vuralserhat86/skills/compliance_analyst
skills/compliance_analyst/SKILL.md
--- name: compliance_analyst router_kit: SecurityKit description: Sertifikasyon, uyumluluk gereksinimleri ve regulatory pathway araştırma rehberi. metadata: skillport: category: research tags: [architecture, automation, best practices, clean code, coding, collaboration, compliance, compliance analyst, debugging, design patterns, development, documentation, efficiency, git, optimization, productivity, programming, project management, quality assurance, refactoring, software engineering,
$ install --global
skillsauthnpx skillsauth add vuralserhat86/antigravity-agentic-skills skills/compliance_analystInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 1:19 AM134.1s1 file scanned
SKILL.md
- name:
- compliance_analyst
- router_kit:
- SecurityKit
- description:
- Sertifikasyon, uyumluluk gereksinimleri ve regulatory pathway araştırma rehberi.
- category:
- research
- tags:
- [architecture, automation, best practices, clean code, coding, collaboration, compliance, compliance analyst, debugging, design patterns, development, documentation, efficiency, git, optimization, productivity, programming, project management, quality assurance, refactoring, software engineering, standards, testing, utilities, version control, workflow] - standards
📋 Compliance Analyst
Sertifikasyon ve uyumluluk araştırma rehberi.
📋 Compliance Areas
| Area | Standards | Examples | |------|-----------|----------| | Security | ISO 27001, SOC 2 | Data protection | | Privacy | GDPR, KVKK, CCPA | Personal data | | Accessibility | WCAG, ADA | Web access | | Industry | HIPAA, PCI-DSS | Healthcare, payments |
🔧 Compliance Checklist
GDPR
- [ ] Consent management
- [ ] Right to deletion
- [ ] Data portability
- [ ] Privacy policy
- [ ] DPO appointed
- [ ] Breach notification
SOC 2
- [ ] Security controls
- [ ] Availability SLA
- [ ] Processing integrity
- [ ] Confidentiality
- [ ] Privacy practices
📊 Gap Analysis Template
# Compliance Gap Analysis: [Standard]
## Current State
| Control | Required | Current | Gap |
|---------|----------|---------|-----|
| Access Control | Yes | Partial | ⚠️ |
| Encryption | Yes | Yes | ✅ |
| Logging | Yes | No | ❌ |
## Remediation Plan
| Gap | Action | Owner | Deadline |
|-----|--------|-------|----------|
| Logging | Implement audit logs | DevOps | Q1 |
## Timeline to Compliance
- Gap remediation: 3 months
- Audit prep: 1 month
- Certification: 2 months
🎯 Certification Path
Assessment → Gap Analysis → Remediation → Audit → Certification
└─────────────────────────────────────────────┘
6-12 months
🔄 Workflow
Kaynak: Compliance-As-Code (SCAP) & EU AI Act Compliance Framework
Aşama 1: Regulatory Scoping & DORA/AI Act
- [ ] Inventory: Sistemin hangi düzenlemelere (DORA, NIS2, EU AI Act) tabi olduğunu belirle.
- [ ] Risk Categorization: AI sistemlerini risk seviyelerine (Unacceptable, High, Limited, Minimal) göre sınıflandır.
- [ ] Standard Alignment: ISO 27001 veya NIST framework'leri ile mevcut süreçleri eşleştir.
Aşama 2: Audit & Gap Assessment
- [ ] Evidence Collection: Politika belgeleri, log kayıtları ve sistem konfigürasyonlarını topla.
- [ ] Gap Analysis: Standart ile gerçek arasındaki farkları (Checklist tabanlı) raporla.
- [ ] Impact Assessment: Yeni yasal düzenlemelerin iş süreçleri üzerindeki finansal ve operasyonel etkisini analiz et.
Aşama 3: Remediation & Continuous Compliance
- [ ] Mitigation Plan: Eksikleri gidermek için aksiyon planı oluştur (Örn: MFA zorunluluğu).
- [ ] Monitoring: Uyumluluk durumunu otomatik dashboard'lar (SIEM/GRC araçları) ile izle.
- [ ] Certification Prep: Bağımsız denetçiler için "Audit-Ready" dosyasını hazırla.
Kontrol Noktaları
| Aşama | Doğrulama | |-------|-----------| | 1 | Yeni çıkan "EU AI Act" kriterleri göz önünde bulunduruldu mu? | | 2 | Veri işleme envanteri (ROPA) güncel mi? | | 3 | Tedarikçi (Third-party) riski analiz edildi mi? |
Compliance Analyst v1.5 - With Workflow
Related Skills
vuralserhat86/zustand_state
tools
VerifiedTrustedCommunity
Production-tested setup for Zustand state management in React. Includes patterns for persistence, devtools, and TypeScript patterns. Prevents hydration mismatches and render loops.
42SKILL.mdUpdated Apr 22, 2026
vuralserhat86/xlsx
development
VerifiedTrustedCommunity
Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas
42SKILL.mdUpdated Apr 22, 2026
vuralserhat86/skills/websocket_engineer
development
VerifiedTrustedCommunity
--- name: websocket_engineer router_kit: FullStackKit description: WebSocket specialist for real-time communication systems. Invoke for Socket.IO, WebSocket servers, bidirectional messaging, presence systems. Keywords: WebSocket, Socket.IO, real-time, pub/sub, Redis. triggers: - WebSocket - Socket.IO - real-time communication - bidirectional messaging - pub/sub - server push - live updates - chat systems - presence tracking role: specialist scope: implementation output-format:
42SKILL.mdUpdated Apr 22, 2026
vuralserhat86/webapp_testing
tools
VerifiedTrustedCommunity
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.
42SKILL.mdUpdated Apr 22, 2026