73 lines
2.4 KiB
Markdown
73 lines
2.4 KiB
Markdown
---
|
|
description: Perform comprehensive system audit and compliance check
|
|
argument-hint: [audit-type] [compliance-framework]
|
|
---
|
|
|
|
# System Audit Command
|
|
|
|
Perform comprehensive system audit and compliance check with detailed reporting and recommendations.
|
|
|
|
## Context
|
|
- Audit type: $1 (security|compliance|performance|all - default: all)
|
|
- Compliance framework: $2 (GDPR|HIPAA|SOC2|ISO27001|PCI-DSS - default: SOC2)
|
|
- System configuration: @config/
|
|
- Security policies: @security-policies/
|
|
|
|
## Audit Process
|
|
|
|
### 1. **Security Audit**
|
|
- Vulnerability assessment and penetration testing
|
|
- Access control and authentication review
|
|
- Data protection and encryption validation
|
|
- Network security and firewall configuration
|
|
- Incident response and monitoring capabilities
|
|
|
|
### 2. **Compliance Assessment**
|
|
- Regulatory compliance validation
|
|
- Policy adherence verification
|
|
- Documentation and evidence collection
|
|
- Gap analysis and remediation planning
|
|
- Risk assessment and mitigation strategies
|
|
|
|
### 3. **Performance Audit**
|
|
- System performance and scalability analysis
|
|
- Resource utilization and efficiency review
|
|
- Capacity planning and optimization opportunities
|
|
- Monitoring and alerting effectiveness
|
|
- Disaster recovery and business continuity
|
|
|
|
### 4. **Operational Audit**
|
|
- Process documentation and standardization
|
|
- Change management and version control
|
|
- Backup and recovery procedures
|
|
- Training and knowledge management
|
|
- Vendor and third-party risk assessment
|
|
|
|
## Compliance Frameworks
|
|
- **GDPR**: Data privacy and protection compliance
|
|
- **HIPAA**: Healthcare data security requirements
|
|
- **SOC 2**: Security, availability, and confidentiality
|
|
- **ISO 27001**: Information security management
|
|
- **PCI DSS**: Payment card industry security standards
|
|
|
|
## Expected Outcome
|
|
- Comprehensive audit report with findings
|
|
- Compliance status and gap analysis
|
|
- Risk assessment and prioritization
|
|
- Remediation roadmap and timeline
|
|
- Evidence documentation and artifacts
|
|
|
|
## Audit Findings
|
|
- **Critical**: Immediate action required
|
|
- **High**: Address within 30 days
|
|
- **Medium**: Address within 90 days
|
|
- **Low**: Address within 6 months
|
|
- **Informational**: Best practice recommendations
|
|
|
|
## Remediation Plan
|
|
- Immediate fixes for critical findings
|
|
- Short-term remediation (30 days)
|
|
- Medium-term improvements (90 days)
|
|
- Long-term strategic initiatives (6+ months)
|
|
- Ongoing monitoring and maintenance
|