# NerdyChefs.ai - Complete Prompt Library > 900+ free AI prompts for professionals. Full catalog with all prompt packs and individual prompts. **Website:** https://www.nerdychefs.ai **Contact:** mathieu@nerdychefs.ai **Last Updated:** December 2025 --- ## Table of Contents 1. [AI for Sales Professionals](#ai-for-sales-professionals) (24 prompts) 2. [AI for Marketing Teams](#ai-for-marketing-teams) (31 prompts) 3. [AI for Product Managers](#ai-for-product-managers) (24 prompts) 4. [AI for Engineering Teams](#ai-for-engineering-teams) (33 prompts) 5. [AI for Customer Success Teams](#ai-for-customer-success-teams) (18 prompts) 6. [AI for HR & People Operations](#ai-for-hr-people-operations) (21 prompts) 7. [AI for Finance Teams](#ai-for-finance-teams) (16 prompts) 8. [AI for Executive Leadership](#ai-for-executive-leadership) (17 prompts) 9. [AI for IT Operations](#ai-for-it-operations) (17 prompts) 10. [AI for Management & Team Leadership](#ai-for-management-team-leadership) (19 prompts) 11. [AI for ESG & Sustainability](#ai-for-esg-sustainability) (25 prompts) 12. [AI for Legal & Compliance](#ai-for-legal-compliance) (35 prompts) 13. [AI for Operations & Supply Chain](#ai-for-operations-supply-chain) (35 prompts) 14. [AI for Data Science & Analytics](#ai-for-data-science-analytics) (35 prompts) 15. [AI for Communications & PR](#ai-for-communications-pr) (36 prompts) 16. [AI for Enterprise Architects](#ai-for-enterprise-architects) (27 prompts) 17. [AI for HVAC Engineers](#ai-for-hvac-engineers) (15 prompts) 18. [AI for Piping Engineers](#ai-for-piping-engineers) (15 prompts) 19. [AI for Electrical Engineers](#ai-for-electrical-engineers) (17 prompts) 20. [AI for Mechanical Engineers](#ai-for-mechanical-engineers) (6 prompts) 21. [AI for Structural Engineers](#ai-for-structural-engineers) (8 prompts) 22. [AI for Process Engineers](#ai-for-process-engineers) (8 prompts) 23. [AI for Instrumentation & Control Engineers](#ai-for-instrumentation-control-engineers) (10 prompts) 24. [AI for Fire Protection Engineers](#ai-for-fire-protection-engineers) (10 prompts) 25. [AI for DevOps & SRE Engineers](#ai-for-devops-sre-engineers) (20 prompts) 26. [AI for Application Developers](#ai-for-application-developers) (24 prompts) 27. [AI for Cloud & FinOps Teams](#ai-for-cloud-finops-teams) (30 prompts) 28. [AI for Leadership & Executive Management](#ai-for-leadership-executive-management) (50 prompts) 29. [AI for OT Cybersecurity Engineers](#ai-for-ot-cybersecurity-engineers) (42 prompts) 30. [AI for Project & Program Managers](#ai-for-project-program-managers) (48 prompts) 31. [AI for DevOps & Cloud Infrastructure Engineers](#ai-for-devops-cloud-infrastructure-engineers) (29 prompts) 32. [AI for Financial Strategists: Advanced Wealth Management](#ai-for-financial-strategists-advanced-wealth-management) (14 prompts) 33. [AI for GRC: Governance, Risk & Compliance Professionals](#ai-for-grc-governance-risk-compliance-professionals) (11 prompts) 34. [AI for Creative Professionals & Designers](#ai-for-creative-professionals-designers) (22 prompts) 35. [AI for Educators & Training Professionals](#ai-for-educators-training-professionals) (25 prompts) 36. [AI for Founders & Startup Teams](#ai-for-founders-startup-teams) (25 prompts) 37. [AI for Policy, Ethics & Governance Professionals](#ai-for-policy-ethics-governance-professionals) (20 prompts) 38. [🎄 Holiday Special](#holiday-special) (39 prompts) --- ## AI for Sales Professionals **Category:** Sales **Prompts:** 24 **Description:** Comprehensive sales prompts covering prospecting, outreach, objection handling, proposal writing, and deal strategy to accelerate your sales process. **Tags:** Sales, Business Development, Work Users ### Prospecting & Lead Research Identify and research potential customers with AI-powered insights. #### Company background research **Use case:** Pre-call preparation and account planning **For:** Sales Development Representative, Account Executive, Sales Manager, Revenue Operations ``` Research [company name] and provide: 1) Company overview and business model, 2) Recent news and developments (last 6 months), 3) Key decision makers in [department], 4) Potential pain points related to [your solution area], 5) Competitive landscape they operate in, 6) Recent funding or growth indicators. Include sources. ``` #### Ideal customer profile creator **Use case:** Target market definition and lead qualification **For:** Account Executive, Sales Manager, Revenue Operations, VP of Sales ``` Based on our product [describe product/service], create an ideal customer profile including: 1) Company size and revenue range, 2) Industries most likely to need this, 3) Key decision maker roles, 4) Common pain points they face, 5) Budget indicators, 6) Technology stack they likely use, 7) Buying signals to look for. ``` #### LinkedIn prospect research **Use case:** Social selling and personalized outreach **For:** Sales Development Representative, Account Executive, Sales Manager, Revenue Operations ``` Analyze [LinkedIn profile URL or description] and provide: 1) Professional background summary, 2) Career trajectory and achievements, 3) Shared connections or commonalities, 4) Recent activity and interests, 5) Personalization angles for outreach, 6) Suggested conversation starters. ``` #### Industry trend analysis **Use case:** Consultative selling and value proposition development **For:** Sales Development Representative, Account Executive, Sales Manager, Revenue Operations ``` Analyze current trends in [industry] that create opportunities for [your solution]. Include: 1) Top 3-5 industry challenges, 2) Emerging technologies or practices, 3) Regulatory changes affecting the space, 4) How these trends create urgency, 5) Compelling talking points for sales conversations. ``` ### Email & Message Outreach Craft compelling outreach messages that get responses. #### Cold email sequence **Use case:** Automated email campaigns **For:** Sales Development Representative, Account Executive ``` Create a 4-email cold outreach sequence for [target role] at [company type] about [product/service]. Email 1: Introduction with value proposition. Email 2: Follow-up with case study/social proof. Email 3: Address common objection. Email 4: Break-up/last attempt. Include subject lines, keep each under 150 words, include clear CTAs. ``` #### Personalized cold email **Use case:** High-value prospect outreach **For:** Sales Development Representative, Account Executive ``` Write a cold email to [prospect name], [title] at [company]. Context: [trigger event or personalization detail]. Our solution: [brief description]. Tone: [professional/casual/consultative]. Include: attention-grabbing subject line, personalized opening, value prop, soft CTA. Max 120 words. ``` #### LinkedIn connection message **Use case:** Network expansion and warm introductions **For:** Sales Development Representative, Account Executive ``` Write a LinkedIn connection request to [prospect name] who [relevant detail about them]. Our connection point: [shared interest/mutual connection/their content]. Goal: [start conversation/offer value/build relationship]. Keep under 280 characters, avoid being salesy. ``` #### Follow-up email after no response **Use case:** Re-engagement and persistence **For:** Sales Development Representative, Account Executive ``` Write a follow-up email for [prospect name] who hasn't responded to [number] previous emails about [topic]. Approach: [gentle reminder/new angle/break-up email]. Include: brief recap of value prop, new piece of information or angle, easy out option, clear next step. ``` #### Voicemail script **Use case:** Phone prospecting and follow-up **For:** Sales Development Representative, Account Executive ``` Create a voicemail script for [prospect name] at [company] about [product/service]. Include: Professional greeting, reason for calling (reference point), brief value statement (10 seconds), clear callback request with your number repeated twice. Total length: 30-45 seconds max. ``` ### Objection Handling Overcome common sales objections with proven response frameworks. #### Price objection response **Use case:** Pricing negotiations and value justification **For:** Account Executive, Sales Manager ``` Prospect says: '[specific price objection]' about [product/service] priced at [price]. Their context: [company size/industry/current solution]. Create 3 different response approaches: 1) ROI-focused response with calculations, 2) Feature/value justification, 3) Flexible pricing/terms option. Include follow-up questions for each. ``` #### Timing objection ('not right now') **Use case:** Pipeline management and future opportunity nurturing **For:** Account Executive, Sales Manager ``` Prospect says '[timing objection]' for [product/service]. Context: [their situation/fiscal year/current projects]. Provide: 1) Empathetic acknowledgment, 2) Cost of waiting/urgency creation, 3) Pilot or limited engagement option, 4) Stay-in-touch strategy, 5) Specific follow-up timeline and approach. ``` #### Competitor comparison response **Use case:** Competitive positioning and differentiation **For:** Account Executive, Sales Manager ``` Prospect is considering [competitor name] vs our [product/service]. Create response including: 1) Acknowledge competitor strengths professionally, 2) Key differentiators (3-4 points), 3) Specific scenarios where we're better fit, 4) Customer proof points, 5) Suggested next step (demo/trial/reference call). ``` #### Authority objection ('need to check with...') **Use case:** Multi-stakeholder sales and buying process navigation **For:** Account Executive, Sales Manager ``` Prospect says '[authority objection]' - needs approval from [decision maker]. Provide: 1) Questions to understand decision process, 2) How to position as champion, 3) Materials/deck to help them sell internally, 4) Offer to present to decision maker, 5) Timeline and next steps. ``` ### Proposals & Presentations Create compelling proposals and presentation content. #### Executive summary generator **Use case:** Proposal writing and decision-maker communication **For:** Product Marketing Manager, VP of Sales, Sales Manager, Account Executive ``` Create an executive summary for proposal to [company name]. Project: [brief description]. Include: 1) Client's key challenges (2-3 points), 2) Proposed solution overview, 3) Expected outcomes and ROI, 4) Investment required, 5) Timeline, 6) Why us (credentials). Max 1 page, executive-friendly language. ``` #### ROI calculator narrative **Use case:** Business case development and value quantification **For:** Product Marketing Manager, VP of Sales, Sales Manager, Account Executive ``` Build ROI narrative for [product/service] for [company type] with [relevant metrics: revenue, employees, etc.]. Calculate: 1) Current state costs/inefficiencies, 2) Improvement metrics with our solution, 3) Financial impact (year 1, year 3), 4) Payback period, 5) Intangible benefits, 6) Risk mitigation value. Present in compelling story format. ``` #### Proposal customization **Use case:** Personalized proposal development **For:** Product Marketing Manager, VP of Sales, Sales Manager, Account Executive ``` Customize our standard proposal for [company name] in [industry]. Their priorities: [priority 1, priority 2, priority 3]. Their concerns: [specific concerns]. Rewrite these sections using their language and addressing their specific needs: 1) Executive summary, 2) Solution overview, 3) Success metrics, 4) Implementation approach. ``` #### Case study creator **Use case:** Social proof and sales enablement content **For:** Account Executive, Product Marketing Manager, Sales Manager ``` Create a case study about [customer name] using our [product/service]. Details: [customer details, challenge, solution, results]. Format with: 1) Catchy title, 2) Customer background, 3) Challenge (pain points), 4) Solution (what we did), 5) Results (with metrics), 6) Customer quote, 7) Call-to-action. Write for [target audience]. ``` ### Meeting & Call Preparation Prepare effectively for sales meetings and calls. #### Discovery call question framework **Use case:** Consultative selling and needs analysis **For:** Account Executive, Sales Development Representative, Sales Manager ``` Create discovery questions for [prospect title] at [company type] about [pain point/topic]. Organize into: 1) Situation questions (current state), 2) Problem questions (challenges), 3) Implication questions (cost of problems), 4) Need-payoff questions (value of solving). Include 4-5 questions per category, ordered by priority. ``` #### Demo script customization **Use case:** Product demonstrations and technical sales **For:** Account Executive, Sales Development Representative, Sales Manager ``` Customize demo script for [company name]. Their use case: [specific use case]. Their attendees: [roles]. Create: 1) Opening hook relevant to their business, 2) Key features to emphasize (top 3-4), 3) Specific examples using their terminology, 4) Questions to ask during demo, 5) Strong closing and next steps. ``` #### Meeting agenda creator **Use case:** Meeting facilitation and time management **For:** Account Executive, Sales Development Representative, Sales Manager ``` Create meeting agenda for [meeting type] with [prospect name/company]. Meeting goal: [objective]. Attendees: [roles]. Duration: [time]. Include: 1) Meeting objectives, 2) Agenda items with time allocations, 3) Pre-work/materials needed, 4) Discussion topics, 5) Decisions needed, 6) Next steps section. ``` #### Stakeholder mapping **Use case:** Complex sales and account strategy **For:** Account Executive, Sales Development Representative, Sales Manager ``` Create stakeholder map for [company name] deal. Known stakeholders: [list names and roles]. Map: 1) Decision criteria for each, 2) Influence level (high/medium/low), 3) Champion potential, 4) Concerns/objections, 5) Relationship status, 6) Engagement strategy for each, 7) Who we're missing. ``` ### Deal Strategy & Forecasting Develop winning strategies for complex deals. #### Deal risk assessment **Use case:** Pipeline management and forecast accuracy **For:** Account Executive, Sales Manager, Revenue Operations, VP of Sales ``` Analyze deal risk for [company name] opportunity valued at [amount]. Stage: [current stage]. Context: [key deal details]. Assess: 1) Likelihood to close (percentage and why), 2) Top 3 risks with mitigation strategies, 3) Competitive threats, 4) Buying process concerns, 5) Action items to de-risk, 6) Recommended close date. ``` #### Negotiation strategy **Use case:** Contract negotiations and deal closing **For:** Account Executive, Sales Manager, Revenue Operations, VP of Sales ``` Create negotiation strategy for [company name] deal. Their position: [their asks/concerns]. Our position: [our constraints]. Build strategy with: 1) Walk-away terms, 2) Ideal outcome, 3) Concession strategy (what we can give), 4) Value adds (non-price), 5) Timing leverage, 6) Opening position, 7) Likely scenarios and responses. ``` #### Champion development plan **Use case:** Internal selling and relationship building **For:** Sales Manager, Account Executive, Revenue Operations, VP of Sales ``` Create champion development plan for [contact name] at [company]. Their role: [title], Influence level: [high/medium/low]. Plan: 1) Why they should champion us, 2) Information/tools they need, 3) Political navigation help, 4) How to handle their concerns, 5) Regular touchpoint strategy, 6) Success metrics for championship. ``` --- ## AI for Marketing Teams **Category:** Marketing **Prompts:** 31 **Description:** Marketing prompts covering content creation, campaign strategy, SEO, social media, brand messaging, and analytics to amplify your marketing impact. **Tags:** Marketing, Content Creation, Work Users ### Content Strategy & Planning Develop comprehensive content strategies aligned with business goals. #### Content calendar creator **Use case:** Content planning and editorial management **For:** Marketing Manager, Content Marketer, Product Marketing Manager, CMO ``` Create a 30-day content calendar for [company/brand] targeting [audience]. Channels: [blog, social, email, etc.]. Goals: [awareness/engagement/conversion]. Include: 1) Daily content themes aligned to goals, 2) Content types and formats, 3) Key topics from [industry/product area], 4) Publishing schedule, 5) Distribution strategy, 6) Success metrics per post type. ``` #### Content pillar development **Use case:** Content marketing strategy and SEO planning **For:** Marketing Manager, Content Marketer, Product Marketing Manager, CMO ``` Develop content pillars for [company/brand] in [industry]. Target audience: [description]. Create: 1) 4-5 core content pillars aligned to audience interests, 2) Sub-topics under each pillar (5-7 each), 3) Content formats for each pillar, 4) SEO keyword opportunities, 5) How each pillar supports buyer journey, 6) Quarterly content focus areas. ``` #### Audience persona content mapping **Use case:** Persona-based marketing and content personalization **For:** Marketing Manager, Content Marketer, Product Marketing Manager, CMO ``` Map content strategy for persona: [persona name/description]. Their journey stage: [awareness/consideration/decision]. Create: 1) Content topics that resonate, 2) Preferred content formats, 3) Pain points to address, 4) Questions they're asking, 5) Content tone and style, 6) Distribution channels, 7) 10 specific content ideas with rationale. ``` #### Competitive content analysis **Use case:** Competitive intelligence and strategic positioning **For:** Marketing Manager, Content Marketer, Product Marketing Manager, CMO ``` Analyze content strategy of [competitor 1, competitor 2, competitor 3] in [industry/space]. Review their: 1) Content themes and topics, 2) Publishing frequency and channels, 3) Engagement patterns, 4) Content gaps we can exploit, 5) What they do well, 6) Differentiation opportunities for us, 7) Recommended content strategy based on analysis. ``` ### Blog & Article Writing Create compelling blog content that engages and converts. #### SEO blog post outline **Use case:** SEO content creation and organic traffic growth **For:** SEO Specialist, Content Marketer, Marketing Manager ``` Create SEO-optimized blog outline for keyword '[primary keyword]' targeting [audience]. Intent: [informational/commercial]. Include: 1) Compelling title options (3-5), 2) Meta description, 3) H2 and H3 structure, 4) Key points to cover, 5) Related keywords to include naturally, 6) Internal linking opportunities, 7) CTA recommendation, 8) Estimated word count. ``` #### Thought leadership article **Use case:** Executive visibility and brand authority **For:** Content Marketer, SEO Specialist, Marketing Manager ``` Write thought leadership article on [topic] for [publication/audience]. Angle: [unique perspective]. Author voice: [authoritative/conversational/provocative]. Include: 1) Hook opening with bold statement, 2) Current state/problem analysis, 3) Unique insights or predictions, 4) Supporting evidence/examples, 5) Actionable takeaways, 6) Strong conclusion. Length: [word count]. ``` #### Listicle blog post **Use case:** Engaging content and social shareability **For:** SEO Specialist, Content Marketer, Marketing Manager ``` Create listicle: '[Number] [Topic]' for [target audience]. Format: [how-to/tools/tips/mistakes]. Include: 1) Attention-grabbing intro, 2) Brief context on why this matters, 3) Each list item with: title, explanation (2-3 sentences), example/tip, 4) Conclusion with key takeaway, 5) Strong CTA. Tone: [specify tone]. ``` #### How-to guide creator **Use case:** Educational content and lead generation **For:** Content Marketer, SEO Specialist, Marketing Manager ``` Create comprehensive how-to guide: 'How to [accomplish goal]' for [beginner/intermediate/advanced] audience. Cover: 1) Why this matters/benefits, 2) Prerequisites or requirements, 3) Step-by-step instructions (numbered, detailed), 4) Common pitfalls to avoid, 5) Pro tips for better results, 6) Next steps, 7) Related resources. Include: screenshots needed, visual suggestions. ``` #### Blog post repurposing plan **Use case:** Content efficiency and multi-channel marketing **For:** SEO Specialist, Content Marketer, Marketing Manager ``` Take this blog post [title/topic] and create repurposing plan: 1) Social media posts (3-5 platforms with specific angles), 2) Email newsletter version, 3) LinkedIn article adaptation, 4) Infographic outline, 5) Video script outline, 6) Podcast talking points, 7) Quote graphics (5-7 pullquotes). Maximize content ROI. ``` ### Social Media Marketing Create engaging social media content across platforms. #### Social media post generator **Use case:** Daily social media content creation **For:** Social Media Manager, Content Marketer, Marketing Manager ``` Create [number] social posts for [platform] about [topic/announcement]. Audience: [description]. Goal: [awareness/engagement/conversion]. For each post include: 1) Engaging copy with hook, 2) Relevant hashtags (3-5), 3) Visual description/suggestion, 4) CTA, 5) Best posting time/day. Match platform best practices and character limits. ``` #### LinkedIn thought leadership post **Use case:** Professional brand building and engagement **For:** Social Media Manager, Content Marketer, Marketing Manager ``` Write LinkedIn post about [topic/insight] from [professional perspective]. Format: [story/listicle/hot take/how-to]. Include: 1) Hook first line that stops scrolling, 2) Personal anecdote or example, 3) Key insight or lesson, 4) Actionable advice, 5) Question for comments, 6) Relevant hashtags. Length: [short/medium/long]. Tone: [professional but authentic]. ``` #### Instagram caption creator **Use case:** Instagram marketing and visual storytelling **For:** Social Media Manager, Content Marketer, Marketing Manager ``` Create Instagram caption for [type of post: product/behind-scenes/educational/etc.]. Topic: [brief description]. Include: 1) Attention-grabbing first line, 2) Story or value statement (2-3 sentences), 3) Emojis that fit brand voice, 4) Clear CTA, 5) Hashtag strategy (mix of popular and niche, 10-15 total), 6) Save-worthy advice or tip. Tone: [brand voice]. ``` #### Twitter/X thread planner **Use case:** Twitter engagement and viral content **For:** Social Media Manager, Content Marketer, Marketing Manager ``` Create Twitter thread about [topic]. Goal: [educate/inspire/debate]. Structure with: Tweet 1: Hook with bold claim or question, Tweets 2-[N]: Main points (one per tweet), each building on last with numbered format, Final tweet: Summary + CTA. Each tweet under 280 chars. Include engagement tactics (questions, stats). Suggest 7-10 tweet thread. ``` #### Social media campaign strategy **Use case:** Campaign planning and cross-channel marketing **For:** Demand Generation Manager, Marketing Manager, Product Marketing Manager ``` Design social media campaign for [product launch/event/awareness initiative]. Duration: [timeframe]. Platforms: [specify]. Create: 1) Campaign theme and key messages, 2) Content calendar with post types/frequency, 3) Visual content needs, 4) Hashtag strategy, 5) Influencer/partnership opportunities, 6) Engagement tactics, 7) Success metrics, 8) Budget allocation. ``` #### Community engagement responses **Use case:** Community management and customer service **For:** Social Media Manager, Content Marketer, Marketing Manager ``` Create response templates for social media community management. Scenarios needed: 1) Positive comment/testimonial, 2) Product question, 3) Complaint/negative feedback, 4) Request for feature, 5) General brand inquiry. For each: provide empathetic, on-brand response that [resolves/redirects/engages]. Include when to escalate. Brand voice: [description]. ``` ### Email Marketing Craft effective email campaigns that drive opens and conversions. #### Welcome email series **Use case:** Onboarding and early engagement **For:** Marketing Manager, Demand Generation Manager ``` Create 3-email welcome series for new [subscribers/customers] of [product/service]. Email 1 (immediate): Welcome, set expectations, quick win. Email 2 (Day 3): Value delivery, education. Email 3 (Day 7): Engagement/conversion push. For each include: 1) Subject line (+ preview text), 2) Email body, 3) CTA, 4) Send trigger. Tone: [warm/professional/casual]. ``` #### Newsletter content planner **Use case:** Newsletter strategy and subscriber retention **For:** Marketing Manager, Demand Generation Manager ``` Plan monthly newsletter for [company]. Audience: [description]. Sections to include: 1) Opening message/theme, 2) Featured content (3-4 pieces), 3) Company updates, 4) Industry news/trends, 5) Resource/tip section, 6) CTA. Provide: Section descriptions, content ideas for next 3 months, subject line approaches, optimal send time/day. ``` #### Promotional email **Use case:** Sales and promotional campaigns **For:** Marketing Manager, Demand Generation Manager ``` Write promotional email for [offer/product/event]. Audience: [segment]. Create: 1) 5 subject line options (test urgency, benefit, curiosity), 2) Preview text, 3) Email body with: attention-grabbing opening, clear value prop, social proof element, urgency/scarcity, 4) Strong CTA (repeat 2-3x), 5) PS section. Length: [short/medium]. Tone: [persuasive but not pushy]. ``` #### Re-engagement campaign **Use case:** List cleaning and subscriber win-back **For:** Demand Generation Manager, Marketing Manager, Product Marketing Manager ``` Create re-engagement email series for inactive subscribers (no opens in [timeframe]). 3-email sequence: Email 1: 'We miss you' with value reminder. Email 2: Incentive/exclusive offer. Email 3: Last chance/preference center. Include: 1) Subject lines, 2) Body copy, 3) CTAs, 4) Send timing, 5) Sunset criteria if no engagement. ``` #### Cart abandonment email **Use case:** E-commerce conversion optimization **For:** Marketing Manager, Demand Generation Manager ``` Write cart abandonment email sequence. Email 1 (1 hour): Friendly reminder. Email 2 (24 hours): Address objections, add urgency. Email 3 (48 hours): Final incentive. For each: 1) Subject line, 2) Preview text, 3) Body highlighting abandoned items, 4) Objection handling (shipping, price, comparison), 5) CTA, 6) Trust signals. ``` ### Brand & Messaging Develop clear brand positioning and messaging frameworks. #### Brand messaging framework **Use case:** Brand strategy and consistent communication **For:** Product Marketing Manager, CMO, Marketing Manager ``` Create brand messaging framework for [company/product]. Include: 1) Positioning statement (target audience, frame of reference, point of difference, reason to believe), 2) Value propositions (3-5), 3) Key messages by audience segment, 4) Brand pillars (3-4 themes), 5) Proof points for each pillar, 6) Tone of voice guidelines, 7) Messaging do's and don'ts. ``` #### Tagline generator **Use case:** Brand identity and memorable positioning **For:** Product Marketing Manager, CMO, Marketing Manager ``` Create tagline options for [company/product/campaign]. Brand attributes: [list 3-4 key attributes]. Target emotion: [inspiration/trust/innovation/etc.]. Generate: 1) 10 tagline options varying in style (descriptive, aspirational, provocative), 2) Rationale for top 3, 3) Tagline testing criteria, 4) Where each tagline works best (B2B vs B2C, channels, use cases). ``` #### Value proposition developer **Use case:** Product marketing and conversion optimization **For:** Product Marketing Manager, CMO, Marketing Manager ``` Develop value proposition for [product/service]. Target customer: [description]. Their main problem: [pain point]. Our solution: [how we solve it]. Create: 1) One-sentence value prop, 2) Extended version (2-3 sentences), 3) Unique differentiators (3-4), 4) Proof points, 5) Before/after scenario, 6) Versions for different personas. Test against: relevance, quantified value, differentiation. ``` #### Brand voice guide **Use case:** Content consistency and brand standards **For:** Product Marketing Manager, CMO, Marketing Manager ``` Create brand voice guide for [company]. Brand personality: [adjectives]. Audience: [description]. Define: 1) Voice characteristics (4-5 traits with descriptions), 2) What we are vs what we aren't (comparison table), 3) Writing style guidelines (sentence length, word choice, punctuation), 4) Example phrases for each trait, 5) Voice application across channels, 6) Common mistakes to avoid. ``` ### Advertising & Copy Write compelling ad copy across channels and formats. #### Google Ads campaign **Use case:** PPC advertising and search marketing **For:** Demand Generation Manager, Marketing Manager, Product Marketing Manager ``` Create Google Ads campaign for [product/service]. Target keyword: '[keyword]'. Create: 1) 5 ad variations with headlines (30 chars each, 3 per ad), descriptions (90 chars, 2 per ad), 2) Display URL path, 3) Ad extensions (sitelinks, callouts), 4) Landing page recommendations, 5) Negative keywords, 6) Bid strategy suggestion. Focus on CTR and quality score. ``` #### Facebook/Instagram ad copy **Use case:** Social media advertising and paid social **For:** Social Media Manager, Content Marketer, Marketing Manager ``` Write ad copy for [objective: awareness/consideration/conversion] on Facebook/Instagram. Product: [brief description]. Audience: [demographics, interests]. Create 3 variations with: 1) Primary text (125 chars, hook-focused), 2) Headline (40 chars), 3) Description (30 chars), 4) CTA button, 5) Image/video description. Include targeting recommendations and budget suggestions. ``` #### Landing page copy **Use case:** Conversion optimization and campaign landing pages **For:** Demand Generation Manager, Product Marketing Manager, Marketing Manager ``` Write landing page copy for [offer/product/campaign]. Traffic source: [PPC/email/social]. Include: 1) Hero headline and subheadline, 2) Above-fold value prop, 3) Benefit sections (3-4 with headers), 4) Social proof section, 5) FAQ (5-7 questions), 6) CTA copy (primary and secondary), 7) Trust signals, 8) Urgency element. Optimize for [conversion goal]. ``` #### Video ad script **Use case:** Video marketing and visual advertising **For:** Demand Generation Manager, Product Marketing Manager, Marketing Manager ``` Write video ad script for [platform: YouTube/TikTok/Instagram]. Length: [15/30/60 seconds]. Product: [description]. Create: 1) Hook (first 3 seconds), 2) Problem agitation, 3) Solution introduction, 4) Key benefits (visual + voiceover), 5) Social proof element, 6) Strong CTA, 7) On-screen text suggestions, 8) Music/vibe recommendations. Format with timing markers. ``` ### Analytics & Optimization Analyze marketing performance and optimize for better results. #### Campaign performance analysis **Use case:** Campaign optimization and marketing ROI **For:** Demand Generation Manager, Marketing Manager, Product Marketing Manager ``` Analyze performance of [campaign name] that ran [timeframe]. Metrics: [provide data: impressions, clicks, conversions, cost, etc.]