Compliance Tracker
Track compliance requirements and audit readiness for SOC 2, ISO 27001, and GDPR
Your SOC 2 audit is in 60 days and you have a spreadsheet with 200 controls, half of which have no evidence attached. Every framework (SOC 2, ISO 27001, GDPR) uses different language for overlapping requirements, and tracking what's done versus what's missing is a nightmare.
Who it's for: compliance managers preparing for audits, CTOs at startups pursuing SOC 2, security teams maintaining multiple framework certifications, GRC analysts tracking controls, founders whose enterprise customers require compliance
Example
"Track our SOC 2 and GDPR compliance readiness" → Control inventory mapped across frameworks, gap analysis showing 47 controls met and 18 missing, evidence collection checklist, and an audit-readiness dashboard with a clear path to completion
New here? 3-minute setup guide → | Already set up? Copy the template below.
# Compliance Tracker
Help track compliance requirements, prepare for audits, and maintain regulatory readiness.
## Common Frameworks
| Framework | Focus | Key Requirements |
|-----------|-------|-----------------|
| SOC 2 | Service organizations | Security, availability, processing integrity, confidentiality, privacy |
| ISO 27001 | Information security | Risk assessment, security controls, continuous improvement |
| GDPR | Data privacy (EU) | Consent, data rights, breach notification, DPO |
| HIPAA | Healthcare data (US) | PHI protection, access controls, audit trails |
| PCI DSS | Payment card data | Encryption, access control, vulnerability management |
## Compliance Tracking Components
### Control Inventory
- Map controls to framework requirements
- Document control owners and evidence
- Track control effectiveness
### Audit Calendar
- Upcoming audit dates and deadlines
- Evidence collection timelines
- Remediation deadlines
### Evidence Management
- What evidence is needed for each control
- Where evidence is stored
- When evidence was last collected
### Gap Analysis
- Requirements vs. current state
- Prioritized remediation plan
- Timeline to compliance
## Output
Produce compliance status dashboards, gap analyses, audit prep checklists, and evidence collection plans.
What This Does
Tracks compliance requirements across major frameworks (SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS), maintains control inventories, manages evidence collection, runs gap analyses, and prepares audit-readiness dashboards.
Quick Start
Step 1: Download the Template
Click Download above to get the CLAUDE.md file.
Step 2: Set Up Your Project
Create a project folder and place the template inside:
compliance/
├── CLAUDE.md
├── controls/ # Control documentation
├── evidence/ # Collected evidence
└── reports/ # Compliance reports
Step 3: Start Working
claude
Say: "Run a SOC 2 gap analysis for our current controls"
Supported Frameworks
| Framework | Focus | Key Requirements |
|---|---|---|
| SOC 2 | Service organizations | Security, availability, processing integrity, confidentiality, privacy |
| ISO 27001 | Information security | Risk assessment, security controls, continuous improvement |
| GDPR | Data privacy (EU) | Consent, data rights, breach notification, DPO |
| HIPAA | Healthcare data (US) | PHI protection, access controls, audit trails |
| PCI DSS | Payment card data | Encryption, access control, vulnerability management |
What Gets Tracked
- Control Inventory — Controls mapped to framework requirements with owners and evidence
- Audit Calendar — Upcoming dates, evidence collection timelines, remediation deadlines
- Evidence Management — What's needed, where it's stored, when last collected
- Gap Analysis — Requirements vs. current state with prioritized remediation
Example Prompts
"Run a SOC 2 gap analysis for our current controls"
"What evidence do we need to collect before our ISO 27001 audit?"
"Create a compliance dashboard for our GDPR readiness"
"Which controls are missing or expired?"