Map the regulatory landscape, prioritize compliance obligations, select control frameworks, and build a compliance roadmap.

Purpose

The Scope phase establishes the compliance foundation. Before running assessments, you need to understand which regulations apply to your organization, prioritize them by risk and business impact, select control frameworks, and plan a phased approach to achieving compliance.

Skills

Regulatory Landscape

/compliance:regulatory-landscape <topic>

Maps the complete regulatory landscape for your organization. Identifies applicable regulations based on industry, geography, data types, and business model. Produces a structured inventory of all compliance obligations.

Output: Regulatory landscape map with applicability analysis → .metapowers/compliance/<topic>/00-scope.md

Compliance Priorities

/compliance:compliance-priorities <topic>

Prioritizes compliance obligations by risk exposure, business impact, enforcement timelines, and strategic value. Produces a ranked list with justification for sequencing.

Output: Prioritized compliance obligations with risk-based ranking → .metapowers/compliance/<topic>/00-scope.md

Control Framework

/compliance:control-framework <topic>

Selects and maps control frameworks to organizational needs. Evaluates frameworks like NIST 800-53, ISO 27001 Annex A, CIS Controls, and CSA CCM, and recommends a primary framework with mappings to regulatory requirements.

Output: Control framework selection with regulatory mappings → .metapowers/compliance/<topic>/00-scope.md

Compliance Roadmap

/compliance:compliance-roadmap <topic>

Builds a phased compliance roadmap with milestones, resource estimates, and dependencies. Sequences certification targets based on priorities and identifies quick wins versus long-term initiatives.

Output: Phased compliance roadmap with milestones and dependencies → .metapowers/compliance/<topic>/00-scope.md

Next Phase

After Scope, proceed to Assess to run detailed compliance assessments against identified regulations.

Phase 0: Scope