Compliance Documentation Prompt Templates
AI prompt templates for compliance documentation. Meet regulatory requirements with proper documentation.
Overview
Compliance documentation prompts help you create the policies, procedures, and records that regulators and auditors expect to see. Whether you're preparing for SOC 2, HIPAA, PCI DSS, or other frameworks, these prompts help you document your controls and practices in a format that satisfies requirements.
Best Practices
Know which specific regulations apply to your business before drafting documents
Reference the actual control numbers or requirements you're addressing
Include version numbers, approval dates, and review schedules on all documents
Write procedures that reflect what you actually do, not aspirational practices
Keep evidence of compliance alongside your policy documents
Prompt Templates
1. Compliance Policy Generator
Create a [POLICY_TYPE] policy for [COMPANY_TYPE] to meet [COMPLIANCE_FRAMEWORK] requirements. Relevant controls or requirements: [CONTROL_NUMBERS] Current practices to document: [CURRENT_PRACTICES] The policy should include purpose, scope, roles and responsibilities, procedures, and enforcement provisions.
POLICY_TYPE: access control, COMPANY_TYPE: healthcare software company, COMPLIANCE_FRAMEWORK: HIPAA, CONTROL_NUMBERS: Access Control (164.312(a)(1)), Unique User Identification (164.312(a)(2)(i)), CURRENT_PRACTICES: SSO via Okta, role-based permissions, quarterly access reviews, automatic account lockout
ACCESS CONTROL POLICY Document ID: POL-AC-001 Version: 1.0 Effective Date: [Date] Next Review: [Date + 1 year] 1. PURPOSE This policy establishes requirements for controlling access to electronic protected health information (ePHI) in accordance with HIPAA Security Rule requirements. 2. SCOPE This policy applies to all workforce members who access systems containing ePHI... 3. POLICY STATEMENTS 3.1 All users must have a unique identifier (HIPAA §164.312(a)(2)(i))...
When creating or updating policies to meet specific regulatory requirements or prepare for audits.
- •Map each policy section to the specific regulation it addresses
- •Include a revision history table at the end of the document
2. Compliance Procedure Documentation
Document the procedure for [PROCEDURE_NAME] at [COMPANY_NAME]. This procedure supports compliance with [FRAMEWORK]. Process steps currently followed: [PROCESS_STEPS] People involved: [ROLES_INVOLVED] Frequency: [FREQUENCY] Evidence generated: [EVIDENCE_TYPES] Format the procedure with clear steps, responsibilities, and documentation requirements.
PROCEDURE_NAME: quarterly user access review, COMPANY_NAME: CloudServices Inc. FRAMEWORK: SOC 2 Type II, PROCESS_STEPS: 1) IT pulls current access list, 2) Managers review their team's access, 3) Unnecessary access is revoked, 4) Results are documented, ROLES_INVOLVED: IT Security, Department Managers, HR, FREQUENCY: quarterly, EVIDENCE_TYPES: access review spreadsheets, manager approval emails, revocation tickets
USER ACCESS REVIEW PROCEDURE Procedure ID: PROC-UAR-001 Related Policy: Access Control Policy (POL-AC-001) SOC 2 Control: CC6.2, CC6.3 1. OVERVIEW This procedure describes how CloudServices Inc. conducts quarterly reviews of user access rights to ensure appropriate access levels. 2. FREQUENCY This review is conducted during the first two weeks of January, April, July, and October. 3. PROCEDURE STEPS Step 1: Generate Access Report (IT Security, Day 1-2) - Export current user access from all production systems - Format into review spreadsheet template...
When documenting existing processes for compliance purposes or when auditors ask how you do something.
- •Include expected completion timeframes for each step
- •List exactly what evidence should be saved and where
3. Audit Response Template
Prepare a response to an audit finding or auditor question about [AUDIT_TOPIC] for [COMPLIANCE_FRAMEWORK]. Auditor's question or finding: [AUDITOR_INPUT] Our actual practice: [ACTUAL_PRACTICE] Evidence we can provide: [AVAILABLE_EVIDENCE] Draft a clear, professional response that directly addresses the question and references supporting evidence.