. Goals were: [original goals]. Provide: 1) Performance summary vs goals, 2) What worked well and why, 3) Underperforming areas with hypotheses, 4) Audience segment analysis, 5) Channel performance comparison, 6) Actionable optimization recommendations, 7) Testing ideas for next iteration. ``` #### A/B test plan creator **Use case:** Conversion rate optimization and testing **For:** Marketing Manager, Demand Generation Manager, CMO ``` Create A/B testing plan for [email/landing page/ad]. Current version: [describe]. Goal: Improve [metric]. Provide: 1) Hypothesis (what we'll test and expected outcome), 2) Test variations (describe changes), 3) Success metrics and targets, 4) Sample size needed, 5) Test duration, 6) Segment considerations, 7) Implementation checklist, 8) Analysis plan. ``` #### Marketing dashboard recommendations **Use case:** Marketing analytics and reporting **For:** Marketing Manager, Demand Generation Manager, CMO ``` Design marketing dashboard for [role/team]. Focus areas: [channels/campaigns]. Recommend: 1) Primary KPIs to track (5-7), 2) Secondary metrics for deeper analysis, 3) Dashboard sections and layout, 4) Visualization types for each metric, 5) Comparison periods (MoM, YoY, etc.), 6) Alert thresholds, 7) Actionability for each metric, 8) Reporting frequency. ``` --- ## AI for Product Managers **Category:** Product Management **Prompts:** 24 **Description:** Product management prompts covering strategy, roadmapping, user research, feature specification, competitive analysis, and stakeholder communication. **Tags:** Product Management, Strategy, Work Users ### Product Strategy & Vision Define product vision and strategic direction. #### Product vision statement creator **Use case:** Strategic planning and team alignment **For:** Product Manager, Head of Product ``` Create product vision statement for [product name]. Target users: [description]. Market context: [industry/competition]. Problem we solve: [core problem]. Include: 1) Aspirational vision statement (2-3 sentences), 2) Mission statement (what we do today), 3) 3-year product goals, 4) Success metrics that matter, 5) Key differentiators, 6) Why this matters (impact). Make it inspiring and actionable. ``` #### Market opportunity assessment **Use case:** Product discovery and investment decisions **For:** Product Manager, Head of Product, Product Analyst ``` Assess market opportunity for [product/feature idea] in [market/industry]. Analyze: 1) Total addressable market size and growth rate, 2) Target customer segments, 3) Current solutions and gaps, 4) Competitive landscape analysis, 5) Market timing and trends, 6) Barriers to entry, 7) Go-to-market considerations, 8) Recommendation with confidence level. ``` #### Product-market fit evaluation **Use case:** Product validation and iteration planning **For:** Product Manager, Head of Product, Product Analyst ``` Evaluate product-market fit for [product]. Current metrics: [usage data, retention, NPS, growth rate]. User feedback themes: [summarize feedback]. Assess: 1) PMF indicators present/missing, 2) User retention analysis, 3) Willingness to pay signals, 4) Word-of-mouth growth, 5) Must-have test results, 6) Gaps to address, 7) Recommendations for achieving/improving PMF. ``` #### Competitive positioning strategy **Use case:** Competitive analysis and strategic positioning **For:** Product Manager, Head of Product, Product Analyst ``` Define competitive positioning for [product] against [competitor 1, competitor 2, competitor 3]. Our strengths: [list]. Their strengths: [list]. Create: 1) Positioning statement, 2) Competitive differentiation matrix, 3) Feature comparison table, 4) Win/loss analysis, 5) Positioning for different segments, 6) Messaging recommendations, 7) Product gaps to address. ``` ### User Research & Discovery Conduct effective user research and gather actionable insights. #### User interview guide **Use case:** Qualitative user research and discovery **For:** Product Manager, UX Researcher, Product Analyst ``` Create interview guide for [research objective] with [user type/segment]. Interview length: [30/45/60 min]. Include: 1) Opening rapport-building questions, 2) Background/context questions, 3) Core research questions (jobs-to-be-done focus), 4) Probing follow-ups, 5) Hypotheses to validate, 6) Closing questions, 7) Time allocation per section, 8) Note-taking template. ``` #### Survey design **Use case:** Quantitative research and data collection **For:** Product Manager, UX Researcher, Product Analyst ``` Design survey to understand [research goal] for [target users]. Survey goal: [quantitative validation/segmentation/satisfaction]. Create: 1) Introduction and consent, 2) Screening questions, 3) Core questions (10-15 max) with answer formats, 4) Demographic questions, 5) Question flow logic, 6) Estimated completion time, 7) Analysis plan for results, 8) Sample size target. ``` #### Jobs-to-be-done analysis **Use case:** User-centered design and product strategy **For:** Product Manager, UX Researcher, Product Analyst ``` Analyze jobs-to-be-done for [user persona] using [product/solution]. Map: 1) Functional jobs (tasks they need to accomplish), 2) Emotional jobs (how they want to feel), 3) Social jobs (how they want to be perceived), 4) Current workarounds and pain points, 5) Success criteria for each job, 6) Unmet needs and opportunities, 7) Product implications and priorities. ``` #### User persona development **Use case:** User segmentation and empathy building **For:** Product Manager, UX Researcher, Product Analyst ``` Create detailed user persona based on research data: [summarize available data/insights]. Include: 1) Persona name and photo description, 2) Demographics and background, 3) Goals and motivations, 4) Frustrations and pain points, 5) Current behaviors and tools used, 6) Quote that captures their perspective, 7) Product usage patterns, 8) Decision-making factors. Make it actionable for design decisions. ``` #### User journey mapping **Use case:** Experience design and optimization **For:** Product Manager, UX Researcher, Product Analyst ``` Map user journey for [specific user goal/task]. User: [persona]. Scenario: [describe]. Create stages: 1) Awareness, 2) Consideration, 3) Decision, 4) Use/Experience, 5) Advocacy. For each stage map: User actions, Thoughts/emotions, Pain points, Opportunities, Touchpoints, Success metrics. Identify critical moments and improvement priorities. ``` ### Roadmap & Prioritization Build and prioritize product roadmaps effectively. #### Feature prioritization framework **Use case:** Product planning and resource allocation **For:** Product Manager, Head of Product, Program Manager ``` Prioritize features for [product] using [RICE/Value vs Effort/Kano/custom] framework. Features to evaluate: [list features]. For each assess: 1) User value/impact, 2) Business value, 3) Effort/cost estimate, 4) Strategic alignment, 5) Risk level, 6) Dependencies. Provide: Scoring methodology, ranked priority list, rationale for top 5, timeline recommendations. ``` #### Product roadmap builder **Use case:** Strategic planning and stakeholder communication **For:** Product Manager, Head of Product, Program Manager ``` Create [quarterly/annual] product roadmap for [product/team]. Strategic goals: [list goals]. Available resources: [team size/capacity]. Include: 1) Roadmap themes, 2) Major initiatives by quarter, 3) Feature descriptions and outcomes, 4) Success metrics per initiative, 5) Dependencies and risks, 6) Milestone timeline, 7) Flexibility/contingency items. Format for [executive/team/stakeholder] audience. ``` #### Now-Next-Later roadmap **Use case:** Agile planning and adaptive roadmapping **For:** Product Manager, Head of Product, Program Manager ``` Create Now-Next-Later roadmap for [product]. Now (0-3 months): [current focus]. Next (3-6 months): [planned]. Later (6+ months): [future vision]. For each timeframe: 1) Key initiatives, 2) Expected outcomes, 3) Success metrics, 4) Why now/next/later, 5) Dependencies, 6) Resource needs. Keep intentionally flexible for later items. ``` #### Technical debt assessment **Use case:** Engineering collaboration and sustainable development **For:** Product Manager, Head of Product, Program Manager ``` Assess technical debt impact on [product/platform]. Known issues: [list key tech debt items]. Evaluate each: 1) Impact on development velocity, 2) User experience impact, 3) Scalability/performance concerns, 4) Maintenance burden, 5) Risk level, 6) Effort to resolve. Recommend: Tech debt allocation percentage, prioritized fixes, balance strategy with new features. ``` ### Feature Specification & PRDs Write clear product requirements and specifications. #### PRD (Product Requirements Document) **Use case:** Feature development and engineering handoff **For:** Product Manager, Tech Lead, Product Analyst ``` Write PRD for [feature/product name]. Include: 1) Problem statement and user need, 2) Goals and success metrics (measurable), 3) User stories and use cases, 4) Functional requirements (detailed), 5) Non-functional requirements (performance, security, etc.), 6) User experience flow, 7) Edge cases and error handling, 8) Dependencies and constraints, 9) Launch criteria, 10) Open questions. Format for engineering team. ``` #### User story generator **Use case:** Agile development and backlog management **For:** Product Manager, Tech Lead, Product Analyst ``` Create user stories for [feature/functionality]. User personas: [list]. Generate stories in format: 'As a [user type], I want to [action] so that [benefit]'. For each include: 1) Acceptance criteria (Given/When/Then), 2) Priority (Must have/Should have/Nice to have), 3) Story points estimate, 4) Dependencies, 5) Notes for implementation. Create [number] stories covering main flows. ``` #### Feature spec: Edge cases **Use case:** Quality assurance and thorough specification **For:** Product Manager, Tech Lead, Product Analyst ``` Identify edge cases for [feature description]. Normal flow: [describe happy path]. Generate: 1) Input validation edge cases, 2) System state edge cases, 3) User error scenarios, 4) Integration failure cases, 5) Performance edge cases, 6) Security considerations, 7) Recommended handling for each, 8) Priority of each edge case. Help ensure robust implementation. ``` #### API requirements document **Use case:** Technical specification and API design **For:** Product Manager, Tech Lead, Product Analyst ``` Document API requirements for [feature/integration]. Purpose: [what it enables]. Specify: 1) Endpoints needed (method, path, description), 2) Request/response formats, 3) Authentication requirements, 4) Rate limiting needs, 5) Error handling and codes, 6) Versioning strategy, 7) Documentation requirements, 8) Example use cases. Format for backend team. ``` ### Experimentation & Validation Design experiments to validate product decisions. #### A/B test hypothesis **Use case:** Product experimentation and data-driven decisions **For:** Product Manager, Product Analyst ``` Design A/B test for [feature/change]. Current state: [describe control]. Proposed change: [describe variant]. Create: 1) Hypothesis statement (If we... then... because...), 2) Primary success metric, 3) Secondary metrics, 4) Minimum detectable effect, 5) Sample size calculation, 6) Test duration estimate, 7) Segmentation strategy, 8) Success criteria, 9) Rollout plan if successful. ``` #### MVP scope definition **Use case:** Lean product development and hypothesis testing **For:** Product Manager, Product Analyst ``` Define MVP for [product/feature idea]. Problem to solve: [core problem]. Users: [target segment]. Determine: 1) Must-have features (minimum to test hypothesis), 2) Explicitly excluded features (for v2+), 3) Success metrics and targets, 4) Build vs buy decisions, 5) Technical approach, 6) Timeline and resources, 7) Launch criteria, 8) Learning goals. Keep ruthlessly minimal. ``` #### Beta test plan **Use case:** Pre-launch validation and user feedback **For:** Product Manager, Product Analyst ``` Create beta test plan for [product/feature]. Test goals: [what to learn]. Design: 1) Beta user criteria and recruitment strategy, 2) Test duration and phases, 3) Features/scope to test, 4) Feedback collection methods, 5) Success metrics, 6) Communication plan with users, 7) Issue tracking process, 8) Go/no-go criteria for launch, 9) Incentive structure. ``` ### Stakeholder Communication Communicate effectively with stakeholders and leadership. #### Product update for executives **Use case:** Leadership communication and alignment **For:** Product Manager, Head of Product, Program Manager ``` Create executive product update for [time period]. Format: [email/presentation/dashboard]. Include: 1) Key metrics and trends (vs targets), 2) Major wins and launches, 3) User feedback highlights, 4) Current challenges and mitigation, 5) Resource needs or decisions required, 6) Next period priorities, 7) Risks and dependencies. Keep concise, metrics-focused, actionable. Length: [1 page/5 slides]. ``` #### Feature launch announcement **Use case:** Product marketing and change management **For:** Product Manager, Head of Product, Program Manager ``` Write feature launch announcement for [feature name] to [internal team/customers/public]. Feature benefits: [key benefits]. Create: 1) Compelling headline, 2) Problem it solves, 3) How it works (simple explanation), 4) Key benefits (3-5 bullets), 5) Who it's for, 6) Availability/access info, 7) Next steps/CTA, 8) Support resources. Tone: [exciting but clear]. ``` #### Roadmap presentation **Use case:** Strategic communication and buy-in **For:** Product Manager, Head of Product, Program Manager ``` Create roadmap presentation for [audience: leadership/team/customers]. Timeframe: [quarters/year]. Structure with: 1) Strategic context and goals (2-3 slides), 2) Roadmap visual by theme/timeline, 3) Major initiatives with rationale, 4) Expected outcomes and metrics, 5) Resource requirements, 6) Risks and dependencies, 7) How feedback is incorporated, 8) Q&A preparation. [Number] slides total. ``` #### Saying 'no' to feature requests **Use case:** Stakeholder management and prioritization communication **For:** Product Manager, Head of Product, Program Manager ``` Craft response declining feature request: '[requested feature]' from [stakeholder]. Reason for declining: [strategic misalignment/resource constraints/wrong timing/etc.]. Write diplomatic response including: 1) Acknowledge request and appreciate input, 2) Explain decision rationale (strategy/data-backed), 3) Suggest alternatives if applicable, 4) Keep door open for reconsideration, 5) Offer to discuss further. Maintain relationship while being clear. ``` --- ## AI for Engineering Teams **Category:** Engineering **Prompts:** 33 **Description:** Engineering prompts for code review, system design, debugging, documentation, technical research, and architecture planning. **Tags:** Engineering, Development, Work Users ### Code Review & Quality Improve code quality through effective reviews and standards. #### Code review checklist **Use case:** Code quality assurance and team standards **For:** Software Engineer, Tech Lead, QA Engineer, Engineering Manager ``` Review this code for [feature/fix]: [paste code]. Check for: 1) Correctness and logic errors, 2) Edge cases handling, 3) Code readability and clarity, 4) Performance considerations, 5) Security vulnerabilities, 6) Test coverage adequacy, 7) Documentation completeness, 8) Adherence to team conventions. Provide: Specific feedback with line references, severity levels, suggested improvements. ``` #### Refactoring suggestions **Use case:** Code improvement and technical debt reduction **For:** Software Engineer, Tech Lead, QA Engineer, Engineering Manager ``` Suggest refactorings for this code: [paste code]. Current issues: [describe problems]. Provide: 1) Code smells identified, 2) Specific refactoring recommendations (Extract Method, Rename, etc.), 3) Before/after examples for top 3 improvements, 4) Benefits of each refactoring, 5) Potential risks, 6) Priority order, 7) Estimated effort. Follow [language] best practices. ``` #### Security code audit **Use case:** Application security and vulnerability prevention **For:** Software Engineer, Tech Lead, Security Engineer, Engineering Manager ``` Audit code for security vulnerabilities: [paste code or describe functionality]. Type: [web app/API/service]. Check for: 1) Input validation gaps, 2) SQL injection risks, 3) XSS vulnerabilities, 4) Authentication/authorization issues, 5) Data exposure risks, 6) Dependency vulnerabilities, 7) Secure configuration, 8) OWASP Top 10 issues. Provide severity ratings and remediation steps. ``` #### Performance optimization analysis **Use case:** Performance tuning and scalability **For:** Software Engineer, Tech Lead, QA Engineer, Engineering Manager ``` Analyze performance of [code/feature/query]: [paste code or describe]. Current metrics: [response time, memory usage, etc.]. Identify: 1) Performance bottlenecks, 2) Algorithmic complexity issues, 3) Database query optimizations, 4) Caching opportunities, 5) Memory leaks or bloat, 6) Network/IO improvements, 7) Specific optimization recommendations with expected impact. Prioritize by ROI. ``` #### Dependency audit **Use case:** Security and maintenance **For:** Software Engineer, Security Engineer, Tech Lead ``` Audit dependencies for [project]. Package manager: [npm/pip/maven/etc.]. Analyze: 1) Outdated packages and versions, 2) Security vulnerabilities (CVEs), 3) License compatibility issues, 4) Unused dependencies, 5) Bundle size impact, 6) Alternative lighter packages, 7) Update priority and risk, 8) Breaking changes to expect. ``` ### System Design & Architecture Design scalable and maintainable system architectures. #### System design document **Use case:** Technical planning and architecture documentation **For:** Tech Lead, Solutions Architect, Engineering Manager ``` Create system design for [feature/system]. Requirements: [list key requirements]. Scale: [expected load/users]. Design: 1) Architecture overview diagram description, 2) Component breakdown with responsibilities, 3) Data models and schemas, 4) API contracts, 5) Technology choices with rationale, 6) Scalability considerations, 7) Failure modes and reliability, 8) Security architecture, 9) Monitoring strategy, 10) Trade-offs made. ``` #### Microservices design **Use case:** Architecture evolution and service decomposition **For:** Tech Lead, Solutions Architect, Engineering Manager ``` Design microservices architecture for [system/domain]. Current monolith: [describe]. Create: 1) Service boundary recommendations (what services), 2) Service responsibilities and APIs, 3) Data ownership per service, 4) Inter-service communication patterns, 5) Shared infrastructure needs, 6) Migration strategy from monolith, 7) Trade-offs vs monolith, 8) Deployment and DevOps considerations. ``` #### Database schema design **Use case:** Data modeling and database design **For:** Tech Lead, Solutions Architect, Engineering Manager ``` Design database schema for [application/feature]. Entities: [list main entities]. Use case: [describe key operations]. Provide: 1) Entity-relationship diagram description, 2) Table definitions with columns and types, 3) Relationships and foreign keys, 4) Indexes for performance, 5) Normalization decisions, 6) Sharding/partitioning strategy if needed, 7) Migration plan from current schema, 8) Query patterns supported. ``` #### API design review **Use case:** API design and developer experience **For:** Tech Lead, Solutions Architect, Engineering Manager ``` Review REST API design for [service/feature]. Current endpoints: [list]. Evaluate: 1) Resource naming and RESTful conventions, 2) HTTP methods usage, 3) Request/response formats, 4) Error handling consistency, 5) Versioning strategy, 6) Pagination/filtering patterns, 7) Authentication/authorization, 8) Rate limiting, 9) Documentation completeness, 10) Backward compatibility. Suggest improvements. ``` #### Scalability review **Use case:** Growth planning and performance **For:** Solutions Architect, Tech Lead, Engineering Manager ``` Review scalability of [system/service]. Current load: [metrics]. Expected growth: [projection]. Analyze: 1) Current bottlenecks, 2) Horizontal vs vertical scaling options, 3) Database scaling strategy, 4) Caching opportunities, 5) Async processing needs, 6) Cost projections at scale, 7) When to scale triggers, 8) Architecture changes needed. ``` #### Disaster recovery plan **Use case:** Business continuity and risk management **For:** Site Reliability Engineer, DevOps Engineer, Engineering Manager ``` Create disaster recovery plan for [system]. RPO: [Recovery Point Objective]. RTO: [Recovery Time Objective]. Include: 1) Failure scenarios (ranked by likelihood), 2) Backup strategy and schedule, 3) Recovery procedures step-by-step, 4) Data consistency checks, 5) Failover mechanisms, 6) Testing schedule, 7) Communication plan, 8) Team responsibilities. ``` ### Debugging & Troubleshooting Diagnose and resolve complex technical issues. #### Debug production issue **Use case:** Incident response and problem resolution **For:** Software Engineer, Site Reliability Engineer, DevOps Engineer ``` Help debug production issue: [describe symptoms]. Error logs: [paste relevant logs]. Recent changes: [list recent deploys/changes]. Metrics: [provide relevant metrics]. Provide: 1) Likely root causes (ranked), 2) Diagnostic steps to confirm each hypothesis, 3) Immediate mitigation options, 4) Long-term fixes, 5) Monitoring to add, 6) Postmortem questions to investigate. ``` #### Root cause analysis **Use case:** Postmortem analysis and prevention **For:** Software Engineer, Site Reliability Engineer, DevOps Engineer ``` Conduct root cause analysis for incident: [describe incident]. Timeline: [what happened when]. Impact: [user impact, duration]. Known factors: [list what we know]. Perform 5 Whys analysis: 1) What happened (symptom), 2) Why did it happen (1st why), 3) Continue why chain to root cause, 4) Contributing factors, 5) Why didn't we catch it earlier, 6) Action items to prevent recurrence, 7) Monitoring/alerting gaps. ``` #### Log analysis **Use case:** Observability and issue investigation **For:** Software Engineer, Site Reliability Engineer, DevOps Engineer ``` Analyze these logs for [issue/pattern]: [paste log samples]. Timeframe: [when issue occurred]. Help: 1) Identify error patterns, 2) Correlate events across services, 3) Spot anomalies, 4) Extract key timestamps and sequences, 5) Hypothesize failure scenarios, 6) Suggest what additional logging would help, 7) Recommend log aggregation queries. ``` ### Documentation & Knowledge Create clear technical documentation and knowledge sharing. #### Technical documentation **Use case:** Knowledge transfer and onboarding **For:** Software Engineer, Tech Lead, Engineering Manager ``` Document [system/feature/API]. Audience: [new engineers/external developers/operators]. Create: 1) Overview and purpose, 2) Architecture diagram description, 3) Key concepts/glossary, 4) Setup and configuration guide, 5) Usage examples and common workflows, 6) API reference if applicable, 7) Troubleshooting common issues, 8) FAQ section, 9) Links to related docs. Make it scannable and example-rich. ``` #### README generator **Use case:** Open source projects and code repositories **For:** Software Engineer, Tech Lead, Engineering Manager ``` Create comprehensive README for [project name]. Project type: [library/service/application]. Include: 1) Project title and description, 2) Key features/capabilities, 3) Prerequisites and dependencies, 4) Installation instructions, 5) Quick start guide with examples, 6) Configuration options, 7) Usage documentation, 8) Contributing guidelines, 9) License and contact. Format in markdown. ``` #### Runbook creation **Use case:** Operations and incident management **For:** Site Reliability Engineer, DevOps Engineer, Engineering Manager ``` Create operational runbook for [service/system]. On-call context: [describe system]. Include: 1) Service overview and architecture, 2) Common alerts and their meanings, 3) Diagnostic procedures (step-by-step), 4) Known issues and solutions, 5) Rollback procedures, 6) Escalation paths, 7) Key metrics to check, 8) Emergency contacts and resources, 9) Postmortem template. Make actionable under pressure. ``` #### Architecture decision record (ADR) **Use case:** Technical decision tracking and team alignment **For:** Software Engineer, Tech Lead, Engineering Manager ``` Write ADR for decision to [describe technical decision]. Context: [problem or need]. Create: 1) Title, 2) Status (proposed/accepted/deprecated), 3) Context and problem statement, 4) Decision made, 5) Consequences (positive and negative), 6) Options considered and why rejected, 7) Related decisions, 8) Date and deciders. Follow [team's ADR template if provided]. ``` ### Testing & Quality Assurance Develop comprehensive testing strategies and test cases. #### Test case generation **Use case:** Test coverage and quality assurance **For:** QA Engineer, Software Engineer, Engineering Manager ``` Generate test cases for [feature/function]. Specification: [describe expected behavior]. Create: 1) Happy path test cases, 2) Boundary condition tests, 3) Edge cases and error conditions, 4) Integration test scenarios, 5) Performance test cases if relevant, 6) Security test cases, 7) For each test: inputs, expected outputs, assertions. Format as [unit/integration/e2e] tests for [testing framework]. ``` #### Test strategy document **Use case:** QA planning and release management **For:** QA Engineer, Software Engineer, Engineering Manager ``` Create testing strategy for [project/release]. Scope: [what's being tested]. Define: 1) Testing objectives and goals, 2) Test levels (unit, integration, e2e, performance), 3) Testing approach for each level, 4) Coverage targets, 5) Test environment needs, 6) Test data strategy, 7) Automation priorities, 8) Entry/exit criteria, 9) Risk areas needing extra testing, 10) Timeline and resources. ``` #### Load testing scenario **Use case:** Performance validation and capacity planning **For:** QA Engineer, Software Engineer, Engineering Manager ``` Design load test for [system/endpoint]. Expected production load: [users/requests per second]. Create: 1) Test scenarios (user workflows), 2) Load profile (ramp-up, steady state, spike tests), 3) Key metrics to measure (latency, throughput, errors), 4) Success criteria and SLOs, 5) Test data requirements, 6) Environment setup, 7) Bottleneck hypotheses to validate, 8) Monitoring during test. ``` #### Chaos engineering experiment **Use case:** Resilience testing and confidence building **For:** Site Reliability Engineer, QA Engineer, DevOps Engineer ``` Design chaos experiment for [system]. Reliability goal: [SLA/SLO]. Create experiment: 1) Hypothesis to test, 2) Failure to inject (latency/errors/resource exhaustion), 3) Blast radius limits, 4) Monitoring and abort conditions, 5) Expected vs actual behavior, 6) Rollback procedure, 7) Learning objectives, 8) Improvement actions if hypothesis fails. ``` ### DevOps & Infrastructure Automate and optimize development operations. #### CI/CD pipeline design **Use case:** Deployment automation and release engineering **For:** DevOps Engineer, Site Reliability Engineer, Tech Lead ``` Design CI/CD pipeline for [application type]. Current process: [describe manual steps]. Requirements: [deployment frequency, environments]. Include: 1) Pipeline stages (build, test, deploy), 2) Testing gates and quality checks, 3) Deployment strategy (blue-green, canary, etc.), 4) Rollback procedures, 5) Environment promotion flow, 6) Secrets management, 7) Monitoring and notifications, 8) Tool recommendations. ``` #### Infrastructure as Code template **Use case:** Infrastructure provisioning and management **For:** DevOps Engineer, Site Reliability Engineer, Tech Lead ``` Create IaC template for [infrastructure need]. Platform: [AWS/Azure/GCP]. Resources needed: [list]. Using: [Terraform/CloudFormation/other]. Include: 1) Resource definitions, 2) Variable inputs, 3) Output values, 4) Security configurations, 5) Networking setup, 6) Scaling policies, 7) Backup/DR considerations, 8) Cost optimization, 9) Documentation comments. ``` #### Monitoring and alerting setup **Use case:** Observability and operational excellence **For:** DevOps Engineer, Site Reliability Engineer, Tech Lead ``` Design monitoring strategy for [service/system]. SLIs: [define service level indicators]. Create: 1) Key metrics to monitor (Golden Signals: latency, traffic, errors, saturation), 2) Alerting rules and thresholds, 3) Alert severity levels, 4) Dashboard layout, 5) Log aggregation strategy, 6) Distributed tracing approach, 7) On-call rotation needs, 8) Alert fatigue prevention. ``` ### Code Generation & Development Generate code, migrate projects, and implement algorithms efficiently. #### Boilerplate code generator **Use case:** Rapid prototyping and project initialization **For:** Software Engineer, Tech Lead ``` Generate boilerplate code for [framework/pattern]. Type: [REST API/CRUD service/React component/etc.]