regulatory-compliance

Audit codebases for cross-industry regulatory compliance across SOX, GDPR, HIPAA, PCI-DSS, CCPA/CPRA, FedRAMP, FISMA, COPPA, and FERPA. Reviews audit trail completeness (who/what/when/where/why with tamper-evident storage), data retention policies and right-to-erasure workflows, RBAC/ABAC access control with least-privilege enforcement, privileged access management and JIT elevation, change management controls (branch protection, deployment gates, emergency change process), DSAR and ROPA reporting, breach detection and 72-hour notification pipelines, incident response procedures, and whistleblower anonymous reporting with anti-retaliation safeguards. Produces a compliance matrix with per-regulation scores.