II.
Workflow JSON
Structured · liveworkflow:compliance-technology-stack-audit
Compliance Technology Stack Audit json
Inspect the normalized record payload exactly as the atlas UI reads it.
{
"id": "workflow:compliance-technology-stack-audit",
"_kind": "Workflow",
"_file": "workflows/workflows/workflows-cross-domain.yaml",
"_cluster": "workflows",
"attributes": {
"displayName": "Compliance Technology Stack Audit",
"workflowKind": "governance",
"triggerType": "scheduled",
"typicalCadence": "semi-annually",
"complexity": "cross-team",
"description": "Audits the technology stack supporting compliance and regulatory\nobligations -- reviewing security control implementation against SOC\n2, ISO 27001, and industry-specific frameworks, evaluating legal\nhold and e-discovery toolchain readiness, assessing financial\nreporting system controls against SOX ITGCs, auditing data privacy\ninfrastructure for GDPR/CCPA compliance including consent management\nand data subject request fulfillment, reviewing GRC platform\nconfiguration accuracy against control framework mappings, evaluating\nautomated compliance monitoring coverage and alert fidelity, and\nassessing evidence collection automation maturity. Produces\ncompliance tech stack assessment, control gap matrix, and\nremediation prioritization. Excludes policy authoring.\n"
},
"outgoingEdges": [
{
"from": "workflow:compliance-technology-stack-audit",
"to": "role:security-reviewer",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "role:principal-engineer",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "role:planner",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "skill-area:threat-modeling",
"kind": "requires_skill_area",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "skill-area:identity-security",
"kind": "requires_skill_area",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "skill-area:data-governance",
"kind": "requires_skill_area",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "domain:security",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "domain:legal",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "domain:finance",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "domain:cybersecurity-grc",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "responsibility:security-review",
"kind": "triggers_responsibility",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "responsibility:dependency-audit",
"kind": "triggers_responsibility",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "responsibility:review-architecture-changes",
"kind": "triggers_responsibility",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "org-unit:security-team",
"kind": "performed_by_org_unit",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "org-unit:compliance-team",
"kind": "performed_by_org_unit",
"attributes": {}
},
{
"from": "workflow:compliance-technology-stack-audit",
"to": "org-unit:legal-team",
"kind": "performed_by_org_unit",
"attributes": {}
}
],
"incomingEdges": []
}