Audit corporate policies or data-handling descriptions against regulatory frameworks (GDPR, SOC2, HIPAA). Use when users need to identify compliance gaps or risk levels in technical procedures.
Systematically reviews technical or procedural documentation to identify alignment or deviations from major regulatory frameworks.
Step 1 — Scope & Framework Selection IF user specifies a framework (GDPR/SOC2/HIPAA/ISO27001), prioritize its rules; ELSE, apply General Data Protection principles.
Step 2 — Data Mapping Identify PII (Personally Identifiable Information), PHI (Protected Health Information), or PCI data mentioned in the text.
Step 3 — Gap Analysis
Step 4 — Risk Scoring Assign Severity (Critical/Major/Minor) to gaps based on regulatory fine potential.
Step 5 — Return Output Provide a structured JSON audit report.
{
"frameworks_evaluated": ["GDPR", "SOC2"],
"pii_detected": ["email", "IP address"],
"findings": [
{
"severity": "critical",
"category": "Data Retention",
"issue": "Policy states data is kept indefinitely.",
"remediation": "Define a 7-year purge cycle per Article 5(1)(e)."
}
],
"risk_summary": "1 Critical Gap detected. High risk of non-compliance."
}
IF the input text is too vague to audit:
ASK for specific details regarding data storage, user consent, or encryption