home / skills / jeremylongshore / claude-code-plugins-plus-skills / compliance-report-generator

compliance-report-generator skill

safe

/backups/skills-migration-20251108-070147/plugins/security/compliance-report-generator/skills/compliance-report-generator

This skill generates compliant security reports for standards like PCI DSS or HIPAA, automating data gathering and formatting for audits.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill compliance-report-generator

Review the files below or copy the command above to add this skill to your agents.

Files (4)

SKILL.md

3.0 KB

---
name: generating-compliance-reports
description: |
  This skill enables Claude to generate compliance reports based on various security standards and frameworks. It leverages the compliance-report-generator plugin to automate the report creation process. Use this skill when a user requests a "compliance report", "security audit report", or needs documentation for "regulatory compliance". The skill is particularly useful for generating reports related to standards like PCI DSS, HIPAA, SOC 2, or ISO 27001. It can also assist with documenting adherence to specific security policies.
---

## Overview

This skill empowers Claude to create detailed compliance reports, saving time and ensuring accuracy in documenting security practices. It automates the process of gathering information and formatting it into a standardized report, making compliance audits easier and more efficient.

## How It Works

1. **Identify Report Type**: Claude analyzes the user's request to determine the required compliance standard (e.g., PCI DSS, HIPAA).
2. **Gather Data**: The plugin collects relevant data from the system or prompts the user for necessary information.
3. **Generate Report**: The plugin formats the collected data into a comprehensive compliance report, including necessary sections and documentation.

## When to Use This Skill

This skill activates when you need to:
- Generate a report for a specific compliance standard (e.g., "generate a HIPAA compliance report").
- Create a security audit report.
- Document adherence to a security policy.
- Prepare for a compliance audit.

## Examples

### Example 1: Generating a PCI DSS Compliance Report

User request: "Generate a PCI DSS compliance report for our e-commerce platform."

The skill will:
1. Activate the compliance-report-generator plugin.
2. Prompt the user for information about their e-commerce platform's security controls and processes.
3. Generate a detailed PCI DSS compliance report based on the provided information.

### Example 2: Creating a HIPAA Compliance Report

User request: "Create a HIPAA compliance report to demonstrate our adherence to privacy regulations."

The skill will:
1. Activate the compliance-report-generator plugin.
2. Guide the user through a series of questions related to HIPAA requirements.
3. Compile the answers into a structured HIPAA compliance report.

## Best Practices

- **Specificity**: Be specific about the compliance standard you need a report for (e.g., "SOC 2 report").
- **Completeness**: Provide all the necessary information requested by the plugin to ensure a comprehensive and accurate report.
- **Review**: Always review the generated report to ensure its accuracy and completeness before submitting it for an audit.

## Integration

This skill can be integrated with other plugins that provide security assessment or vulnerability scanning capabilities. The results from those plugins can be incorporated into the compliance reports generated by this skill, providing a more comprehensive view of the organization's security posture.

Overview

This skill enables automated generation of compliance and security audit reports across common standards like PCI DSS, HIPAA, SOC 2, and ISO 27001. It streamlines data collection, structures findings, and produces standardized documentation suitable for internal reviews or regulator submissions. Use it to save time, reduce manual errors, and create consistent evidence of security controls and policy adherence.

How this skill works

The skill analyzes the user request to identify the target compliance framework and required report sections. It either queries integrated data sources or prompts the user for missing information about controls, configurations, and policies. Collected inputs are assembled and formatted into a comprehensive compliance report, including control mappings, evidence summaries, gaps, and recommended remediation. The generated report can be reviewed and iterated with additional inputs.

When to use it

Preparing documentation for an external audit (PCI DSS, SOC 2, ISO 27001, HIPAA).
Creating internal security audit or assessment reports for leadership or compliance teams.
Documenting adherence to specific security policies or regulatory requirements.
Producing evidence packages for vendor or customer compliance requests.
Combining results from vulnerability scans or assessments into a single report.

Best practices

Specify the exact compliance framework and scope up front (systems, data types, timeframe).
Provide complete supporting evidence: configuration files, logs, policies, and assessment outputs.
Answer interactive prompts thoroughly to avoid gaps or assumptions in the report.
Review and validate generated content against live controls before submission to auditors.
Combine this skill with vulnerability scanners or inventory tools for richer, evidence-based reports.

Example use cases

Generate a PCI DSS report for an e-commerce platform, including cardholder data flow and compensation controls.
Produce a HIPAA privacy and security report demonstrating safeguards for protected health information.
Create a SOC 2 Type I readiness report showing control design and mapped evidence.
Compile ISO 27001 Annex A mappings and a statement of applicability for certification preparation.
Aggregate vulnerability scan results into a compliance report with prioritized remediation actions.

FAQ

Can the skill pull data from my tools automatically?

Yes, when integrated plugins or connectors are available it can ingest assessment results and inventories; otherwise it will prompt for manual inputs.

Is the generated report auditor-ready?

The report is structured and detailed, but you should review, attach original evidence, and validate control implementations before submitting to auditors.