills/cmmc-readiness-gap-analysis/index.md) — Map controls to NIST SP 800-171 practices, identify CMMC coverage gaps, and build a prioritized remediation roadmap for Level 1 or Level 2.
- [CMMC System Security Plan](https://rakenne.app/skills/cmmc-ssp/index.md) — Draft and validate the CMMC SSP for Level 1 or Level 2: system description, boundary, and implementation narratives for each NIST 800-171 practice with evidence pointers.
- [CMS Obligations Elaborator](https://rakenne.app/skills/cms-obligations-elaborator/index.md) — Guided elaboration of ISO 37301:2021 CMS documentation: organizational context and scope, compliance policy, measurable objectives, obligations register (with shall/should distinction), compliance …
- [Codex Product & Labelling Author](https://rakenne.app/skills/codex-product-labelling-author/index.md) — Guided elaboration of product standards or labelling documentation aligned to Codex commodity standards, General Standard for Labelling, or Codex guidelines. Complements HACCP skill (Codex 7 …
- [Contrato com Operador — LGPD (Art. 39 e 42)](https://rakenne.app/skills/lgpd-contrato-operador/index.md) — Elaboração de contrato ou cláusulas entre controlador e operador de dados pessoais nos termos dos Art. 39 e 42 da LGPD. Cobre instruções do controlador, medidas de segurança, suboperadores, incidentes …
- [CQC Statement of Purpose](https://rakenne.app/skills/cqc-statement-of-purpose/index.md) — Draft, update, and validate the legally required Statement of Purpose for CQC-registered healthcare providers in England. Maps service descriptions to the Five Key Questions (Safe, Effective, Caring, …
- [Credenciamento Open Finance (PSTI)](https://rakenne.app/skills/psti-credential-validator/index.md) — Documentação técnica e validação de conformidade para Provedores de Serviços de Tecnologia da Informação no Open Finance Brasil (BCB, Res. 10/2026). Mapeia arquitetura de segurança e compara a API do …
- [CRICOS Provider Registration](https://rakenne.app/skills/cricos-provider-registration/index.md) — Prepare the Quality Management System for CRICOS registration in Australia. Covers Cancellation of Enrolment policy and the mandatory 20-day appeal period (National Code 2018); validates policy with …
- [Cybersecurity Incident Response Plan (Sector & State-Specific)](https://rakenne.app/skills/cybersecurity-irp/index.md) — Draft a cybersecurity Incident Response Plan aligned with NIST SP 800-61r3, tailored to industry sector (HIPAA, GLBA, PCI DSS, FERPA, NERC CIP) and state breach notification laws. Includes detection …
- [Data Privacy — AIPD (CNIL Standard)](https://rakenne.app/skills/cnil-aipd/index.md) — Conduct a Privacy Impact Assessment (AIPD) under the CNIL standard for France (RGPD). Three-step methodology: Context, Principles, Risks. Validates retention periods against CNIL 'droit à l'oubli' …
- [Data Processing Agreement (DPA) — SCC & sub-processor sync](https://rakenne.app/skills/dpa-scc/index.md) — Draft the legal annex for DPAs governing controller–processor data transfers under GDPR and CCPA. Inserts the correct Standard Contractual Clauses by data importer country and validates sub-processor …
- [Design Dossier Elaborator](https://rakenne.app/skills/design-dossier-elaborator/index.md) — Guided elaboration of design dossier, technical file, or device master record sections for medical devices: device classification, risk summary (ISO 14971:2019), essential principles (GSPR), …
- [DORA Information Register (ICT Third-Party Arrangements)](https://rakenne.app/skills/dora-information-register/index.md) — Create and maintain the Register of Information on ICT third-party service arrangements required by DORA Art. 28(3) and ITS 2024/2956. Covers entity identification, TPP data, contractual arrangements, …
- [DORA Policy Generator](https://rakenne.app/skills/dora-policy-generator/index.md) — Generate the complete set of policies required by DORA from organizational context. Covers ICT security, risk management, incident management, business continuity, third-party risk, access control, …
- [DPC GDPR Accuracy and Retention](https://rakenne.app/skills/dpc-gdpr-accuracy-retention/index.md) — Accuracy and retention for DPC self-assessment: purpose limitation, minimisation, accuracy, retention policies, secure destruction, and no unregulated duplication.
- [DPC GDPR Breach Notification](https://rakenne.app/skills/dpc-gdpr-breach/index.md) — Breach notification and response under Ireland DPC and GDPR Art. 33–34: 72h to DPC, data subject communication for high risk, risk levels, form, and internal record.
- [DPC GDPR Certification](https://rakenne.app/skills/dpc-gdpr-certification/index.md) — GDPR certification under Ireland DPC and Art. 42–43: DPC-approved criteria, INAB-accredited certification bodies, and documentation for certification readiness.
- [DPC GDPR Controller Obligations](https://rakenne.app/skills/dpc-gdpr-controller-obligations/index.md) — Other controller obligations for DPC checklist: processor/supplier agreements (Art. 28–29), DPO (37–39), DPIA (35).
- [DPC GDPR Data Breaches (Self-Assessment)](https://rakenne.app/skills/dpc-gdpr-data-breaches/index.md) — Breach preparedness for DPC checklist: incident response plan, procedures to notify DPC and individuals, documentation, and cooperation. For actual notification use DPC GDPR Breach Notification skill.
- [DPC GDPR Data Security](https://rakenne.app/skills/dpc-gdpr-data-security/index.md) — Data security (Art. 32) for DPC self-assessment: risk assessment, technical and organisational measures, encryption, recovery, and secure destruction.
- [DPC GDPR Data Subject Rights](https://rakenne.app/skills/dpc-gdpr-data-subject-rights/index.md) — Data subject rights (Art. 15–23) for DPC self-assessment: SAR, portability, deletion/rectification, restriction, object, profiling, and restrictions.
- [DPC GDPR International Transfers](https://rakenne.app/skills/dpc-gdpr-international-transfers/index.md) — International data transfers (Art. 44–50) for DPC self-assessment: adequacy, SCCs, documentation, and transparency to data subjects.
- [DPC GDPR Personal Data (Legal Basis)](https://rakenne.app/skills/dpc-gdpr-personal-data/index.md) — Personal data for DPC self-assessment: consent (Art. 7–9), children (Art. 8), and legitimate interest assessment.
- [DPC GDPR Readiness](https://rakenne.app/skills/dpc-gdpr-readiness/index.md) — GDPR readiness and self-assessment aligned to the Ireland DPC Self-Assessment Checklist: data mapping, legal basis, retention, and links to the eight detailed checklist areas.
- [DPC GDPR Transparency](https://rakenne.app/skills/dpc-gdpr-transparency/index.md) — Transparency (Art. 12–14) for DPC self-assessment: information to data subjects, Art. 13/14 lists, and proactive rights information.
- [Ecocert Scope Author](https://rakenne.app/skills/ecocert-scope-author/index.md) — Guided elaboration of Ecocert (or equivalent) certification application and scope documentation — scope of operation, input lists, conversion plan (if applicable), and traceability/CoC for organic or …
- [eCTD Cross-Module Verifier](https://rakenne.app/skills/ectd-cross-module-verifier/index.md) — Verify consistency and data integrity of eCTD pharmaceutical dossiers. Cross-checks Module 2 (Summaries) against Module 5 (Clinical Study Reports) to ensure study references, p-values, N-counts, …
- [EMS Context & Obligations Author](https://rakenne.app/skills/ems-context-obligations-author/index.md) — Guided elaboration of EMS context, environmental aspects/impacts, compliance obligations register, and environmental objectives and plans for ISO 14001. Ensures significant aspects are linked to …
- [EN Conformity Documentation Author](https://rakenne.app/skills/en-conformity-documentation-author/index.md) — Guided elaboration of conformity documentation for products or systems against selected EN (or ETSI) standards — scope, normative references, conformity route, and clause-by-clause or test-based …
- [Encarregado (DPO) — LGPD (Art. 41)](https://rakenne.app/skills/lgpd-encarregado/index.md) — Documentação e divulgação do encarregado (DPO) nos termos do Art. 41 da LGPD. Cobre designação, canal público, atribuições perante titulares e ANPD, e integração com política de privacidade e registro …
- [EnMS Energy Review Author](https://rakenne.app/skills/enms-energy-review-author/index.md) — Guided elaboration of EnMS documentation for ISO 50001: energy review, baseline, EnPIs, objectives and action plans. Ensures baseline and EnPIs have scope and units and flags objectives without …
- [Environmental Referrals (EPBC Act)](https://rakenne.app/skills/environmental-referrals-epbc/index.md) — Draft Referral of Proposed Action for developments affecting matters of national environmental significance (MNES) under the EPBC Act. Covers Ramsar wetlands, threatened species, mitigation and …
- [ERISA Summary Plan Description (SPD)](https://rakenne.app/skills/us-erisa-summary-plan-description/index.md) — Draft and validate the Summary Plan Description required by ERISA §102 for employee benefit plans. Covers plan identification, participation, benefits, claims procedure, and ERISA rights per 29 CFR …
- [ESG Report (CSRD / ISSB)](https://rakenne.app/skills/esg-report/index.md) — Compile Environmental, Social, and Governance reports aligned with CSRD/ESRS and ISSB/IFRS S1-S2. Guides double materiality assessment, GHG emissions accounting (Scope 1, 2, 3), and structured report …
- [Executive Readiness Report](https://rakenne.app/skills/executive-readiness-report/index.md) — Generate a board-ready executive summary of compliance posture, readiness scores by area, critical gaps, and timeline to audit. Designed for C-suite, board members, and auditors. Synthesizes data from …
- [Export Control Redactor](https://rakenne.app/skills/export-control-redactor/index.md) — Scan technical manuals for ITAR-controlled Defense Articles on the USML and flag content requiring export licenses. For USA defense sector; supports USML category tagging, Technical Data …
- [Fairtrade CoC Author](https://rakenne.app/skills/fairtrade-coc-author/index.md) — Guided elaboration of Fairtrade supply chain and Chain of Custody (CoC) documentation — product scope, trader license scope, CoC procedures, and mass balance or physical separation evidence.
