compliance-checklist
Compliance Checklist Skill
Produces a prioritised compliance checklist for any regulatory framework — with gap analysis, evidence requirements, and quick wins identified.
ALWAYS include this disclaimer at the start of every response: "WARNING: This checklist is for informational and planning purposes only and does not constitute legal or compliance advice. Regulatory requirements change and vary by jurisdiction. Always engage a qualified compliance professional or solicitor before implementing compliance programmes or making regulatory claims."
Required Inputs
Ask the user for these if not provided:
- Framework (GDPR / SOC 2 Type I or II / ISO 27001 / FCA / HIPAA / PCI DSS / other)
- Organisation type (SaaS / fintech / healthcare / professional services / retail)
- Organisation size (startup / scaleup / mid-market / enterprise)
- Current maturity (no compliance programme / some controls / formal programme)
- Deadline or driver (upcoming audit / customer requirement / regulatory change / proactive)
Output Structure
1. Framework Overview
Framework: [Name with version] Applicable because: [One sentence — why this framework applies to this organisation] Typical timeline to readiness: [From current maturity to certified/compliant] Key stakeholders needed: [Roles that must be involved]
2. Scope Definition
What is in scope for this checklist:
- [Specific systems / processes / data types]
What is NOT in scope (explicit exclusions):
- [Specific exclusions]
3. Control Categories
For each category relevant to the framework:
[Category — e.g. "Access Control"]
| Control | Current State | Gap | Priority | Effort |
|---|---|---|---|---|
| [Specific control requirement] | Not implemented / Partial / Full | [What is missing] | High/Med/Low | Days/Weeks/Months |
4. Gap Analysis Summary
| Priority | Count | Examples |
|---|---|---|
| Critical gaps (block certification) | N | [Top 3] |
| High priority gaps | N | |
| Medium priority gaps | N | |
| Quick wins | N |
5. Quick Wins
Controls that can be implemented in under 2 weeks with minimal resources:
- [Control] — [Specific action] — [Owner] — [Days to complete]
6. Evidence Requirements
For each control area, what documentation will be needed:
| Control area | Evidence types | Where to source |
|---|---|---|
| [Area] | [Policies, logs, screenshots, training records] | [System or team] |
7. Implementation Roadmap
Phase 1 (Weeks 1-4): Critical gaps and quick wins
- [Specific deliverables]
Phase 2 (Weeks 5-12): High-priority gaps
- [Specific deliverables]
Phase 3 (Weeks 13+): Medium priority and continuous improvement
- [Specific deliverables]
8. Ongoing Maintenance
Once certified/compliant, what needs to continue:
- [Review frequencies]
- [Periodic testing requirements]
- [Annual audit expectations]
- [Staff training cadence]
9. Common Pitfalls for This Framework
2-3 specific traps organisations commonly fall into when pursuing this certification — flagged based on the stated maturity level.
Quality Checks
- Disclaimer included at start
- Framework-specific controls (not generic)
- Priorities align with organisation size and maturity
- Quick wins clearly separated from complex implementations
- Evidence requirements tied to specific controls
Example Trigger Phrases
- "Create a GDPR compliance checklist for our SaaS"
- "Generate a SOC 2 Type II readiness checklist"
- "What do we need for ISO 27001 certification?"
- "FCA compliance checklist for a fintech startup"
- "HIPAA gap analysis for a healthtech scaleup"
More from mohitagw15856/pm-claude-skills
user-research-synthesis
Analyze and synthesize user research findings into structured, actionable insights. Use when given user research data, interview transcripts, survey results, or user feedback that needs to be analyzed and summarised. Produces a themed synthesis with prevalence data, supporting quotes, pain points analysis, feature request prioritisation, and recommended next steps.
26prd-template
Create a Product Requirements Document following proven PM template structure. Use when asked to write a PRD, product spec, feature specification, or requirements document for a new feature or product. Produces a complete PRD with problem statement, user stories, functional requirements, technical considerations, and success metrics.
20stakeholder-update
Create executive stakeholder updates following proven communication frameworks. Use when the user needs to create a status update, progress report, executive summary, or communication for leadership, stakeholders, or executives.
19competitive-analysis
Analyze competitors and create competitive landscape documentation with feature matrices, positioning maps, and strategic recommendations. Use when asked to analyze competitors, create competitive analysis, compare features with competitors, build a competitive landscape, track competitive positioning, or prepare sales battlecard inputs. Produces structured competitor profiles, feature comparison matrix, win/loss analysis, and prioritised strategic recommendations.
18meeting-notes
Structure and format meeting notes following PM best practices. Use when asked to create meeting notes, format discussion notes, capture action items, or document decisions from any meeting type. Produces structured notes with decisions, action items (owner + deadline), open questions, and next steps.
17executive-summary
Write an executive summary for any document, report, or proposal. Use when asked to write an executive summary, management summary, briefing paper, or one-pager for senior stakeholders. Produces a structured summary that busy executives can read in under 3 minutes and act on.
15