. Requirements: [list features]. Include: 1) Project structure, 2) Configuration files, 3) Core files with comments, 4) Example usage, 5) Dependencies list, 6) Setup instructions. Follow [language] and [framework] best practices. ``` #### Code migration assistant **Use case:** Technology upgrades and modernization **For:** Software Engineer, Tech Lead, Engineering Manager ``` Plan migration from [old technology] to [new technology]. Current code: [describe or paste]. Scope: [full rewrite/gradual migration]. Provide: 1) Migration strategy (big bang vs incremental), 2) Equivalent patterns/libraries in new tech, 3) Key differences to consider, 4) Code examples for common patterns, 5) Testing strategy, 6) Rollback plan, 7) Timeline estimate, 8) Risk mitigation. ``` #### Algorithm implementation helper **Use case:** Technical interviews and algorithm optimization **For:** Software Engineer, Tech Lead ``` Implement [algorithm/data structure] in [language]. Requirements: [specific constraints]. Provide: 1) Implementation with clear comments, 2) Time/space complexity analysis, 3) Edge cases handled, 4) Usage examples, 5) Unit tests, 6) Alternative approaches and trade-offs, 7) When to use vs other algorithms. ``` ### Team Collaboration & Planning Plan sprints, estimate work, and manage technical debt effectively. #### Sprint planning assistant **Use case:** Agile sprint planning and team coordination **For:** Scrum Master, Engineering Manager, Tech Lead ``` Plan sprint for [team size] team. Capacity: [story points/hours]. Backlog: [list top items]. Create: 1) Sprint goal, 2) Story selection with rationale, 3) Story breakdown if needed, 4) Dependency identification, 5) Risk assessment, 6) Team member assignments, 7) Daily standup format, 8) Definition of done checklist. ``` #### Technical estimation template **Use case:** Project planning and resource allocation **For:** Tech Lead, Engineering Manager, Solutions Architect ``` Estimate effort for [feature/project]. Requirements: [describe]. Team: [size and experience]. Provide: 1) Work breakdown structure, 2) Effort estimates per component (optimistic, realistic, pessimistic), 3) Dependencies and critical path, 4) Risk buffer calculations, 5) Assumptions made, 6) Confidence level, 7) What could change estimate. ``` #### Tech debt prioritization matrix **Use case:** Backlog management and sustainable development **For:** Tech Lead, Engineering Manager, Product Manager ``` Prioritize tech debt items: [list items with brief description]. For each assess: 1) Impact on velocity (high/med/low), 2) Risk level, 3) Effort to fix, 4) Dependencies blocking new features, 5) User impact. Create priority matrix with: Quick wins, strategic investments, monitor items, deprioritize. Include recommended tech debt budget (% of sprint capacity). ``` ### Security & Compliance Design secure systems and ensure compliance with industry standards. #### Security threat modeling **Use case:** Proactive security design **For:** Security Engineer, Tech Lead, Solutions Architect ``` Threat model for [feature/system]. Architecture: [describe components]. Data handled: [type and sensitivity]. Using STRIDE framework, identify: 1) Spoofing threats, 2) Tampering threats, 3) Repudiation threats, 4) Information disclosure, 5) Denial of service, 6) Elevation of privilege. For each: likelihood, impact, mitigations, priority. ``` #### Compliance checklist generator **Use case:** Regulatory compliance and audits **For:** Security Engineer, Engineering Manager, Compliance Officer ``` Create compliance checklist for [GDPR/HIPAA/SOC2/PCI-DSS]. System: [describe]. Data: [type]. Generate: 1) Required controls by category, 2) Current compliance status, 3) Gaps and risks, 4) Implementation tasks, 5) Evidence collection needs, 6) Audit preparation items, 7) Ongoing monitoring requirements. ``` --- ## AI for Customer Success Teams **Category:** Customer Success **Prompts:** 18 **Description:** Customer success prompts for onboarding, health monitoring, expansion, retention strategies, and customer communication. **Tags:** Customer Success, Support, Work Users ### Customer Onboarding Create smooth onboarding experiences that drive adoption. #### Onboarding plan customization **Use case:** Personalized customer onboarding **For:** Onboarding Specialist, Customer Success Manager ``` Create custom onboarding plan for [customer name]. Product: [product name]. Customer details: [company size, industry, use case]. Timeline: [timeframe]. Include: 1) Week-by-week milestones, 2) Key activities and training sessions, 3) Success criteria per phase, 4) Stakeholder responsibilities, 5) Resources and materials needed, 6) Check-in schedule, 7) Escalation triggers, 8) Value realization goals. ``` #### Welcome email sequence **Use case:** Automated customer communication **For:** Onboarding Specialist, Customer Success Manager ``` Create welcome email series for new customers. Product: [name]. Customer segment: [description]. Create 4-email sequence: Email 1 (Day 0): Welcome and what to expect. Email 2 (Day 3): Quick win guide. Email 3 (Day 7): Training resources. Email 4 (Day 14): Check-in and support. Each email: subject line, body, CTA, tone: [warm and helpful]. ``` #### Onboarding success metrics **Use case:** Onboarding optimization and measurement **For:** Onboarding Specialist, Customer Success Manager ``` Define success metrics for onboarding [product]. Customer segment: [description]. Onboarding length: [timeframe]. Identify: 1) Leading indicators of success (activation events), 2) Lagging indicators (retention, expansion), 3) Time-to-value milestones, 4) Engagement metrics by phase, 5) Red flag indicators, 6) Benchmarks by segment, 7) How to measure and track. ``` ### Account Health & Monitoring Proactively monitor and improve customer health. #### Health score analysis **Use case:** Proactive account management **For:** Customer Success Manager, Support Lead, VP of Customer Success ``` Analyze health score for [customer name]. Data: Usage: [metrics], Support: [ticket volume/sentiment], Engagement: [meeting frequency, responsiveness], Commercial: [contract terms, payment history]. Assess: 1) Overall health score and trend, 2) Category-specific scores, 3) Risk factors identified, 4) Early warning signs, 5) Recommended interventions (prioritized), 6) Timeline for action, 7) Success criteria for improvement. ``` #### Quarterly business review prep **Use case:** Strategic account reviews and planning **For:** Customer Success Manager, Support Lead, VP of Customer Success ``` Prepare QBR for [customer name]. Last QBR: [date and summary]. Current period data: [usage stats, outcomes achieved, challenges]. Create agenda with: 1) Executive summary of value delivered, 2) Success metrics review (vs goals), 3) Product adoption analysis, 4) Challenges and resolutions, 5) Upcoming roadmap items relevant to them, 6) Strategic recommendations, 7) Next quarter goals, 8) Action items. ``` #### Usage trend analysis **Use case:** Data-driven account management **For:** Customer Success Manager, Support Lead, VP of Customer Success ``` Analyze usage trends for [customer name]. Data: [provide usage metrics over time]. Period: [timeframe]. Provide: 1) Overall trend direction, 2) Feature adoption analysis, 3) User-level engagement patterns, 4) Anomalies or concerning changes, 5) Comparison to similar customers, 6) Opportunities for expansion, 7) Risks and mitigation, 8) Recommended actions. ``` ### Expansion & Upsell Identify and execute expansion opportunities. #### Expansion opportunity identification **Use case:** Revenue expansion and account growth **For:** Customer Success Manager, Account Manager, Renewals Manager ``` Identify expansion opportunities for [customer name]. Current: [products/licenses/spend]. Usage data: [key metrics]. Business context: [their goals/challenges]. Analyze: 1) Upsell opportunities (more of current product), 2) Cross-sell opportunities (new products/features), 3) Use case expansion possibilities, 4) User/seat expansion potential, 5) Business case for each, 6) Timing and approach, 7) Expected value and probability. ``` #### Business case for expansion **Use case:** Expansion proposals and deal justification **For:** Customer Success Manager, Account Manager, Renewals Manager ``` Build business case for [customer name] to expand from [current state] to [proposed expansion]. Their business goals: [list goals]. Current ROI: [metrics]. Expansion details: [what we're proposing]. Create case with: 1) Current value delivered (quantified), 2) Incremental value from expansion, 3) ROI calculation, 4) Cost-benefit analysis, 5) Risk mitigation, 6) Implementation timeline, 7) Success metrics, 8) Executive summary (1 page). ``` #### Upsell conversation guide **Use case:** Expansion sales conversations **For:** Customer Success Manager, Account Manager, Renewals Manager ``` Create conversation guide for upsell opportunity with [customer contact]. Current product: [details]. Proposed upsell: [what we're selling]. Their situation: [context]. Include: 1) Opening (reference current success), 2) Discovery questions to uncover need, 3) Value positioning specific to them, 4) Objection responses, 5) Pricing discussion approach, 6) Close strategy, 7) Next steps options, 8) Handling 'not now' response. ``` ### Churn Prevention & Retention Identify and address churn risks proactively. #### Churn risk assessment **Use case:** Proactive churn prevention **For:** Customer Success Manager, Renewals Manager, VP of Customer Success ``` Assess churn risk for [customer name]. Signals: [list warning signs: low usage, support issues, sentiment, etc.]. Contract: [renewal date, value]. Evaluate: 1) Churn probability (percentage and confidence), 2) Root causes of dissatisfaction, 3) Value perception gaps, 4) Competitor threats, 5) Key stakeholder sentiment, 6) Save-ability assessment, 7) Recommended retention strategy, 8) Resources needed, 9) Timeline and milestones. ``` #### Win-back campaign strategy **Use case:** Customer reactivation and retention **For:** Customer Success Manager, Renewals Manager, VP of Customer Success ``` Create win-back strategy for [customer segment] that churned due to [reason]. Time since churn: [period]. Design approach: 1) Win-back offer or incentive, 2) Messaging that addresses churn reason, 3) Multi-touch outreach sequence, 4) Channel strategy, 5) Personalization approach, 6) Success metrics, 7) Re-onboarding plan if successful, 8) When to stop pursuing. ``` #### Renewal risk mitigation plan **Use case:** Renewal management and risk mitigation **For:** Customer Success Manager, Renewals Manager, VP of Customer Success ``` Create renewal risk mitigation plan for [customer name]. Renewal date: [date]. Risk factors: [list issues]. Contract value: [amount]. Plan: 1) Immediate actions (next 30 days), 2) Value reinforcement strategy, 3) Stakeholder engagement plan, 4) Product/service improvements to offer, 5) Negotiation strategy, 6) Escalation path, 7) Success metrics for each action, 8) Weekly milestones to renewal. ``` #### Customer feedback analysis **Use case:** Voice of customer and continuous improvement **For:** Customer Success Manager, Renewals Manager, VP of Customer Success ``` Analyze customer feedback for [customer name/segment]. Feedback sources: [surveys, support tickets, calls, etc.]. Data: [summarize feedback themes]. Provide: 1) Sentiment analysis, 2) Key themes and pain points, 3) Priority issues by frequency/impact, 4) Positive feedback patterns, 5) Feature requests and their urgency, 6) Actionable insights for product team, 7) CS team action items, 8) Follow-up strategy. ``` ### Customer Communication Communicate effectively across customer lifecycle. #### Difficult conversation preparation **Use case:** Conflict resolution and relationship management **For:** Customer Success Manager, Support Lead, Account Manager ``` Prepare for difficult conversation with [customer contact] about [issue]. Context: [situation details]. Objectives: [what we need to achieve]. Create: 1) Opening approach (empathetic framing), 2) Key points to communicate, 3) Anticipated reactions and responses, 4) Compromise options if needed, 5) Questions to ask, 6) De-escalation techniques, 7) Desired outcome, 8) Follow-up plan. Practice responses to hard questions. ``` #### Customer success story **Use case:** Customer advocacy and social proof **For:** Customer Success Manager, Support Lead, Account Manager ``` Write customer success story for [customer name]. Product: [product]. Their challenge: [describe]. Solution implemented: [what they did]. Results: [metrics/outcomes]. Create story with: 1) Compelling headline, 2) Customer background, 3) Challenge/pain points, 4) Solution description, 5) Implementation process, 6) Results and metrics, 7) Customer quote, 8) Key takeaways. Format for: [case study/testimonial/marketing]. ``` #### Executive sponsor update **Use case:** Executive relationship management **For:** Customer Success Manager, VP of Customer Success ``` Write executive update for sponsor [name] at [customer company]. Last update: [when]. Period covered: [timeframe]. Include: 1) Executive summary (3-4 bullets of value), 2) Key metrics and progress, 3) Wins and successes, 4) Challenges and how addressed, 5) Upcoming initiatives, 6) Asks or escalations needed, 7) Appreciation for their support. Keep concise, value-focused, strategic level. ``` ### Team Enablement Enable and scale customer success operations. #### Playbook creation **Use case:** Process standardization and team scaling **For:** VP of Customer Success, Customer Success Manager ``` Create CS playbook for [scenario: onboarding/renewal/churn risk/expansion]. Objective: [goal]. Include: 1) When to use this playbook (triggers), 2) Step-by-step process, 3) Timeline and milestones, 4) Templates and resources needed, 5) Success criteria, 6) Common obstacles and solutions, 7) Metrics to track, 8) Escalation criteria. Make actionable and repeatable for team. ``` #### Customer segmentation strategy **Use case:** CS operations and resource optimization **For:** VP of Customer Success, Customer Success Manager ``` Design customer segmentation for CS team. Customer base: [describe size, diversity]. Resources: [team size]. Create segments by: 1) Segmentation criteria (ARR, strategic value, complexity, etc.), 2) Segment definitions and thresholds, 3) CS motion for each segment (high-touch, low-touch, tech-touch), 4) Resource allocation, 5) Success metrics by segment, 6) Tools/automation needed, 7) Transition criteria between segments. ``` --- ## AI for HR & People Operations **Category:** Human Resources **Prompts:** 21 **Description:** HR prompts covering recruitment, onboarding, performance management, employee engagement, policy development, and organizational development. **Tags:** Human Resources, People Ops, Work Users ### Recruitment & Hiring Attract and hire top talent effectively. #### Job description writer **Use case:** Job posting creation and talent attraction **For:** Recruiter, Talent Acquisition Lead, HR Generalist ``` Create job description for [job title] in [department]. Level: [junior/mid/senior]. Location: [location/remote]. Include: 1) Compelling role summary, 2) Key responsibilities (5-7 bullets), 3) Required qualifications, 4) Preferred qualifications, 5) Skills needed, 6) Company overview, 7) Benefits highlights, 8) DE&I statement. Make inclusive, avoid jargon, focus on impact over years of experience. ``` #### Behavioral interview questions **Use case:** Structured interviewing and candidate assessment **For:** Recruiter, Talent Acquisition Lead, HR Generalist ``` Create behavioral interview questions for [role]. Key competencies to assess: [list competencies]. Generate: 1) 8-10 STAR-method questions, 2) What each question assesses, 3) Strong vs weak answer indicators, 4) Follow-up probes, 5) Scoring rubric (1-5 scale), 6) Red flags to watch for. Ensure questions are consistent and legally compliant. ``` #### Candidate rejection email **Use case:** Candidate experience and employer branding **For:** Recruiter, Talent Acquisition Lead, HR Generalist ``` Write rejection email for [candidate name] who interviewed for [position]. Stage: [screening/first round/final round]. Reason: [general reason, keeping it professional]. Tone: [empathetic and respectful]. Include: 1) Appreciation for time and interest, 2) Decision communication, 3) Brief, constructive feedback if appropriate, 4) Encouragement to apply for future roles, 5) Keep door open. Maintain positive employer brand. ``` #### Offer letter template **Use case:** Offer management and candidate closing **For:** Recruiter, Talent Acquisition Lead, HR Generalist ``` Create offer letter for [candidate name] for [position]. Details: [salary, start date, benefits, etc.]. Include: 1) Enthusiastic opening, 2) Position title and reporting structure, 3) Compensation package details, 4) Benefits summary, 5) Start date and location, 6) Employment terms (at-will, etc.), 7) Contingencies (background check, etc.), 8) Acceptance deadline, 9) Next steps. Tone: welcoming but professional. ``` #### Recruitment marketing content **Use case:** Employer branding and talent pipeline building **For:** Recruiter, Talent Acquisition Lead, HR Generalist ``` Create recruitment marketing content for [role/company]. Target candidates: [description]. Format: [LinkedIn post/career page/email campaign]. Include: 1) Attention-grabbing hook, 2) Role/company appeal, 3) Culture highlights, 4) Growth opportunities, 5) Unique selling points vs competitors, 6) Employee testimonials/quotes, 7) Clear CTA. Make authentic and engaging. ``` ### Onboarding & Integration Create exceptional new hire experiences. #### Onboarding plan template **Use case:** Structured onboarding and new hire success **For:** HR Generalist, Recruiter, Talent Acquisition Lead, HR Business Partner, People Ops Manager, L&D Manager, CHRO ``` Create 90-day onboarding plan for [role]. Department: [team]. Include: Week 1: Orientation, systems setup, team intros. Weeks 2-4: Role training, initial projects. Days 30-60: Increasing responsibility. Days 60-90: Full productivity. For each phase: 1) Key activities and milestones, 2) Training sessions, 3) Meetings and check-ins, 4) Deliverables, 5) Success criteria. Include manager touch-points at 30/60/90 days. ``` #### Welcome packet content **Use case:** New hire experience and day-one readiness **For:** HR Generalist, Recruiter, Talent Acquisition Lead, HR Business Partner, People Ops Manager, L&D Manager, CHRO ``` Create new hire welcome packet for [role]. Company: [name and brief description]. Include: 1) Welcome letter from CEO/manager, 2) Company mission/values/culture, 3) First day logistics (where to go, what to bring), 4) Team introduction, 5) First week schedule, 6) Key contacts, 7) Tools and access information, 8) FAQs, 9) Swag/perks information. Make warm and informative. ``` #### Buddy program guidelines **Use case:** Peer support and cultural integration **For:** HR Generalist, Recruiter, Talent Acquisition Lead, HR Business Partner, People Ops Manager, L&D Manager, CHRO ``` Design onboarding buddy program. Program goals: [integration, cultural fit, engagement]. Create: 1) Buddy role description and responsibilities, 2) Selection criteria for buddies, 3) Buddy-new hire matching approach, 4) Program timeline and touchpoints, 5) Conversation guides for buddies, 6) Success metrics, 7) Feedback mechanism, 8) Recognition for buddies. Make structured but flexible. ``` ### Performance Management Develop effective performance review systems. #### Performance review template **Use case:** Performance evaluation and feedback **For:** HR Business Partner, People Ops Manager, CHRO ``` Create performance review template for [role level]. Review period: [annual/semi-annual/quarterly]. Include sections: 1) Goal achievement (list goals, rating, commentary), 2) Core competencies assessment (with behavior examples), 3) Strengths and accomplishments, 4) Development areas, 5) Career aspirations discussion, 6) Goals for next period, 7) Overall rating and rationale. Use [rating scale]. Include manager and self-assessment versions. ``` #### Goal setting framework (OKRs/SMART) **Use case:** Goal alignment and performance planning **For:** HR Generalist, Recruiter, Talent Acquisition Lead, HR Business Partner, People Ops Manager, L&D Manager, CHRO ``` Create goal-setting template for [role/team]. Framework: [OKRs/SMART/other]. For [number] goals include: 1) Objective/Goal statement, 2) Key Results/Success criteria (measurable), 3) Alignment to team/company goals, 4) Timeline and milestones, 5) Resources needed, 6) Progress tracking method. Ensure goals are ambitious but achievable, clear, and aligned. ``` #### Performance improvement plan (PIP) **Use case:** Performance management and accountability **For:** HR Business Partner, People Ops Manager, CHRO ``` Create performance improvement plan for [employee role]. Issues: [describe performance gaps]. Create PIP with: 1) Specific performance concerns with examples, 2) Clear expectations and standards, 3) Measurable goals for improvement, 4) Support and resources provided, 5) Timeline (typically 30-90 days), 6) Check-in schedule, 7) Consequences if goals not met, 8) Success criteria. Tone: supportive but clear. ``` #### 360-degree feedback questions **Use case:** Comprehensive feedback and development **For:** HR Business Partner, People Ops Manager, CHRO ``` Design 360-degree feedback survey for [role level]. Competencies to assess: [list]. Create questions for: 1) Direct reports, 2) Peers, 3) Manager, 4) Self-assessment. For each category: 5-7 questions rated on scale, plus open-ended questions. Ensure questions assess: leadership, collaboration, communication, technical skills, values alignment. Make constructive and actionable. ``` ### Employee Development Support career growth and skill development. #### Individual development plan (IDP) **Use case:** Career development and retention **For:** HR Generalist, Recruiter, Talent Acquisition Lead, HR Business Partner, People Ops Manager, L&D Manager, CHRO ``` Create IDP for [employee name], [current role], aspiring to [career goal]. Current strengths: [list]. Development needs: [areas]. Create plan with: 1) Career goal and timeline (1-3 years), 2) Skills/competencies to develop, 3) Development activities for each (training, projects, mentoring), 4) Success metrics, 5) Timeline and milestones, 6) Manager support needed, 7) Progress review schedule. Make specific and actionable. ``` #### Leadership development program **Use case:** Leadership pipeline and succession planning **For:** HR Generalist, Recruiter, Talent Acquisition Lead, HR Business Partner, People Ops Manager, L&D Manager, CHRO ``` Design leadership development program for [target audience: first-time managers/senior leaders/high potentials]. Duration: [timeframe]. Include: 1) Program objectives and outcomes, 2) Core curriculum topics, 3) Learning methods (workshops, coaching, projects), 4) Assessment and feedback mechanisms, 5) Cohort vs individual activities, 6) Program timeline, 7) Success metrics, 8) Resource requirements. Align to company values and needs. ``` #### Mentorship program design **Use case:** Knowledge transfer and career development **For:** HR Generalist, Recruiter, Talent Acquisition Lead, HR Business Partner, People Ops Manager, L&D Manager, CHRO ``` Create mentorship program for [company/department]. Program goals: [development, retention, diversity, etc.]. Design: 1) Program structure and duration, 2) Mentor and mentee eligibility criteria, 3) Matching process, 4) Program guidelines and expectations, 5) Discussion topics and goals, 6) Resources and tools provided, 7) Check-in and evaluation process, 8) Success metrics. Make scalable and impactful. ``` ### Employee Engagement Build positive workplace culture and engagement. #### Employee survey design **Use case:** Culture measurement and improvement **For:** HR Generalist, Recruiter, Talent Acquisition Lead, HR Business Partner, People Ops Manager, L&D Manager, CHRO ``` Create employee engagement survey. Focus areas: [culture, leadership, growth, workload, etc.]. Design survey with: 1) Introduction and confidentiality statement, 2) Demographic questions (for segmentation), 3) Scaled questions (15-20 items, 1-5 scale), 4) Open-ended questions (3-5), 5) eNPS question, 6) Question categories aligned to focus areas, 7) Estimated completion time (10-15 min max). Ensure anonymity and actionability. ``` #### Stay interview questions **Use case:** Retention and proactive engagement **For:** Recruiter, Talent Acquisition Lead, HR Generalist ``` Create stay interview guide for managers to use with high-performers. Goal: understand what keeps them engaged and address concerns proactively. Questions to include: 1) What do you look forward to at work, 2) What would make you consider leaving, 3) Career goals and growth aspirations, 4) Feedback on management and culture, 5) Ideas for improvement. Include: Interview tips, active listening reminders, action planning template. ``` #### Recognition program design **Use case:** Employee motivation and culture building **For:** HR Generalist, Recruiter, Talent Acquisition Lead, HR Business Partner, People Ops Manager, L&D Manager, CHRO ``` Design employee recognition program. Company values: [list values]. Create program with: 1) Types of recognition (peer-to-peer, manager, company-wide), 2) Recognition criteria aligned to values, 3) Nomination and selection process, 4) Rewards/incentives, 5) Frequency (monthly, quarterly), 6) Communication and celebration approach, 7) Budget considerations, 8) Success metrics. Make meaningful and inclusive. ``` ### Policy & Compliance Develop clear HR policies and ensure compliance. #### HR policy document **Use case:** Policy development and governance **For:** HR Business Partner, People Ops Manager, CHRO ``` Create HR policy for [policy topic: remote work/PTO/expenses/code of conduct/etc.]