AUDIT_TOPIC: incident response procedures, COMPLIANCE_FRAMEWORK: ISO 27001, AUDITOR_INPUT: 'Please describe your process for detecting, responding to, and recovering from security incidents, including roles and communication procedures.', ACTUAL_PRACTICE: 24/7 monitoring via SIEM, incident response team on-call rotation, documented runbooks, post-incident reviews, AVAILABLE_EVIDENCE: incident response policy, recent incident reports (redacted), on-call schedules, runbook screenshots
AUDIT RESPONSE: INCIDENT RESPONSE PROCEDURES Control Reference: ISO 27001 A.16.1 Date: [Date] Prepared by: [Name], Security Manager RESPONSE SUMMARY Our organization maintains a documented incident response capability with 24/7 monitoring and defined escalation procedures. DETAILED RESPONSE 1. Detection Security events are monitored continuously through our SIEM platform (Splunk). Alerts are configured for... 2. Response Process When an incident is detected, the on-call security engineer... SUPPORTING EVIDENCE - Exhibit A: Incident Response Policy (POL-IR-001) - Exhibit B: Sample incident report from Q3 2024 (redacted) - Exhibit C: Current on-call rotation schedule...
When responding to auditor questions during a compliance audit or assessment.
- •Answer exactly what was asked, don't volunteer extra information
- •Reference specific document names and dates in your evidence list
4. Compliance Gap Assessment
Create a gap assessment comparing [COMPANY_NAME]'s current state against [COMPLIANCE_FRAMEWORK] requirements. Framework requirements to assess: [REQUIREMENTS_LIST] Current controls and practices: [CURRENT_STATE] For each requirement, identify the gap status (compliant, partial, non-compliant) and remediation steps if needed.
COMPANY_NAME: StartupCo, COMPLIANCE_FRAMEWORK: SOC 2 Trust Services Criteria, REQUIREMENTS_LIST: CC1.1 (integrity and ethics), CC1.2 (board oversight), CC1.3 (organizational structure), CC1.4 (commitment to competence), CC1.5 (accountability), CURRENT_STATE: code of conduct exists but not signed annually, no formal board but have advisors, org chart documented, job descriptions exist, no formal performance reviews
SOC 2 COMPLIANCE GAP ASSESSMENT Company: StartupCo Framework: SOC 2 Trust Services Criteria Assessment Date: [Date] CONTROL ENVIRONMENT (CC1) | Control | Status | Finding | Remediation | |---------|--------|---------|-------------| | CC1.1 Integrity and Ethics | Partial | Code of conduct exists but annual acknowledgment is not tracked | Implement annual code of conduct acknowledgment via HR system | | CC1.2 Board Oversight | Partial | No formal board; advisor meetings not documented | Document quarterly advisor meetings with minutes | | CC1.3 Organizational Structure | Compliant | Org chart is current and accessible | None required | | CC1.4 Commitment to Competence | Compliant | Job descriptions define required skills | None required | | CC1.5 Accountability | Non-Compliant | No formal performance review process | Implement annual performance reviews with documented feedback |
When preparing for a compliance audit, starting a new compliance program, or assessing readiness.
- •Be honest about gaps rather than overstating compliance
- •Prioritize remediation by risk level and effort required
Common Mistakes to Avoid
Writing policies that describe ideal practices rather than what you actually do
Not keeping evidence organized and accessible for when auditors ask
Treating compliance as a one-time project rather than ongoing maintenance
Frequently Asked Questions
Compliance documentation prompts help you create the policies, procedures, and records that regulators and auditors expect to see. Whether you're preparing for SOC 2, HIPAA, PCI DSS, or other frameworks, these prompts help you document your controls and practices in a format that satisfies requirements.
Related Templates
Contract Drafting Prompt Templates
AI prompt templates for drafting contracts. Create clear, comprehensive legal agreements.
Privacy Policy Prompt Templates
AI prompt templates for privacy policies. Create GDPR and CCPA compliant privacy statements.
Terms of Service Prompt Templates
AI prompt templates for terms of service. Draft clear user agreements and service terms.
Have your own prompt to optimize?