Sushegaad

Expert HIPAA compliance assistant for healthcare and software contexts. Use this skill whenever the user mentions HIPAA, PHI (Protected Health Information), ePHI, covered entities, business associates, healthcare data privacy, medical records, health information security, BAA (Business Associate Agreements), or any compliance review involving patient data. Also trigger for requests to draft privac

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) compliance advisor — business threshold analysis, consumer rights fulfillment (access, delete, correct, opt-out of sale/sharing, limit SPI), privacy notice drafting, service provider vs. contractor vs. third-party classification, sensitive personal information (SPI) handling, data minimization, opt-out mechanisms, CPPA

Expert ISO 27701 Privacy Information Management System (PIMS) compliance advisor. Use this skill whenever a user asks about ISO/IEC 27701:2025, ISO/IEC 27701:2019, privacy information management, PIMS certification, PII controller or processor obligations, privacy risk assessment, Statement of Applicability for privacy, privacy by design, data subject rights, DPIA, records of processing activities

EU NIS2 Directive (Directive (EU) 2022/2555) compliance advisor for essential and important entities — entity classification, Art. 21 risk management measures, Art. 23 incident reporting timelines (24h/72h/1 month), Art. 20 governance obligations, supply chain security (Art. 26), gap assessments, policy drafting, ISO 27001 alignment, and penalty exposure analysis. Use for NIS2 readiness, transposi

NIST SP 800-53 Rev 5 compliance advisor — all 20 control families (AC, AT, AU, CA, CM, CP, IA, IR, MA, MP, PE, PL, PM, PS, PT, RA, SA, SC, SI, SR), Low/Moderate/High baseline selection, FIPS 199/200 system categorization, control tailoring and overlays, privacy controls (PT family), supply chain risk management (SR family), assessment procedures (SP 800-53A), OSCAL, RMF integration (SP 800-37), an

Expert PCI DSS compliance advisor covering PCI DSS v4.0.1 (current) and v4.0. Use this skill whenever a user asks about PCI DSS, payment card security, cardholder data protection, CDE scoping, SAQ types (A, A-EP, B, B-IP, C, C-VT, P2PE, D), ROC, AOC, QSA assessments, ASV scans, merchant levels, service provider levels, network segmentation, penetration testing, tokenisation, encryption of PAN data

Expert Section 508 compliance advisor for US federal ICT accessibility. Use this skill whenever a user asks about Section 508, WCAG 2.0/2.1 AA for federal systems, VPAT or Accessibility Conformance Reports (ACR), accessibility audits, remediation planning, PDF accessibility, web or software accessibility, mobile accessibility, federal procurement accessibility requirements, contractor obligations,

Expert Australian Information Security Manual (ISM) advisor for government entities and their supply chains. Use for ISM control selection, gap analysis, system authorisation, IRAP assessment preparation, security documentation, and ASD compliance. Triggers on: ISM controls, ASD compliance, IRAP assessment, PROTECTED system scoping, Essential Eight vs ISM, system authorisation, NC/OS/ PROTECTED/SE

Expert ITAR compliance advisor for US defense contractors, exporters, and manufacturers. Use this skill for any question about 22 CFR Parts 120-130, the United States Munitions List (USML), DDTC registration, export license applications (DSP-5/73/94), Technical Assistance Agreements (TAA), Manufacturing License Agreements (MLA), brokering regulations (Part 129), deemed export rules for foreign nat

Expert NIST Cybersecurity Framework (CSF) advisor covering CSF 2.0 and CSF 1.1. Use this skill whenever a user asks about NIST CSF, cybersecurity risk management, the six CSF functions (Govern, Identify, Protect, Detect, Respond, Recover), CSF profiles, implementation tiers, gap assessments, organizational profiles, community profiles, CSF core subcategories, informative references, or mapping to

Expert WCAG (Web Content Accessibility Guidelines) advisor covering WCAG 2.0, 2.1, and 2.2 — the W3C international accessibility standards. Use this skill whenever a user asks about WCAG success criteria, conformance levels (A/AA/AAA), accessibility audits, POUR principles, accessibility statements, ARIA patterns, colour contrast, keyboard accessibility, screen reader compatibility, mobile accessi

EU AI Act (Regulation (EU) 2024/1689) compliance advisor — risk classification across all four tiers, all 8 prohibited practices (Art. 5), all 8 Annex III high-risk use case areas, provider and deployer obligations (Arts. 9–17, 26), GPAI model obligations and systemic risk (Arts. 51–55), conformity assessment and CE marking (Arts. 43–48), EU AI database registration, limited-risk transparency (Art

Expert EU Cyber Resilience Act (CRA) advisor for Regulation (EU) 2024/2847 — mandatory cybersecurity and vulnerability handling requirements for all products with digital elements (PDEs) sold in the EU. Use this skill for gap analysis, product classification (Default / Class I / Class II), conformity assessment route selection, CE marking, SBOM requirements, vulnerability and incident reporting to

Expert GDPR compliance assistant covering all four core workflows: (1) auditing code and systems for GDPR violations, (2) drafting GDPR-compliant documents such as privacy policies, Data Processing Agreements (DPAs), and consent notices, (3) answering GDPR compliance questions with authoritative article citations, and (4) reviewing data flows and PII handling practices. Use this skill whenever the

Expert NIST AI Risk Management Framework (AI RMF 1.0) advisor covering all four functions: GOVERN, MAP, MEASURE, MANAGE. Use this skill whenever a user asks about NIST AI RMF, AI risk management, AI trustworthiness, GOVERN function, MAP function, MEASURE function, MANAGE function, AI RMF Playbook, AI risk profiles, responsible AI, AI bias management, AI transparency, AI explainability, AI reliabil