. Company context: [size, locations, industry]. Include: 1) Policy purpose and scope, 2) Definitions of key terms, 3) Policy statement (what is/isn't allowed), 4) Procedures and processes, 5) Roles and responsibilities, 6) Exceptions process, 7) Consequences of violations, 8) Effective date and review schedule, 9) Approval signatures. Make clear, fair, and legally compliant. ``` #### Employee handbook outline **Use case:** Employee handbook creation and compliance **For:** HR Business Partner, CHRO, People Ops Manager ``` Create employee handbook outline for [company]. Size: [number of employees]. Locations: [where]. Industry: [industry]. Include sections: 1) Welcome and company overview, 2) Employment policies, 3) Compensation and benefits, 4) Work schedules and PTO, 5) Code of conduct, 6) Performance expectations, 7) Health and safety, 8) Termination, 9) Acknowledgment form. Ensure compliance with [state/country] laws. ``` #### Investigation process guide **Use case:** Workplace investigations and risk management **For:** HR Business Partner, CHRO, People Ops Manager ``` Create guide for investigating [harassment/discrimination/policy violation] complaints. Include: 1) When to initiate investigation, 2) Investigation team and roles, 3) Step-by-step process (intake, interviews, evidence, findings), 4) Documentation requirements, 5) Confidentiality protocols, 6) Timeline expectations, 7) Decision-making criteria, 8) Follow-up actions, 9) Legal considerations. Ensure thorough, fair, and compliant process. ``` --- ## AI for Finance Teams **Category:** Finance **Prompts:** 16 **Description:** Finance prompts for budgeting, forecasting, financial analysis, reporting, investment evaluation, and strategic planning. **Tags:** Finance, FP&A, Work Users ### Financial Planning & Analysis Build comprehensive financial models and forecasts. #### Annual budget template **Use case:** Budget planning and resource allocation **For:** FP&A Analyst, FP&A Manager, Finance Business Partner ``` Create annual budget framework for [company/department]. Previous year actual: [amounts]. Growth targets: [percentage]. Include: 1) Revenue projections by stream, 2) COGS/direct costs, 3) Operating expenses by category, 4) Headcount plan and costs, 5) Capital expenditures, 6) Cash flow projection, 7) Key assumptions documented, 8) Variance analysis setup, 9) Monthly/quarterly phasing. Format for [audience]. ``` #### Financial forecast model **Use case:** Financial modeling and planning **For:** FP&A Analyst, FP&A Manager, Finance Business Partner ``` Build financial forecast for [company]. Timeframe: [quarters/years]. Historical data: [provide key metrics]. Create: 1) Revenue forecast with drivers, 2) Expense projections, 3) P&L forecast, 4) Cash flow forecast, 5) Balance sheet projections, 6) Key assumptions and sensitivities, 7) Scenario analysis (base, optimistic, conservative), 8) Model documentation. Ensure formula-driven and flexible. ``` #### Variance analysis report **Use case:** Budget monitoring and performance management ``` Analyze budget variance for [period]. Budget vs actual: [provide data]. Threshold for investigation: [percentage]. Create report with: 1) Executive summary of key variances, 2) Detailed variance by line item, 3) Favorable vs unfavorable breakdown, 4) Root cause analysis for major variances, 5) Impact on full-year outlook, 6) Corrective actions recommended, 7) Forecast adjustments needed. ``` #### Unit economics analysis **Use case:** Business model validation and pricing strategy ``` Calculate and analyze unit economics for [product/service/customer segment]. Metrics to include: 1) Customer Acquisition Cost (CAC), 2) Lifetime Value (LTV), 3) LTV:CAC ratio, 4) Gross margin per unit, 5) Contribution margin, 6) Payback period, 7) Break-even analysis. Provide: Calculation methodology, current state, industry benchmarks, improvement recommendations. ``` ### Financial Reporting Create clear and insightful financial reports. #### Executive financial summary **Use case:** Executive reporting and board communication ``` Create executive financial summary for [period]. Audience: [board/CEO/investors]. Performance data: [provide key metrics]. Include: 1) Financial highlights (top 3-5 metrics), 2) Revenue analysis (growth, trends, drivers), 3) Profitability metrics, 4) Cash position and runway, 5) Key performance vs budget/forecast, 6) Major wins and concerns, 7) Outlook for next period. Max 2 pages, visual-heavy. ``` #### Management report template **Use case:** Management reporting and decision support ``` Design monthly management report for [company/division]. Departments: [list]. Create template with: 1) KPI dashboard (financial and operational), 2) P&L actual vs budget, 3) Cash flow summary, 4) Department-level results, 5) Key initiatives progress, 6) Risks and opportunities, 7) Action items. Balance detail with scannability. ``` #### Financial metrics dashboard **Use case:** Financial monitoring and analytics ``` Design financial dashboard for [role: CFO/controller/analyst]. Key metrics to track: [list or specify all-important metrics]. Create dashboard structure: 1) Primary KPIs with targets, 2) Trend charts (vs prior periods), 3) Comparison to budget/forecast, 4) Drill-down views by [department/product/region], 5) Alert thresholds, 6) Data sources and refresh frequency. Optimize for decision-making. ``` ### Investment Analysis Evaluate investments and capital allocation decisions. #### ROI calculation framework **Use case:** Capital allocation and project prioritization ``` Calculate ROI for [investment/project]. Investment details: [cost, timeline, expected benefits]. Provide: 1) Total investment cost breakdown, 2) Expected returns/benefits (quantified), 3) ROI calculation (multiple methods), 4) Payback period, 5) NPV and IRR if multi-year, 6) Sensitivity analysis (key assumptions), 7) Risk factors, 8) Comparison to alternatives, 9) Recommendation with confidence level. ``` #### Business case template **Use case:** Investment justification and approval ``` Create business case for [investment/initiative]. Cost: [amount]. Expected benefit: [describe]. Include: 1) Executive summary, 2) Problem/opportunity statement, 3) Proposed solution, 4) Financial analysis (costs, benefits, ROI), 5) Strategic alignment, 6) Implementation plan and timeline, 7) Risk assessment and mitigation, 8) Alternatives considered, 9) Recommendation and approval request. Justify investment clearly. ``` #### Make vs buy analysis **Use case:** Strategic sourcing and investment decisions ``` Analyze make vs buy decision for [capability/product/service]. Context: [current situation]. Compare: 1) Build option: costs, timeline, resources, risks. 2) Buy option: vendor costs, implementation, ongoing. 3) Total cost of ownership (5-year), 4) Strategic considerations (control, IP, flexibility), 5) Capability assessment, 6) Risk comparison, 7) Recommendation with rationale. Consider both financial and strategic factors. ``` ### Cash Flow Management Optimize cash flow and working capital. #### Cash flow forecast (13-week) **Use case:** Liquidity management and cash planning ``` Create 13-week cash flow forecast for [company]. Starting cash: [amount]. Include: 1) Cash inflows (collections, other), 2) Cash outflows by category (payroll, vendors, debt, etc.), 3) Weekly ending cash balance, 4) Minimum cash requirements, 5) Funding needs identified, 6) Key assumptions, 7) Scenario planning for delays. Format for weekly review and updates. ``` #### Working capital analysis **Use case:** Working capital optimization and efficiency ``` Analyze working capital for [company]. Period: [dates]. Calculate and assess: 1) Days Sales Outstanding (DSO), 2) Days Inventory Outstanding (DIO), 3) Days Payable Outstanding (DPO), 4) Cash conversion cycle, 5) Trends vs prior periods, 6) Industry benchmarks, 7) Working capital bottlenecks, 8) Optimization opportunities (AR, inventory, AP). Quantify cash impact of improvements. ``` ### Cost Management Identify cost savings and improve efficiency. #### Cost reduction analysis **Use case:** Cost optimization and profitability improvement ``` Identify cost reduction opportunities for [company/department]. Current spend: [provide breakdown]. Target savings: [amount or percentage]. Analyze: 1) Spend by category, 2) Fixed vs variable costs, 3) Quick wins (immediate savings), 4) Strategic reductions (longer-term), 5) Risk assessment per opportunity, 6) Implementation difficulty, 7) Total potential savings, 8) Recommended prioritization. Balance savings with business impact. ``` #### Vendor cost analysis **Use case:** Vendor management and procurement savings ``` Analyze vendor costs for [category: software/services/materials]. Current vendors: [list with spend]. Review: 1) Total spend and trends, 2) Contract terms and commitments, 3) Utilization and waste, 4) Benchmark pricing, 5) Consolidation opportunities, 6) Renegotiation potential, 7) Alternative vendors, 8) Recommended actions with savings estimates. Prepare for negotiations. ``` ### Financial Strategy Support strategic financial planning and decision-making. #### Pricing strategy analysis **Use case:** Pricing optimization and revenue strategy ``` Analyze pricing strategy for [product/service]. Current pricing: [details]. Costs: [breakdown]. Market: [competitive context]. Evaluate: 1) Cost-plus pricing, 2) Value-based pricing, 3) Competitive positioning, 4) Price elasticity considerations, 5) Tiered pricing options, 6) Volume/discount structure, 7) Financial impact scenarios, 8) Recommendation with revenue/margin projections. ``` #### Fundraising projections **Use case:** Fundraising and investor relations ``` Create fundraising projections for [Series X / debt financing / other]. Amount sought: [target]. Use of funds: [describe allocation]. Build: 1) Current financial position, 2) Burn rate and runway, 3) Growth projections with funding, 4) Use of funds breakdown, 5) Milestones to achieve, 6) Future funding needs (timing, amount), 7) Return scenarios for investors, 8) Key assumptions and risks. Format for investor presentation. ``` --- ## AI for Executive Leadership **Category:** Executive Leadership **Prompts:** 17 **Description:** Executive prompts for strategic planning, organizational leadership, board communication, stakeholder management, and decision-making. **Tags:** Executive, Leadership, Strategy, Work Users ### Strategic Planning Develop and communicate long-term strategic direction. #### Strategic plan framework **Use case:** Strategic direction and organizational alignment **For:** CEO, Chief Strategy Officer, Business Unit Leader, Executive Director ``` Create strategic plan for [company/division]. Planning horizon: [1/3/5 years]. Current state: [brief context]. Include: 1) Mission, vision, values statements, 2) Market analysis and positioning, 3) Strategic priorities (3-5 key themes), 4) Goals and objectives per priority, 5) Key initiatives and timeline, 6) Resource requirements, 7) Success metrics and KPIs, 8) Risk assessment, 9) Stakeholder communication plan. Make actionable and inspiring. ``` #### Competitive strategy analysis **Use case:** Market positioning and competitive advantage **For:** CEO, Chief Strategy Officer, VP of Strategy, Business Development Director ``` Analyze competitive strategy for [company] in [market]. Key competitors: [list]. Our position: [describe]. Assess: 1) Industry structure (Porter's 5 Forces), 2) Competitive advantages and moats, 3) Strategic positioning options, 4) Blue ocean opportunities, 5) Competitive threats and responses, 6) Market trends and disruptions, 7) Strategic recommendations, 8) Execution priorities. Support with frameworks and data. ``` #### Business model innovation **Use case:** Business transformation and growth strategy **For:** CEO, Chief Innovation Officer, Chief Strategy Officer, VP of Product ``` Explore business model innovation for [company]. Current model: [describe revenue streams, customers, value prop]. Market context: [trends, disruptions]. Ideate: 1) Alternative revenue models, 2) New customer segments, 3) Partnership opportunities, 4) Platform/ecosystem plays, 5) Subscription or recurring revenue, 6) For each option: feasibility, investment needed, risks, expected returns. Recommend top 2-3 to pursue. ``` #### Market expansion strategy **Use case:** Growth planning and market entry **For:** CEO, Chief Growth Officer, VP of Business Development, General Manager ``` Evaluate market expansion for [company]. Options: [new geography/vertical/segment/product]. Assess each: 1) Market size and growth, 2) Customer needs and fit, 3) Competitive landscape, 4) Entry barriers and risks, 5) Required capabilities and investment, 6) Go-to-market strategy, 7) Expected timeline to profitability, 8) Strategic fit. Recommend prioritization with rationale. ``` ### Organizational Leadership Lead organizational change and build high-performance culture. #### Organizational restructuring plan **Use case:** Organizational design and transformation **For:** CEO, COO, Chief People Officer, Executive Director ``` Design organizational restructure for [company]. Current structure: [describe]. Drivers for change: [growth, efficiency, strategy, etc.]. Create: 1) New organizational design rationale, 2) Reporting structure and spans of control, 3) Role changes and new positions, 4) Impacted employees and transition plan, 5) Timeline and phases, 6) Communication strategy, 7) Change management approach, 8) Success metrics. Balance efficiency with culture. ``` #### Culture transformation roadmap **Use case:** Cultural change and values alignment **For:** CEO, Chief People Officer, Chief Culture Officer, VP of Organizational Development ``` Plan culture transformation from [current culture] to [desired culture]. Company context: [size, industry, challenges]. Create roadmap: 1) Current vs desired state analysis, 2) Culture change priorities (3-5 focus areas), 3) Initiatives per priority with owners, 4) Leadership behaviors to model, 5) Systems/processes to change, 6) Communication and storytelling plan, 7) Timeline (typically 18-36 months), 8) Measurement approach. Make it real and sustainable. ``` #### Leadership team effectiveness **Use case:** Executive team development and performance **For:** CEO, COO, Chief People Officer, Executive Coach ``` Assess and improve leadership team effectiveness. Team: [roles on team]. Current challenges: [describe issues]. Evaluate: 1) Team composition and skill gaps, 2) Trust and psychological safety, 3) Clarity of roles and accountability, 4) Decision-making effectiveness, 5) Communication and collaboration, 6) Strategic alignment, 7) Development areas per person, 8) Team development plan with specific actions and timeline. ``` #### Change management strategy **Use case:** Organizational change and transformation **For:** CEO, COO, VP of Transformation, Change Management Lead ``` Create change management strategy for [specific change initiative]. Scope: [what's changing]. Impact: [who/what's affected]. Include: 1) Stakeholder analysis and concerns, 2) Change vision and messaging, 3) Communication plan (what, when, how, who), 4) Resistance management tactics, 5) Leadership alignment approach, 6) Training and support needed, 7) Quick wins to build momentum, 8) Success metrics and milestones. Address emotional and practical aspects. ``` ### Board & Stakeholder Communication Communicate effectively with boards and key stakeholders. #### Board presentation template **Use case:** Board governance and reporting **For:** CEO, CFO, COO, Board Member ``` Create board presentation for [meeting purpose]. Duration: [time allocated]. Include slides on: 1) Executive summary (key messages), 2) Business performance (vs plan), 3) Strategic initiatives update, 4) Market and competitive updates, 5) Financial overview, 6) Key opportunities and risks, 7) Decisions or approvals needed, 8) Q&A preparation. Keep strategic-level, data-rich, and action-oriented. [Number] slides max. ``` #### Investor update letter **Use case:** Investor relations and transparency **For:** CEO, CFO, VP of Investor Relations, Founder ``` Write quarterly investor update. Period: [dates]. Audience: [current investors/prospective/public shareholders]. Include: 1) Opening summary of highlights, 2) Financial performance and metrics, 3) Business progress and wins, 4) Market context and trends, 5) Product/strategic updates, 6) Team and hiring, 7) Challenges and how addressing, 8) Outlook and priorities. Tone: [transparent, optimistic but realistic]. Length: [2-4 pages]. ``` #### Annual shareholder letter **Use case:** Annual reporting and stakeholder communication **For:** CEO, Founder, Chairperson, CFO ``` Draft annual shareholder letter for [year]. Company: [brief context]. Structure with: 1) Reflection on year (wins, learnings), 2) Strategic vision and long-term thinking, 3) Core values and principles, 4) Market opportunity and positioning, 5) Key metrics and progress, 6) Investment areas, 7) Appreciation for stakeholders, 8) Looking ahead. Make inspiring, candid, and personal. Think Bezos/Buffett style. ``` #### Crisis communication plan **Use case:** Risk management and reputation protection **For:** CEO, Chief Communications Officer, VP of Public Relations, General Counsel ``` Create crisis communication plan for [type of crisis scenario]. Stakeholders: [employees, customers, investors, media, etc.]. Include: 1) Crisis assessment criteria, 2) Response team and roles, 3) Communication protocols by stakeholder, 4) Key messages and talking points, 5) FAQ for likely questions, 6) Media statement template, 7) Internal communication approach, 8) Social media strategy, 9) Timeline and approval process. Prepare for transparency and speed. ``` ### Decision-Making & Problem-Solving Make high-quality strategic decisions under uncertainty. #### Strategic decision framework **Use case:** Strategic decision-making and analysis **For:** CEO, Chief Strategy Officer, COO, Executive Director ``` Analyze strategic decision: [describe decision]. Options: [list alternatives]. Create framework: 1) Decision criteria (weighted by importance), 2) Option evaluation against each criterion, 3) Pros and cons analysis, 4) Risk assessment per option, 5) Financial implications, 6) Strategic fit, 7) Reversibility and timing, 8) Recommendation with confidence level and dissenting view. Use data and frameworks (e.g., decision matrix). ``` #### Scenario planning exercise **Use case:** Strategic foresight and preparedness **For:** CEO, Chief Strategy Officer, VP of Strategy, Strategic Planning Director ``` Conduct scenario planning for [strategic question/uncertainty]. Time horizon: [years]. Key uncertainties: [list critical unknowns]. Develop: 1) 3-4 plausible future scenarios with narratives, 2) Driving forces and early indicators per scenario, 3) Strategic implications of each, 4) Robust strategies that work across scenarios, 5) Contingency plans, 6) Monitoring system for scenario tracking. Make scenarios distinct and challenging. ``` #### Problem structuring (issue tree) **Use case:** Problem-solving and strategic analysis **For:** CEO, Chief Strategy Officer, Management Consultant, VP of Operations ``` Structure complex problem: [describe problem]. Use issue tree methodology: 1) Define problem statement clearly, 2) Break into MECE (mutually exclusive, collectively exhaustive) components, 3) Continue decomposition 2-3 levels, 4) Identify which branches need analysis, 5) Hypotheses for each branch, 6) Data/analysis needed, 7) Priority areas to investigate. Make it actionable for team to attack problem systematically. ``` ### Talent & Succession Build leadership bench and plan for succession. #### Succession planning **Use case:** Leadership continuity and risk management **For:** CEO, Chief People Officer, Board Member, VP of Talent ``` Create succession plan for [role/s]. Current incumbent: [name/tenure]. Criticality: [impact if vacant]. Include: 1) Role requirements and future needs, 2) Internal candidates assessment (readiness: now/1yr/2yr+), 3) Development plans per candidate, 4) External candidate profile if needed, 5) Emergency/interim plan, 6) Knowledge transfer plan, 7) Timeline and milestones, 8) Board communication approach. Balance continuity with transformation. ``` #### Executive hiring brief **Use case:** Executive recruitment and talent acquisition **For:** CEO, Chief People Officer, VP of Talent Acquisition, Executive Recruiter ``` Create executive search brief for [C-level or VP role]. Company context: [stage, strategy, culture]. Include: 1) Role charter and strategic importance, 2) Key responsibilities and deliverables (first 90 days, first year), 3) Success profile (experience, competencies, leadership style), 4) Organizational dynamics and stakeholders, 5) Compensation range and structure, 6) Compelling opportunity story, 7) Cultural fit factors, 8) Timeline and process. Help recruiters and candidates understand opportunity. ``` --- ## AI for IT Operations **Category:** Information Technology **Prompts:** 17 **Description:** IT operations prompts for infrastructure management, security, automation, incident response, and user support. **Tags:** IT Operations, Infrastructure, Work Users ### Infrastructure & Systems Manage and optimize IT infrastructure effectively. #### Infrastructure audit checklist **Use case:** Infrastructure assessment and planning **For:** Infrastructure Engineer, Systems Administrator, IT Operations Manager, IT Director ``` Create infrastructure audit for [environment: on-prem/cloud/hybrid]. Scope: [systems to audit]. Include sections for: 1) Hardware/compute inventory and utilization, 2) Network architecture and performance, 3) Storage and backup systems, 4) Security posture and compliance, 5) Monitoring and alerting coverage, 6) Documentation completeness, 7) Disaster recovery readiness, 8) Cost optimization opportunities. Provide checklist format with assessment criteria. ``` #### Cloud migration plan **Use case:** Cloud transformation and migration **For:** Cloud Architect, DevOps Engineer, Infrastructure Engineer, IT Director ``` Plan cloud migration for [applications/infrastructure]. Current state: [on-premises details]. Target: [AWS/Azure/GCP]. Create plan: 1) Migration strategy (rehost/refactor/rebuild), 2) Application prioritization and dependencies, 3) Technical requirements per app, 4) Data migration approach, 5) Security and compliance considerations, 6) Timeline and phases, 7) Cost analysis (current vs cloud), 8) Risk mitigation, 9) Testing and validation strategy. ``` #### Disaster recovery plan **Use case:** Business continuity and resilience **For:** IT Operations Manager, Infrastructure Engineer, Systems Administrator, IT Director ``` Create disaster recovery plan for [systems/organization]. Criticality: [tier levels]. Include: 1) Business impact analysis, 2) Recovery objectives (RTO/RPO per system), 3) DR strategy (backup, replication, failover), 4) Detailed recovery procedures, 5) Roles and responsibilities, 6) Communication plan, 7) Testing schedule and scenarios, 8) Vendor contacts and SLAs, 9) Plan maintenance schedule. Make it actionable during crisis. ``` #### Capacity planning analysis **Use case:** Resource planning and scalability **For:** Infrastructure Engineer, Systems Administrator, IT Operations Manager, Cloud Architect ``` Conduct capacity planning for [infrastructure/systems]. Current utilization: [provide metrics]. Growth forecast: [expected growth rate]. Analyze: 1) Current capacity and bottlenecks, 2) Growth projections by resource type, 3) Scaling triggers and thresholds, 4) Infrastructure options (vertical/horizontal scaling), 5) Cost projections, 6) Performance targets, 7) Procurement timeline, 8) Monitoring and alerting needs. ``` ### Security Operations Maintain security posture and respond to threats. #### Security incident response plan **Use case:** Cybersecurity and incident management **For:** Security Operations Engineer, IT Security Manager, Security Analyst, Incident Response Manager ``` Create incident response plan for [organization]. Include: 1) Incident classification levels, 2) Response team roles and contacts, 3) Detection and analysis procedures, 4) Containment strategies, 5) Eradication and recovery steps, 6) Communication protocols (internal/external), 7) Evidence preservation for forensics, 8) Post-incident review process, 9) Escalation criteria. Follow NIST or similar framework. ``` #### Security vulnerability assessment **Use case:** Security assessment and risk management **For:** Security Analyst, Security Operations Engineer, IT Security Manager, Penetration Tester ``` Assess security vulnerabilities for [systems/network]. Scope: [what to assess]. Include: 1) Vulnerability scanning methodology, 2) Common vulnerability types to check (OWASP, CVE), 3) Asset inventory and criticality, 4) Vulnerability prioritization (CVSS scoring), 5) Risk assessment matrix, 6) Remediation recommendations by severity, 7) Remediation timeline, 8) Validation testing approach. Provide actionable findings. ``` #### Access control policy **Use case:** Identity management and security governance **For:** IT Security Manager, Identity and Access Manager, Security Operations Engineer, Compliance Manager ``` Create access control policy for [organization/systems]. Include: 1) Policy purpose and scope, 2) User access request process, 3) Role-based access control (RBAC) model, 4) Privilege levels and approval requirements, 5) Access review and recertification schedule, 6) Privileged access management, 7) Offboarding procedures, 8) Logging and monitoring requirements, 9) Policy violations and consequences. ``` #### Security awareness training **Use case:** Security culture and user education **For:** IT Security Manager, Security Awareness Officer, CISO, HR Technology Partner ``` Design security awareness training for [employees/users]. Topics to cover: 1) Phishing and social engineering, 2) Password security and MFA, 3) Data handling and classification, 4) Physical security, 5) Acceptable use policy, 6) Incident reporting, 7) Mobile device security, 8) Remote work security. Format: [interactive modules/videos/quizzes]. Include assessment and ongoing reinforcement plan. ``` ### Automation & Scripting Automate routine tasks and improve efficiency. #### Automation opportunity analysis **Use case:** Process optimization and efficiency **For:** DevOps Engineer, IT Operations Manager, Automation Engineer, Systems Administrator ``` Identify automation opportunities for [IT operations/team]. Current manual tasks: [list key repetitive tasks]. Evaluate each for: 1) Frequency and time spent, 2) Complexity and feasibility to automate, 3) Error risk if manual, 4) ROI calculation (time saved), 5) Required tools or skills, 6) Implementation effort, 7) Priority ranking. Recommend top 5 to automate with roadmap. ``` #### Script documentation template **Use case:** Knowledge management and script maintenance **For:** DevOps Engineer, Systems Administrator, Automation Engineer, Site Reliability Engineer ``` Document automation script: [script name/purpose]. Include: 1) Script overview and use case, 2) Prerequisites and dependencies, 3) Input parameters and expected values, 4) Execution instructions, 5) Expected output/results, 6) Error handling and troubleshooting, 7) Logging details, 8) Version history and change log, 9) Author and contact info. Make it maintainable by others. ``` #### Workflow automation design **Use case:** Process automation and workflow optimization **For:** DevOps Engineer, Automation Engineer, IT Operations Manager, Site Reliability Engineer ``` Design workflow automation for [process]. Current process: [describe manual steps]. Requirements: [what needs to be automated]. Create: 1) Workflow diagram with steps, 2) Triggers and conditions, 3) Actions per step, 4) Error handling and retries, 5) Notification and logging, 6) Tool/platform selection (Zapier, Power Automate, custom), 7) Testing approach, 8) Success metrics. Optimize for reliability and maintainability. ``` ### User Support & Service Desk Deliver excellent IT support and service. #### Knowledge base article **Use case:** Self-service support and ticket deflection **For:** IT Support Specialist, Service Desk Manager, Knowledge Manager, Technical Writer ``` Create knowledge base article for [common issue/question]. Issue: [describe problem]. Solution: [steps to resolve]. Write article with: 1) Clear title (search-optimized), 2) Problem description and symptoms, 3) Step-by-step resolution (with screenshots description), 4) Alternative solutions if applicable, 5) Prevention tips, 6) Related articles, 7) Feedback mechanism. Use simple language, assume minimal technical knowledge. ``` #### Ticket response templates **Use case:** Support efficiency and consistency **For:** IT Support Specialist, Service Desk Manager, Help Desk Technician, IT Support Lead ``` Create ticket response templates for common scenarios. Scenarios: [1) Acknowledgment, 2) Requesting more info, 3) Solution provided, 4) Escalation, 5) Closure]. For each: Professional greeting, situational content, clear next steps, timeline expectations, contact info. Tone: [helpful and professional]. Include placeholders for personalization. ``` #### SLA definition **Use case:** Service management and expectations setting **For:** Service Desk Manager, IT Operations Manager, IT Director, Customer Success Manager ``` Define service level agreements for [IT services]. Services: [list key services]. For each define: 1) Service description, 2) Availability targets (uptime %), 3) Performance metrics (response time, resolution time), 4) Support hours and coverage, 5) Incident priority levels, 6) Response/resolution targets by priority, 7) Reporting and review frequency, 8) Exclusions and exceptions. Make measurable and achievable. ``` #### End user onboarding checklist **Use case:** User onboarding and employee experience **For:** IT Support Specialist, IT Operations Manager, HR Technology Partner, Onboarding Coordinator ``` Create IT onboarding checklist for new employees. Role: [specify if different for different roles]. Include: 1) Pre-arrival setup (accounts, equipment), 2) Day one tasks (login, email, apps), 3) Training required (security, tools), 4) Access requests by system, 5) Equipment provisioning and setup, 6) Documentation to provide, 7) Timeline for each item, 8) Completion verification. Assign owners for each task. ``` ### IT Governance & Compliance Maintain IT governance and compliance standards. #### IT policy framework **Use case:** IT governance and regulatory compliance **For:** IT Compliance Manager, CISO, IT Director, Compliance Officer ``` Create IT policy framework for [organization]. Compliance requirements: [list regulations: SOC2, GDPR, HIPAA, etc.]