Compliance & Security · 14 Skills

Enterprise Compliance
Coverage

14 auditor-level compliance skills covering HIPAA, GDPR, SOC 2, PCI-DSS, cloud security, infrastructure hardening, and incident response. Each skill maps findings to specific compliance control IDs.

CI/CD Security Gateway Browse Skills
14
Skills
8
Frameworks
500+
Checklist Items
12,379
Lines
Coverage Matrix

Framework Coverage Matrix

Every skill maps findings to specific compliance control IDs across 8 major frameworks.

Skill HIPAA GDPR SOC 2 PCI-DSS ISO 27001 NIST CIS CCPA
hipaa-audit
gdpr-audit
soc2-audit
pci-audit
cloud-security
infra-harden
network-audit
secrets-scan
dep-vuln
privacy-review
access-audit
audit-log
incident-plan
compliance-report
Full coverage Partial coverage Not applicable
Security Architecture

4-Tier Security Architecture

From framework-specific compliance to automated reporting, organized in defense-in-depth layers.

Tier 1 — Framework Compliance
Audit against specific regulatory frameworks

Maps every finding to specific section codes, GDPR Articles, SOC 2 CC criteria, or PCI-DSS Requirements.

hipaa-audit gdpr-audit soc2-audit pci-audit
Maps every finding to specific §, Article, CC, or Requirement codes
Tier 2 — Infrastructure Security
Verify cloud, container, and network security posture

CIS Benchmarks, defense-in-depth, and zero-trust validation across your entire infrastructure stack.

cloud-security infra-harden network-audit
CIS Benchmarks, defense-in-depth, zero-trust validation
Tier 3 — Code Security Gates
Automated security checks on every code change

Pre-commit hooks, CI pipeline integration, and continuous scanning to catch vulnerabilities before deployment.

secrets-scan dep-vuln privacy-review access-audit audit-log
Pre-commit hooks, CI pipeline integration, continuous scanning
Tier 4 — Process & Documentation
Incident readiness and compliance evidence

NIST 800-61 lifecycle, multi-framework control mapping, and auditor-ready reports with full evidence trails.

incident-plan compliance-report
NIST 800-61 lifecycle, multi-framework control mapping, auditor-ready reports
Decision Guide

When to Use Each Skill

Match your compliance need to the right skill. Start with the question that describes your situation.

1
Preparing for a specific compliance audit?
Use framework-specific audit skills
hipaa-audit gdpr-audit soc2-audit pci-audit
2
Reviewing infrastructure security?
Run infrastructure & network scans
cloud-security infra-harden network-audit
3
Adding security to your CI/CD pipeline?
Integrate code-level security gates
secrets-scan dep-vuln privacy-review access-audit audit-log
4
Building incident response or generating reports?
Prepare documentation & processes
incident-plan compliance-report
Full Inventory

All 14 Compliance Skills

Each skill includes an expert persona, domain rules, step-by-step workflows, and quality checklists.

hipaa-audit
Tier 1
HIPAA code audit — PHI exposure, encryption, audit trails, BAA compliance
Chief Health Information Security Officer · 25+ years
HIPAA
53 items
View skill
gdpr-audit
Tier 1
GDPR compliance — lawful basis, data subject rights, consent, cross-border transfers
Chief Data Protection Officer · 22+ years
GDPR CCPA
80 items
View skill
soc2-audit
Tier 1
SOC 2 Trust Service Criteria — CC1-CC9, availability, confidentiality, privacy
IT Audit Director · 25+ years
SOC 2 ISO 27001
76 items
View skill
pci-audit
Tier 1
PCI-DSS v4.0 — CDE scoping, tokenization, network segmentation, access controls
Qualified Security Assessor · 20+ years
PCI-DSS
40 items
View skill
cloud-security
Tier 2
Cloud security posture — S3, IAM, encryption, CloudTrail, CIS benchmarks
Cloud Security Architect · 22+ years
CIS SOC 2 ISO 27001
50 items
View skill
infra-harden
Tier 2
Infrastructure hardening — Docker, TLS, secrets rotation, patch management
Infrastructure Security Engineer · 20+ years
CIS PCI NIST
61 items
View skill
network-audit
Tier 2
Network security — VPC, security groups, WAF, flow logs, zero-trust
Network Security Architect · 22+ years
CIS PCI
40 items
View skill
secrets-scan
Tier 3
Scan for leaked credentials — 37+ patterns, pre-commit hooks, rotation procedures
Application Security Engineer · 18+ years
All
30 items
View skill
dep-vuln
Tier 3
Dependency vulnerabilities — CVE scanning, SBOM, license compliance, supply chain
Supply Chain Security Engineer · 18+ years
All
25 items
View skill
privacy-review
Tier 3
Data privacy — PII detection, third-party audit, anonymization, consent management
Privacy Engineer · 20+ years
GDPR CCPA HIPAA
40 items
View skill
access-audit
Tier 3
Access controls — RBAC, MFA, user lifecycle, least privilege analysis
IAM Architect · 22+ years
SOC 2 HIPAA PCI
45 items
View skill
audit-log
Tier 3
Audit logging — event taxonomy, immutability, retention, SIEM integration
Security Operations Architect · 20+ years
All
46 items
View skill
incident-plan
Tier 4
Incident response — NIST 800-61, breach notification, forensic preservation
Chief Information Security Officer · 25+ years
All
40 items
View skill
compliance-report
Tier 4
Compliance reports — multi-framework control mapping, evidence collection
GRC Architect · 22+ years
All
35 items
View skill
Audit Workflow

Complete Audit Workflow

How to run a full compliance audit using Heaptrace Skills, from framework selection to remediation tracking.

1
Select Framework
Choose your target framework: HIPAA, GDPR, SOC 2, or PCI-DSS
2
Run Tier 1 Audit
Execute the framework-specific skill to identify compliance gaps
3
Run Tier 2-3 Scans
Layer in infrastructure, code, and access security scans
4
Review Findings
Analyze results, prioritize by severity and control ID mapping
5
Generate Report
Use compliance-report to produce auditor-ready documentation
6
Track Remediation
Monitor fixes, re-run scans, and validate compliance readiness

Start Your Compliance Audit Today

14 expert-level skills, zero configuration. Clone the repo and run your first audit in under 5 minutes.

Clone from GitHub CI/CD Integration Guide