Expert SWIFT Customer Security Programme (CSP) advisor covering the Customer Security Controls Framework (CSCF v2025). Use this skill whenever a user asks about SWIFT CSP, CSCF controls, SWIFT security attestation, KYC-SA portal, SWIFT architecture types (A1/A2/A3/A4/B), mandatory vs advisory controls, independent assessment, SWIFT secure zone, secure flow zone, MFA for operators, SWIFT messaging

Expert TSA cybersecurity compliance advisor for critical infrastructure owners and operators. Use this skill whenever a user asks about TSA Security Directives for pipelines, freight railroads, passenger rail, public transit, or bus operators; the TSA Cyber Risk Management Program (CRMP); Cybersecurity Implementation Plan (CIP); Cybersecurity Operational Implementation Plan (COIP); Cybersecurity A

Expert CSRD (Corporate Sustainability Reporting Directive, EU 2022/2464) compliance advisor. Use this skill whenever a user asks about CSRD, European Sustainability Reporting Standards (ESRS), double materiality assessment, sustainability reporting obligations, ESG disclosure, CSRD scope and thresholds, value chain reporting, XBRL digital tagging, third-party assurance, CSRD gap assessments, CSRD

Expert DORA (Regulation (EU) 2022/2554 — Digital Operational Resilience Act) compliance advisor for EU financial entities. Use this skill whenever a user asks about DORA compliance, ICT risk management frameworks, ICT incident classification or reporting, threat-led penetration testing (TLPT), ICT third-party risk management, Register of Information, contractual provisions with ICT providers, ICT

Expert guidance for FedRAMP certification and compliance. Use this skill whenever a user asks about FedRAMP authorization, ATO (Authority to Operate), cloud security for federal government, NIST SP 800-53 controls, CSP compliance, or any of the core FedRAMP document types: SSP, SAP, SAR, POA&M, CIS/CRM workbooks. Also trigger for questions about FedRAMP impact levels (Low, Moderate, High, LI-SaaS)

Expert India Digital Personal Data Protection Act, 2023 (DPDPA) compliance advisor. Use this skill whenever a user asks about the DPDPA, DPDP Act, DPDP Rules 2025, India data privacy law, Data Fiduciary obligations, Data Principal rights, Significant Data Fiduciary, Data Protection Board of India, consent under DPDPA, notice requirements, breach notification India, children's data India, cross-bor

Export Administration Regulations (EAR, 15 CFR Parts 730-774) compliance advisor — ECCN classification across all 10 CCL categories and 5 product groups (A-E), EAR99 determination, jurisdiction analysis (EAR vs ITAR order of review), license requirement analysis via Country Chart, all license exceptions (LVS, GBS, CIV, TMP, RPL, GOV, TSU, ENC, TSR, APP, BAG, AVS, ACE), end-user/end-use controls (E

Expert ISO 42001 AI Management System (AIMS) compliance advisor. Use this skill whenever a user asks about ISO/IEC 42001:2023, AI governance, AI management systems, AI risk assessment, AI system impact assessment, Annex A controls for AI, Statement of Applicability for AI systems, AI policy, responsible AI, AI lifecycle management, AI incident management, AI transparency, AI bias, AI certification

Expert SOC 2 compliance assistant covering all five Trust Services Criteria (Security/CC, Availability/A, Confidentiality/C, Processing Integrity/PI, Privacy/P). Use this skill whenever a user mentions SOC 2, Trust Services Criteria, SOC 2 Type 1 or Type 2, audit readiness, compliance gaps, control documentation, evidence collection, vendor risk questionnaires, or anything related to AICPA service

Expert ISO 27001 compliance assistant for security and compliance teams. Use this skill whenever a user asks about ISO 27001 or ISO/IEC 27001, including any of the following: gap analysis, auditing, compliance assessments, control checklists, policy writing, document generation, Statement of Applicability (SoA), risk assessment, risk registers, risk treatment plans, Annex A controls, ISMS implemen

Expert LGPD compliance advisor for Brazil's Lei Geral de Proteção de Dados (Law 13,709/2018). Use this skill whenever a user asks about LGPD, Brazilian data protection, ANPD, personal data processing in Brazil, data subject rights under Brazilian law, legal bases for processing, sensitive data handling, DPO appointment in Brazil, data breach notification to ANPD, LGPD penalties (fines up to 2% of

Expert New Zealand Information Security Manual (NZISM) advisor for NZ government agencies and their supply chains. Use for NZISM control guidance, gap analysis, agency security obligations, classification framework (Unclassified through Top Secret), security risk management, system certification, and GCSB/NCSC NZ compliance. Triggers on: NZISM controls, NZ government security, GCSB compliance, age

Expert Vietnam Personal Data Protection Law (PDPL) compliance advisor for Law No. 91/2025/QH15 and implementing Decree 356/2025/ND-CP (effective January 1, 2026). Use this skill for gap analysis against the Vietnam PDPL, data subject rights fulfilment workflows, cross-border data transfer impact assessments, privacy notices and internal policies, breach notification procedures, sector-specific obl

Expert CIS Controls v8 (CIS Top 18) advisor — implementation group scoping (IG1/IG2/IG3), control gap assessments, safeguard-level guidance, asset inventory, software inventory, data protection, secure configuration, account management, access control, continuous vulnerability management, audit log management, email and web browser protections, malware defenses, network infrastructure management,

Expert CMMC 2.0 (Cybersecurity Maturity Model Certification) advisor for US defense contractors and subcontractors in the Defense Industrial Base (DIB). Use this skill whenever a user asks about CMMC 2.0, CMMC Level 1, Level 2, or Level 3, DoD cybersecurity compliance, NIST SP 800-171, CUI (Controlled Unclassified Information) protection, System Security Plan (SSP), Plan of Action & Milestones (PO