. Develop policies for: 1) Acceptable use, 2) Data classification and handling, 3) Access control, 4) Change management, 5) Backup and recovery, 6) Incident response, 7) Vendor management, 8) Asset management. Each policy: Purpose, scope, requirements, responsibilities, enforcement. Ensure compliance alignment. ``` #### Change management process **Use case:** IT service management and risk mitigation **For:** IT Operations Manager, Change Manager, DevOps Engineer, IT Service Manager ``` Design IT change management process. Scope: [production systems/infrastructure]. Include: 1) Change categories (standard, normal, emergency), 2) Request and approval workflow, 3) Risk assessment criteria, 4) CAB (Change Advisory Board) process, 5) Implementation planning requirements, 6) Testing and validation, 7) Communication plan, 8) Rollback procedures, 9) Post-implementation review. Balance agility with control. ``` --- ## AI for Management & Team Leadership **Category:** Management **Prompts:** 19 **Description:** Management prompts for team building, performance management, communication, conflict resolution, and leadership development. **Tags:** Management, Leadership, Work Users ### Team Management Essentials Core practices for effective team leadership. #### Team charter creation **Use case:** Team formation and alignment ``` Create team charter for [team name/purpose]. Team members: [roles]. Include: 1) Team mission and objectives, 2) Roles and responsibilities per person, 3) Ways of working (meeting cadence, communication norms), 4) Decision-making process, 5) Success metrics, 6) Operating principles/ground rules, 7) Stakeholder relationships, 8) Resource allocation. Get team buy-in during creation. ``` #### Weekly team meeting agenda **Use case:** Meeting effectiveness and team alignment ``` Design standing team meeting agenda. Team: [team type]. Meeting frequency: [weekly]. Duration: [60 min suggested]. Structure: 1) Check-in/wins (5 min), 2) Metrics review (10 min), 3) Project updates (20 min), 4) Problem-solving/discussion (20 min), 5) Action items and next steps (5 min). Include: Facilitation tips, how to keep on track, parking lot for off-agenda items. Make productive and engaging. ``` #### One-on-one meeting structure **Use case:** Individual development and relationship building ``` Create 1:1 meeting framework for [direct report name/role]. Frequency: [weekly/biweekly]. Duration: [30 min]. Agenda framework: 1) Their agenda items (let them lead), 2) Work/project updates, 3) Challenges and support needed, 4) Career development, 5) Feedback exchange, 6) Manager updates. Include: Question bank for different situations, note-taking template, action items tracking. Build trust and development focus. ``` #### Team goals and OKRs **Use case:** Goal setting and team alignment ``` Set team OKRs for [quarter/year]. Team: [team name]. Company objectives alignment: [list relevant company OKRs]. Create: 1) 3-5 team objectives (what we want to achieve), 2) 3-4 key results per objective (how we measure success), 3) Initiatives/projects to drive key results, 4) Ownership assignments, 5) Dependencies and risks, 6) Check-in and tracking approach. Make ambitious but achievable. ``` ### Performance Management Drive high performance through effective management. #### Performance feedback (positive) **Use case:** Recognition and positive reinforcement ``` Write positive feedback for [employee name] about [specific accomplishment/behavior]. Context: [describe what they did]. Include: 1) Specific behavior observed (with examples), 2) Impact of their work (on project/team/customer), 3) Strengths demonstrated, 4) How it aligns with values/goals, 5) Encouragement to continue, 6) Growth opportunities if applicable. Make genuine, specific, and timely. Deliver: [in person/written]. ``` #### Performance feedback (constructive) **Use case:** Performance improvement and accountability ``` Prepare constructive feedback for [employee name] about [performance issue]. Issue: [describe specific behavior/outcome]. Prepare for conversation: 1) Specific examples (situation, behavior, impact), 2) Impact on team/work/goals, 3) Expected standard or behavior, 4) Questions to understand their perspective, 5) Support and resources to offer, 6) Clear expectations going forward, 7) Follow-up plan. Use SBI framework. Tone: direct but supportive. ``` #### Performance review writing **Use case:** Formal performance evaluation ``` Write performance review for [employee name], [role]. Review period: [dates]. Performance: [summary of performance level]. Include: 1) Introduction and overall assessment, 2) Goal achievement review (with ratings), 3) Competency evaluation with examples, 4) Key accomplishments, 5) Areas for development, 6) Specific examples throughout, 7) Rating rationale, 8) Goals for next period. Be fair, balanced, and evidence-based. ``` #### Underperformance action plan **Use case:** Performance management and improvement ``` Create action plan for [employee] who is underperforming in [specific areas]. Issues: [describe performance gaps]. Create plan with: 1) Specific performance expectations (clear and measurable), 2) Current gaps and examples, 3) Improvement goals with metrics, 4) Support and resources provided, 5) Check-in frequency (weekly recommended), 6) Timeline (typically 30-90 days), 7) Consequences if no improvement, 8) Success criteria. Be clear and documented. ``` ### Communication & Influence Communicate effectively and build influence. #### Difficult conversation preparation **Use case:** Conflict resolution and tough conversations ``` Prepare for difficult conversation with [person] about [topic]. Context: [situation]. Prepare: 1) Clear objective for conversation, 2) Opening statement (facts-based), 3) Key points to communicate, 4) Anticipated reactions and responses, 5) Questions to ask and listen, 6) Potential solutions or paths forward, 7) Boundaries and non-negotiables, 8) How to close conversation and next steps. Practice key phrases. ``` #### Upward management communication **Use case:** Managing up and stakeholder communication ``` Communicate [request/update/concern] to [manager/executive]. Situation: [context]. Craft message: 1) Executive summary (bottom line up front), 2) Situation overview (brief context), 3) Key points or data, 4) Implications and impact, 5) Recommendation or ask (specific), 6) Next steps or timeline. Keep concise, data-driven, solution-oriented. Format: [email/meeting/slack]. ``` #### Change announcement to team **Use case:** Change management and transparency ``` Announce [change] to team. Change: [describe what's changing]. Write communication that includes: 1) Clear statement of change, 2) Why this change (business rationale), 3) Impact on team (what changes for them), 4) Timeline and next steps, 5) How you'll support them, 6) FAQ addressing likely concerns, 7) How they can provide input, 8) Positive framing where appropriate. Be transparent and empathetic. ``` #### Team recognition message **Use case:** Team motivation and culture building ``` Write team recognition message for [accomplishment]. What they achieved: [describe success]. Write message to: [team/company]. Include: 1) Compelling opening acknowledging achievement, 2) Context and significance, 3) Specific contributions and efforts, 4) Results and impact, 5) Individual callouts if appropriate, 6) Appreciation and celebration, 7) Looking forward. Make it heartfelt and specific. ``` ### Team Development Build and develop high-performing teams. #### Team building activity plan **Use case:** Team cohesion and trust building ``` Plan team building activity for [team]. Team size: [number]. Goals: [build trust/improve communication/celebrate/etc.]. Setting: [in-person/remote/hybrid]. Duration: [time available]. Design activity with: 1) Objective and outcomes, 2) Activity description and flow, 3) Materials needed, 4) Facilitation guide, 5) Debrief questions, 6) How it builds [specific team need]. Make inclusive and engaging. ``` #### Team retrospective facilitation **Use case:** Continuous improvement and team learning ``` Facilitate retrospective for [team/project]. Period covered: [timeframe]. Format: [Start-Stop-Continue/4Ls/etc.]. Create session plan: 1) Set the stage (purpose, safety), 2) Gather data (what happened), 3) Generate insights (why it happened), 4) Decide actions (what to do), 5) Close (appreciation). Include: Timing per section, questions to ask, how to handle difficult topics, action item template. Make psychological safe and actionable. ``` #### Delegation framework **Use case:** Team development and workload management ``` Plan delegation of [task/project/responsibility] to [team member]. Assess: 1) Why delegate this (development, bandwidth, etc.), 2) Person's readiness (skill and will), 3) Desired outcome and success criteria, 4) Level of authority (decide/recommend/execute), 5) Support and resources needed, 6) Check-in plan, 7) How to handle mistakes/learning. Create delegation brief including context, expectations, support. Resist urge to micromanage. ``` #### Conflict resolution facilitation **Use case:** Team dynamics and conflict management ``` Facilitate conflict resolution between [parties]. Conflict about: [issue]. Prepare to: 1) Set ground rules (respect, listening), 2) Have each person share their perspective, 3) Identify underlying interests (not just positions), 4) Find common ground, 5) Brainstorm solutions, 6) Agree on path forward, 7) Define follow-up. Stay neutral, focus on behaviors and impact, not personalities. ``` ### Strategic Leadership Think and act strategically as a leader. #### Department strategy development **Use case:** Strategic planning and departmental alignment ``` Develop strategy for [department/team]. Timeframe: [annual/3-year]. Company strategy: [relevant context]. Create: 1) Mission and vision for department, 2) Current state assessment (strengths, gaps), 3) Strategic priorities (3-5 focus areas), 4) Key initiatives per priority, 5) Success metrics and KPIs, 6) Resource requirements, 7) Dependencies and risks, 8) Roadmap and milestones. Align to company goals while defining unique contribution. ``` #### Stakeholder mapping and engagement **Use case:** Influence and stakeholder management ``` Map stakeholders for [initiative/project]. Identify stakeholders and assess: 1) Power/influence level, 2) Interest level, 3) Current stance (supporter/neutral/resistor), 4) Key concerns and motivations, 5) Engagement strategy per stakeholder, 6) Communication frequency and channel, 7) Wins needed from each, 8) Risk if not engaged. Create engagement plan prioritizing high power/high interest stakeholders. ``` #### Decision-making framework for team **Use case:** Team empowerment and organizational effectiveness ``` Create decision-making framework for team. Decision types: [list common decisions team makes]. Define: 1) Decision categories by impact/reversibility, 2) Decision rights (who decides for each type), 3) Input vs approval vs informed stakeholders, 4) Escalation criteria, 5) Documentation requirements, 6) Timeline expectations per category. Empower team to make decisions at appropriate level, reduce bottlenecks. ``` --- ## AI for ESG & Sustainability **Category:** ESG & Sustainability **Prompts:** 25 **Description:** ESG and sustainability prompts covering reporting, strategy development, carbon management, stakeholder engagement, and impact measurement. **Tags:** ESG, Sustainability, Corporate Responsibility, Work Users ### ESG Reporting & Disclosure Create comprehensive ESG reports and disclosures. #### ESG report framework **Use case:** Annual ESG reporting and transparency ``` Create ESG report structure for [company]. Industry: [sector]. Reporting frameworks: [GRI/SASB/TCFD/CDP/other]. Include: 1) Executive summary with key highlights, 2) Materiality assessment results, 3) Environmental metrics (emissions, energy, water, waste), 4) Social metrics (diversity, safety, community), 5) Governance structure and policies, 6) Progress on targets and commitments, 7) Risks and opportunities, 8) Stakeholder engagement summary, 9) Third-party assurance approach. ``` #### Materiality assessment process **Use case:** ESG strategy and stakeholder alignment ``` Design materiality assessment for [company] in [industry]. Stakeholders: [investors, employees, customers, NGOs, communities, etc.]. Process: 1) Identify potential ESG topics (environmental, social, governance), 2) Stakeholder engagement methods, 3) Impact and importance rating criteria, 4) Materiality matrix development, 5) Priority topics identification, 6) Validation approach, 7) Integration into strategy and reporting, 8) Review and update schedule. ``` #### TCFD climate disclosure **Use case:** Climate risk disclosure and investor communication ``` Create TCFD (Task Force on Climate-related Financial Disclosures) report for [company]. Include four pillars: 1) Governance: Board oversight and management role in climate issues, 2) Strategy: Climate risks and opportunities, scenario analysis, business impact, 3) Risk Management: Climate risk identification, assessment, and integration processes, 4) Metrics and Targets: GHG emissions (Scope 1, 2, 3), climate targets, performance metrics. Address [industry-specific] considerations. ``` #### Sustainability report narrative **Use case:** Stakeholder communication and brand reputation ``` Write compelling sustainability report narrative for [company]. Year: [year]. Key achievements: [list highlights]. Challenges: [issues faced]. Create narrative with: 1) CEO letter on sustainability commitment, 2) Storytelling around impact (with real examples), 3) Progress toward goals with data visualization descriptions, 4) Transparent discussion of challenges, 5) Future commitments and ambitions, 6) Stakeholder testimonials/case studies. Make engaging and credible. ``` #### ESG data collection system **Use case:** ESG data management and reporting infrastructure ``` Design ESG data collection and management system for [company]. Scope: [facilities, operations, supply chain]. System requirements: 1) Data points to collect (by E/S/G category), 2) Data sources and collection methods, 3) Frequency and timing, 4) Data quality and validation processes, 5) Technology/tools needed, 6) Roles and responsibilities, 7) Reporting and analysis capabilities, 8) Audit trail and assurance readiness. ``` ### Carbon Management & Climate Strategy Develop and implement carbon reduction strategies. #### GHG emissions inventory **Use case:** Carbon footprint measurement and baseline ``` Create greenhouse gas emissions inventory for [company/facility]. Reporting year: [year]. Calculate: 1) Scope 1 (direct emissions - combustion, processes, fugitive), 2) Scope 2 (purchased electricity, heat, steam), 3) Scope 3 (value chain - identify relevant categories), 4) Methodology and emission factors used, 5) Data sources and assumptions, 6) Organizational and operational boundaries, 7) Comparison to prior years, 8) Data quality assessment. Follow GHG Protocol standards. ``` #### Net zero strategy development **Use case:** Climate commitment and decarbonization planning ``` Develop net zero strategy for [company] by [target year]. Current emissions: [baseline data]. Create strategy with: 1) Science-based targets (near-term and long-term), 2) Decarbonization roadmap by emission source, 3) Reduction initiatives prioritized (energy efficiency, renewables, electrification, etc.), 4) Timeline and milestones, 5) Investment requirements, 6) Carbon removal/offset strategy for residual emissions, 7) Governance and accountability, 8) Risk and opportunity analysis. ``` #### Carbon reduction project evaluation **Use case:** Decarbonization investment decisions ``` Evaluate carbon reduction project: [project description]. Investment: [cost]. Assess: 1) Emission reduction potential (tCO2e per year), 2) Cost per ton CO2e avoided, 3) Payback period and ROI, 4) Co-benefits (cost savings, resilience, reputation), 5) Implementation complexity and timeline, 6) Risks and barriers, 7) Alignment with net zero pathway, 8) Monitoring and verification approach. Recommend priority level. ``` #### Renewable energy strategy **Use case:** Renewable energy transition and Scope 2 reduction ``` Develop renewable energy procurement strategy for [company]. Current energy use: [consumption data]. Location: [geographies]. Strategy options: 1) On-site generation (solar, wind) - feasibility and sizing, 2) Power Purchase Agreements (PPAs), 3) Renewable Energy Certificates (RECs), 4) Green tariffs from utilities, 5) Cost-benefit analysis per option, 6) Procurement timeline and milestones, 7) Financial structuring, 8) Stakeholder engagement and communication. ``` #### Climate scenario analysis **Use case:** Climate risk management and strategic planning ``` Conduct climate scenario analysis for [company/industry]. Time horizons: [2030, 2050]. Scenarios: [1.5°C, 2°C, 3°C+ warming based on IEA/IPCC]. Analyze: 1) Physical risks (acute and chronic climate impacts), 2) Transition risks (policy, technology, market, reputation), 3) Opportunities (resource efficiency, new markets, resilience), 4) Financial implications by scenario, 5) Strategic response options, 6) Resilience assessment. Use TCFD framework. ``` ### Sustainable Supply Chain Build sustainable and responsible supply chains. #### Supplier sustainability assessment **Use case:** Supply chain risk management and responsibility ``` Create supplier sustainability assessment program for [company]. Spend categories: [key categories]. Assessment framework: 1) ESG criteria by category (environmental compliance, labor practices, ethics, etc.), 2) Risk-based supplier segmentation, 3) Assessment methodology (self-assessment, audit, certification), 4) Scoring and rating system, 5) Corrective action process, 6) Supplier development and support, 7) Performance monitoring, 8) Consequences for non-compliance. ``` #### Scope 3 emissions reduction plan **Use case:** Value chain decarbonization ``` Develop Scope 3 emissions reduction plan for [relevant categories: purchased goods, transportation, business travel, etc.]. Current Scope 3 footprint: [data]. Create plan: 1) Hotspot analysis (which categories matter most), 2) Supplier engagement strategy, 3) Reduction initiatives by category, 4) Collaboration opportunities, 5) Procurement policy changes, 6) Measurement and tracking approach, 7) Targets and timeline, 8) Supplier incentive structures. ``` #### Sustainable sourcing policy **Use case:** Responsible procurement and ethical sourcing ``` Write sustainable sourcing policy for [commodity/category]. Current sourcing: [context]. Policy should cover: 1) Sustainability requirements (environmental standards, certifications), 2) Social responsibility criteria (labor rights, community impact), 3) Supplier expectations and code of conduct, 4) Risk assessment and due diligence process, 5) Traceability and transparency requirements, 6) Audit and verification, 7) Continuous improvement expectations, 8) Reporting and disclosure. ``` #### Circular economy initiative **Use case:** Waste reduction and resource efficiency ``` Design circular economy initiative for [product/material stream]. Current linear model: [take-make-waste description]. Circular opportunity: 1) Product design for circularity (durability, repairability, recyclability), 2) Take-back and reverse logistics, 3) Refurbishment/remanufacturing model, 4) Recycling and material recovery, 5) Business model implications, 6) Partnership opportunities, 7) Economic feasibility, 8) Environmental impact quantification. Apply circular economy principles. ``` ### Social Impact & DEI Measure and improve social impact and diversity initiatives. #### DEI strategy and metrics **Use case:** Workforce diversity and inclusive culture ``` Create diversity, equity, and inclusion (DEI) strategy for [company]. Current state: [demographic data]. Develop strategy: 1) DEI vision and goals, 2) Representation targets by level and function, 3) Recruitment and hiring initiatives, 4) Retention and advancement programs, 5) Inclusive culture initiatives, 6) Pay equity analysis and action, 7) Accountability and governance, 8) Metrics and KPIs to track progress, 9) Reporting and transparency approach. ``` #### Community impact assessment **Use case:** Social license to operate and community relations ``` Assess community impact of [facility/project/operations]. Location: [community/region]. Assessment: 1) Stakeholder identification and mapping, 2) Economic impacts (jobs, local spending, tax revenue), 3) Social impacts (community health, safety, quality of life), 4) Environmental impacts on community, 5) Stakeholder concerns and priorities, 6) Positive contribution opportunities, 7) Mitigation strategies for negative impacts, 8) Community investment and engagement plan. ``` #### Human rights due diligence **Use case:** Human rights compliance and ethical operations ``` Conduct human rights due diligence for [operations/supply chain]. Scope: [geographies, suppliers, activities]. Following UN Guiding Principles: 1) Identify salient human rights issues (forced labor, child labor, freedom of association, etc.), 2) Risk assessment by location and activity, 3) Stakeholder consultation, 4) Impact assessment, 5) Prevention and mitigation measures, 6) Remediation processes, 7) Monitoring and reporting, 8) Grievance mechanisms. ``` #### Employee wellbeing program **Use case:** Employee retention and productivity ``` Design employee health and wellbeing program for [company]. Current challenges: [employee feedback/data]. Program design: 1) Physical health initiatives (fitness, nutrition, preventive care), 2) Mental health support (counseling, stress management, work-life balance), 3) Financial wellness resources, 4) Social connection and community, 5) Safe and healthy work environment, 6) Program communication and awareness, 7) Participation incentives, 8) Success metrics and evaluation. ``` ### Governance & Ethics Strengthen governance structures and ethical practices. #### ESG governance structure **Use case:** ESG program management and accountability ``` Design ESG governance structure for [company]. Organization size: [context]. Create structure: 1) Board-level oversight (committee or full board), 2) Executive leadership and accountability, 3) ESG working groups or councils, 4) Roles and responsibilities by function, 5) Integration with existing governance, 6) Decision-making authority, 7) Reporting and escalation processes, 8) Performance management and incentive alignment, 9) External advisory and assurance. ``` #### Business ethics policy **Use case:** Compliance and ethical business practices ``` Develop business ethics and anti-corruption policy for [company]. Operating regions: [geographies]. Policy should cover: 1) Anti-bribery and corruption standards, 2) Gifts and hospitality limits, 3) Conflicts of interest disclosure, 4) Fair competition and antitrust, 5) Whistleblower protection and reporting channels, 6) Third-party due diligence, 7) Training requirements, 8) Monitoring and enforcement, 9) Consequences for violations. Align with FCPA, UK Bribery Act, etc. ``` #### ESG risk assessment **Use case:** Risk management and strategic planning ``` Conduct enterprise ESG risk assessment for [company]. Industry: [sector]. Assess: 1) Material ESG risks by category (environmental, social, governance), 2) Likelihood and impact assessment, 3) Current controls and mitigation, 4) Residual risk levels, 5) Risk owners and accountability, 6) Emerging ESG risks, 7) Integration with enterprise risk management, 8) Risk appetite and tolerance, 9) Monitoring and reporting. ``` #### Stakeholder engagement plan **Use case:** Stakeholder relations and ESG credibility ``` Create stakeholder engagement plan for [ESG topic/initiative]. Key stakeholders: [investors, employees, customers, NGOs, communities, etc.]. Plan: 1) Stakeholder prioritization and mapping, 2) Engagement objectives by stakeholder group, 3) Methods and channels (surveys, dialogues, partnerships), 4) Frequency and timing, 5) Topics and information shared, 6) Feedback incorporation process, 7) Transparency and reporting, 8) Success metrics. ``` ### Sustainable Finance & Investment Integrate ESG into financial decisions and reporting. #### Green financing strategy **Use case:** Sustainable capital raising ``` Develop green financing strategy for [company/project]. Capital need: [amount]. Strategy: 1) Green bond/loan framework aligned to standards (Green Bond Principles, LMA Green Loan Principles), 2) Use of proceeds (eligible green projects), 3) Project evaluation and selection process, 4) Management of proceeds, 5) Reporting (allocation and impact), 6) External review and verification, 7) Investor targeting and communication, 8) Pricing and terms expectations. ``` #### Sustainability-linked financing **Use case:** Incentive-based sustainable finance ``` Structure sustainability-linked loan/bond for [company]. Current ESG performance: [baseline]. Design: 1) Selection of KPIs (aligned to sustainability strategy), 2) Ambitious SPTs (Sustainability Performance Targets), 3) Timeline and measurement, 4) Pricing mechanism (interest rate step-up/down), 5) Reporting and verification, 6) External review, 7) Rationale and materiality of selected KPIs, 8) Integration with ESG strategy and targets. ``` #### ESG investment screening **Use case:** Responsible investment and ESG integration ``` Create ESG investment screening methodology for [investment portfolio/fund]. Investment scope: [asset class, geography, etc.]. Methodology: 1) ESG data sources and ratings, 2) Screening criteria (negative, positive, norms-based), 3) ESG scoring and weighting, 4) Integration with financial analysis, 5) Exclusion thresholds, 6) Engagement and stewardship approach, 7) Reporting to stakeholders, 8) Performance monitoring and review. ``` --- ## AI for Legal & Compliance **Category:** Legal & Compliance **Prompts:** 35 **Description:** Legal and compliance prompts covering contract analysis, regulatory research, legal document drafting, compliance audits, risk management, and legal operations. **Tags:** Legal, Compliance, Risk Management, Work Users ### Contract Analysis & Review Analyze and review contracts efficiently and thoroughly. #### Contract risk assessment **Use case:** Contract negotiation and risk mitigation ``` Review contract for [contract type: vendor agreement, customer contract, partnership, etc.]. Parties: [names]. Review focus: [specific concerns or standard review]. Analyze: 1) Key commercial terms (price, payment, term, renewal), 2) Risk provisions (liability, indemnification, warranties), 3) Unfavorable terms or red flags, 4) Missing protections or clauses, 5) Compliance with company policies, 6) Jurisdiction and dispute resolution, 7) Termination and exit provisions, 8) Recommended revisions (categorized by priority), 9) Overall risk rating (low/medium/high). ``` #### Contract clause comparison **Use case:** Contract negotiation and position development ``` Compare contract clauses between [our standard form] and [counterparty's proposed terms]. Clause types: [specific clauses or entire agreement]. Analysis: 1) Side-by-side comparison of key provisions, 2) Material differences highlighted, 3) Risk implications of deviations, 4) Industry standard analysis, 5) Negotiation priorities (must-have vs nice-to-have), 6) Suggested compromise language, 7) Fallback positions, 8) Business impact of accepting as-is. ``` #### Contract obligations extraction **Use case:** Contract management and compliance tracking ``` Extract and summarize obligations from [contract name]. Contract context: [brief description]. Extract: 1) All party obligations organized by party, 2) Performance deadlines and milestones, 3) Deliverables required, 4) Payment obligations and schedule, 5) Reporting requirements, 6) Compliance and audit rights, 7) Insurance and security requirements, 8) Notice provisions, 9) Create obligation matrix with responsible parties and due dates. ``` #### Contract renewal analysis **Use case:** Contract lifecycle management and vendor management ``` Analyze contract renewal for [vendor/customer]. Current contract: [key terms]. Renewal approaching: [date]. Analysis: 1) Performance under current contract, 2) Market rate comparison for similar services, 3) Alternative vendor/solution options, 4) Negotiation leverage assessment, 5) Terms to renegotiate or improve, 6) Financial impact of renewal vs alternatives, 7) Risks of non-renewal, 8) Negotiation strategy and timeline, 9) Recommendation (renew, renegotiate, terminate). ``` #### Master service agreement (MSA) template **Use case:** Contract template development and standardization ``` Create master service agreement template for [business type]. Services: [general description]. Key requirements: [specific needs]. Template should include: 1) Scope and statement of work framework, 2) Payment terms and pricing structure, 3) Intellectual property provisions, 4) Confidentiality and data protection, 5) Representations and warranties, 6) Limitation of liability, 7) Indemnification, 8) Term and termination, 9) Dispute resolution, 10) General provisions. Balance: [customer-friendly vs vendor-friendly]. ``` ### Legal Document Drafting Draft various legal documents and correspondence. #### Non-disclosure agreement (NDA) **Use case:** Business development and partnership discussions ``` Draft NDA for [business context]. Type: [mutual/unilateral]. Parties: [names and roles]. Purpose: [reason for disclosure]. Include: 1) Definition of confidential information, 2) Permitted uses and restrictions, 3) Exclusions from confidentiality, 4) Term and survival provisions, 5) Return or destruction of information, 6) Remedies for breach, 7) Governing law and jurisdiction, 8) Standard provisions. Make: [standard/heavily protective of discloser]. ``` #### Demand letter **Use case:** Dispute resolution and pre-litigation strategy ``` Draft demand letter for [claim/dispute]. Parties: [sender and recipient]. Issue: [describe breach or claim]. Facts: [relevant background]. Letter should: 1) Professional but firm tone, 2) Clear statement of the problem, 3) Relevant contract provisions or legal basis, 4) Specific harm or damages, 5) Demanded action or remedy, 6) Reasonable deadline for response, 7) Consequences if demand not met, 8) Preserve litigation options without being overtly threatening. Goal: [settlement vs document creation]. ``` #### Cease and desist letter **Use case:** Intellectual property protection and rights enforcement ``` Draft cease and desist letter for [infringement type: trademark, copyright, patent, trade secret, defamation, etc.]