- [FAR Clause Analyzer](https://rakenne.app/skills/far-clause-analyzer/index.md) — Ensure federal contract proposals contain mandatory FAR and agency-supplement clauses. For USA government contracting; supports prime and subcontract proposals under the Federal Acquisition …
- [FDA Submission Wizard](https://rakenne.app/skills/fda-submission-wizard/index.md) — Draft and validate FDA medical device submissions. Supports 510(k) Premarket Notifications (eSTAR format) with predicate comparison and substantial equivalence arguments, and PMA (Premarket Approval) …
- [FedRAMP Authorization Package](https://rakenne.app/skills/fedramp-authorization-package/index.md) — Draft and validate FedRAMP authorization packages for cloud service providers: System Security Plan (SSP) with all required attachments, Security Assessment Plan (SAP), Security Assessment Report …
- [Financial Services Statement of Advice](https://rakenne.app/skills/financial-services-soa/index.md) — Generate and validate personalised Statements of Advice (SoA) for retail clients in Australia. Ensures Best Interests Duty (BID) and FOFA ongoing fee compliance; includes soa_logic_validator and …
- [Food Labeling & Claims (FDA / USDA)](https://rakenne.app/skills/food-labeling-claims/index.md) — Draft and validate U.S. food product labels and labeling claims compliant with FDA 21 CFR 101, USDA FSIS, NLEA, FALCPA, and FASTER Act. Validates required label elements, allergen declarations, …
- [FSAI Agri-Food Traceability](https://rakenne.app/skills/fsai-agri-food-traceability/index.md) — Draft Recall and Withdrawal procedures for meat and dairy in Ireland (FSAI), with One-Step-Back/Forward traceability and validation of the 14 allergens list against Irish S.I. No. 489/2014 font and …
- [FSMS Manual & PRP/OPRP Author](https://rakenne.app/skills/fsms-manual-prp-author/index.md) — Guided elaboration of FSMS documentation for ISO 22000: food safety policy, PRPs, OPRPs, HACCP plan linkage, and operational control procedures. Ensures PRPs and OPRPs are documented and linked to …
- [GDPR Consent Form (Art. 7)](https://rakenne.app/skills/gdpr-consent-form/index.md) — Draft consent forms and consent notices for personal data processing under GDPR Article 7. Covers all conditions for valid consent: freely given, specific, informed, unambiguous. Includes validation …
- [GDPR Gap Assessment](https://rakenne.app/skills/gdpr-gap-assessment/index.md) — Perform a structured gap assessment against GDPR (Regulation 2016/679). Mandatory artifact detector scans for missing compliance documents; maturity rater suggests 0-5 maturity per domain across all …
- [GDPR Legitimate Interest Assessment (Art. 6(1)(f))](https://rakenne.app/skills/gdpr-legitimate-interest-assessment/index.md) — Conduct a three-part Legitimate Interest Assessment (LIA) under GDPR Art. 6(1)(f): purpose test, necessity test, and balancing test. Validates against EDPB Opinion 08/2024, WP217, and CJEU case law …
- [GDPR Privacy by Design & Default (Art. 25)](https://rakenne.app/skills/gdpr-privacy-by-design/index.md) — Assess and document data protection by design and by default measures per GDPR Article 25 and EDPB Guidelines 4/2019. Covers the seven foundational principles, Hoepman's eight design strategies, Art. …
- [GDPR ROPA & DPIA Author](https://rakenne.app/skills/gdpr-ropa-dpia-author/index.md) — Guided elaboration of Records of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIA): processing purposes, legal basis, data categories, recipients, retention, safeguards, and …
- [GDPR Vendor & Processor Audit (Art. 28)](https://rakenne.app/skills/gdpr-vendor-processor-audit/index.md) — Plan and document processor audits under GDPR Art. 28(3)(h). Covers Art. 28(3)(a-h) contract compliance, sub-processor chain review, international transfer assessment (SCCs, adequacy, BCRs, TIA), Art. …
- [GMP SOP & Validation Author](https://rakenne.app/skills/gmp-sop-validation-author/index.md) — Guided elaboration of GMP documentation — SOPs, validation protocol (IQ/OQ/PQ), and batch record template sections aligned to FDA 21 CFR 211 / EU EudraLex Vol 4 / WHO GMP.
- [GRI Sustainability Report Author](https://rakenne.app/skills/gri-sustainability-report-author/index.md) — Guided elaboration of a GRI Standards-aligned sustainability report: material topics, GRI Universal Standards (2–3) and topic-specific disclosures (200/300/400 series), and management approach per …
- [GwG Anti-Money Laundering Risk Analysis](https://rakenne.app/skills/gwg-risk-analysis/index.md) — Erstellt Risikoanalysen gemaess §5 GwG (Geldwaeschegesetz) fuer den Nichtfinanzsektor. Weist Kunden anhand von Transparenzregister-Daten Risikostufen zu und validiert PEP-Sorgfaltspflichten (§15 GwG) …
- [HACCP Food Safety Plan](https://rakenne.app/skills/haccp-food-safety-plan/index.md) — Draft and validate a HACCP Food Safety Plan for Food & Beverage operations aligned with Codex Alimentarius (CXC 1-1969, revised 2020) and FDA FSMA (21 CFR Part 117). Covers all seven HACCP principles …
- [Health Canada & MDSAP](https://rakenne.app/skills/health-canada-mdsap/index.md) — Align QMS documentation to MDSAP and Health Canada expectations. Guides users to map procedures and records to MDSAP/ISO 13485, prepare for audits, and use the mdsap_audit_aligner skill when …
- [HIPAA Security Risk Assessment (SRA)](https://rakenne.app/skills/hipaa-security-risk-assessment/index.md) — Draft and validate the Security Risk Assessment required by the HIPAA Security Rule (45 CFR §164.308(a)(1)). Defines scope and ePHI boundaries, inventories assets and Business Associate relationships, …
- [HIQA Care/Support Plan](https://rakenne.app/skills/hiqa-care-support-plan/index.md) — Draft or update an individual care or support plan for a resident or child in a designated centre aligned with HIQA standards.
- [HIQA Complaints Procedure](https://rakenne.app/skills/hiqa-complaints-procedure/index.md) — Draft or update a complaints procedure for healthcare services aligned with HIQA NSSBH and national complaints guidance.
- [HIQA Consent Policy](https://rakenne.app/skills/hiqa-consent-policy/index.md) — Draft or update a consent policy for healthcare services aligned with HIQA NSSBH and Irish consent law.
- [HIQA Data Protection and Confidentiality Policy](https://rakenne.app/skills/hiqa-data-protection-confidentiality-policy/index.md) — Draft or update a data protection and confidentiality policy aligned with HIQA, GDPR, and Irish law.
- [HIQA Designated Centre Complaints](https://rakenne.app/skills/hiqa-designated-centre-complaints/index.md) — Draft or update a complaints procedure for a designated centre aligned with HIQA standards.
- [HIQA Designated Centre Health and Safety](https://rakenne.app/skills/hiqa-designated-centre-health-safety/index.md) — Draft or update a health and safety policy for a designated centre aligned with HIQA and health and safety law.
- [HIQA Designated Centre Medication](https://rakenne.app/skills/hiqa-designated-centre-medication/index.md) — Draft or update a medication policy for a designated centre aligned with HIQA standards.
- [HIQA Designated Centre Safeguarding](https://rakenne.app/skills/hiqa-designated-centre-safeguarding/index.md) — Draft or update a safeguarding policy for a designated centre aligned with HIQA and national safeguarding guidance.
- [HIQA Healthcare Governance](https://rakenne.app/skills/hiqa-healthcare-governance/index.md) — Draft or update a governance and accountability framework for healthcare services aligned with HIQA NSSBH Theme 5.
