---
description: Perform comprehensive system audit and compliance check
argument-hint: [audit-type] [compliance-framework]
---

# System Audit Command

Perform comprehensive system audit and compliance check with detailed reporting and recommendations.

## Context
- Audit type: $1 (security|compliance|performance|all - default: all)
- Compliance framework: $2 (GDPR|HIPAA|SOC2|ISO27001|PCI-DSS - default: SOC2)
- System configuration: @config/
- Security policies: @security-policies/

## Audit Process

### 1. **Security Audit**
- Vulnerability assessment and penetration testing
- Access control and authentication review
- Data protection and encryption validation
- Network security and firewall configuration
- Incident response and monitoring capabilities

### 2. **Compliance Assessment**
- Regulatory compliance validation
- Policy adherence verification
- Documentation and evidence collection
- Gap analysis and remediation planning
- Risk assessment and mitigation strategies

### 3. **Performance Audit**
- System performance and scalability analysis
- Resource utilization and efficiency review
- Capacity planning and optimization opportunities
- Monitoring and alerting effectiveness
- Disaster recovery and business continuity

### 4. **Operational Audit**
- Process documentation and standardization
- Change management and version control
- Backup and recovery procedures
- Training and knowledge management
- Vendor and third-party risk assessment

## Compliance Frameworks
- **GDPR**: Data privacy and protection compliance
- **HIPAA**: Healthcare data security requirements
- **SOC 2**: Security, availability, and confidentiality
- **ISO 27001**: Information security management
- **PCI DSS**: Payment card industry security standards

## Expected Outcome
- Comprehensive audit report with findings
- Compliance status and gap analysis
- Risk assessment and prioritization
- Remediation roadmap and timeline
- Evidence documentation and artifacts

## Audit Findings
- **Critical**: Immediate action required
- **High**: Address within 30 days
- **Medium**: Address within 90 days
- **Low**: Address within 6 months
- **Informational**: Best practice recommendations

## Remediation Plan
- Immediate fixes for critical findings
- Short-term remediation (30 days)
- Medium-term improvements (90 days)
- Long-term strategic initiatives (6+ months)
- Ongoing monitoring and maintenance