. Infringing party: [name]. Our rights: [describe IP or legal rights]. Infringing conduct: [specific actions]. Letter components: 1) Description of protected rights, 2) Evidence of infringement with specifics, 3) Legal basis for claim, 4) Demand to immediately cease conduct, 5) Demand to confirm compliance in writing, 6) Preservation of evidence request, 7) Reservation of all rights and remedies, 8) Deadline for response. Tone: [firm but professional]. ``` #### Settlement agreement **Use case:** Dispute resolution and litigation avoidance ``` Draft settlement agreement for [dispute type]. Parties: [names]. Dispute background: [brief summary]. Settlement terms: [agreed resolution]. Agreement should include: 1) Recitals (factual background without admissions), 2) Settlement payment terms, 3) Mutual release of claims, 4) No admission of liability, 5) Confidentiality provisions, 6) Non-disparagement clause, 7) Representations and warranties, 8) Breach provisions and remedies, 9) General provisions (governing law, entire agreement, etc.). ``` #### Employment agreement **Use case:** Employee onboarding and relationship formalization ``` Draft employment agreement for [position]. Level: [executive/manager/employee]. Location: [state/country]. Include: 1) Position, duties, and reporting, 2) Compensation and benefits, 3) Equity/bonus if applicable, 4) Term and termination provisions, 5) Severance terms, 6) Confidentiality obligations, 7) Non-compete and non-solicit (if enforceable), 8) Intellectual property assignment, 9) At-will statement (if applicable), 10) Representations and general provisions. Comply with [jurisdiction] employment law. ``` ### Regulatory Research & Compliance Research regulations and ensure compliance across jurisdictions. #### Regulatory compliance assessment **Use case:** Compliance program development and risk assessment ``` Assess regulatory compliance for [business activity] in [jurisdiction]. Industry: [sector]. Current practices: [describe operations]. Assessment: 1) Applicable laws and regulations (federal, state, local), 2) Licensing and registration requirements, 3) Operational compliance requirements, 4) Reporting and disclosure obligations, 5) Current compliance gaps identified, 6) Risk level of non-compliance, 7) Remediation actions prioritized, 8) Ongoing compliance program recommendations, 9) Timeline and resource needs. ``` #### Multi-jurisdiction regulatory comparison **Use case:** Market expansion and international compliance ``` Compare regulatory requirements for [business activity/product] across [list jurisdictions]. Focus areas: [specific requirements]. Analysis: 1) Jurisdiction-by-jurisdiction comparison matrix, 2) Key similarities and differences, 3) Most restrictive vs permissive jurisdictions, 4) Licensing and authorization requirements, 5) Compliance timeline and costs by jurisdiction, 6) Harmonization opportunities, 7) Market entry strategy recommendations, 8) Risk assessment per jurisdiction. ``` #### Regulatory change impact analysis **Use case:** Regulatory monitoring and adaptation ``` Analyze impact of [new regulation/proposed rule] on [company/industry]. Regulation: [name and brief description]. Effective date: [date]. Impact analysis: 1) Summary of regulatory changes, 2) Affected business areas and operations, 3) New compliance obligations, 4) Implementation requirements and deadlines, 5) Cost impact (one-time and ongoing), 6) Business model or operational changes needed, 7) Compliance strategy and action plan, 8) Risks of non-compliance, 9) Industry advocacy or comment opportunities. ``` #### Data privacy compliance (GDPR/CCPA) **Use case:** Privacy law compliance and data protection ``` Assess data privacy compliance for [company/website/app]. Jurisdictions: [EU/California/other]. Data processing: [describe data collection and use]. Compliance review: 1) Personal data inventory and data flows, 2) Legal basis for processing, 3) Privacy policy and notice adequacy, 4) Consent mechanisms, 5) Data subject rights procedures (access, deletion, etc.), 6) Vendor and third-party data sharing, 7) Security and breach notification processes, 8) Compliance gaps and remediation, 9) Privacy by design recommendations. ``` #### Industry-specific compliance framework **Use case:** Compliance program implementation and management ``` Develop compliance framework for [company] in [industry: healthcare, financial services, food/beverage, etc.]. Operations: [describe]. Framework should include: 1) Applicable regulatory landscape overview, 2) Compliance organizational structure and governance, 3) Key compliance policies and procedures, 4) Training and awareness programs, 5) Monitoring and auditing processes, 6) Incident response and reporting, 7) Third-party/vendor management, 8) Documentation and recordkeeping, 9) Continuous improvement process. ``` ### Compliance Audits & Monitoring Conduct internal audits and monitor compliance programs. #### Compliance audit plan **Use case:** Internal audit and compliance verification ``` Design compliance audit for [area: contracts, privacy, employment, financial, etc.]. Scope: [specific focus]. Audit plan: 1) Audit objectives and scope definition, 2) Applicable regulations and standards, 3) Audit criteria and testing procedures, 4) Documentation and evidence requirements, 5) Sampling methodology, 6) Interview and walkthrough approach, 7) Timeline and resource allocation, 8) Reporting format and distribution, 9) Follow-up and remediation tracking. ``` #### Third-party vendor compliance review **Use case:** Vendor risk management and third-party governance ``` Create vendor compliance review process for [vendor type: SaaS, service provider, manufacturer, etc.]. Compliance areas: [data privacy, security, regulatory, ethical, etc.]. Review process: 1) Pre-contracting due diligence requirements, 2) Compliance questionnaire and certifications, 3) Contract compliance provisions, 4) Ongoing monitoring and audits, 5) Vendor performance metrics, 6) Issue escalation and remediation, 7) Termination triggers, 8) Documentation requirements, 9) Vendor risk rating methodology. ``` #### Compliance violations investigation **Use case:** Compliance enforcement and incident management ``` Investigate potential compliance violation: [describe allegation]. Applicable policy/regulation: [reference]. Investigation protocol: 1) Preliminary assessment and scope, 2) Investigation team and roles, 3) Evidence collection and preservation, 4) Interview strategy and documentation, 5) Analysis and fact-finding, 6) Violation determination and severity, 7) Root cause analysis, 8) Recommended corrective actions, 9) Reporting obligations (internal and external), 10) Preventive measures. ``` #### Control effectiveness assessment **Use case:** Internal controls and compliance optimization ``` Assess effectiveness of compliance controls for [business process/area]. Current controls: [describe existing controls]. Assessment approach: 1) Control design evaluation (are controls appropriate?), 2) Control implementation testing (are controls operating?), 3) Control effectiveness measurement (are controls working?), 4) Gap analysis and deficiencies, 5) Root cause of control failures, 6) Risk assessment of deficiencies, 7) Control improvement recommendations, 8) Implementation priorities and timeline, 9) Ongoing monitoring approach. ``` #### Compliance dashboard and metrics **Use case:** Compliance program oversight and reporting ``` Design compliance monitoring dashboard for [organization/program]. Compliance areas: [list key areas]. Dashboard design: 1) Key performance indicators (KPIs) and metrics, 2) Leading vs lagging indicators, 3) Data sources and collection methods, 4) Reporting frequency and format, 5) Visualization and presentation, 6) Threshold and alert triggers, 7) Drill-down capabilities by area/region, 8) Trend analysis and benchmarking, 9) Audience-specific views (board, management, staff). ``` ### Corporate Governance & Policy Develop corporate governance structures and policies. #### Corporate governance framework **Use case:** Corporate governance and board effectiveness ``` Establish corporate governance framework for [company]. Company stage: [startup/growth/mature]. Structure: [board composition, committees]. Framework components: 1) Board structure and composition, 2) Board and committee charters, 3) Director duties and responsibilities, 4) Meeting frequency and procedures, 5) Management oversight and reporting, 6) Stakeholder communication, 7) Conflict of interest policies, 8) Executive compensation governance, 9) Risk oversight and compliance, 10) Governance evaluation and improvement. ``` #### Code of conduct development **Use case:** Ethics program and organizational culture ``` Create code of conduct for [company]. Employees: [number/type]. Values: [company values]. Code should cover: 1) Statement of values and ethical principles, 2) Compliance with laws and regulations, 3) Conflicts of interest, 4) Anti-corruption and bribery, 5) Fair dealing and competition, 6) Protection of assets and confidential information, 7) Workplace behavior and respect, 8) Reporting violations and non-retaliation, 9) Consequences of violations, 10) Acknowledgment and training requirements. Make practical and relatable. ``` #### Corporate policy creation **Use case:** Policy management and operational governance ``` Draft corporate policy for [policy area: travel, expenses, remote work, social media, conflicts of interest, etc.]. Company context: [size, industry, values]. Policy structure: 1) Purpose and scope, 2) Definitions, 3) Policy statement and requirements, 4) Roles and responsibilities, 5) Procedures and guidelines, 6) Approval processes, 7) Exceptions handling, 8) Monitoring and enforcement, 9) Policy review schedule, 10) References and related policies. Balance clarity with flexibility. ``` #### Board meeting minutes **Use case:** Corporate recordkeeping and governance documentation ``` Draft board meeting minutes for [company]. Meeting date: [date]. Attendees: [directors and others]. Agenda items: [list key topics]. Minutes format: 1) Meeting logistics (time, place, quorum), 2) Approval of previous minutes, 3) Management reports summary, 4) Discussion points by agenda item (without verbatim quotes), 5) Resolutions and votes (with vote counts), 6) Action items and ownership, 7) Executive session notes (if applicable), 8) Adjournment. Tone: formal, objective, focused on decisions and actions not debate. ``` #### Delegation of authority matrix **Use case:** Organizational governance and decision-making clarity ``` Create delegation of authority (DOA) matrix for [company/department]. Organization: [structure]. Matrix should define: 1) Decision categories (financial, operational, HR, legal, etc.), 2) Authority levels by role/title, 3) Dollar thresholds for financial decisions, 4) Approval requirements (single vs dual approval), 5) Escalation requirements, 6) Exception processes, 7) Reporting and monitoring, 8) Matrix format (table/chart), 9) Update and review procedures. Balance empowerment with appropriate controls. ``` ### Litigation & Dispute Management Manage litigation and resolve disputes effectively. #### Litigation risk assessment **Use case:** Litigation strategy and risk management ``` Assess litigation risk for [potential or actual claim]. Claim: [brief description]. Parties: [plaintiff and defendant]. Analysis: 1) Factual and legal basis of claim, 2) Strengths and weaknesses of each party's position, 3) Applicable law and jurisdiction, 4) Potential damages or remedies, 5) Likelihood of plaintiff success (percentage), 6) Cost to defend (estimate ranges), 7) Reputational and business impact, 8) Settlement range analysis, 9) Litigation strategy recommendation (settle, defend, counterclaim). ``` #### Discovery strategy and plan **Use case:** Litigation management and case strategy ``` Develop discovery strategy for [litigation matter]. Case: [brief description]. Discovery goals: [key information needed]. Strategy: 1) Document preservation and collection plan, 2) Document requests to opposing party, 3) Interrogatories and requests for admission, 4) Deposition strategy and witness priorities, 5) ESI (electronically stored information) considerations, 6) Timeline and discovery deadlines, 7) Privilege and protection issues, 8) Discovery budget estimate, 9) Settlement leverage through discovery. ``` #### Legal hold notice **Use case:** Litigation preparedness and evidence preservation ``` Draft legal hold notice for [matter/investigation]. Recipients: [custodians]. Scope: [relevant subject matter and timeframe]. Notice should include: 1) Clear description of matter and why hold is necessary, 2) Types of documents and information to preserve, 3) Locations and formats to search (email, files, devices, cloud), 4) Timeframe of relevant documents, 5) Preservation requirements (do not delete, destroy, or alter), 6) Suspension of auto-delete/retention policies, 7) Contact person for questions, 8) Acknowledgment requirement, 9) Consequences of non-compliance. Make clear and action-oriented. ``` #### Mediation preparation brief **Use case:** Alternative dispute resolution and settlement ``` Prepare mediation brief for [dispute]. Parties: [names]. Mediation date: [date]. Mediator: [name if known]. Brief components: 1) Concise statement of facts, 2) Legal and factual issues in dispute, 3) Each party's position and demands, 4) Prior settlement discussions and positions, 5) Your client's bottom-line and settlement authority, 6) Strengths and weaknesses of case, 7) Litigation costs and risks if no settlement, 8) Creative settlement options, 9) Desired outcome and strategy for mediation. Tone: balanced and solution-focused. ``` #### Litigation budget and forecast **Use case:** Litigation cost management and planning ``` Create litigation budget for [case]. Case phase: [discovery/motion practice/trial/appeal]. Timeline: [estimated duration]. Budget should include: 1) Attorney fees by role and phase, 2) Paralegal and legal assistant time, 3) Expert witness fees and costs, 4) Court costs and filing fees, 5) Deposition and transcript costs, 6) Document review and e-discovery, 7) Travel and other expenses, 8) Contingencies and scope changes, 9) Payment schedule and milestones, 10) Budget variance monitoring. Include best/worst case scenarios. ``` ### Intellectual Property Management Protect and manage intellectual property assets. #### Trademark clearance analysis **Use case:** Brand development and trademark protection ``` Conduct trademark clearance for [proposed mark]. Use: [goods/services]. Geographic scope: [jurisdictions]. Analysis: 1) Preliminary knockout search results, 2) Federal trademark database results, 3) Common law use search, 4) Confusingly similar marks identified, 5) Likelihood of confusion analysis, 6) Descriptiveness or genericness issues, 7) Risk assessment (high/medium/low), 8) Alternative mark suggestions if high risk, 9) Registration strategy recommendation. ``` #### IP portfolio audit **Use case:** IP strategy and asset management ``` Audit intellectual property portfolio for [company]. IP types: [patents, trademarks, copyrights, trade secrets]. Portfolio review: 1) Inventory of all IP assets, 2) Ownership verification and chain of title, 3) Registration status and maintenance deadlines, 4) IP aligned with business strategy and products, 5) Gaps in protection identified, 6) Unused or underutilized IP, 7) IP valuation and importance ranking, 8) Maintenance cost vs value analysis, 9) Recommended actions (new filings, abandonments, licenses). ``` #### Patent invention disclosure form **Use case:** Innovation capture and patent prosecution ``` Create patent invention disclosure form for [company/technology area]. Form should capture: 1) Inventor information, 2) Invention title and technical field, 3) Problem solved and technical advantages, 4) Detailed description of invention, 5) How it differs from existing solutions, 6) Best mode and alternative embodiments, 7) Public disclosures and sale/offer deadlines, 8) Commercial applications and market, 9) Supporting materials (drawings, prototypes, data), 10) Invention disclosure date. Make clear and comprehensive for patent attorney review. ``` #### Trade secret protection program **Use case:** Confidential information protection and competitive advantage ``` Develop trade secret protection program for [company]. Trade secrets: [types of information]. Program components: 1) Trade secret identification and inventory, 2) Reasonable measures to maintain secrecy (physical, technical, legal), 3) Employee and contractor agreements (confidentiality, assignment), 4) Access controls and need-to-know basis, 5) Marking and labeling procedures, 6) Third-party disclosure protocols (NDAs), 7) Exit procedures and device return, 8) Training and awareness, 9) Incident response for misappropriation, 10) Regular program audits. ``` #### IP licensing agreement **Use case:** IP monetization and strategic partnerships ``` Draft IP licensing agreement for [IP type: patent, trademark, copyright, software, etc.]. Licensor: [name]. Licensee: [name]. Licensed IP: [description]. Terms: [key business terms]. Agreement should include: 1) Grant of license (scope, field of use, territory, exclusivity), 2) Sublicensing rights, 3) License fees and royalties, 4) Quality control and brand standards (if trademark), 5) Improvements and modifications, 6) Term and termination, 7) IP ownership and protection, 8) Warranties and indemnification, 9) Audit rights, 10) General provisions. ``` --- ## AI for Operations & Supply Chain **Category:** Operations & Supply Chain **Prompts:** 35 **Description:** Operations and supply chain prompts covering process optimization, vendor management, logistics planning, inventory management, quality control, and operational excellence. **Tags:** Operations, Supply Chain, Logistics, Work Users ### Process Optimization & Lean Improve operational efficiency through process optimization and lean methodologies. #### Process mapping and analysis **Use case:** Process improvement and efficiency gains ``` Map and analyze process for [process name]. Current state: [brief description]. Scope: [start and end points]. Create: 1) Detailed process map with steps, decision points, handoffs, 2) Cycle time per step, 3) Resources required per step, 4) Pain points and bottlenecks identified, 5) Waste analysis (waiting, transport, overprocessing, etc.), 6) Value-added vs non-value-added activities, 7) Root cause analysis of inefficiencies, 8) Quick win opportunities, 9) Future state process design with improvements. ``` #### Value stream mapping **Use case:** Lean transformation and waste elimination ``` Create value stream map for [product family/service]. Process scope: [order to delivery/raw material to finished goods]. Map should include: 1) Current state map with all process steps, 2) Information and material flow, 3) Lead time and cycle time per step, 4) Inventory levels at each stage, 5) Value-added time ratio, 6) Waste identification (7 wastes of lean), 7) Improvement opportunities (kaizen bursts), 8) Future state map with lean improvements, 9) Implementation plan with metrics. ``` #### Bottleneck analysis and resolution **Use case:** Capacity optimization and throughput improvement ``` Identify and resolve bottlenecks in [operation/production line]. Current throughput: [rate]. Target: [desired rate]. Analysis: 1) Process capacity analysis per station/step, 2) Bottleneck identification (constraint), 3) Utilization rates and idle time, 4) Queue and wait time analysis, 5) Root cause of constraint, 6) Improvement options (capacity increase, process change, scheduling), 7) Cost-benefit per option, 8) Implementation plan, 9) Expected throughput improvement. ``` #### Standard operating procedure (SOP) **Use case:** Process standardization and training ``` Create standard operating procedure for [task/process]. Performed by: [role]. Frequency: [how often]. SOP format: 1) Purpose and scope, 2) Responsibilities, 3) Materials/equipment needed, 4) Safety and precautions, 5) Step-by-step procedure (detailed, numbered), 6) Quality checks and acceptance criteria, 7) Troubleshooting common issues, 8) Documentation and records, 9) Visual aids (diagrams/photos descriptions), 10) Revision history. Make clear and actionable for operators. ``` #### Kaizen event planning **Use case:** Rapid improvement and team engagement ``` Plan kaizen event for [improvement opportunity]. Problem: [issue to solve]. Team: [participants]. Duration: [3-5 days typical]. Event plan: 1) Charter and objectives, 2) Current state assessment and data, 3) Target metrics and goals, 4) Daily agenda and activities, 5) Brainstorming and solution development approach, 6) Implementation activities during event, 7) Measurement and validation, 8) Report out and sustainment plan, 9) Follow-up actions and owners. ``` ### Supply Chain Planning & Strategy Develop strategic supply chain plans and optimize network design. #### Supply chain network design **Use case:** Network optimization and strategic planning ``` Design supply chain network for [product/region]. Current network: [describe]. Business requirements: [growth, service level, cost targets]. Design: 1) Demand analysis by geography, 2) Facility location optimization (plants, DCs, warehouses), 3) Capacity requirements per facility, 4) Transportation modes and lanes, 5) Inventory positioning strategy, 6) Network flow and allocation, 7) Cost model (fixed, variable, transportation), 8) Service level impact, 9) Scenario analysis and sensitivity, 10) Implementation roadmap. ``` #### Make vs buy analysis **Use case:** Strategic sourcing and vertical integration decisions ``` Analyze make vs buy decision for [component/service]. Current state: [make or buy]. Volume: [annual quantity]. Analysis: 1) Total cost of making (materials, labor, overhead, equipment), 2) Total cost of buying (price, logistics, quality), 3) Quality comparison, 4) Capacity and capability requirements, 5) Lead time and flexibility, 6) Strategic considerations (IP, control, core competency), 7) Risk assessment, 8) Supplier availability and capability, 9) Financial impact over 3-5 years, 10) Recommendation with justification. ``` #### Demand planning and forecasting **Use case:** Demand management and inventory planning ``` Develop demand forecast for [product/category]. Time horizon: [months/quarters]. Historical data: [describe available data]. Forecasting approach: 1) Data analysis (trends, seasonality, promotions), 2) Forecasting methods evaluation (time series, causal, qualitative), 3) Forecast by period and product, 4) Statistical accuracy metrics (MAPE, bias), 5) Demand drivers and assumptions, 6) New product/market adjustments, 7) Consensus process with sales/marketing, 8) Scenario planning (best/base/worst), 9) Forecast monitoring and adjustment process. ``` #### S&OP process design **Use case:** Integrated planning and cross-functional alignment ``` Design Sales and Operations Planning (S&OP) process for [company]. Current planning: [describe]. Process design: 1) S&OP cycle and calendar (monthly typical), 2) Demand review process and inputs, 3) Supply review process and constraints, 4) Integrated reconciliation meeting, 5) Executive S&OP decision meeting, 6) Roles and responsibilities by function, 7) Key metrics and dashboards, 8) Meeting agendas and templates, 9) Technology and tools, 10) Change management and rollout plan. ``` #### Supply chain risk assessment **Use case:** Supply chain resilience and risk management ``` Conduct supply chain risk assessment for [product line/region]. Scope: [suppliers, logistics, demand, etc.]. Assessment: 1) Risk identification (supplier, geopolitical, natural disaster, quality, etc.), 2) Likelihood and impact scoring, 3) Risk prioritization matrix, 4) Single points of failure, 5) Current mitigation measures, 6) Residual risk levels, 7) Additional mitigation strategies, 8) Business continuity plans, 9) Risk monitoring and triggers, 10) Insurance and financial protections. ``` ### Vendor & Supplier Management Manage vendor relationships and optimize procurement. #### Supplier selection criteria **Use case:** Strategic sourcing and supplier qualification ``` Develop supplier selection criteria for [category: raw materials, components, services, etc.]. Spend: [annual value]. Criticality: [strategic/routine]. Criteria framework: 1) Technical capability (quality, capacity, technology), 2) Financial stability and risk, 3) Pricing and total cost of ownership, 4) Delivery performance and lead time, 5) Quality systems and certifications, 6) Innovation and continuous improvement, 7) Sustainability and ethics, 8) Geographic and risk factors, 9) Weighting and scoring methodology, 10) Qualification and approval process. ``` #### Supplier performance scorecard **Use case:** Supplier performance management and continuous improvement ``` Create supplier performance scorecard for [supplier category]. Key suppliers: [list if specific]. Scorecard design: 1) Performance categories (quality, delivery, cost, service, innovation), 2) Specific metrics per category with definitions, 3) Target and threshold levels, 4) Weighting by category, 5) Scoring methodology and overall rating, 6) Data sources and collection process, 7) Review frequency and governance, 8) Performance-based actions (awards, development, exits), 9) Supplier communication and feedback. ``` #### RFP/RFQ development **Use case:** Competitive sourcing and supplier selection ``` Develop RFP (Request for Proposal) for [product/service]. Procurement scope: [detailed description]. Value: [estimated spend]. RFP structure: 1) Executive summary and background, 2) Scope of work and specifications, 3) Volume and forecast, 4) Delivery and logistics requirements, 5) Quality and compliance requirements, 6) Pricing and payment terms structure, 7) Evaluation criteria and process, 8) Submission requirements and format, 9) Timeline and key dates, 10) Contract terms and conditions. Balance detail with flexibility for innovation. ``` #### Supplier relationship management **Use case:** Strategic supplier partnerships and value creation ``` Design supplier relationship management (SRM) program for [strategic suppliers]. Supplier segmentation: [strategic/preferred/approved/tactical]. Program elements: 1) Supplier segmentation criteria and approach, 2) Relationship model by segment (strategic partnerships vs transactional), 3) Governance structure (executive sponsors, QBRs), 4) Joint improvement initiatives, 5) Information sharing and transparency, 6) Innovation and value creation focus, 7) Risk and disruption management, 8) Performance management and incentives, 9) Communication and escalation, 10) Program metrics and value tracking. ``` #### Spend analysis and savings opportunities **Use case:** Cost reduction and procurement optimization ``` Analyze spend and identify savings for [category/department]. Current spend: [annual amount]. Suppliers: [number]. Analysis: 1) Spend breakdown (by supplier, product, location, etc.), 2) Price variance analysis, 3) Volume leverage opportunities (consolidation), 4) Supplier rationalization potential, 5) Specification and standardization opportunities, 6) Payment terms optimization, 7) Total cost of ownership factors, 8) Market benchmarking, 9) Savings opportunities prioritized with estimates, 10) Implementation roadmap and quick wins. ``` ### Logistics & Transportation Optimize logistics operations and transportation management. #### Transportation mode optimization **Use case:** Transportation cost reduction and service optimization ``` Optimize transportation mode selection for [lane/network]. Current modes: [truck/rail/air/ocean]. Shipment characteristics: [volume, frequency, urgency]. Analysis: 1) Mode comparison (cost, transit time, reliability, capacity), 2) Cost per unit by mode, 3) Service level requirements and trade-offs, 4) Intermodal opportunities, 5) Seasonal and demand variability, 6) Carbon footprint by mode, 7) Risk and disruption considerations, 8) Contract vs spot market, 9) Recommended mode mix and allocation, 10) Expected cost savings and service impact. ``` #### Route optimization plan **Use case:** Last-mile delivery optimization and fleet efficiency ``` Optimize delivery routes for [region/operation]. Fleet: [number and type of vehicles]. Stops: [customer locations and volumes]. Constraints: [time windows, capacity, hours]. Optimization: 1) Current route analysis (distance, time, utilization), 2) Optimization objectives (cost, time, service), 3) Route clustering and sequencing, 4) Vehicle loading and capacity utilization, 5) Time window compliance, 6) Driver workload balancing, 7) Optimized route plan with maps, 8) Expected improvements (miles, time, cost), 9) Dynamic routing and adjustments, 10) Technology/tool recommendations. ``` #### Freight cost analysis **Use case:** Freight cost management and carrier optimization ``` Analyze freight costs and identify reduction opportunities for [network/lanes]. Annual freight spend: [amount]. Carriers: [number]. Analysis: 1) Freight spend breakdown (by lane, mode, carrier, product), 2) Cost per unit ($/lb, $/mile, $/shipment), 3) Rate benchmarking and market comparison, 4) Service level and on-time performance, 5) Consolidation and volume leverage, 6) Backhaul and network optimization, 7) Carrier negotiation opportunities, 8) Modal shifts and intermodal, 9) Cost reduction initiatives ranked, 10) Implementation plan and savings targets. ``` #### Warehouse layout optimization **Use case:** Warehouse efficiency and space optimization ``` Optimize warehouse layout for [facility]. Size: [square feet]. Operations: [receiving, storage, picking, packing, shipping]. SKUs: [number]. Current challenges: [describe issues]. Optimization: 1) Activity and flow analysis, 2) Zone design (receiving, storage, picking, packing, shipping), 3) Storage strategy (bulk, pick, reserve), 4) Slotting optimization (ABC analysis, velocity), 5) Picking path optimization, 6) Material handling equipment, 7) Layout design with dimensions, 8) Throughput and capacity analysis, 9) Space utilization improvement, 10) Implementation approach and costs. ``` #### 3PL selection and management **Use case:** Outsourcing decisions and 3PL partnership management ``` Select and manage 3PL (third-party logistics) partner for [operations: warehousing, transportation, fulfillment]. Scope: [geography, volume, services]. Process: 1) Requirements definition and scope, 2) Service level and performance expectations, 3) 3PL evaluation criteria and RFP, 4) Shortlist and site visits, 5) Cost modeling and comparison, 6) Contract negotiation (pricing, terms, SLAs), 7) Implementation and transition plan, 8) Governance and performance management, 9) Continuous improvement and relationship, 10) Exit strategy and contingency. ``` ### Inventory Management Optimize inventory levels and improve working capital. #### Inventory optimization model **Use case:** Inventory reduction and service level optimization ``` Develop inventory optimization model for [product category]. Current inventory: [days/dollars]. Service level target: [%]. Model components: 1) Demand characterization (mean, variability, seasonality), 2) Lead time analysis (supplier and internal), 3) Service level targets by product segment, 4) Safety stock calculations (statistical methods), 5) Reorder points and order quantities, 6) ABC/XYZ segmentation and policies, 7) Inventory cost model (holding, ordering, stockout), 8) Optimal inventory levels by SKU/location, 9) Expected working capital improvement, 10) Implementation and monitoring. ``` #### SKU rationalization analysis **Use case:** SKU complexity reduction and profitability improvement ``` Analyze SKU portfolio for rationalization opportunity. Current SKUs: [number]. Categories: [list]. Analysis: 1) SKU profitability analysis (revenue, margin, volume), 2) Demand frequency and velocity, 3) Inventory carrying costs by SKU, 4) Cannibalization and overlap, 5) Complexity costs (procurement, storage, planning), 6) Customer impact assessment, 7) Discontinuation candidates (slow-moving, unprofitable), 8) Consolidation opportunities, 9) Financial impact of rationalization, 10) Implementation plan and customer communication. ``` #### Cycle counting program **Use case:** Inventory accuracy and operational excellence ``` Design cycle counting program for [warehouse/distribution center]. SKUs: [number]. Current accuracy: [%]. Program design: 1) Cycle count method (ABC, random, control group), 2) Count frequency by product classification, 3) Count procedures and instructions, 4) Variance thresholds and investigation, 5) Root cause analysis process, 6) Corrective action and process improvement, 7) Responsibilities and staffing, 8) Technology and tools, 9) Accuracy metrics and targets, 10) Continuous improvement and rewards. ``` #### Obsolete inventory management **Use case:** Working capital recovery and waste reduction ``` Manage obsolete and slow-moving inventory for [location/category]. Current obsolete value: [amount]. Causes: [describe]. Program: 1) Obsolescence definition and criteria, 2) Inventory aging analysis, 3) Root cause identification (demand changes, over-ordering, quality), 4) Disposition options (discount, return, scrap, donate), 5) Financial impact and write-off, 6) Recovery value maximization, 7) Prevention measures (forecasting, planning, policy), 8) Obsolescence reserve policy, 9) Monitoring and metrics, 10) Cross-functional accountability. ``` #### Multi-echelon inventory optimization **Use case:** Network inventory optimization and service improvement ``` Optimize inventory across supply chain echelons for [product/network]. Echelons: [factory, regional DC, local warehouses, etc.]