- [HIQA Incident Investigation Report](https://rakenne.app/skills/hiqa-incident-investigation-report/index.md) — Draft an incident investigation report for healthcare services aligned with HIQA NSSBH and learning from incidents.
- [HIQA Incident Reporting Procedure](https://rakenne.app/skills/hiqa-incident-reporting-procedure/index.md) — Draft or update an incident reporting procedure for healthcare services aligned with HIQA NSSBH (internal reporting; for notifiable incidents use hiqa-notifiable-incidents-reporting).
- [HIQA Information Governance Policy](https://rakenne.app/skills/hiqa-information-governance-policy/index.md) — Draft or update an information governance policy aligned with HIQA National Standards for Information Management and NSSBH Theme 8.
- [HIQA Notifiable Incidents Reporting](https://rakenne.app/skills/hiqa-notifiable-incidents-reporting/index.md) — Draft or update the process for reporting notifiable incidents to HIQA/Chief Inspector under the Patient Safety Act 2023.
- [HIQA Open Disclosure Policy](https://rakenne.app/skills/hiqa-open-disclosure-policy/index.md) — Draft or update an open disclosure policy aligned with the Patient Safety Act 2023 and HIQA NSSBH.
- [HIQA Quality Improvement Plan](https://rakenne.app/skills/hiqa-quality-improvement-plan/index.md) — Draft or update a quality improvement plan for healthcare services aligned with HIQA NSSBH.
- [HIQA Record-Keeping and Retention](https://rakenne.app/skills/hiqa-record-keeping-retention/index.md) — Draft or update record-keeping and retention procedures aligned with HIQA National Standards for Information Management.
- [HIQA Risk Register](https://rakenne.app/skills/hiqa-risk-register/index.md) — Draft or update a risk register for healthcare services aligned with HIQA NSSBH (safe care, governance).
- [HIQA Safeguarding Policy](https://rakenne.app/skills/hiqa-safeguarding-policy/index.md) — Draft or update a safeguarding policy for healthcare services aligned with HIQA NSSBH and national safeguarding guidance.
- [HIQA Statement of Purpose](https://rakenne.app/skills/hiqa-statement-of-purpose/index.md) — Draft or update a Statement of Purpose for a designated centre (older people, disability, or children) for HIQA registration.
- [HIQA Workforce Performance Management Policy](https://rakenne.app/skills/hiqa-workforce-performance-policy/index.md) — Draft or update a workforce performance management policy for healthcare services aligned with HIQA NSSBH Theme 6.
- [HIQA Workforce Recruitment Policy](https://rakenne.app/skills/hiqa-workforce-recruitment-policy/index.md) — Draft or update a workforce recruitment policy for healthcare services aligned with HIQA NSSBH Theme 6.
- [HIQA Workforce Supervision Policy](https://rakenne.app/skills/hiqa-workforce-supervision-policy/index.md) — Draft or update a workforce supervision policy for healthcare services aligned with HIQA NSSBH Theme 6.
- [HIQA Workforce Training Policy](https://rakenne.app/skills/hiqa-workforce-training-policy/index.md) — Draft or update a workforce training policy for healthcare services aligned with HIQA NSSBH Theme 6.
- [HITRUST CSF Assessment](https://rakenne.app/skills/hitrust-csf-assessment/index.md) — Draft HITRUST CSF Validated Assessment deliverables for e1, i1, or r2 certification: control requirement responses at all maturity levels, evidence artifacts, Corrective Action Plans, and the …
- [HR & Personnel Security](https://rakenne.app/skills/iso27001-hr-security/index.md) — Draft and validate HR security documents covering the full employment lifecycle: pre-employment screening, employment contract security clauses, management security responsibilities, disciplinary …
- [IATF 16949 Process & CSR Author](https://rakenne.app/skills/iatf16949-process-csr-author/index.md) — Guided elaboration of IATF 16949 process documentation and customer-specific requirements (CSR) matrix: process maps, turtle diagrams, and evidence of conformity to OEM CSR.
- [ICT Risk Management Framework (DORA)](https://rakenne.app/skills/dora-ict-risk-framework/index.md) — Draft the complete ICT risk management framework required by the EU Digital Operational Resilience Act (DORA), covering governance, asset identification, protection, detection, response, recovery, and …
- [IEC 62304 Software Lifecycle Author](https://rakenne.app/skills/iec62304-software-lifecycle-author/index.md) — Guided elaboration of medical device software lifecycle documentation per IEC 62304 — SDP, SOUP identification, SRS, design, verification/validation, and risk control integration.
- [IEC 62443 Zone & SR Elaborator](https://rakenne.app/skills/iec-62443-zone-sr-elaborator/index.md) — Guided elaboration of IACS security documentation per IEC 62443: zone/conduit model, Security Level (SL) targets, Security Requirements (SR) for components and systems, and gap remediation. Verifies …
- [IEEE Software Design Author](https://rakenne.app/skills/ieee-software-design-author/index.md) — Guided elaboration of software or systems design documentation per IEEE standards (e.g. 1016 for design description, 829 for test documentation) — design views, traceability to requirements, and test …
- [Individual Accountability Framework (IAF/SEAR) — Ireland](https://rakenne.app/skills/iaf-sear-ireland/index.md) — Draft and validate Statements of Responsibility and Management Responsibilities Maps for the Central Bank of Ireland IAF and SEAR. Supports banks, insurers, and investment firms. Includes gap …
- [Information Security Policy (ISO 27001)](https://rakenne.app/skills/information-security-policy/index.md) — Draft and validate an Information Security Policy aligned with ISO 27001:2022. Builds a complete Statement of Applicability covering all 93 Annex A controls, validates enforceability of policy …
- [Insurance policy summary](https://rakenne.app/skills/insurance-policy-summary/index.md) — Produce and validate structured insurance policy summaries (coverage, limits, exclusions, conditions, notice). Reduces E&O risk by ensuring critical sections and notice provisions are present.
- [ISMS Internal Audit Report (Clause 9.2)](https://rakenne.app/skills/iso27001-isms-internal-audit-report/index.md) — Plan and execute ISO 27001 internal audits: create audit plans with sampling strategies, draft structured audit reports with findings mapped to clauses, validate finding completeness (severity, …
- [ISMS Scope Statement (ISO 27001 Clause 4.3)](https://rakenne.app/skills/iso27001-isms-scope/index.md) — Define and validate the ISMS scope boundaries (physical, organizational, technical) with justified exclusions and no Shadow IT gaps. Includes boundary integrity checker and exclusion logic validator …
- [ISO 14001 EMS Documentation](https://rakenne.app/skills/iso14001-ems-documentation/index.md) — Draft ISO 14001:2015 Environmental Management System documentation: organization environmental profiling, gap assessment against clauses 4-10 with maturity ratings, and environmental policy creation. …
- [ISO 14971 Risk File Author](https://rakenne.app/skills/iso14971-risk-file-author/index.md) — Guided elaboration of risk management file for medical devices per ISO 14971: hazard identification, risk analysis, risk control, residual risk acceptability, and benefit–risk rationale. Flags risks …
- [ISO 20000 Internal Audit (Clause 4.5.4.2)](https://rakenne.app/skills/iso20000-internal-audit/index.md) — Plan and execute SMS internal audits for ISO/IEC 20000-1:2011. Create annual audit programs, plan individual engagements, document findings with classifications (Major NC, Minor NC, Observation, OFI), …
- [ISO 27001 Asset Inventory & Classification Register](https://rakenne.app/skills/iso27001-asset-inventory/index.md) — Build and validate an Asset Inventory & Classification Register for ISO 27001:2022 Control A.5.9. Catalog information assets with Ownership and Classification (Public, Internal, Confidential, …
- [ISO 27001 Awareness and Training Plan](https://rakenne.app/skills/iso27001-awareness-training-plan/index.md) — Create, validate, and maintain the ISO 27001:2022 awareness and training plan per Clauses 7.2 (Competence), 7.3 (Awareness), and Annex A control A.6.3. Defines target audiences with role-based …
- [ISO 27001 Business Continuity & Disaster Recovery Plan](https://rakenne.app/skills/iso27001-business-continuity-plan/index.md) — Create operationally detailed Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) with BIA-driven recovery sequences, RTO/RPO validation, failover procedures, and exercise records per …
- [ISO 27001 Confidentiality & NDA Agreements](https://rakenne.app/skills/iso27001-confidentiality-nda/index.md) — Create and manage confidentiality and non-disclosure agreement templates with a tracking register per ISO 27001 Control A.6.6. Covers both employee and third-party scenarios.
