II.
Workflow overview
Reference · liveworkflow:annual-compliance-review
Annual Compliance Review overview
Conducts the annual organization-wide compliance review across regulatory frameworks -- auditing adherence to SOC 2, GDPR, HIPAA, or industry-specific regulations, reviewing policy document currency and employee attestation completion, validating control effectiveness through evidence sampling, coordinating with external auditors on gap remediation timelines, assessing new regulatory requirements for impact analysis, and updating the compliance risk register. Produces annual compliance assessment report and remediation roadmap. Excludes control implementation.
Attributes
displayName
Annual Compliance Review
workflowKind
governance
triggerType
scheduled
typicalCadence
annually
complexity
cross-team
description
Conducts the annual organization-wide compliance review across
regulatory frameworks -- auditing adherence to SOC 2, GDPR, HIPAA, or
industry-specific regulations, reviewing policy document currency and
employee attestation completion, validating control effectiveness
through evidence sampling, coordinating with external auditors on gap
remediation timelines, assessing new regulatory requirements for
impact analysis, and updating the compliance risk register. Produces
annual compliance assessment report and remediation roadmap. Excludes
control implementation.
Outgoing edges
applies_to_domain2
- domain:legal·DomainLegal
- domain:operations·DomainOperations
involves_role3
- role:security-reviewer·RoleSecurity Reviewer
- role:engineering-manager·RoleEngineering Manager
- role:license-auditor·RoleLicense Auditor
performed_by_org_unit3
- org-unit:compliance-team·OrgUnitCompliance Team
- org-unit:legal-team·OrgUnitLegal Team
- org-unit:security-team·OrgUnitSecurity Team
requires_skill_area2
- skill-area:threat-modeling·SkillAreaThreat Modeling
- skill-area:identity-security·SkillAreaIdentity & Access Security
triggers_responsibility2
- responsibility:security-review·ResponsibilitySecurity review
- responsibility:dependency-audit·ResponsibilityDependency audit
Incoming edges
None.