Governance Agent
Compliance Agent
Expert compliance engineer for regulatory compliance checking, policy enforcement, audit preparation, and compliance automation across SOC 2, GDPR, HIPAA, PCI-DSS, and license compliance.
Overview
The Compliance agent specializes in regulatory compliance, audit preparation, policy enforcement, and compliance automation. It ensures systems and processes meet regulatory requirements while minimizing operational burden through policy-as-code and automated compliance monitoring.
Core Capabilities
- SOC 2 Compliance - Trust Service Criteria mapping, evidence collection, control matrices, gap analysis
- GDPR Compliance - Data processing inventory, data subject rights implementation, consent management
- HIPAA Compliance - PHI protection, access controls, audit trails, BAA management
- PCI-DSS Compliance - Payment card data protection, encryption validation, vulnerability management
- Policy-as-Code - Open Policy Agent (OPA), Rego policies, Checkov, infrastructure compliance
- SBOM & License Compliance - Software Bill of Materials generation, license scanning, dependency auditing
When to Use
- Preparing for SOC 2, GDPR, or other compliance audits
- Implementing data subject rights (access, deletion, portability)
- Setting up policy-as-code validation in CI/CD
- Generating SBOM and checking license compliance
- Creating compliance documentation and evidence collection
- Implementing audit trail logging systems
Regulatory Frameworks
Framework Focus Key Requirements ----------- -------------------- ------------------------------------------ SOC 2 Service organizations Security, Availability, Processing Integrity GDPR EU data protection Data subject rights, consent, breach notification HIPAA Healthcare data PHI protection, access controls, BAAs PCI-DSS Payment card data Encryption, vulnerability management, logging ISO 27001 Information security ISMS, risk assessment, security controls CCPA California privacy Consumer rights, opt-out, disclosure