Agent Templates
Compliance Copilot Agent
SOC2, ISO 27001, and NIST compliance mapping
Compliance Copilot Agent
The Compliance Copilot Agent maps your code changes to compliance framework controls and generates audit-ready evidence.
What It Does
- Maps to SOC2 controls - Links code to Trust Services Criteria
- Maps to ISO 27001 - Connects to Annex A controls
- Maps to NIST CSF - Aligns with cybersecurity functions
- Verifies audit logging - Ensures proper logging is in place
- Generates evidence - Creates compliance documentation bundles
Supported Frameworks
| Framework | Coverage | |-----------|----------| | SOC 2 Type II | Full | | ISO 27001:2022 | Full | | NIST CSF | Full | | GDPR | Partial | | HIPAA | Partial |
Configuration
agents:
- name: compliance-copilot
template: compliance-copilot
triggers:
pull_request:
- opened
release:
- published
config:
# Compliance frameworks to check
frameworks:
- soc2
- iso27001
# Control categories to focus on
categories:
- access_control
- data_protection
- logging_monitoring
# Generate evidence bundle on release
generate_evidence: true
Control Mapping Example
The agent identifies which controls are affected:
## Compliance Impact Assessment
### SOC 2 Controls Affected
| Control | Description | Status |
|---------|-------------|--------|
| CC6.1 | Logical access security | ✅ Compliant |
| CC6.7 | Restriction of access | ⚠️ Review needed |
| CC7.2 | System monitoring | ✅ Compliant |
### Evidence Generated
- Access control configuration snapshot
- Audit log samples for the period
- Change management documentation