- [ISO 27001 Critical Supplier Register](https://rakenne.app/skills/iso27001-critical-supplier-register/index.md) — Operational register of critical suppliers with data access, SLA thresholds, BCP dependencies, security assessment history, and internal ownership. The auditor-expected evidence document that proves …
- [ISO 27001 Gap Assessment](https://rakenne.app/skills/iso27001-gap-assessment/index.md) — Perform a structured gap assessment against ISO 27001:2022 clauses 4-10 and 93 Annex A controls. Mandatory artifact detector scans for missing ISMS documents; maturity rating tool suggests 0-5 …
- [ISO 27001 ISMS Annual Maintenance & Surveillance Audit Prep](https://rakenne.app/skills/iso27001-annual-maintenance/index.md) — Prepare for annual ISO 27001 surveillance audits by reviewing and updating existing ISMS documents. Scans documents for freshness, assesses organizational changes, performs delta risk re-assessment, …
- [ISO 27001 Legal & Regulatory Requirements Register](https://rakenne.app/skills/iso27001-legal-requirements-register/index.md) — Identify, document, and track all legal, statutory, regulatory, and contractual requirements relevant to information security per ISO 27001 Control A.5.31.
- [ISO 27001 Management Review](https://rakenne.app/skills/iso27001-management-review/index.md) — Prepare, validate, and document the ISO 27001:2022 management review per Clause 9.3. Compiles input pack from workspace ISMS artifacts, validates all 10 mandatory input categories (Clause 9.3.2) and 3 …
- [ISO 27001 Monitoring, Measurement & Evaluation](https://rakenne.app/skills/iso27001-monitoring-measurement-evaluation/index.md) — Draft and validate the Clause 9.1 report (PDCA 'Check') and Clause 6.2 objectives register: six validation tools covering KPI effectiveness, CAPA linkage for every failed control, CAPA field …
- [ISO 27001 Operating Procedures (SOPs)](https://rakenne.app/skills/iso27001-operating-procedures/index.md) — Create, validate, and index standard operating procedures (SOPs) for information processing facilities per ISO 27001 Control A.5.37. Produces step-by-step procedures with traceability to Annex A …
- [ISO 27001 Organization Profile](https://rakenne.app/skills/iso27001-organization-profile/index.md) — Build and validate a shared organization profile for ISO 27001 certification. Captures organizational facts (industry, locations, technology stack, regulations, suppliers) that feed into scope, risk …
- [ISO 27001 Policy Generator](https://rakenne.app/skills/iso27001-policy-generator/index.md) — Generate, validate, and maintain the core ISMS policy and procedure set for ISO 27001:2022 certification. Produces 22 document types (information security policy, ISMS manual, risk management, access …
- [ISO 27001 Risk Assessment](https://rakenne.app/skills/iso27001-risk-assessment/index.md) — Complete ISO 27001:2022 risk assessment workflow covering methodology definition, risk identification using a 12-category threat taxonomy, risk analysis with 5×5 matrix scoring, treatment planning …
- [ISO 27001 Secure Architecture Principles](https://rakenne.app/skills/iso27001-secure-architecture-principles/index.md) — Document secure system architecture and engineering principles per ISO 27001 Control A.8.27. Produces a principles catalog with rationale, implementation guidance, and technology-stack applicability …
- [ISO 27001 Statement of Applicability](https://rakenne.app/skills/iso27001-soa/index.md) — Build and validate the SoA (Clause 6.1.3): map 93 Annex A controls to In/Out with justification and implementation evidence. SoA mapping engine suggests inclusions from risk assessment; control …
- [ISO 27001 Supplier Information Security Policy](https://rakenne.app/skills/iso27001-supplier-security-policy/index.md) — Draft and validate supplier security requirements and annexes for ISO 27001:2022 Control 5.21. Tier-based Minimum Security Baseline (Cloud vs Janitorial), Right to Audit and Breach Notification …
- [ISO 27701 Controller Controls (Annex A)](https://rakenne.app/skills/iso27701-controller-controls/index.md) — Implement and document ISO 27701 Clause 7 and Annex A controls specific to PII controllers. Covers conditions for collection/processing, obligations to PII principals, privacy by design/default, and …
- [ISO 27701 DPIA Program](https://rakenne.app/skills/iso27701-dpia-program/index.md) — Establish a Data Protection Impact Assessment (DPIA) program aligned to ISO 27701 Clause 7.2.5 and GDPR Article 35. Create DPIA methodology with WP29/EDPB screening criteria, screen processing …
- [ISO 27701 PII Processing Inventory](https://rakenne.app/skills/iso27701-pii-inventory/index.md) — Build the PII processing inventory (Record of Processing Activities / ROPA) and data flow map for ISO 27701. Catalogs every processing activity with purpose, legal basis, data categories, PII …
- [ISO 27701 PIMS Extension Author](https://rakenne.app/skills/iso27701-pims-extension-author/index.md) — Guided elaboration of PIMS documentation as an extension to ISMS: PII processing inventory, privacy objectives, processing purposes and legal basis, controller/processor annex controls, and privacy …
- [ISO 27701 PIMS Internal Audit](https://rakenne.app/skills/iso27701-pims-internal-audit/index.md) — Plan and document a PIMS-specific internal audit. Covers audit planning, execution checklist, findings, nonconformities, and corrective actions focused on privacy controls and PII processing …
- [ISO 27701 PIMS Scope Definition](https://rakenne.app/skills/iso27701-pims-scope/index.md) — Define the Privacy Information Management System (PIMS) scope per ISO/IEC 27701:2019+AMD1:2024 Clauses 5.2.1–5.2.4 — organization role as PII controller, processor, or both (5.2.1); interested parties …
- [ISO 27701 PIMS Statement of Applicability](https://rakenne.app/skills/iso27701-pims-soa/index.md) — Create the PIMS Statement of Applicability covering both Annex A (controller) and Annex B (processor) controls. Maps each control to In/Out with justification, implementation status, and evidence — …
- [ISO 27701 Privacy Policy Generator](https://rakenne.app/skills/iso27701-privacy-policy-generator/index.md) — Generate a comprehensive privacy policy/notice aligned to ISO 27701 Clause 6 controller obligations. Uses PII inventory and controller controls as inputs to produce a legally-grounded, auditable …
- [ISO 27701 Privacy Risk Assessment](https://rakenne.app/skills/iso27701-privacy-risk-assessment/index.md) — Conduct a privacy-specific risk assessment focusing on risks to PII principals per ISO 27701 Clause 5.4 (2019) / Clause 6.6 (2025). Defines all 8 individual-focused privacy impact criteria (physical …
- [ISO 27701 Processor Controls (Annex B)](https://rakenne.app/skills/iso27701-processor-controls/index.md) — Implement and document ISO 27701 Clause 8 and Annex B controls specific to PII processors. Covers conditions for processing, obligations to PII principals, privacy by design/default, sub-processor …
- [ISO 27701 Security Controls Overlay](https://rakenne.app/skills/iso27701-security-controls-overlay/index.md) — Create the privacy overlay for the 93 ISO 27002:2022 security controls. For each control in the SoA, document what additional privacy-specific implementation is needed per ISO 27701 Clause 6. Covers …
- [ISO 42001 AI Policy](https://rakenne.app/skills/iso42001-ai-policy/index.md) — Draft and validate the formal AI Policy for ISO/IEC 42001:2023, covering all mandatory Clause 5.2 elements: organizational purpose alignment, compliance commitment, continual improvement, risk …
- [ISO 42001 AI Risk Assessment Methodology](https://rakenne.app/skills/iso42001-risk-assessment-methodology/index.md) — Draft the AI risk assessment methodology for ISO/IEC 42001:2023.
- [ISO 42001 AI Risk Register](https://rakenne.app/skills/iso42001-risk-register/index.md) — Draft and validate the AI risk register for ISO/IEC 42001:2023 with ownership, treatment, and residual risk.
- [ISO 42001 AIMS Scope and Context](https://rakenne.app/skills/iso42001-aims-scope-context/index.md) — Draft and validate AIMS scope statement and organizational context for ISO/IEC 42001:2023 certification (Clause 4).
- [ISO 42001 Data Governance](https://rakenne.app/skills/iso42001-data-governance/index.md) — Draft data governance procedures for AI systems under ISO/IEC 42001:2023.
- [ISO 42001 Incident Response](https://rakenne.app/skills/iso42001-incident-response/index.md) — Draft AI incident response procedure and documentation for ISO/IEC 42001:2023.
- [ISO 42001 Internal Audit](https://rakenne.app/skills/iso42001-internal-audit/index.md) — Draft internal audit procedure and audit report structure for the AIMS under ISO/IEC 42001:2023.
- [ISO 42001 Nonconformity & Corrective Action](https://rakenne.app/skills/iso42001-nonconformity-corrective-action/index.md) — Draft nonconformity and corrective action procedure and records for the AIMS under ISO/IEC 42001:2023.
- [ISO 42001 Statement of Applicability](https://rakenne.app/skills/iso42001-statement-of-applicability/index.md) — Build and validate the SoA for ISO/IEC 42001:2023 Annex A with justification and implementation evidence.
- [ISO 42001 Supplier & Third-Party AI](https://rakenne.app/skills/iso42001-supplier-third-party/index.md) — Draft supplier and third-party AI evaluation, contracts, and documentation for ISO/IEC 42001:2023.
