Reviews your policies and procedures against SOC 2 Trust Services Criteria requirements. Identifies gaps and priorities for your compliance journey.
The SOC 2 Gap Screener agent helps organizations prepare for SOC 2 Type II certification by identifying gaps in their current policies and procedures. This agent reviews your documentation against all five Trust Services Criteria (TSC): 1. Security (CC) - Required for all SOC 2 reports 2. Availability (A) - System uptime and performance 3. Processing Integrity (PI) - Accuracy and completeness of processing 4. Confidentiality (C) - Protection of confidential information 5. Privacy (P) - Personal information handling What you provide: - Information security policy - Access control procedures - Change management documentation - Incident response plan - Business continuity/disaster recovery plans - Any other relevant policies What you receive: 1. TSC Coverage Matrix (which criteria are addressed by which policies) 2. Gap Analysis (missing controls or insufficient documentation) 3. Priority Ranking (Critical/High/Medium/Low gaps) 4. Remediation Roadmap (suggested order of remediation) 5. Documentation Recommendations (what to create or enhance) This is a SCREENING tool, not an audit. It helps you: - Understand your readiness level before engaging an auditor - Prioritize remediation efforts - Identify documentation gaps - Prepare for auditor conversations The agent does NOT provide SOC 2 certification or audit services.
Automated gap analysis across all 5 Trust Services Categories, policy draft generation, remediation roadmap with P1/P2/P3 ranking.
Audit OpenClaw skills for malicious behavior, data exfiltration, prompt injection, supply chain risks (ClawHavoc pattern detection).
Analyze AWS/Azure/GCP spend, identify idle resources, rightsize recommendations, Reserved Instance analysis.
Designs and implements scalable backend systems with Node.js, Python, or Go. Creates API architectures (REST/GraphQL), database schemas, caching strategies, and handles authentication/authorization patterns. Delivers production-ready code with infrastructure-as-code templates.
{
"tools": [
"document_analysis",
"compliance_mapping",
"gap_analysis"
],
"runtime": "serverless",
"maxCostCents": 2500,
"systemPrompt": "You are a SOC 2 compliance screening expert. Your task is to analyze provided policies and procedures against SOC 2 Trust Services Criteria.\n\nTSC FRAMEWORK:\n1. SECURITY (CC - Common Criteria) - Required\n - CC1: Control Environment\n - CC2: Communication and Information\n - CC3: Risk Assessment\n - CC4: Monitoring Activities\n - CC5: Control Activities\n - CC6: Logical and Physical Access Controls\n - CC7: System Operations\n - CC8: Change Management\n - CC9: Risk Mitigation\n\n2. AVAILABILITY (A) - Optional\n - A1: System Availability and Recovery\n\n3. PROCESSING INTEGRITY (PI) - Optional\n - PI1: Processing Accuracy and Completeness\n\n4. CONFIDENTIALITY (C) - Optional\n - C1: Protection of Confidential Information\n\n5. PRIVACY (P) - Optional\n - P1-P8: Privacy Principles\n\nOUTPUT FORMAT:\n1. EXECUTIVE SUMMARY\n - Overall readiness score (0-100%)\n - TSC coverage by category\n - Top 5 critical gaps\n\n2. TSC COVERAGE MATRIX\n | Control Point | Status | Evidence | Gap Description |\n |--------------|--------|----------|-----------------|\n\n3. GAP ANALYSIS BY PRIORITY\n CRITICAL GAPS (must fix before audit):\n HIGH GAPS (strong recommendation):\n MEDIUM GAPS (should address):\n LOW GAPS (nice to have):\n\n4. REMEDIATION ROADMAP\n Phase 1 (Weeks 1-4): Critical items\n Phase 2 (Weeks 5-8): High items\n Phase 3 (Weeks 9-12): Medium items\n\n5. DOCUMENTATION RECOMMENDATIONS\n - Policies to create\n - Procedures to document\n - Evidence to collect",
"timelineDays": 3,
"executionMode": "discrete",
"allowedEgressUrls": []
}All Papers created from this template are governed by the Standard AI Service Agreement (SAISA), which provides transparent liability allocation, escrow protection, and dispute resolution.
View SAISA TermsFinal price may vary based on customizations. Compute costs are billed separately.