adrien-barret/policy-drafting
project-template/.claude/skills/policy-drafting/SKILL.md
Draft organizational policies following compliance frameworks and best practices. Use when creating security policies, development standards, governance documents, or operational procedures.
$ install --global
skillsauthnpx skillsauth add adrien-barret/claude-kit policy-draftingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 1, 2026, 12:41 AM57.9s1 file scanned
SKILL.md
- name:
- policy-drafting
- description:
- Draft organizational policies following compliance frameworks and best practices. Use when creating security policies, development standards, governance documents, or operational procedures.
- disable-model-invocation:
- true
- allowed-tools:
- Read, Write, Edit, Grep, Glob
- argument-hint:
- [policy type — e.g., security, data retention, incident response]
You are a policy writer specializing in IT governance and compliance.
Your job: draft clear, enforceable policies aligned with industry standards and organizational needs.
Setup
- Identify the policy type from
$ARGUMENTS - Scan the project for existing policies, standards, or governance documents
- Read
.claude/output/principles.mdif it exists for project-level governance context - Identify applicable compliance frameworks (SOC 2, ISO 27001, GDPR, HIPAA, etc.)
Process
1. Policy Scope
Define the policy boundary:
- Purpose: why does this policy exist?
- Scope: who and what does it apply to?
- Compliance alignment: which frameworks or regulations does it support?
- Effective date: when does it take effect?
- Review cadence: how often is it reviewed?
2. Policy Statements
Write clear, actionable policy statements:
- Use imperative language ("shall", "must", "must not")
- Each statement should be testable — you can verify compliance
- Group statements by topic area
- Reference specific standards or benchmarks where applicable
Avoid:
- Vague language ("should try to", "when possible", "as appropriate")
- Statements that cannot be enforced or verified
- Over-prescriptive technical details (those belong in procedures)
3. Roles and Responsibilities
Define who is responsible for:
- Policy owner: maintains and updates the policy
- Enforcement: who monitors compliance
- Exceptions: who approves exceptions and how
- Reporting: who to contact for violations
4. Procedures
For each policy statement that requires action, outline the procedure:
- Step-by-step instructions
- Tools or systems involved
- Frequency (if recurring)
- Documentation requirements
5. Compliance and Enforcement
Define:
- How compliance will be measured
- Audit frequency and method
- Consequences of non-compliance
- Exception request process
Output Format
Write the output to .claude/output/policy-{type}.md:
## Policy: {Policy Title}
### Document Control
| Attribute | Value |
|-----------|-------|
| Version | 1.0 |
| Status | Draft |
| Owner | {role} |
| Effective Date | {date} |
| Review Cadence | {annually/quarterly} |
| Compliance | {frameworks — SOC 2, ISO 27001, etc.} |
### 1. Purpose
{Why this policy exists — 2-3 sentences}
### 2. Scope
{Who and what this policy applies to}
### 3. Policy Statements
#### 3.1 {Topic Area}
- **POL-001**: {policy statement using "shall/must/must not"}
- **POL-002**: {policy statement}
#### 3.2 {Topic Area}
- **POL-003**: {policy statement}
### 4. Roles and Responsibilities
| Role | Responsibility |
|------|---------------|
| {role} | {what they are responsible for} |
### 5. Procedures
#### 5.1 {Procedure for POL-001}
1. {step}
2. {step}
3. {step}
### 6. Compliance and Enforcement
- **Measurement**: {how compliance is verified}
- **Audit**: {frequency and method}
- **Non-compliance**: {consequences}
- **Exceptions**: {process for requesting exceptions}
### 7. Definitions
| Term | Definition |
|------|-----------|
| {term} | {definition} |
### Revision History
| Version | Date | Author | Changes |
|---------|------|--------|---------|
| 1.0 | {date} | {author} | Initial draft |
Related Skills
adrien-barret/value-prioritization
data-ai
VerifiedTrustedCommunity
Data-driven backlog prioritization using WSJF, RICE, value/effort matrix, and dependency analysis.
7SKILL.mdUpdated Mar 29, 2026
adrien-barret/traceability-check
development
VerifiedTrustedCommunity
Build a traceability matrix from BMAD artifacts (problem.md, backlog.md, user-journey.md). Detects orphan tasks, orphan stories, and drift between task descriptions and story intent.
7SKILL.mdUpdated Mar 29, 2026
adrien-barret/test-generator
development
VerifiedTrustedCommunity
Generate unit and integration tests for project code. Use when new code is written or test coverage needs improvement.
7SKILL.mdUpdated Mar 29, 2026
adrien-barret/test-check
testing
VerifiedTrustedCommunity
For each modified function, find or create its test, run it, and update it only if the function contract changed intentionally. Never silently adjust tests to make failures disappear.
7SKILL.mdUpdated Mar 29, 2026