. Current inventory: [by location]. Optimization: 1) Network structure and flow, 2) Lead times between echelons, 3) Demand variability by location, 4) Service level targets by location, 5) Inventory positioning strategy, 6) Safety stock allocation by echelon, 7) Replenishment policies and parameters, 8) Total network inventory reduction, 9) Cost vs service trade-offs, 10) Implementation and technology needs. ``` ### Quality Management & Control Implement quality control systems and drive continuous improvement. #### Quality control plan **Use case:** Quality assurance and defect prevention ``` Develop quality control plan for [product/process]. Specifications: [key quality characteristics]. Production volume: [rate]. QC plan: 1) Quality characteristics and specifications, 2) Inspection points (incoming, in-process, final), 3) Sampling plan (frequency, sample size) using statistical methods, 4) Measurement and test methods, 5) Accept/reject criteria, 6) Inspection equipment and calibration, 7) Documentation and records, 8) Non-conformance handling, 9) Continuous improvement process, 10) Responsibilities and training. ``` #### Root cause analysis (8D/5 Whys) **Use case:** Problem solving and corrective action ``` Conduct root cause analysis for [quality issue/defect]. Problem: [describe symptom]. Impact: [customer/cost]. Use 8D methodology: 1) D1: Team formation, 2) D2: Problem description (with data), 3) D3: Interim containment actions, 4) D4: Root cause identification (5 Whys, fishbone), 5) D5: Permanent corrective actions, 6) D6: Implementation and verification, 7) D7: Prevention and systemic fixes, 8) D8: Recognition and closure. Include timeline and accountability. ``` #### Supplier quality management **Use case:** Supply chain quality and risk reduction ``` Establish supplier quality management system for [supplier base]. Categories: [critical/major suppliers]. System components: 1) Supplier quality requirements and standards, 2) Incoming inspection and testing, 3) Supplier quality metrics (PPM, DPPM, yield), 4) Supplier scorecards and reviews, 5) Non-conformance and corrective action process, 6) Supplier audits and assessments, 7) Supplier development and improvement, 8) Qualification and approval process, 9) De-listing criteria and actions, 10) Collaboration and communication. ``` #### Statistical process control (SPC) **Use case:** Process control and variation reduction ``` Implement SPC for [process]. Process: [describe operation]. Quality characteristic: [measurement]. SPC implementation: 1) Process capability study (Cp, Cpk), 2) Control chart selection (X-bar/R, p-chart, etc.), 3) Control limits calculation, 4) Sampling plan and frequency, 5) Chart interpretation and rules, 6) Out-of-control response procedures, 7) Process improvement when capable, 8) Operator training, 9) Data collection and charting system, 10) Continuous monitoring and review. ``` #### CAPA system design **Use case:** Quality system compliance and continuous improvement ``` Design Corrective and Preventive Action (CAPA) system for [organization]. Compliance: [ISO/FDA/industry standards]. System design: 1) CAPA triggers (non-conformances, audits, customer complaints), 2) Issue reporting and documentation, 3) Investigation and root cause analysis, 4) Corrective action development, 5) Preventive action identification, 6) Implementation and verification, 7) Effectiveness checks, 8) CAPA metrics and trending, 9) Management review, 10) Continuous improvement integration. Include workflow and ownership. ``` ### Production Planning & Scheduling Optimize production planning and shop floor scheduling. #### Master production schedule (MPS) **Use case:** Production planning and demand fulfillment ``` Develop master production schedule for [product family]. Planning horizon: [weeks/months]. Demand: [forecast and orders]. MPS development: 1) Demand aggregation and netting, 2) Available capacity analysis, 3) Inventory policy (safety stock, lot sizing), 4) MPS by period and product, 5) Capacity requirements planning (CRP), 6) Material requirements planning (MRP) impact, 7) Constraint management, 8) Scenario planning and flexibility, 9) MPS performance metrics, 10) Review and adjustment process. ``` #### Production scheduling optimization **Use case:** Shop floor efficiency and on-time delivery ``` Optimize production schedule for [facility/line]. Products: [number of SKUs]. Constraints: [changeovers, capacity, materials, etc.]. Scheduling approach: 1) Demand and priority analysis, 2) Capacity and constraint identification, 3) Sequencing rules and optimization (minimize changeovers, maximize throughput), 4) Batch sizing and lot consolidation, 5) Detailed schedule (Gantt chart), 6) Material and resource readiness, 7) Schedule stability and nervousness, 8) KPIs (on-time, utilization, efficiency), 9) Schedule execution and tracking, 10) Continuous improvement. ``` #### Changeover time reduction (SMED) **Use case:** Flexibility improvement and capacity increase ``` Reduce changeover time for [equipment/line]. Current changeover time: [duration]. Target: [goal]. Apply SMED (Single Minute Exchange of Die): 1) Current changeover observation and time study, 2) Separate internal vs external activities, 3) Convert internal to external activities, 4) Streamline internal activities, 5) Streamline external activities, 6) Standardize and document new procedure, 7) Training and implementation, 8) Quick changeover kits and tools, 9) Continuous improvement, 10) Expected impact on capacity and flexibility. ``` #### Capacity planning analysis **Use case:** Strategic capacity planning and capital investment ``` Conduct capacity planning for [production facility]. Planning horizon: [12-36 months]. Demand forecast: [growth projection]. Analysis: 1) Current capacity by resource/work center, 2) Capacity utilization and bottlenecks, 3) Future demand by product family, 4) Capacity requirements planning, 5) Capacity gap analysis, 6) Capacity expansion options (equipment, shifts, outsourcing), 7) Capital requirements and timing, 8) Financial analysis (NPV, payback), 9) Risk and flexibility considerations, 10) Recommended capacity strategy. ``` #### Material requirements planning (MRP) **Use case:** Material planning and inventory optimization ``` Configure MRP system for [product/BOM]. Planning parameters needed: 1) Bill of materials (BOM) structure and accuracy, 2) Lead times by component, 3) Lot sizing rules (EOQ, lot-for-lot, period order quantity), 4) Safety stock and reorder points, 5) Order policy by item (make vs buy), 6) Planning horizon and time buckets, 7) MRP run frequency, 8) Exception management (expedite, de-expedite), 9) Planner responsibilities, 10) MRP performance metrics and tuning. Ensure data accuracy and process discipline. ``` --- ## AI for Data Science & Analytics **Category:** Data Science & Analytics **Prompts:** 35 **Description:** Data science and analytics prompts covering exploratory data analysis, statistical modeling, machine learning workflows, data visualization, and predictive analytics. **Tags:** Data Science, Analytics, Machine Learning, Work Users ### Exploratory Data Analysis (EDA) Understand and explore datasets through systematic analysis. #### Initial data profiling **Use case:** Data understanding and quality assessment ``` Perform initial data profiling for [dataset name]. Dataset context: [source, purpose]. Variables: [number of columns]. Analysis should include: 1) Dataset dimensions and structure, 2) Variable types identification (numeric, categorical, datetime, text), 3) Summary statistics per variable (mean, median, std, min, max, percentiles), 4) Missing value analysis (count, percentage per variable), 5) Duplicate records check, 6) Data type inconsistencies, 7) Unusual values or outliers flagged, 8) Key observations and data quality issues, 9) Recommended data cleaning steps. ``` #### Univariate analysis **Use case:** Single variable deep dive and understanding ``` Conduct univariate analysis for [variable name] in [dataset]. Variable type: [numeric/categorical]. Analysis: 1) Distribution visualization description (histogram, box plot, density plot), 2) Central tendency measures (mean, median, mode), 3) Dispersion measures (variance, std dev, IQR), 4) Skewness and kurtosis, 5) Outlier detection and quantification, 6) Normality assessment (if numeric), 7) Frequency distribution (if categorical), 8) Missing values and treatment options, 9) Business interpretation of distribution, 10) Feature engineering ideas. ``` #### Bivariate correlation analysis **Use case:** Relationship exploration and hypothesis generation ``` Analyze relationship between [variable 1] and [variable 2]. Variable types: [specify]. Dataset: [name]. Analysis should cover: 1) Correlation coefficient and interpretation, 2) Scatter plot or appropriate visualization description, 3) Statistical significance testing, 4) Non-linear relationship assessment, 5) Outlier influence on correlation, 6) Confounding variable considerations, 7) Causation vs correlation discussion, 8) Segmented analysis (by category if relevant), 9) Business implications of relationship, 10) Further investigation recommendations. ``` #### Feature importance analysis **Use case:** Feature selection and model preparation ``` Analyze feature importance for predicting [target variable]. Dataset: [name]. Features: [number and types]. Methods to apply: 1) Correlation with target, 2) Random Forest feature importance, 3) Permutation importance, 4) SHAP values analysis, 5) Mutual information scores, 6) Domain knowledge integration, 7) Multicollinearity check (VIF), 8) Feature ranking and selection, 9) Interaction effects identification, 10) Recommended feature set for modeling with rationale. ``` #### Data quality assessment **Use case:** Data governance and trust building ``` Assess data quality for [dataset/database table]. Critical use: [how data will be used]. Quality dimensions to evaluate: 1) Completeness (missing values analysis), 2) Accuracy (validation against source/rules), 3) Consistency (cross-field validation, duplicates), 4) Timeliness (data freshness, update frequency), 5) Validity (format, range, domain checks), 6) Uniqueness (primary key integrity), 7) Quality score by dimension, 8) Root cause analysis for issues, 9) Data quality improvement plan, 10) Monitoring and governance recommendations. ``` ### Statistical Analysis & Testing Apply statistical methods to test hypotheses and draw inferences. #### A/B test analysis **Use case:** Experiment evaluation and decision making ``` Analyze A/B test results for [test name]. Metric: [primary KPI]. Groups: Control (n=[size]), Variant (n=[size]). Results: [provide data]. Analysis: 1) Sample size and power calculation validation, 2) Descriptive statistics per group, 3) Statistical test selection (t-test, Mann-Whitney, proportions test), 4) Test assumptions verification, 5) P-value and statistical significance, 6) Effect size calculation (Cohen's d, relative lift), 7) Confidence intervals, 8) Practical significance assessment, 9) Segment analysis (if applicable), 10) Recommendation and business impact. ``` #### Hypothesis testing framework **Use case:** Scientific approach to business questions ``` Design hypothesis test for [research question]. Context: [business problem]. Data available: [describe]. Framework: 1) Null and alternative hypotheses (clear statements), 2) Test selection (parametric vs non-parametric), 3) Significance level (alpha) justification, 4) Sample size calculation, 5) Test assumptions and validation, 6) Data collection plan, 7) Analysis methodology, 8) Interpretation guidelines, 9) Type I and Type II error considerations, 10) Action plan based on results. ``` #### Time series decomposition **Use case:** Time series understanding and forecasting preparation ``` Decompose time series for [metric/variable]. Data: [frequency, time span]. Analysis objective: [forecasting/trend analysis/anomaly detection]. Decomposition: 1) Time series plot and visual inspection, 2) Trend component extraction and interpretation, 3) Seasonal component identification and pattern, 4) Cyclic components (if present), 5) Residual/irregular component analysis, 6) Stationarity testing (ADF test), 7) Autocorrelation analysis (ACF, PACF), 8) Seasonality strength quantification, 9) Business interpretation of components, 10) Implications for forecasting approach. ``` #### Regression analysis design **Use case:** Predictive modeling and inference ``` Design regression analysis for [problem]. Target variable: [dependent variable]. Predictors: [independent variables]. Analysis plan: 1) Regression type selection (linear, logistic, polynomial, etc.), 2) Variable transformations needed, 3) Interaction terms to test, 4) Train/test split strategy, 5) Model assumptions to verify (linearity, homoscedasticity, normality, independence), 6) Multicollinearity assessment (VIF), 7) Regularization considerations (Ridge, Lasso), 8) Model evaluation metrics, 9) Interpretation approach (coefficients, odds ratios), 10) Validation and sensitivity analysis. ``` #### Survival analysis setup **Use case:** Time-to-event analysis and risk modeling ``` Set up survival analysis for [event: customer churn, equipment failure, etc.]. Time variable: [duration]. Event indicator: [occurred or censored]. Covariates: [predictors]. Analysis approach: 1) Survival data structure and censoring, 2) Kaplan-Meier survival curves by group, 3) Log-rank test for group comparison, 4) Cox proportional hazards model, 5) Hazard ratios and interpretation, 6) Proportional hazards assumption testing, 7) Time-varying covariates (if needed), 8) Model diagnostics and validation, 9) Predicted survival probabilities, 10) Business applications and insights. ``` ### Machine Learning Workflows Build, train, and deploy machine learning models systematically. #### ML problem formulation **Use case:** ML project initiation and scoping ``` Formulate machine learning problem for [business objective]. Current process: [describe]. Problem definition: 1) Business problem clearly stated, 2) ML problem type (classification, regression, clustering, etc.), 3) Target variable definition and measurement, 4) Success metrics and evaluation criteria, 5) Available data sources and features, 6) Constraints and requirements (latency, interpretability, fairness), 7) Baseline approach and performance, 8) Expected business impact of solution, 9) Data requirements and collection plan, 10) Project scope and milestones. ``` #### Feature engineering strategy **Use case:** Model input preparation and enhancement ``` Develop feature engineering strategy for [ML problem]. Raw data: [describe available data]. Target: [prediction objective]. Feature engineering plan: 1) Domain knowledge integration, 2) Numerical transformations (scaling, binning, interactions), 3) Categorical encoding (one-hot, target, embeddings), 4) Datetime feature extraction (hour, day, month, seasonality), 5) Text feature extraction (TF-IDF, word embeddings), 6) Aggregation and rolling window features, 7) Missing value imputation strategy, 8) Feature scaling/normalization, 9) Dimensionality reduction considerations, 10) Feature validation and selection process. ``` #### Model selection framework **Use case:** Algorithm selection and experimentation design ``` Select appropriate ML algorithm for [problem type]. Dataset size: [rows]. Features: [number]. Requirements: [interpretability, speed, accuracy priorities]. Evaluation: 1) Problem characteristics analysis, 2) Algorithm candidates (with pros/cons): Linear models, tree-based (RF, XGBoost, LightGBM), Neural networks, SVMs, etc., 3) Complexity vs performance trade-off, 4) Training time and inference speed, 5) Interpretability requirements, 6) Data size and feature considerations, 7) Hyperparameter tuning complexity, 8) Recommended approach with rationale, 9) Ensemble methods consideration, 10) Experimentation plan (compare 2-3 algorithms). ``` #### Model training and validation **Use case:** Model development and performance optimization ``` Design training and validation strategy for [model type]. Dataset: [size and characteristics]. Approach: 1) Train/validation/test split (ratios and strategy), 2) Cross-validation method (k-fold, stratified, time-series), 3) Evaluation metrics selection (accuracy, precision, recall, AUC, RMSE, etc.), 4) Class imbalance handling (if applicable), 5) Hyperparameter tuning approach (grid search, random search, Bayesian), 6) Early stopping and overfitting prevention, 7) Model ensemble strategy, 8) Validation results interpretation, 9) Error analysis and failure modes, 10) Final model selection criteria. ``` #### Model deployment plan **Use case:** Model productionization and MLOps ``` Plan ML model deployment for [use case]. Model: [algorithm and purpose]. Production requirements: [latency, scale, uptime]. Deployment plan: 1) Model serialization and versioning, 2) API design and endpoint structure, 3) Infrastructure requirements (compute, storage), 4) Scaling strategy (horizontal, vertical), 5) Monitoring and logging (predictions, performance, drift), 6) A/B testing or canary deployment, 7) Rollback and failover procedures, 8) Model retraining pipeline and triggers, 9) Security and access control, 10) Documentation and handoff to engineering. ``` ### Data Visualization & Reporting Create effective visualizations and data-driven reports. #### Dashboard design **Use case:** Business intelligence and data democratization ``` Design analytics dashboard for [audience: executives, managers, analysts]. Purpose: [monitoring, exploration, reporting]. Metrics: [key KPIs]. Dashboard structure: 1) Primary metrics and KPIs (top of dashboard), 2) Supporting metrics and dimensions, 3) Visualization type per metric (chart, table, gauge, map), 4) Filters and interactivity, 5) Time period selection, 6) Drill-down capabilities, 7) Color coding and thresholds, 8) Layout and information hierarchy, 9) Refresh frequency and data latency, 10) Mobile responsiveness considerations. ``` #### Chart selection guide **Use case:** Effective data communication ``` Select appropriate visualization for [data and message]. Data type: [categorical, numerical, time-series, geographic]. Communication goal: [comparison, distribution, relationship, composition, trend]. Analysis: 1) Data structure and dimensionality, 2) Message to communicate, 3) Audience expertise level, 4) Chart type candidates with pros/cons, 5) Recommended primary visualization, 6) Supporting charts if needed, 7) Design principles (labels, colors, scales), 8) Common pitfalls to avoid, 9) Accessibility considerations, 10) Interactive vs static decision. ``` #### Executive summary creation **Use case:** Leadership communication and decision support ``` Create executive summary for [analysis/project]. Audience: [C-level, board, senior management]. Page limit: [1-2 pages]. Structure: 1) Headline/key takeaway (one sentence), 2) Business context and question, 3) Analysis approach (brief), 4) Key findings (3-5 bullet points with data), 5) Primary visualization (one impactful chart), 6) Business implications, 7) Recommended actions, 8) Implementation timeline, 9) Expected impact (quantified), 10) Next steps and decision needed. Use executive-friendly language, avoid jargon. ``` #### Storytelling with data **Use case:** Persuasive analytics and stakeholder engagement ``` Craft data story for [insight/finding]. Data: [key statistics]. Audience: [specify]. Story structure: 1) Hook (interesting finding or question), 2) Context and why it matters, 3) Data journey (how insight was discovered), 4) Key visualizations with narrative flow, 5) Supporting evidence and validation, 6) Counter-arguments addressed, 7) Implications and so what, 8) Call to action, 9) Emotional connection to audience, 10) Memorable closing. Balance data rigor with compelling narrative. ``` #### Automated reporting design **Use case:** Operational reporting and efficiency ``` Design automated report for [business process]. Frequency: [daily, weekly, monthly]. Recipients: [stakeholders]. Report components: 1) Report objectives and KPIs, 2) Data sources and refresh schedule, 3) Report sections and layout, 4) Standard vs exception-based content, 5) Conditional formatting and alerts, 6) Period-over-period comparisons, 7) Commentary and insight automation, 8) Distribution method (email, portal, API), 9) Personalization by recipient, 10) Maintenance and update process. ``` ### Predictive Analytics & Forecasting Develop forecasting models and predictive solutions. #### Demand forecasting model **Use case:** Supply chain and business planning ``` Build demand forecast model for [product/service]. Historical data: [time span and granularity]. Forecast horizon: [periods ahead]. Model development: 1) Historical pattern analysis (trend, seasonality, events), 2) Forecasting method selection (ARIMA, Prophet, ML, ensemble), 3) Feature engineering (lags, rolling means, external factors), 4) Model training and hyperparameter tuning, 5) Forecast accuracy metrics (MAPE, RMSE, MAE), 6) Confidence intervals and uncertainty quantification, 7) Scenario forecasts (best/base/worst), 8) Model validation (backtesting), 9) Forecast presentation and visualization, 10) Monitoring and retraining strategy. ``` #### Churn prediction model **Use case:** Customer retention and CLV optimization ``` Develop customer churn prediction model. Customer base: [size and type]. Definition of churn: [specify time window]. Model approach: 1) Churn label definition and calculation, 2) Feature engineering (usage, engagement, support, demographics), 3) Time-based train/test split, 4) Class imbalance handling (SMOTE, weighting), 5) Algorithm selection and training, 6) Evaluation metrics (AUC-ROC, precision/recall, lift), 7) Churn probability interpretation, 8) Feature importance and drivers, 9) Segmentation and risk tiers, 10) Intervention strategy and expected ROI. ``` #### Anomaly detection system **Use case:** Fraud detection, system monitoring, quality control ``` Design anomaly detection system for [data stream: transactions, logs, metrics, etc.]. Normal behavior: [describe patterns]. Detection requirements: [real-time, batch]. System design: 1) Anomaly definition (point, contextual, collective), 2) Method selection (statistical, ML-based, rule-based), 3) Baseline and normal behavior modeling, 4) Anomaly score calculation, 5) Threshold determination (sensitivity tuning), 6) Alert generation and prioritization, 7) False positive management, 8) Feedback loop for model improvement, 9) Visualization and investigation tools, 10) Integration and deployment. ``` #### Recommendation system design **Use case:** Personalization and user engagement ``` Design recommendation system for [users and items]. Data available: [user behavior, item attributes, ratings]. Scale: [users, items]. System approach: 1) Recommendation objective (accuracy, diversity, novelty), 2) Method selection (collaborative filtering, content-based, hybrid), 3) Cold start problem handling, 4) Matrix factorization or embedding approach, 5) Real-time vs batch recommendations, 6) Evaluation metrics (precision@k, NDCG, coverage), 7) A/B testing framework, 8) Explainability and transparency, 9) Bias and fairness considerations, 10) Scalability and performance optimization. ``` #### Risk scoring model **Use case:** Credit risk, insurance underwriting, fraud prevention ``` Develop risk scoring model for [application: credit, insurance, fraud, etc.]