- [ISO 45001 Gap Assessment](https://rakenne.app/skills/ohsms-gap-assessment/index.md) — Perform a structured gap assessment against ISO 45001:2018 clauses 4-10. Scans for missing OHSMS documentation, rates clause maturity on a 0-5 scale, and produces a prioritized remediation roadmap for …
- [ISO 45001 Organization Profile](https://rakenne.app/skills/ohsms-organization-profile/index.md) — Build and validate a shared organization profile for ISO 45001:2018 certification. Captures industry sector, worker demographics, locations, OH&S history, regulatory environment, and contractor …
- [ITU Recommendation Conformity Author](https://rakenne.app/skills/itu-recommendation-conformity-author/index.md) — Guided elaboration of implementation or compliance documentation for a selected ITU-T (or ITU-R) recommendation — scope, normative references, implementation statement, and conformance checklist.
- [JIT PAM Zero Trust (NIST 800-207)](https://rakenne.app/skills/jit-pam-zero-trust/index.md) — Document and audit Just-in-Time privileged access management aligned to Zero Trust and NIST SP 800-207. Defines no-standing-privilege, time-bound elevation, and MFA for privileged sessions.
- [King IV Apply and Explain](https://rakenne.app/skills/king-iv-apply-and-explain/index.md) — Draft or validate the King IV 'apply and explain' governance disclosure (all 16 principles) for South Africa.
- [LAC — Licenciamento Ambiental Simplificado](https://rakenne.app/skills/env-licensing-lac/index.md) — Apoia a elaboracao e revisao de requerimentos de LAC (Licenca por Adesao e Compromisso) para licenciamento ambiental no Brasil, com foco em CONAMA e orgaos estaduais de meio ambiente. Inclui …
- [LAE — Licença Ambiental Especial (Obras Estratégicas)](https://rakenne.app/skills/lae-strategic-drafter/index.md) — Estruturação de Termos de Referência (TR) e Relatórios de Impacto Ambiental (EIA/RIMA) para Licença Ambiental Especial (Lei 15.300/2025), com foco em obras e empreendimentos estratégicos. Garante …
- [Law 25 — Governance Policy](https://rakenne.app/skills/law25-governance/index.md) — Draft the policy on practices governing the protection of personal information under Quebec Law 25. Covers complaints process, staff roles and responsibilities, retention and destruction rules, and …
- [Law 25 — Privacy Officer Designation](https://rakenne.app/skills/law25-privacy-officer/index.md) — Draft the formal designation of the person in charge of the protection of personal information (Privacy Officer) under Quebec Law 25 (Bill 64). Board resolution or CEO/MD letter; validation for …
- [Law 25 — Privacy Policy](https://rakenne.app/skills/law25-privacy-policy/index.md) — Draft and update a public privacy policy in line with Quebec Law 25 (Bill 64). Covers purposes, rights, retention, complaints, and Privacy Officer contact. Includes validation for required elements.
- [LEED Credit Documentation Author](https://rakenne.app/skills/leed-credit-documentation-author/index.md) — Guided elaboration of LEED credit documentation — credit intent, compliance path, calculations, and evidence checklist for submission.
- [LkSG Supply Chain Due Diligence](https://rakenne.app/skills/lksg-due-diligence/index.md) — Erstellt Grundsatzerklaerungen (Policy Statements) und Jahresberichte gemaess dem Lieferkettensorgfaltspflichtengesetz (LkSG). Mappt Lieferantenaudits auf die 11 geschuetzten Rechtspositionen und …
- [MaRisk Risikomanagement-Handbuch](https://rakenne.app/skills/marisk-risk-elaborator/index.md) — Erstellt und prueft Risikomanagement-Handbuecher fuer Finanzinstitute in Deutschland gemaess MaRisk (BaFin). Unterstuetzt die vollstaendige Ausarbeitung aller MaRisk-Module (AT, BT, BTR), …
- [MAS TRM — Technology Risk Management Framework](https://rakenne.app/skills/sg-mas-trm-risk-framework/index.md) — Draft and validate the Technology Risk Management framework for MAS-regulated financial institutions. Covers governance, IT resilience, cyber security, data loss prevention, and technology audit per …
- [MD&A — Driver-Based Drafting (Item 303)](https://rakenne.app/skills/sec-mda/index.md) — Draft Management's Discussion and Analysis for 10-K or 10-Q with a driver-based structure: results of operations, liquidity and capital resources, known trends and uncertainties, and critical …
- [MFA Exception Rationalizer (CISA CPG 1.1)](https://rakenne.app/skills/mfa-exception-rationalizer/index.md) — Document the transition to phishing-resistant MFA and draft MFA-exception rationales for Critical Infrastructure. Identifies legacy systems that cannot support MFA, proposes compensating controls …
- [Mining & Exploration — Reserve Estimate Validator](https://rakenne.app/skills/reserve-estimate-validator/index.md) — Guided elaboration and compliance validation of mineral resource and reserve technical reports under NI 43-101 (Canada) and JORC Code (Australia/South Africa), with QP/CP certificate checking and …
- [Mobile Device & Teleworking Policy (ISO 27001)](https://rakenne.app/skills/remote-work-risk-drafter/index.md) — Draft and validate a Mobile Device & Teleworking Policy for ISO 27001:2022 (A.5.17, A.6.7, A.8.1). Covers BYOD, VPN, disk encryption, remote wipe consent, endpoint leakage risk, and compliance with …
- [Modern Slavery Statements (AU)](https://rakenne.app/skills/modern-slavery-statement-au/index.md) — Annual drafting of Modern Slavery Statements for the Australian regime under the Modern Slavery Act 2018 (Cth). Covers the seven mandatory criteria (s16), approval by the principal governing body, and …
- [Monitoramento de Infecções (IRAS) e RAM](https://rakenne.app/skills/hospital-safety-reporter/index.md) — Padroniza relatórios mensais de infecção hospitalar e resistência microbiana para hospitais e clínicas, com foco em notificação de indicadores nacionais obrigatórios e detecção de discrepâncias …
- [Multi-State Employee Handbook](https://rakenne.app/skills/multi-state-employee-handbook/index.md) — Draft a multi-state employee handbook with jurisdiction-specific policy language for each state of operation, covering at-will employment, paid leave, anti-discrimination, wage and hour, and workplace …
- [NDB Incident Drafter](https://rakenne.app/skills/ndb-incident-drafter/index.md) — Draft and validate the Statement to the Commissioner and Notification to Individuals under Australia's Notifiable Data Breaches (NDB) scheme. Ensures the four mandatory sections under Privacy Act s …
- [NDIS Provider Quality Audit](https://rakenne.app/skills/ndis-provider-quality-audit/index.md) — Elaborate and validate the Provider Policy & Procedures manual for NDIS registration in Australia. Ensures the Reportable Incidents procedure includes the mandatory 24-hour notification to the NDIS …
- [NIS2 Entity Classification](https://rakenne.app/skills/nis2-entity-classification/index.md) — Classify an organization as essential, important, or out-of-scope under the NIS2 Directive (EU 2022/2555). Maps activities to Annex I/II sectors, applies size thresholds (medium/large enterprise …
- [NIS2 Gap Assessment](https://rakenne.app/skills/nis2-gap-assessment/index.md) — Perform a structured gap assessment against all NIS2 Directive Art. 21 cybersecurity risk-management measures. Rates maturity (0-5) per measure, detects missing compliance artifacts, and builds a …
- [NIS2 Governance & Risk Management](https://rakenne.app/skills/nis2-governance-risk/index.md) — Document management body accountability and cybersecurity risk management measures per NIS2 Directive Art. 20-21. Covers all 11 mandatory measures (a)-(k), governance approval workflows, and …
- [NIS2 Incident Reporting](https://rakenne.app/skills/nis2-incident-reporting/index.md) — Draft NIS2-compliant incident reports following Art. 23 timelines: early warning within 24 hours, incident notification within 72 hours, and final report within one month. Classifies incident …
- [NIS2 Registration & Reporting](https://rakenne.app/skills/nis2-registration-reporting/index.md) — Prepare entity registration submissions and annual reports per NIS2 Art. 27-28. Validates registration form completeness against required fields (entity details, sector, IP ranges, contact …
- [NIST CSF Profile Author](https://rakenne.app/skills/nist-csf-profile-author/index.md) — Guided elaboration of a NIST Cybersecurity Framework (CSF) assessment: current profile (Identify, Protect, Detect, Respond, Recover, Govern), target profile, gap analysis, and prioritized …
- [NIST Password Logic Adapter (CISA CPG 1.2)](https://rakenne.app/skills/nist-password-logic-adapter/index.md) — Rewrite legacy password policies to prioritize length and entropy over complexity and aging, and draft the Compromised Password Detection Protocol. Aligns with NIST SP 800-63B and CISA CPG 1.2; …
- [NIST SP 800-53 / CSF Crosswalk](https://rakenne.app/skills/nist-800-53-csf-crosswalk/index.md) — Bidirectional crosswalk between NIST Cybersecurity Framework (CSF) 2.0 subcategories and SP 800-53 Rev 5 controls. Maps CSF subcategories to 800-53 controls and vice versa, identifies gaps in either …
- [NIST SP 800-53 Baseline Selector](https://rakenne.app/skills/nist-800-53-baseline-selector/index.md) — Select and tailor an SP 800-53 Rev 5 control baseline based on FIPS 199 categorization and regulatory overlays (HIPAA, PCI-DSS, GDPR, SOX, FedRAMP, CMMC). Applies the appropriate Low/Moderate/High …
- [NIST SP 800-53 Control Standard Author](https://rakenne.app/skills/nist-800-53-control-standard-author/index.md) — Author implementation standards for individual NIST SP 800-53 controls. Each standard documents the control objective, implementation narrative, technology and tools, responsible roles, evidence …
- [NIST SP 800-53 Family Policy Author](https://rakenne.app/skills/nist-800-53-family-policy-author/index.md) — Author NIST SP 800-53 family-level policies (the -1 controls) for each control family. Produces structured policy documents with Purpose, Scope, Applicability, Policy Statements, Roles & …
- [NIST SP 800-53 Gap Analysis](https://rakenne.app/skills/nist-800-53-gap-analysis/index.md) — Conduct a gap analysis across the NIST SP 800-53 compliance program. Cross-references tailored control catalog against policies, standards, and mappings to identify coverage gaps. Prioritizes …
- [NIST SP 800-53 Organization Profile](https://rakenne.app/skills/nist-800-53-organization-profile/index.md) — Build and validate the organizational context profile for NIST SP 800-53 Rev 5 compliance. Captures FIPS 199 security categorization (Confidentiality, Integrity, Availability impact levels), …
- [NIST SP 800-53 Policy-Control Mapper](https://rakenne.app/skills/nist-800-53-policy-control-mapper/index.md) — Map existing policy and standard documents to NIST SP 800-53 controls with AI-assisted quality scoring. Rates each mapping as High/Medium/Low confidence with documented justification. Identifies …
- [Nordic AML/CFT — Enterprise-Wide Risk Assessment](https://rakenne.app/skills/nordic-aml-cft-risk-assessment/index.md) — Draft and validate the enterprise-wide AML/CFT risk assessment for Nordic supervisors. Covers inherent risk, control effectiveness, residual risk, and risk appetite per Joint ESA Guidelines and AMLD6.
