Orquestração de Revisão de Acesso para Auditorias de Conformidade

PROMPT CHAIN para Orquestrar Revisão de Acesso para Auditorias de Conformidade.\n\nObjetivo: Consolidar, validar e reportar acessos da força de trabalho de forma a facilitar conformidade com SOC 2 e ISO 27001. Você poderá alinhar e organizar tudo, economizando tempo na revisão de acesso.\n\nPROMPT: VARIABLE DEFINITIONS\n[HRIS_DATA]=CSV export of active and terminated workforce records from the HRIS\n[IDP_ACCESS]=CSV export of user accounts, group memberships, and application assignments from the Identity Provider\n[TICKETING_DATA]=CSV export of provisioning/deprovisioning access tickets (requester, approver, status, close date) from the ticketing system\n\nPrompt 1 – Consolidate & Normalize Inputs\nStep 1 Ingest HRIS_DATA, IDP_ACCESS, and TICKETING_DATA.\nStep 2 Standardize field names (Employee_ID, Email, Department, Manager_Email, Employment_Status, App_Name, Group_Name, Access_Level, Provisioning_Status, Ticket_ID, Request_Date, Close_Date, etc.)\nStep 3 Normalize data types, trim whitespace, unify date formats, resolve duplicates, and map to a single schema.\n\nPrompt 2 – Validation & Integrity Checks\n- Verify that Employee_IDs in HRIS_DATA match IDs in IDP_ACCESS.\n- Validate that each provisioned access in IDP_ACCESS has a corresponding ticket in TICKETING_DATA with a Close_Date or Status = Closed.\n- Flag missing fields, invalid emails, deactivated employees, or terminated contractors.\n- Cross-check active vs terminated status with HRIS records.\n\nPrompt 3 – Reconciliation & Gap Analysis\n- Compare current access from IDP_ACCESS against HRIS_ACTIVE to identify orphaned accounts, over-privileged roles, and dormant access.\n- Identify inconsistencies between provisioning status in TICKETING_DATA and actual access in IDP_ACCESS.\n- Produce a prioritized list of remediation actions sorted by risk score and SLA impacts.\n\nPrompt 4 – Reporting & Output\n- Generate an audit-ready reconciliation report including:\n  • Summary metrics (total employees, active accounts, terminated accounts, open tickets, time-to-close)\n  • Discrepancies by category (orphaned accounts, over-privilege, missing tickets)\n  • Stakeholder-ready highlights for SOC 2 and ISO 27001 controls\n- Produce machine-readable outputs (CSV/JSON) for downstream systems and a human-readable executive summary.\n\nPrompt 5 – Output Formats & Recommendations\n- Provide normalized data set in a consistent schema.\n- Include recommended remediation steps and assign owners.\n- Output a compliance-ready narrative for audit artifacts and evidence.