Open Source ยท 10 Skills

GRC skills for Claude Code

Installable compliance knowledge for Claude Code. SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, and 5 more frameworks. All in one install.

Get StartedView on GitHub
SOC 2ISO 27001ISO 42001GDPRHIPAAPCI DSSSOX ITGCNIST CSFFedRAMPTSA Cyber

What are Claude Code skills?

Skills are installable knowledge packages that give Claude deep domain expertise. They activate automatically based on conversation context. No prompting tricks required.

Framework-specific knowledge
Each skill packages deep expertise on a single compliance framework: control catalogs, templates, checklists, and decision trees.
Reference-backed answers
Skills cite specific control IDs, article numbers, and standard sections. No generic advice. Every recommendation is traceable.
Activate automatically
Skills load on demand when your conversation matches the framework. Just ask a compliance question and the right skill kicks in.

10 compliance frameworks

Each skill is grounded in public standards. Vendor-neutral, open source, and ready to use.

Security
SOC 2
Trust Services Criteria

Type 1 & Type 2 audits, TSC categories, Common Criteria mapping, evidence collection, and auditor preparation.

Gap AnalysisEvidence ReviewAuditor Prep
Security
ISO 27001
Information Security Management

93 Annex A controls across 4 themes, Statement of Applicability, risk assessment, and Stage 1/2 audit guidance.

ISMS ScopeRisk AssessmentAnnex A Controls
Governance
ISO 42001
AI Management System

AIMS structure, AI risk & impact assessment, Annex A AI controls, governance frameworks, and EU AI Act alignment.

AI GovernanceImpact AssessmentEU AI Act
Privacy
GDPR
EU Data Protection

Lawful bases, data subject rights, DPIA, ROPA, Standard Contractual Clauses, and breach notification workflows.

DPIAData Subject RightsTransfer Mechanisms
Privacy
HIPAA
US Healthcare Privacy

Privacy & Security Rules, Business Associate Agreements, risk analysis, breach notification, and OCR audit readiness.

Security RuleBAA ReviewBreach Response
Industry
PCI DSS
Payment Card Security

12 requirements, CDE scoping, SAQ selection, network segmentation, and Customized vs Defined approaches.

CDE ScopingSAQ SelectionSegmentation
Governance
SOX ITGC
IT General Controls

4 ITGC domains, access & change management controls, working papers, deficiency severity, and continuous monitoring.

Access ControlsChange ManagementWorking Papers
Security
NIST CSF
Cybersecurity Framework 2.0

6 Functions (Govern through Recover), Categories, Implementation Tiers, and organizational Profiles.

6 FunctionsTiers & ProfilesGap Mapping
Industry
FedRAMP
Federal Cloud Authorization

Impact levels, NIST SP 800-53 baselines, System Security Plans, 3PAO assessment, ATO, and ConMon.

Impact LevelsSSP DraftingConMon
Industry
TSA Cybersecurity
Transport Security Directives

4 required measures (segmentation, access, monitoring, patching), CIP/CAP, CISA reporting, and OT/IT alignment.

Security DirectivesOT/IT AlignmentCISA Reporting

Who is this for?

Whether you're preparing for your first audit or managing compliance at scale, these skills accelerate your workflow.

GRC & compliance teams
Speed up gap assessments, draft policies, and prepare evidence packages with framework-specific guidance.
  • Gap analysis against any framework
  • Policy & procedure drafting
  • Audit evidence checklists
  • Cross-framework mapping
Security engineers & developers
Get compliance context while building. Understand what controls mean for your code and infrastructure.
  • Control-to-code mapping
  • Security configuration reviews
  • Infrastructure compliance checks
  • CI/CD security requirements
AI-forward organizations
Navigate emerging AI governance requirements with ISO 42001 and EU AI Act alignment skills.
  • AI risk assessment
  • AIMS implementation
  • EU AI Act readiness
  • AI governance frameworks

Get started in 3 steps

Install all 10 skills in under a minute. No configuration required.

01

Clone the repository

git clone https://github.com/scytale-labs/GRC-Claude-Skills.git
02

Run the install script

cd GRC-Claude-Skills && ./scripts/install.sh
03

Start using in Claude Code

"Walk me through a SOC 2 Type 2 gap assessment for our SaaS platform"

Skills follow the Agent Skills open standard, so they work with any Agent Skills-compliant tool, not just Claude Code.

Ready to supercharge your compliance workflow?

10 frameworks. Public standards, cited. Open source and free forever.

View on GitHubLearn About Scytale