- [OH&S Policy & Leadership (ISO 45001 Clauses 5.1–5.3)](https://rakenne.app/skills/ohsms-policy-leadership/index.md) — Draft and validate the OH&S policy, leadership commitment statement, and roles & responsibilities matrix per ISO 45001:2018. Validates the policy for all six mandatory commitments (prevention of …
- [OHSMS Hazard & Legal Author](https://rakenne.app/skills/ohsms-hazard-legal-author/index.md) — Guided elaboration of OH&S management system documentation for ISO 45001: context, hazard identification and risk assessment (6.1.2), hierarchy of controls (8.1.2), legal and other requirements …
- [OHSMS Internal Audit (Clause 9.2)](https://rakenne.app/skills/ohsms-internal-audit/index.md) — Plan and execute ISO 45001 OHSMS internal audits: create audit plans with sampling strategies, draft structured audit reports with findings mapped to clauses, validate finding completeness (severity, …
- [OHSMS Management Review (Clause 9.3)](https://rakenne.app/skills/ohsms-management-review/index.md) — Prepare, validate, and document the ISO 45001 management review per Clause 9.3. Compile input pack from OHSMS artifacts, validate coverage of all mandatory inputs (9.3.2) and outputs (9.3.3) including …
- [OT Asset Integrity Register (CISA CPG 2.1)](https://rakenne.app/skills/ics-firmware-monitor/index.md) — Maintain and validate an OT Asset Integrity Register for CISA CPG 2.1: catalog ICS, PLCs, HMIs, and sensors with firmware versions and physical locations; link assets to CISA KEV and vendor advisories …
- [PAM Standard (PR.AA)](https://rakenne.app/skills/pam-standard/index.md) — Draft and validate a Privileged Access Management standard aligned to NIST CSF 2.0 PR.AA. Defines JIT, least privilege, SoD boundaries, and break-glass workflow; ensures MFA for 100% of privileged …
- [PCI DSS Report on Compliance (ROC)](https://rakenne.app/skills/pci-dss-roc-author/index.md) — Author PCI DSS v4.0 ROC documentation for Level 1 QSA assessments: scope workpapers, requirement-by-requirement findings, Compensating Controls Worksheets (CCWs), Customized Approach Worksheets …
- [PCI-DSS SAQ & Scope Author](https://rakenne.app/skills/pci-dss-saq-scope-author/index.md) — Guided elaboration of PCI-DSS scope documentation and SAQ support: cardholder data environment (CDE), network segmentation narrative, and control evidence mapping to SAQ requirements.
- [Pharmacy QMS (ApBetrO)](https://rakenne.app/skills/apbetro-pharmacy-qms/index.md) — Pflege und Erstellung des Qualitaetsmanagementsystems (QMS) fuer oeffentliche Apotheken gemaess Apothekenbetriebsordnung (ApBetrO). Erstellt QMS-Handbuecher, Hygieneplaeane nach RKI-Richtlinien, …
- [Physical Security Perimeter (ISO 27001)](https://rakenne.app/skills/iso27001-physical-security-perimeter/index.md) — Define and document physical security perimeters and physical entry controls for ISO 27001:2022 Annex A 7.1 and 7.2. Structures the Defense in Depth narrative for offices, data centers, and secure …
- [PMS — Plan de Maîtrise Sanitaire (France)](https://rakenne.app/skills/pms-plan-maitrise-sanitaire/index.md) — Elaborate the sanitation master plan (PMS) for restaurants and food production in France. Align with Paquet Hygiène, sector GBPH, and DDPP controls. Covers traceability (étiquettes de traçabilité) and …
- [Política de Privacidade — LGPD](https://rakenne.app/skills/lgpd-privacy-policy/index.md) — Elaboração de políticas de privacidade em conformidade com a LGPD (Lei 13.709/2018) e orientações da ANPD. Cobre transparência (Art. 9), princípios (Art. 6º), direitos do titular (Art. 18), bases …
- [POPIA Information Officer Authorization](https://rakenne.app/skills/popia-information-officer-authorization/index.md) — Draft the formal authorization (board resolution or CEO/MD letter) designating the Information Officer and Deputy IOs for submission to the Information Regulator.
- [POPIA Registration Form Part A — Information Officer](https://rakenne.app/skills/popia-registration-form-part-a/index.md) — Draft Part A of the POPIA Information Officer registration form with full name, designation, and contact details including direct email for the Information Regulator.
- [POPIA Registration Form Part B — Deputy Information Officers](https://rakenne.app/skills/popia-registration-form-part-b/index.md) — Draft Part B of the POPIA Information Officer registration form with contact details for each Deputy Information Officer (DIO) for the Information Regulator.
- [POPIA Registration Form Part C — Organisation Details](https://rakenne.app/skills/popia-registration-form-part-c/index.md) — Draft Part C of the POPIA Information Officer registration form with registered company name, address, and registration number for the Information Regulator.
- [Privacy & PII Protection Program](https://rakenne.app/skills/iso27001-privacy-pii-program/index.md) — Build a comprehensive privacy program aligned with ISO 27001:2022 A.5.34 and major privacy regulations (GDPR, LGPD, CCPA). Produces five core privacy documents: external-facing privacy policy, Record …
- [Privilege Training Mapper (CISA CPG 4.3)](https://rakenne.app/skills/privilege-training-mapper/index.md) — Map privileged job functions to role-specific training modules and validate training compliance. Cross-reference Privileged User List with HR training log to flag missing or overdue certifications.
