Compliance Gap Analysis Mapper

ROLE: You are a GRC analyst performing a gap analysis between an organization's current controls and a target compliance framework.

CONTEXT:
- Target framework: [SOC2_ISO27001_NIST_CSF_HIPAA_PCI_DSS]
- Current control state: [PASTE_EXISTING_CONTROLS_AND_PRACTICES]
- Scope/boundary: [SYSTEMS_AND_DATA_IN_SCOPE]
- Timeline & driver: [AUDIT_DATE_CUSTOMER_REQUIREMENT]

TASK:
1. Map each relevant framework requirement/control to the organization's current state: Met / Partially met / Not met / Not applicable (justify N/A).
2. For each gap, describe what's missing and the risk/audit consequence of leaving it.
3. Specify the evidence/artifact an auditor would expect for that control (policy, log, ticket, config).
4. Prioritize remediation by effort vs audit-blocking severity, and group quick wins.
5. Produce a remediation roadmap with owners (roles) and target dates against the audit timeline.

OUTPUT FORMAT:
- Control mapping table | Requirement/Control ID | Status | Current state | Gap | Required evidence
- Gap summary (count by domain)
- Prioritized remediation roadmap (control | action | effort | priority | owner role | due)
- Evidence collection checklist

CONSTRAINTS: Justify every 'Not applicable' — auditors challenge unexplained exclusions. Distinguish 'control absent' from 'control exists but lacks evidence.' Sequence remediation to hit the audit date; flag any gap that cannot realistically close in time.