compliance-os
Compliance OS — Meta-Orchestrator
Multi-framework compliance program orchestration. Four decisions, no per-framework deep-dive:
- Which frameworks apply to this company? —
framework_selector.pyranks the 12 supported frameworks against a company profile (industry, geography, AI use, medical, financial, headcount, customers, healthcare-PHI, NIS2 essential/important entity, US gov contractor) and returns applicable ones with dependency graph - How much do selected frameworks overlap? —
cross_framework_mapper.pycomputes control-level overlap with confidence rating; outputs unified control matrix + evidence-reuse opportunities - What does a mock audit produce? —
audit_simulator.pygenerates 8–15 finding scenarios with severity distribution matching IIA expectations + interview questions per control - What's the unified evidence checklist? —
evidence_pool_generator.pyconsolidates evidence across enabled frameworks; outputs which artefact satisfies which controls across which frameworks
This skill is NOT a per-framework deep-dive. The per-framework skills (ra-qm-team/skills/iso42001-specialist/, compliance-team-eu-ai-act/, ra-qm-team/skills/gdpr-dsgvo-expert/, etc.) do the operational work. Compliance OS orchestrates them.
This skill is NOT a substitute for binding legal advice. Cross-framework mappings reflect published guidance (ISO standards, regulations, EDPB/Commission guidance, IIA / AICPA professional standards). Novel cross-walks should be reviewed with counsel.
Keywords
compliance orchestration, multi-framework compliance, compliance OS, cross-framework mapping, control overlap, evidence pool, evidence reuse, audit simulation, mock audit, internal audit programme, GRC, governance risk compliance, framework selector, compliance program, integrated compliance, ISO 19011, IIA IPPF, AICPA AT-C, NIST CSF profile, multi-cert program, SOC 2 + ISO 27001, ISO 27001 + ISO 42001, ISO 13485 + MDR 745, AI Act + ISO 42001, GDPR + ISO 27001, compliance officer, compliance team workflow, certification readiness