- [Procedimentos de Notificação à ANPD — LGPD](https://rakenne.app/skills/lgpd-anpd-notificacoes/index.md) — Documentação e execução dos procedimentos de notificação à ANPD: comunicação de RIPD (Art. 38), incidente de segurança (Art. 48), consulta prévia e demais obrigações. Inclui quando e como notificar, …
- [Professional Fees for Architects (HOAI)](https://rakenne.app/skills/hoai-billing/index.md) — Phase-by-phase billing and documentation of service achievements for architects and engineers per HOAI (Honorarordnung für Architekten und Ingenieure). Validates Grundleistungen completeness before …
- [QMS CAPA Tracker](https://rakenne.app/skills/qms-capa-tracker/index.md) — Draft and validate CAPA (Corrective and Preventive Action) reports for medical device quality management systems. Standardizes root cause analysis using 5 Whys or Fishbone (Ishikawa) methods, enforces …
- [QMS Procedure Elaborator](https://rakenne.app/skills/qms-procedure-elaborator/index.md) — Guided elaboration of QMS procedures, process maps, and quality objectives aligned to ISO 9001 clauses and context of the organization. Verifies required clause topics are addressed and objectives are …
- [Qualiopi — Dossier de Certification](https://rakenne.app/skills/qualiopi-dossier-certification/index.md) — Prepare the Dossier de Certification for Qualiopi (France, RNQ). Structure proof-of-service evidence (feuilles d'émargement, enquêtes de satisfaction), validate with proof_of_service_audit, and align …
- [R&D Tax Incentive Registration](https://rakenne.app/skills/rd-tax-incentive-registration/index.md) — Draft Core and Supporting Activity descriptions for the R&D Tax Incentive annual registration (Australia, AusIndustry/ATO). Ensures HEOC structure for core activities and salary-to-project nexus; …
- [Railway RAMS Lifecycle Validator](https://rakenne.app/skills/rams-lifecycle-validator/index.md) — Elaborate and validate a Safety Case for railway signaling systems per EN 50126. Covers the full V-model lifecycle (Concept to Decommissioning), SIL 1–4 allocation with failure rate consistency …
- [RCA — Relatório de Controle Ambiental](https://rakenne.app/skills/env-licensing-rca/index.md) — Apoia a elaboração e revisão de Relatórios de Controle Ambiental (RCA) para licenciamento ambiental no Brasil, com foco em regularização de empreendimentos e renovação de licenças, incluindo …
- [RCA/PCA — Medidas Mitigadoras e Monitoramento](https://rakenne.app/skills/rca-pca-mitigation/index.md) — Redação técnica de medidas mitigadoras para Relatórios de Controle Ambiental (RCA) e Planos de Controle Ambiental (PCA), com vínculo impacto–monitoramento e verificação de efluentes contra CONAMA 430. …
- [RCT Sub-contractor Agreements](https://rakenne.app/skills/rct-subcontractor-agreements/index.md) — Draft and validate sub-contractor agreements for Irish construction and project management with RCT and VAT reverse charge compliance. Ensures Status of the Worker clauses and mandatory VAT wording.
- [RE2020 Compliance](https://rakenne.app/skills/re2020-compliance/index.md) — Draft the environmental performance summary for new buildings under France's RE2020. Covers IC construction and IC énergie (kgCO₂/m²), LCA narrative with bio-sourced materials, threshold validation, …
- [Records Retention Schedule](https://rakenne.app/skills/records-retention-schedule/index.md) — Build records retention schedules defining how long every document type (tax, HR, legal, accounting, medical, contracts) must be kept, with country-specific statutory minimums and validated disposal …
- [Registro de Operações de Tratamento — LGPD (Art. 37)](https://rakenne.app/skills/lgpd-registro-operacoes/index.md) — Elaboração e manutenção do registro de operações de tratamento de dados pessoais em conformidade com o Art. 37 da LGPD. Documenta finalidades, categorias de dados e titulares, bases legais, …
- [Relatório de Impacto à Proteção de Dados (RIPD) — LGPD](https://rakenne.app/skills/lgpd-ripd/index.md) — Elaboração e validação de Relatórios de Impacto à Proteção de Dados (RIPD) sob a LGPD (Lei 13.709/2018) e orientações da ANPD. Avaliação de riscos para tratamentos de alto risco ou em larga escala …
- [Relatório de Segurança — LGPD (Art. 46 a 49)](https://rakenne.app/skills/lgpd-relatorio-seguranca/index.md) — Elaboração do relatório de segurança e do procedimento de comunicação de incidentes nos termos dos Art. 46 a 49 da LGPD. Cobre medidas técnicas e organizacionais, registro de incidentes (Art. 47), …
- [Relatórios Prudenciais CMN/BCB](https://rakenne.app/skills/prudential-reporting-bacen/index.md) — Apoia a elaboracao e revisao de divulgacoes prudenciais no Brasil com foco em CMN/BCB (Pilar 3, ICAAP e riscos sociais, ambientais e climaticos), incluindo checklist de conformidade e validacao de …
- [Review Legal Clauses](https://rakenne.app/skills/review-legal-clauses/index.md) — Examine contract clauses for completeness, risks, and compliance issues. Flags potential problems and suggests improvements in plain language.
- [RI&E — Risico-inventarisatie en -evaluatie (Netherlands)](https://rakenne.app/skills/nl-rie-risico-inventarisatie/index.md) — Draft and validate the mandatory Risk Inventory & Evaluation (RI&E) and Plan van Aanpak under the Dutch Working Conditions Act (Arbowet Art. 5). Covers hazard identification, risk evaluation, PSA, and …
- [Risk & Control Self-Assessment (RCSA)](https://rakenne.app/skills/inherent-residual-audit/index.md) — RCSA support aligned with COSO and Basel III. Front-line managers document risks and control effectiveness; the skill scores control strength (Automated > Manual, Preventative > Detective) and …
- [Risk Register ISO 31000](https://rakenne.app/skills/risk-register-iso31000/index.md) — Guided elaboration of an ISO 31000:2018-aligned risk register: organizational context, risk criteria (likelihood/impact scales and appetite), structured register entries with cause, existing controls, …
- [Sandbox Compliance Expert](https://rakenne.app/skills/sandbox-compliance-expert/index.md) — Elaboração de propostas para sandbox regulatório e contratos de inovação (CVM, BCB, SUSEP). Define critérios de saída segura e limites de operação; valida proteção ao consumidor e responsabilidade …
- [SBOM Vulnerability Mapper](https://rakenne.app/skills/sbom-vulnerability-mapper/index.md) — Generate and validate a Software Bill of Materials (SBOM) and draft CRA-compliant technical documentation for connected products in the EU market. Checks software components against the NIST NVD for …
- [SDLC Control Drafter (ISO 27001 A.8.28)](https://rakenne.app/skills/sdlc-control-drafter/index.md) — Draft and maintain ISO 27001-aligned Secure Development Lifecycle (SDLC) policy: Security by Design, Security by Default, and security gates (SAST/DAST, peer review, threat modeling). Includes OWASP …
- [SEC DEF 14A (Proxy Statement)](https://rakenne.app/skills/sec-proxy-def14a/index.md) — Draft and validate annual meeting proxy statements for U.S. domestic issuers: meeting and voting mechanics, proposals, director nominees, beneficial ownership, executive compensation (scaled for …
- [SEC Form 10-Q (Quarterly Report)](https://rakenne.app/skills/sec-form-10q/index.md) — Generate and validate quarterly Form 10-Q narrative sections and checklists, with delta-focused updates, Risk Factors (material changes only), Legal Proceedings, Controls and Procedures, and …
- [SEC Form 4 (Section 16)](https://rakenne.app/skills/sec-form-4-section-16/index.md) — Generate Form 4 drafts from insider transaction details: map to transaction codes and tables, draft footnotes (tax withholding, 10b5-1, indirect ownership), and validate for Rule 16a-3 and …
- [SEC Form 8-K (Current Report)](https://rakenne.app/skills/sec-form-8k/index.md) — Draft and validate SEC Form 8-K filings for any reportable corporate event, with item mapping, compliance checks, and standard legal language.
