Templates
C

Compliance Check Command

Verify regulatory compliance for GDPR, HIPAA, SOC 2, and PCI-DSS standards in your codebase. Scans for data handling violations, missing encryption, audit log gaps, and privacy policy requirements with actionable remediation steps.

CommandCommunitysecurityv1.0.0MIT
0 views0 copies

Command

/compliance-check

Description

Scans your codebase for regulatory compliance violations against major standards. Identifies data handling issues, missing security controls, and documentation gaps that could result in compliance failures.

Behavior

  1. Detect applicable standards based on data types found in code (PII, PHI, PCI data)
  2. Scan for violations in data handling, storage, transmission, and logging
  3. Check security controls: encryption, access control, audit trails
  4. Report findings mapped to specific regulation clauses
  5. Generate remediation tasks with priority levels

Supported Standards

GDPR (General Data Protection Regulation)

  • Personal data inventory and data flow mapping
  • Consent collection before data processing
  • Right to deletion (data purge capability)
  • Right to export (data portability)
  • Data minimization (only collect what's needed)
  • Encryption at rest and in transit
  • Data Processing Agreements with third parties
  • Privacy policy and cookie consent
  • Breach notification mechanism

HIPAA (Health Insurance Portability and Accountability Act)

  • PHI encryption at rest (AES-256) and in transit (TLS 1.2+)
  • Access controls with role-based permissions
  • Audit logging for all PHI access
  • Automatic session timeout
  • Business Associate Agreements
  • Data backup and disaster recovery
  • Employee training documentation

SOC 2 (Service Organization Control)

  • Access control and authentication
  • Change management procedures
  • Incident response plan
  • System monitoring and alerting
  • Encryption standards
  • Vendor management
  • Data retention policies

PCI-DSS (Payment Card Industry)

  • No raw card numbers in logs or databases
  • Tokenization for stored payment data
  • TLS 1.2+ for all payment transmissions
  • WAF or equivalent protection
  • Quarterly vulnerability scans
  • Strong access control measures

Output Format

## Compliance Report: [Project Name]
**Date**: 2026-03-25
**Standards Checked**: GDPR, SOC 2

### Critical Violations
| # | Standard | Clause | Issue | File | Remediation |
|---|----------|--------|-------|------|-------------|
| 1 | GDPR | Art. 32 | PII stored unencrypted | models/user.ts:45 | Encrypt email, phone fields |
| 2 | SOC 2 | CC6.1 | No audit logging | routes/admin.ts | Add audit trail middleware |

### Warnings
| # | Standard | Clause | Issue | Remediation |
|---|----------|--------|-------|-------------|
| 3 | GDPR | Art. 17 | No data deletion endpoint | Add DELETE /api/users/:id/data |

### Passing Controls
- [x] TLS enforced on all endpoints
- [x] Password hashing uses bcrypt
- [x] Session tokens expire after 24h

**Compliance Score**: 68% (15/22 controls passing)

Examples

# Check all applicable standards
/compliance-check src/

# Check specific standard
/compliance-check src/ --standard gdpr

# Check with severity threshold
/compliance-check src/ --min-severity high
Community

Reviews

Write a review

No reviews yet. Be the first to review this template!

Similar Templates

$

Git Commit Message Generator

Generates well-structured conventional commit messages by analyzing staged changes. Follows Conventional Commits spec with scope detection.

Command
60
View ā†’
$

React Component Scaffolder

Scaffolds a complete React component with TypeScript types, Tailwind styles, Storybook stories, and unit tests. Follows project conventions automatically.

Command
00
View ā†’
$

CI/CD Pipeline Generator

Generates GitHub Actions workflows for CI/CD including linting, testing, building, and deploying. Detects project stack automatically.

Command
00
View ā†’