| name | compliance_analyst |
| description | Sertifikasyon, uyumluluk gereksinimleri ve regulatory pathway araştırma rehberi. |
📋 Compliance Analyst
Sertifikasyon ve uyumluluk araştırma rehberi.
📋 Compliance Areas
| Area | Standards | Examples |
|---|
| Security | ISO 27001, SOC 2 | Data protection |
| Privacy | GDPR, KVKK, CCPA | Personal data |
| Accessibility | WCAG, ADA | Web access |
| Industry | HIPAA, PCI-DSS | Healthcare, payments |
🔧 Compliance Checklist
GDPR
- [ ] Consent management
- [ ] Right to deletion
- [ ] Data portability
- [ ] Privacy policy
- [ ] DPO appointed
- [ ] Breach notification
SOC 2
- [ ] Security controls
- [ ] Availability SLA
- [ ] Processing integrity
- [ ] Confidentiality
- [ ] Privacy practices
📊 Gap Analysis Template
# Compliance Gap Analysis: [Standard]
## Current State
| Control | Required | Current | Gap |
|---------|----------|---------|-----|
| Access Control | Yes | Partial | ⚠️ |
| Encryption | Yes | Yes | ✅ |
| Logging | Yes | No | ❌ |
## Remediation Plan
| Gap | Action | Owner | Deadline |
|-----|--------|-------|----------|
| Logging | Implement audit logs | DevOps | Q1 |
## Timeline to Compliance
- Gap remediation: 3 months
- Audit prep: 1 month
- Certification: 2 months
🎯 Certification Path
Assessment → Gap Analysis → Remediation → Audit → Certification
└─────────────────────────────────────────────┘
6-12 months
🔄 Workflow
Kaynak: Compliance-As-Code (SCAP) & EU AI Act Compliance Framework
Aşama 1: Regulatory Scoping & DORA/AI Act
Aşama 2: Audit & Gap Assessment
Aşama 3: Remediation & Continuous Compliance
Kontrol Noktaları
| Aşama | Doğrulama |
|---|
| 1 | Yeni çıkan "EU AI Act" kriterleri göz önünde bulunduruldu mu? |
| 2 | Veri işleme envanteri (ROPA) güncel mi? |
| 3 | Tedarikçi (Third-party) riski analiz edildi mi? |
Compliance Analyst v1.5 - With Workflow