- [SecNumCloud — Dossier d'Homologation](https://rakenne.app/skills/secnumcloud-dossier-homologation/index.md) — Draft the Dossier d'Homologation for ANSSI SecNumCloud certification. Map infrastructure to the Référentiel, validate EEA data sovereignty for sub-processors, and structure evidence for France's …
- [SFCR Solvency II (Pillar 3)](https://rakenne.app/skills/sfcr-solvency-ii/index.md) — Supports preparation and review of the Solvency and Financial Condition Report (SFCR) for EU insurance and reinsurance undertakings under Solvency II Pillar 3, including QRT consistency checks and …
- [SOC 2 Audit Readiness Planner](https://rakenne.app/skills/soc2-audit-readiness-planner/index.md) — Guided journey dashboard across all SOC 2 skills. Detects which skills have produced their expected outputs, shows progress across 4 phases (Foundation, Assessment, Documentation, Validation), and …
- [SOC 2 Control Narrative Author](https://rakenne.app/skills/soc2-control-narrative-author/index.md) — Guided elaboration of SOC 2 readiness documentation: control narratives aligned to AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy), …
- [SOC 2 Internal Audit](https://rakenne.app/skills/soc2-internal-audit/index.md) — Conduct an internal readiness audit for SOC 2 certification. Tests controls per TSC criteria, classifies findings by AICPA severity (Material Weakness, Significant Deficiency, Deficiency, …
- [SOC 2 Monitoring & Testing](https://rakenne.app/skills/soc2-monitoring-testing/index.md) — Build an ongoing monitoring and testing program for SOC 2 audit readiness. Creates a control testing plan with method, frequency, and tester assignments; an evidence collection matrix mapping controls …
- [SOC 2 Organization Profile](https://rakenne.app/skills/soc2-organization-profile/index.md) — Build and validate the organizational context profile for SOC 2 audit readiness. Captures principal service commitments, system requirements (SCSR), trust services categories, system boundaries, …
- [SOC 2 Policy Generator](https://rakenne.app/skills/soc2-policy-generator/index.md) — Generate Trust Services Criteria-aligned policy documents for SOC 2 audit readiness. Produces 8 core policies (Information Security, Access Control, Change Management, Incident Response, Risk …
- [SOC 2 Policy Review](https://rakenne.app/skills/soc2-policy-review/index.md) — Interactive statement-by-statement review of SOC 2 policy documents. Walks through each policy statement with approve, reject, or AI rewrite options. Produces a timestamped audit trail that satisfies …
- [SOC 2 Readiness Gap Analysis](https://rakenne.app/skills/soc2-readiness-gap-analysis/index.md) — Map internal controls against AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy). Identifies unmapped criteria, validates evidence artifacts and …
- [SOC 2 Risk Assessment](https://rakenne.app/skills/soc2-risk-assessment/index.md) — Conduct a structured risk assessment aligned to AICPA Trust Services Criteria. Identifies risks per TSC category using a 5x5 likelihood-impact matrix, maps risks to specific TSC criteria …
- [SOC 2 System Description & Management Assertion](https://rakenne.app/skills/soc2-system-description/index.md) — Draft the SOC 2 system description narrative (Section III) and management assertion letter per AICPA Trust Services Criteria (TSP Section 100) and DC Section 200 description criteria. Covers system …
- [SOC 2 Vendor Management](https://rakenne.app/skills/soc2-vendor-management/index.md) — Establish third-party and subservice organization oversight for SOC 2 audit readiness. Risk-tiered assessment framework with vendor register, SOC report review validation, CSOCs validation, and tiered …
- [SOW & SLA Drafter](https://rakenne.app/skills/general-sow-sla/index.md) — Draft professional Statements of Work with Service Level Agreements for B2B engagements. Industry-aware: applies regulatory and compliance sections based on the client's sector (Healthcare, Fintech, …
- [SOX Section 404 — Internal Control over Financial Reporting Narrative](https://rakenne.app/skills/sox-icfr-control-narrative/index.md) — Draft and validate management's assessment of Internal Control over Financial Reporting (ICFR) per SOX §404, aligned to the COSO 2013 framework and PCAOB AS 2201. Produces process narratives, …
- [State Claims Risk Management](https://rakenne.app/skills/state-claims-risk-management/index.md) — Draft and validate Risk Management reports for state-insured entities (hospitals, prisons) in Ireland under the State Claims Agency (SCA/NTMA). Ensures expected sections, tags Protected Disclosure and …
- [StateRAMP Authorization Package](https://rakenne.app/skills/stateramp-authorization-package/index.md) — Draft and validate StateRAMP authorization packages for cloud service providers serving U.S. state and local government: System Security Plan (SSP) with attachments, Security Assessment Plan (SAP), …
- [Structural Steel Specifications (USA / AISC 360)](https://rakenne.app/skills/civil-structural-steel-usa/index.md) — Guided elaboration of technical specifications for load-bearing steel structures in the USA, with ASTM material cross-referencing, LRFD/ASD safety-factor validation, and compliance checking against …
- [Supply Chain Code of Conduct](https://rakenne.app/skills/supply-chain-code-of-conduct/index.md) — Draft and validate supply chain codes of conduct defining the ethical standards suppliers must sign. Covers labour rights, environmental obligations, Right to Audit clauses, and sub-tier flow-down …
- [Termo de Consentimento — LGPD (Art. 8 e 11)](https://rakenne.app/skills/lgpd-termo-consentimento/index.md) — Elaboração de termo ou formulário de consentimento para tratamento de dados pessoais em conformidade com o Art. 8 e 11 da LGPD. Cobre consentimento destacado, finalidades determinadas, revogação …
- [Third-Party Risk Assessment (TPRA)](https://rakenne.app/skills/third-party-risk-assessment/index.md) — Assess vendor security posture by validating SIG questionnaire responses against evidence and auditing SOC 2 reports for coverage gaps. Produces structured TPRA reports aligned with NIST SP 800-161 …
- [Traceability Matrix Auditor](https://rakenne.app/skills/traceability-matrix-auditor/index.md) — Generate and validate the DO-178C traceability matrix for airborne software. Maps HLR to LLR to source code and runs bidirectional checks for orphan code and dead requirements.
- [Tusla Early Years Inspectorate](https://rakenne.app/skills/tusla-early-years-inspectorate/index.md) — Draft the Safety Statement and Child Safeguarding Statement for creches and early years services in Ireland. Validates staff-to-child ratios against Tusla’s Schedule 6 (Early Years Services …
- [UK Bribery Act — Adequate Procedures ABC Program](https://rakenne.app/skills/uk-bribery-act-abc-program/index.md) — Draft and validate the Anti-Bribery & Corruption (ABC) programme documentation required for the 'adequate procedures' defence under UK Bribery Act 2010 §7. Structures the programme around the Ministry …
- [UK Gambling Commission — Operating Licence Compliance](https://rakenne.app/skills/uk-gambling-commission-licence-compliance/index.md) — Draft and validate policies and procedures for Gambling Commission operating licence holders under the Gambling Act 2005 and LCCP. Covers AML/CTF, social responsibility, customer interaction, …
- [UK GDPR & DPIA (Data Protection)](https://rakenne.app/skills/uk-gdpr-dpia/index.md) — Conduct and validate Data Protection Impact Assessments (DPIAs) under the UK GDPR and ICO guidance for high-risk processing. Suggests technical and organisational safeguards aligned with UK Adequacy …
- [UK Modern Slavery Statements](https://rakenne.app/skills/uk-modern-slavery-statements/index.md) — Annual drafting of transparency statements for the UK government registry under the Modern Slavery Act 2015 (s54). Covers the six recommended areas—organisation structure and supply chains, policies, …
- [UK Public Procurement (Procurement Act 2023)](https://rakenne.app/skills/uk-procurement-act-2023/index.md) — Draft and validate Selection Questionnaires and Tender Responses under the UK Procurement Act 2023. Covers exclusion grounds (Schedules 6 & 7), debarment list checks, Social Value evaluation per PPN …
- [US Multi-State Employee Handbook](https://rakenne.app/skills/us-multistate-employee-handbook/index.md) — Draft comprehensive employee handbooks compliant with federal law and state-specific requirements for employers with employees in multiple US states, including state addenda for leave laws, meal/rest …
- [Validador de Folletos Informativos (CNMV)](https://rakenne.app/skills/prospectus-validator/index.md) — Ayuda a elaborar y revisar folletos informativos de fondos de inversión en España conforme a la normativa CNMV, MiFID II y la Ley del Mercado de Valores, con checklist de conformidad y validación de …
- [VgV Procurement Note](https://rakenne.app/skills/vgv-procurement-note/index.md) — Erstellt und validiert den Vergabevermerk (Procurement Note) nach VgV § 8 / UVgO § 6 fuer oeffentliche Vergabeverfahren, einschliesslich nachpruefungsfester Zuschlagsbegruendung und …
- [VIA Impact Matrix](https://rakenne.app/skills/via-impact-matrix/index.md) — Struttura i rapporti di Valutazione di Impatto Ambientale (VIA) per progetti infrastrutturali in Italia conformemente al Codice dell'Ambiente (D.Lgs. 152/2006): matrice di impatto, Studio di Impatto …
- [VOB Contract Enforcer](https://rakenne.app/skills/vob-contract-enforcer/index.md) — Validiert Bauausschreibungen und Bauvertraege gegen die VOB (Vergabe- und Vertragsordnung) und DIN-Normen, einschliesslich Klauselpruefung, Leistungsverzeichnis-Struktur und Konformitaets-Checklisten.
- [Whistleblower System Design (HinSchG)](https://rakenne.app/skills/whistleblower-system-design/index.md) — Erstellt Verfahrensordnungen fuer interne Meldestellen gemaess dem Hinweisgeberschutzgesetz (HinSchG). Validiert Pflichtabschnitte, gesetzliche Fristen (7 Tage Eingangsbestaetigung, 3 Monate …
- [Whistleblowing Investigation Report](https://rakenne.app/skills/whistleblowing-investigation-report/index.md) — Document findings of internal ethics or whistleblowing investigations for the board or audit committee, with anonymity and legal-privilege safeguards. Aligns with EU Whistleblowing Directive and …
- [Works Council Agreements (BetrVG)](https://rakenne.app/skills/betrvg-works-council-agreements/index.md) — Negotiation-based drafting and validation of Betriebsvereinbarungen (Works Agreements) for IT systems under the Betriebsverfassungsgesetz (BetrVG). Ensures Leistungs- und Verhaltenskontrolle …
- [Zero-Knowledge / BYOK Encryption (ABA 477R/512)](https://rakenne.app/skills/zero-knowledge-byok-encryption/index.md) — Document and validate BYOK and zero-knowledge encryption architecture for legal and compliance contexts. Aligns with ABA 477R (reasonable efforts) and ABA 512 (GAI informed consent).

---

Back to [All Tags](https://rakenne.app/skill-tags/) | [Skill Library](https://rakenne.app/skills/)