. Historical outcomes: [default rate, claim rate, fraud rate]. Model development: 1) Risk definition and target variable, 2) Feature engineering (demographic, behavioral, historical), 3) Model selection (logistic regression, XGBoost, etc.), 4) Score calibration and scaling (0-1000 or similar), 5) Score segmentation (risk tiers), 6) Validation and performance metrics (KS, Gini, AUC), 7) Regulatory compliance (fairness, explainability), 8) Score card development if needed, 9) Score monitoring and drift detection, 10) Override rules and business integration. ``` ### Big Data & Data Engineering Work with large-scale data processing and pipelines. #### Data pipeline architecture **Use case:** Data infrastructure and ETL/ELT processes ``` Design data pipeline for [use case]. Data sources: [list]. Data volume: [size and velocity]. Pipeline requirements: 1) Source system integration (APIs, databases, files), 2) Ingestion strategy (batch, streaming, CDC), 3) Data transformation logic (cleaning, enrichment, aggregation), 4) Storage layer design (data lake, warehouse, lakehouse), 5) Processing framework (Spark, Airflow, dbt), 6) Orchestration and scheduling, 7) Data quality checks and validation, 8) Error handling and retry logic, 9) Monitoring and alerting, 10) Scalability and cost optimization. ``` #### Data warehouse schema design **Use case:** Analytics infrastructure and business intelligence ``` Design data warehouse schema for [business domain]. Data sources: [transactional systems]. Analysis needs: [reporting, analytics use cases]. Schema design: 1) Schema type selection (star, snowflake, data vault), 2) Fact table design (grain, measures), 3) Dimension table design (attributes, hierarchies), 4) Slowly changing dimension (SCD) strategy, 5) Data partitioning approach, 6) Indexing and performance optimization, 7) Data retention and archival policy, 8) Security and access control, 9) Documentation and data dictionary, 10) Incremental load strategy. ``` #### Spark optimization strategy **Use case:** Big data processing optimization ``` Optimize Spark job for [processing task]. Current performance: [runtime, resource usage]. Data size: [volume]. Optimization approach: 1) Job profiling and bottleneck identification, 2) Partitioning strategy optimization, 3) Shuffling reduction techniques, 4) Caching and persistence strategy, 5) Broadcast join optimization, 6) Memory and executor configuration tuning, 7) Data serialization format (Parquet, ORC), 8) Predicate pushdown and filter optimization, 9) Skew handling techniques, 10) Expected performance improvement and cost savings. ``` #### Data lake organization **Use case:** Scalable data storage and management ``` Organize data lake structure for [organization]. Data types: [structured, semi-structured, unstructured]. Use cases: [analytics, ML, reporting]. Organization design: 1) Zone architecture (raw, curated, refined), 2) Directory structure and naming conventions, 3) File format standards (Parquet, Avro, JSON), 4) Partitioning strategy by date/category, 5) Metadata management approach, 6) Data catalog and discovery, 7) Access control and security, 8) Data lifecycle and retention policies, 9) Cost optimization (storage tiers), 10) Governance and data quality framework. ``` #### Real-time streaming analytics **Use case:** Real-time monitoring and decision making ``` Design real-time streaming analytics for [use case]. Data stream: [source and rate]. Processing requirements: [latency, throughput]. Architecture: 1) Streaming platform selection (Kafka, Kinesis, Pub/Sub), 2) Stream processing framework (Spark Streaming, Flink, Kafka Streams), 3) Windowing strategy (tumbling, sliding, session), 4) Aggregation and stateful processing, 5) Late data and out-of-order handling, 6) Exactly-once vs at-least-once semantics, 7) Output sinks (databases, dashboards, alerts), 8) Monitoring and lag management, 9) Fault tolerance and recovery, 10) Scalability and backpressure handling. ``` ### Advanced Analytics & AI Apply advanced techniques including NLP, computer vision, and deep learning. #### NLP text classification **Use case:** Document classification, sentiment analysis, chatbots ``` Build text classification model for [use case: sentiment, topic, intent]. Text data: [source and volume]. Classes: [categories]. Approach: 1) Text preprocessing (tokenization, cleaning, stopwords), 2) Feature extraction (TF-IDF, word2vec, BERT embeddings), 3) Model selection (Naive Bayes, SVM, deep learning), 4) Training data preparation and labeling, 5) Class imbalance handling, 6) Model training and hyperparameter tuning, 7) Evaluation metrics (F1, precision, recall per class), 8) Error analysis and misclassification patterns, 9) Interpretability (feature importance, attention), 10) Production deployment and monitoring. ``` #### Deep learning model architecture **Use case:** Complex pattern recognition and prediction ``` Design deep learning architecture for [problem: image classification, time series, NLP]. Data: [type and size]. Requirements: [accuracy, inference speed]. Architecture design: 1) Network type selection (CNN, RNN, Transformer, hybrid), 2) Layer architecture and depth, 3) Activation functions and regularization, 4) Optimization strategy (optimizer, learning rate, batch size), 5) Data augmentation techniques, 6) Transfer learning considerations, 7) Training strategy (epochs, early stopping, checkpointing), 8) Evaluation and validation approach, 9) Model compression (pruning, quantization) if needed, 10) Hardware requirements and deployment. ``` #### Clustering analysis **Use case:** Customer segmentation, pattern discovery ``` Perform clustering analysis for [data/customers/products]. Objective: [segmentation, pattern discovery]. Data: [variables and size]. Analysis approach: 1) Feature selection and engineering, 2) Feature scaling and normalization, 3) Clustering algorithm selection (K-means, hierarchical, DBSCAN), 4) Optimal cluster number determination (elbow, silhouette), 5) Cluster assignment and profiling, 6) Cluster interpretation and naming, 7) Validation and stability assessment, 8) Visualization (PCA, t-SNE for high dimensions), 9) Business insights per cluster, 10) Actionable recommendations per segment. ``` #### AutoML experimentation **Use case:** Rapid prototyping and model exploration ``` Set up AutoML experiment for [ML problem]. Dataset: [description]. Constraints: [time, compute budget]. AutoML configuration: 1) Problem type and evaluation metric, 2) Feature engineering scope (automatic vs manual), 3) Algorithm search space, 4) Hyperparameter optimization strategy, 5) Time and resource budget, 6) Cross-validation strategy, 7) Ensemble and stacking options, 8) Model interpretability requirements, 9) Results analysis and model selection, 10) Comparison with baseline and custom models. ``` #### Causal inference analysis **Use case:** Impact evaluation and decision causality ``` Design causal inference study for [treatment/intervention]. Outcome: [variable of interest]. Confounders: [potential variables]. Approach: 1) Causal graph (DAG) construction, 2) Identification of confounders and mediators, 3) Method selection (RCT, propensity score matching, instrumental variables, diff-in-diff), 4) Treatment and control group definition, 5) Covariate balance assessment, 6) Treatment effect estimation (ATE, ATT), 7) Sensitivity analysis and robustness checks, 8) Assumption validation, 9) Statistical significance and confidence intervals, 10) Causal interpretation and business implications. ``` --- ## AI for Communications & PR **Category:** Communications & PR **Prompts:** 36 **Description:** Communications and PR prompts covering internal communications, external messaging, crisis management, media relations, executive communications, and brand storytelling. **Tags:** Communications, Public Relations, Media, Work Users ### Internal Communications Engage employees and build internal alignment through effective communications. #### Company-wide announcement **Use case:** Employee engagement and organizational transparency ``` Draft company-wide announcement for [topic: new initiative, organizational change, achievement, etc.]. Audience: [all employees/specific groups]. Key messages: [main points to communicate]. Include: 1) Attention-grabbing subject line, 2) Clear headline, 3) Context and background (why this matters), 4) Key details and timeline, 5) Impact on employees, 6) What happens next, 7) Where to get more information, 8) Call to action if needed. Tone: [informative/celebratory/empathetic]. Keep concise and scannable. ``` #### CEO/Executive message **Use case:** Executive visibility and leadership communication ``` Write message from [CEO/executive name] to employees about [topic]. Context: [situation or announcement]. Message should: 1) Open with personal connection or observation, 2) State the purpose clearly, 3) Provide necessary context, 4) Share the decision/update/reflection, 5) Explain the 'why' behind it, 6) Acknowledge employee perspective, 7) Outline what's next, 8) Close with inspiration or call to action. Voice: [authentic, conversational but professional]. Length: [300-500 words]. ``` #### Change management communication plan **Use case:** Change management and employee adoption ``` Create communication plan for [organizational change]. Change: [describe what's changing]. Timeline: [implementation period]. Stakeholders: [affected groups]. Plan should include: 1) Communication objectives, 2) Key messages by stakeholder group, 3) Communication channels and tactics, 4) Timeline and frequency, 5) Two-way communication approach, 6) FAQ development, 7) Leadership talking points, 8) Feedback mechanisms, 9) Success metrics. Address resistance and concerns proactively. ``` #### Employee newsletter content **Use case:** Regular employee engagement and information sharing ``` Develop employee newsletter for [month]. Sections to include: 1) Opening message (leadership note), 2) Company news and updates (3-4 items), 3) Employee spotlight or recognition, 4) Upcoming events and deadlines, 5) Learning/development opportunity, 6) Fun or culture content, 7) Resources and links. Tone: [engaging, informative, community-building]. Include mix of strategic and human-interest content. Suggest subject line and preview text. ``` #### Town hall meeting script **Use case:** Large-group employee communication and dialogue ``` Create script for town hall meeting on [topic]. Presenters: [roles]. Duration: [time]. Script structure: 1) Welcome and agenda (2 min), 2) Opening context/state of business (5 min), 3) Main topic presentation (10-15 min), 4) Employee perspectives/panel (if applicable), 5) Q&A facilitation, 6) Closing and next steps (3 min). Include: Speaker notes, transition points, slide cues, time checks, anticipated questions with suggested responses. Make interactive and engaging. ``` #### Difficult news communication **Use case:** Sensitive internal communications and crisis moments ``` Communicate difficult news about [layoffs/restructuring/bad business results/other]. Audience: [affected employees/all staff]. Message must: 1) Lead with empathy and directness, 2) Explain the situation clearly (avoid corporate speak), 3) Provide context and business rationale, 4) Detail what this means for employees, 5) Outline support being provided, 6) Share timeline and process, 7) Provide resources and contacts, 8) Acknowledge emotions, 9) Explain how to get questions answered. Be transparent, compassionate, and action-oriented. ``` ### External Communications & Messaging Craft compelling external messages for various audiences. #### Press release **Use case:** Media outreach and news distribution ``` Write press release for [announcement: product launch, partnership, milestone, funding, etc.]. Include: 1) Attention-grabbing headline (8-12 words), 2) Dateline and lead paragraph (who, what, when, where, why), 3) Quote from executive/key stakeholder, 4) Supporting details and context, 5) Second quote (customer/partner if relevant), 6) Implications and benefits, 7) Call to action, 8) Boilerplate about company, 9) Media contact information. Follow AP style. Length: [400-600 words]. ``` #### Media pitch **Use case:** Proactive media relations and story placement ``` Create media pitch for [story angle]. Target publication: [media outlet]. Journalist: [name if known]. Pitch should: 1) Subject line that hooks interest, 2) Personalized opening (reference their beat/recent article), 3) Clear story angle in 1-2 sentences, 4) Why this matters now (timeliness/relevance), 5) What's unique or exclusive, 6) Supporting data or evidence, 7) Interview source availability, 8) Additional resources available, 9) Simple ask and contact info. Length: [150-200 words]. Tone: conversational but professional. ``` #### Corporate statement **Use case:** Issue management and corporate positioning ``` Draft corporate statement regarding [issue/event]. Context: [situation background]. Statement needs: 1) Clear position or response to the issue, 2) Key facts (what we know), 3) Actions being taken, 4) Commitment or values statement, 5) What comes next, 6) Contact for more information. Tone: [empathetic/authoritative/measured]. Keep to [100-150 words]. Ensure legally reviewed if needed. Avoid defensive language. ``` #### Thought leadership article **Use case:** Executive visibility and brand authority ``` Write thought leadership article on [topic] for [target publication/audience]. Byline: [executive name and title]. Article should: 1) Hook with compelling opening (question, stat, story), 2) Establish credibility and perspective, 3) Present unique point of view or insight, 4) Support with data, examples, or research, 5) Address counterarguments, 6) Provide actionable takeaways, 7) Forward-looking conclusion, 8) Subtle company/solution integration (not promotional). Length: [800-1200 words]. Include bio and headshot description. ``` #### Social media response strategy **Use case:** Social media management and reputation protection ``` Develop social media response for [situation: customer complaint, negative news, viral post, etc.]. Platform: [Twitter/LinkedIn/Facebook/Instagram]. Current situation: [describe]. Response strategy: 1) Assess severity and urgency, 2) Key message to communicate, 3) Draft response (platform-appropriate length), 4) Tone guidance (empathetic/transparent/solution-focused), 5) When and how to respond publicly vs privately, 6) Escalation criteria, 7) Follow-up actions, 8) Monitoring plan. Avoid defensive or corporate speak. ``` ### Crisis Communications Manage crisis situations with clear, timely communications. #### Crisis communication plan **Use case:** Crisis preparedness and response framework ``` Create crisis communication plan for [type of crisis: data breach, product recall, executive misconduct, natural disaster, etc.]. Plan components: 1) Crisis definition and severity levels, 2) Crisis team roles and contacts, 3) Communication protocols and approval process, 4) Stakeholder map (employees, customers, media, investors, etc.), 5) Message framework template, 6) Channel strategy by stakeholder, 7) Holding statements for immediate response, 8) FAQ template, 9) Social media monitoring and response plan, 10) Post-crisis review process. ``` #### Crisis holding statement **Use case:** Immediate crisis response when full information unavailable ``` Draft holding statement for emerging crisis: [describe situation]. Known facts: [what we know]. Unknowns: [what's still unclear]. Statement should: 1) Acknowledge the situation, 2) Express concern/empathy, 3) State what we know (be factual), 4) Explain actions being taken, 5) Commit to updates as more is learned, 6) Provide contact for more info. Length: [75-100 words]. Avoid speculation. Use 'we are investigating' language appropriately. Review legal implications. ``` #### Crisis FAQ development **Use case:** Crisis communication and stakeholder information ``` Develop crisis FAQ for [situation]. Stakeholders: [audiences asking questions]. FAQ should address: 1) What happened? 2) When did it happen? 3) Who is affected? 4) What are you doing about it? 5) Why did this happen? 6) How can I get more information? 7) What should I do? 8) When will this be resolved? 9) How are you preventing this in future? Include [15-20] questions covering stakeholder concerns. Keep answers clear, concise, honest. Flag sensitive questions needing legal review. ``` #### Crisis recovery messaging **Use case:** Post-crisis reputation rebuilding ``` Develop recovery messaging after [crisis]. Crisis timeline: [what happened]. Current status: [resolution]. Recovery message should: 1) Acknowledge what happened (own it), 2) Recap actions taken to resolve, 3) Share what was learned, 4) Detail systemic changes implemented, 5) Recommit to values, 6) Thank stakeholders for patience/support, 7) Look forward with confidence. Tone: humble, accountable, forward-looking. Avoid 'putting it behind us' language. ``` #### Spokesperson talking points **Use case:** Media training and interview preparation ``` Create spokesperson talking points for [interview/statement] about [crisis or sensitive topic]. Context: [situation]. Talking points must include: 1) Opening statement (30 seconds), 2) Key messages (3-4 core points), 3) Supporting facts and data, 4) Bridging phrases to redirect, 5) Responses to likely difficult questions, 6) What NOT to say (flag words/topics to avoid), 7) Positive proof points, 8) Closing statement. Include guidance for handling aggressive questions. ``` ### Media Relations Build and maintain strong media relationships. #### Media list development **Use case:** Targeted media outreach and relationship building ``` Build media list for [campaign/announcement/beat]. Target coverage: [publications, outlets, podcasts, etc.]. Create list with: 1) Outlet name and type, 2) Journalist name and title, 3) Beat/coverage area, 4) Contact information, 5) Recent relevant articles, 6) Twitter/LinkedIn handle, 7) Pitch angle specific to them, 8) Priority tier (A/B/C), 9) Relationship status (existing/new), 10) Notes on preferences. Organize by priority and relevance. ``` #### Interview preparation brief **Use case:** Interview preparation and message delivery ``` Prepare executive for media interview with [outlet/journalist]. Topic: [subject]. Interview format: [phone/video/in-person]. Duration: [length]. Brief should include: 1) Interview objectives (what success looks like), 2) Journalist background and recent coverage, 3) Key messages (3-4 points to land), 4) Supporting anecdotes and data, 5) Anticipated questions with suggested answers, 6) Difficult questions and how to bridge, 7) Topics to avoid, 8) Do's and don'ts, 9) Follow-up materials. ``` #### Media monitoring report **Use case:** PR measurement and strategic insights ``` Create media monitoring report for [time period]. Coverage topic: [company/campaign/issue]. Report format: 1) Executive summary (highlights and key themes), 2) Coverage metrics (total mentions, reach, sentiment), 3) Top-tier placements with links, 4) Message penetration analysis, 5) Sentiment breakdown (positive/neutral/negative), 6) Spokesperson quotes used, 7) Themes and trends, 8) Competitive mentions, 9) Issues to watch, 10) Recommendations. Include visual representations of data. ``` #### Press kit development **Use case:** Media resource creation and information access ``` Develop press kit for [event/launch/milestone]. Kit contents: 1) Company overview (boilerplate), 2) Event/announcement fact sheet, 3) Executive bios with headshots, 4) Press release, 5) Product/service descriptions, 6) Key statistics and milestones, 7) Customer testimonials or case studies, 8) High-resolution images and video links, 9) Media contact information, 10) Social media handles. Organize in logical folder structure. Include both digital and print-ready assets. ``` #### Op-ed pitch and draft **Use case:** Earned media and thought leadership placement ``` Pitch and draft op-ed for [publication]. Byline: [executive name]. Topic: [subject tied to news/company expertise]. Pitch should hook editor on timeliness and unique angle. Op-ed structure: 1) Newsjacking opening (tie to current events), 2) State the problem/debate, 3) Your unique perspective or solution, 4) Supporting evidence and examples, 5) Address counterarguments, 6) Call to action or future outlook, 7) Brief bio. Length: [600-800 words]. Strong voice required. Avoid overt promotion. ``` ### Content & Storytelling Craft compelling narratives that resonate with audiences. #### Brand story development **Use case:** Brand positioning and emotional connection ``` Develop brand story for [company]. Company background: [founding, mission, evolution]. Story should answer: 1) Why does this company exist? (origin story), 2) What problem are we solving? 3) Who are we serving? 4) What makes us different? 5) What do we believe? (values in action), 6) Where are we going? (vision), 7) Why should people care? Include: Founder journey, pivotal moments, customer impact examples, emotional connection points. Length: [500-750 words]. Make authentic and memorable. ``` #### Customer success story **Use case:** Social proof and sales enablement ``` Write customer success story featuring [customer name/company]. Product/service: [what they use]. Story format: 1) Customer background and industry, 2) Challenge they faced (paint the pain), 3) Why they chose us, 4) Implementation experience, 5) Results achieved (with metrics), 6) Customer quote (authentic testimonial), 7) What they're doing now, 8) Key takeaways. Make customer the hero. Use specific, quantifiable results. Length: [400-600 words]. Include customer photo/logo. ``` #### Video script **Use case:** Video marketing and visual storytelling ``` Write video script for [purpose: brand video, product demo, customer testimonial, etc.]. Length: [30 seconds/1 min/2 min]. Audience: [target viewers]. Script format: 1) Hook (first 3 seconds grab attention), 2) Problem or question, 3) Solution or answer, 4) Key benefits or features (visual + voiceover), 5) Social proof or credibility, 6) Call to action. Include: Visual descriptions, on-screen text, voiceover, music suggestions, b-roll needs. Keep conversational and concise. ``` #### Corporate presentation narrative **Use case:** Presentation development and persuasive communication ``` Develop narrative for [presentation type: investor, sales, recruiting, conference]. Audience: [who's in the room]. Duration: [minutes]. Presentation arc: 1) Opening hook (why we're here), 2) Problem/opportunity, 3) Our solution/approach, 4) Proof (data, case studies, traction), 5) How it works, 6) Market opportunity, 7) Competition and differentiation, 8) Team/credentials, 9) Call to action. Create speaker notes with: Key points per slide, transitions, storytelling moments, data callouts. Maintain narrative flow. ``` #### Mission/vision/values statements **Use case:** Organizational identity and culture foundation ``` Craft mission, vision, and values for [organization]. Context: [company purpose, stage, industry]. Develop: 1) Mission statement: What we do, who we serve, how we do it (1-2 sentences, present tense), 2) Vision statement: Aspirational future we're working toward (1-2 sentences, future-focused), 3) Core values: 4-6 values with one-line definitions that describe how we work. Make authentic, memorable, actionable. Test: Do these differentiate us? Would employees recognize them in daily work? ``` ### Executive Communications Support executive visibility and leadership voice. #### Executive bio **Use case:** Executive profiles and speaker introductions ``` Write executive biography for [name and title]. Length: [short/medium/long]. Include: 1) Current role and key responsibilities, 2) Career highlights and previous roles, 3) Notable achievements or recognition, 4) Expertise and thought leadership areas, 5) Board positions or affiliations, 6) Education and credentials, 7) Personal touch (interests, background), 8) Contact or social media. Versions needed: Long form (500 words), Medium (200 words), Short (75 words), Twitter bio (160 characters). Professional yet personable tone. ``` #### LinkedIn post for executive **Use case:** Executive social media presence and engagement ``` Write LinkedIn post for [executive name] about [topic/insight]. Post goal: [thought leadership/company news/industry perspective]. Format: [story/listicle/hot take/reflection]. Structure: 1) Hook opening (personal story, question, or bold statement), 2) Key insight or lesson, 3) Supporting context or example, 4) Broader implications, 5) Call to action or question for engagement. Length: [300-500 words]. Voice: [authentic, conversational, authoritative]. Include relevant hashtags and tagging suggestions. ``` #### Speech or keynote **Use case:** Public speaking and conference presentations ``` Write speech for [executive name] at [event]. Audience: [attendees]. Topic: [subject]. Duration: [15/30/45 minutes]. Speech structure: 1) Opening story or hook (personal connection), 2) Frame the topic (why it matters now), 3) Main points (3-4 key messages with support), 4) Stories/examples that illustrate points, 5) Audience relevance (what's in it for them), 6) Call to action or inspiration, 7) Memorable closing. Include: Stage directions, pause points, emphasis notes, slide cues. Aim for conversational, authentic delivery. 130-150 words per minute. ``` #### Executive Q&A preparation **Use case:** Executive preparation and message consistency ``` Prepare executive for Q&A session at [event/meeting]. Audience: [who will be asking]. Topic context: [what was just presented]. Develop: 1) Likely questions (10-15) based on audience, 2) Suggested answers with key points, 3) Difficult or hostile questions with deflection strategies, 4) Bridging phrases to return to key messages, 5) Anecdotes or data to support answers, 6) Topics to avoid or flag for legal, 7) Closing remarks if appropriate. Make answers conversational, not scripted. ``` #### Award or recognition announcement **Use case:** Recognition communication and reputation building ``` Announce [award/recognition] received by [executive/company]. Award details: [name, organization, category]. Announcement should include: 1) Headline about the honor, 2) What the award recognizes, 3) Quote from executive (humble, grateful, forward-looking), 4) Context about the awarding organization, 5) Why this matters (validation, achievement significance), 6) Team acknowledgment, 7) What's next. Tone: proud but not boastful. Use for: Press release, social media, internal announcement. ``` ### Communication Strategy & Planning Develop comprehensive communication strategies and campaigns. #### Communication strategy framework **Use case:** Strategic communication planning and alignment ``` Create communication strategy for [initiative/campaign/business goal]. Business objective: [what we're trying to achieve]. Strategy should include: 1) Situation analysis (where we are now), 2) Communication objectives (SMART goals), 3) Target audiences (primary and secondary), 4) Key messages by audience, 5) Strategies and tactics by channel, 6) Timeline and milestones, 7) Budget and resources, 8) Success metrics and KPIs, 9) Risks and mitigation, 10) Measurement plan. Align to business goals. ``` #### Campaign creative brief **Use case:** Campaign development and agency briefing ``` Write creative brief for [campaign]. Campaign purpose: [objective]. Brief should define: 1) Background and context, 2) Campaign objectives (business and communication), 3) Target audience (demographics, psychographics, behaviors), 4) Key message, 5) Desired response or action, 6) Deliverables needed, 7) Tone and personality, 8) Mandatory elements (brand guidelines, legal requirements), 9) Timeline and budget, 10) Success metrics. Include competitive review and inspiration references. ``` #### Stakeholder communication matrix **Use case:** Stakeholder management and targeted communication ``` Create stakeholder communication matrix for [project/initiative]. Stakeholder groups: [list audiences]. Matrix should map: 1) Stakeholder group, 2) Their interests and concerns, 3) Communication objectives for each, 4) Key messages tailored to them, 5) Preferred channels, 6) Frequency of communication, 7) Responsible team member, 8) Feedback mechanism. Prioritize by influence and impact. Ensure two-way communication approach. ``` #### Content calendar **Use case:** Content planning and editorial management ``` Develop content calendar for [timeframe: quarter/year]. Channels: [blog, social, email, PR, etc.]. Calendar should include: 1) Key company moments (product launches, events, earnings), 2) Industry events and tentpole dates, 3) Content themes by month, 4) Specific content pieces with publish dates, 5) Content types and formats, 6) Responsible parties, 7) Status tracking, 8) Promotion plan. Balance strategic and reactive content. Build in flexibility. ``` #### Communication audit **Use case:** Communication effectiveness and optimization ``` Conduct communication audit for [organization/department]. Audit scope: [internal/external/both]. Assess: 1) Current communication channels and usage, 2) Message consistency and clarity, 3) Audience satisfaction and feedback, 4) Communication gaps and redundancies, 5) Resource allocation and efficiency, 6) Brand voice consistency, 7) Crisis readiness, 8) Competitive benchmark, 9) Technology and tools, 10) Team skills and capacity. Provide findings and recommendations for improvement. ``` --- ## AI for Enterprise Architects **Category:** Enterprise Architecture **Prompts:** 27 **Description:** Strategic prompts for enterprise architecture planning, framework development, technology roadmaps, and digital transformation initiatives. **Tags:** Enterprise Architecture, IT Strategy, Digital Transformation, Work Users ### Architecture Assessment & Analysis Evaluate current state architecture and identify gaps and opportunities. #### Current state architecture assessment **Use case:** Architecture health check and baseline establishment ``` Analyze our current architecture for [domain: application/data/technology/business]. Current landscape: [describe systems, technologies, processes]. Provide: 1) Architecture maturity assessment, 2) Key strengths and capabilities, 3) Critical gaps and technical debt, 4) Integration complexity analysis, 5) Scalability and performance concerns, 6) Security and compliance risks, 7) Priority improvement areas. ``` #### Technology stack evaluation **Use case:** Technology portfolio rationalization ``` Evaluate our technology stack: [list technologies, platforms, tools]. Context: [company size, industry, scale]. Assess: 1) Strategic fit with business goals, 2) Technical debt and obsolescence risks, 3) Vendor lock-in concerns, 4) Total cost of ownership, 5) Skills availability in market, 6) Integration and interoperability, 7) Modernization priorities with rationale. ``` #### Application portfolio analysis **Use case:** Application rationalization and optimization ``` Analyze application portfolio with [number] applications in [business domain]. For each category, identify: 1) Business value vs technical quality matrix positioning, 2) Rationalization candidates (retire/replace/retain), 3) Integration dependencies and risks, 4) Cost vs value analysis, 5) Modernization opportunities, 6) Cloud migration suitability, 7) Recommended action plan with timeline. ``` #### Architecture principles validation **Use case:** Architecture governance and standards ``` Review our architecture principles: [list current principles]. Business context: [strategy, constraints]. Evaluate: 1) Alignment with business strategy, 2) Clarity and measurability, 3) Conflicts or contradictions, 4) Missing critical principles, 5) Implementation guidance gaps, 6) Governance enforceability, 7) Recommended updates with justification. ``` ### Target Architecture & Roadmaps Design future state architecture and create transformation roadmaps. #### Target architecture definition **Use case:** Future state architecture design ``` Design target architecture for [business capability/domain]. Business objectives: [list goals]. Current limitations: [describe constraints]. Define: 1) Target state vision and principles, 2) Architecture patterns and styles, 3) Technology components and platforms, 4) Integration approach, 5) Data architecture, 6) Security architecture, 7) Migration considerations and risks. ``` #### Technology roadmap creator **Use case:** Strategic planning and budget allocation ``` Create 3-year technology roadmap for [domain/organization]. Strategic drivers: [business goals]. Current state: [technology baseline]. Include: 1) Phase-by-phase evolution (quarters/years), 2) Key initiatives and projects, 3) Dependencies and sequencing, 4) Resource requirements, 5) Risk mitigation strategies, 6) Quick wins vs long-term investments, 7) Success metrics per phase. ``` #### Cloud migration strategy **Use case:** Cloud transformation planning ``` Develop cloud migration strategy for [application portfolio/workloads]. Current environment: [on-premise/hybrid details]. Business drivers: [cost/agility/scale]. Design strategy with: 1) Cloud adoption approach (lift-shift/re-platform/re-architect), 2) Application prioritization and wave planning, 3) Target cloud architecture patterns, 4) Migration risks and mitigation, 5) Cost-benefit analysis, 6) Timeline and milestones, 7) Operating model changes. ``` #### Integration architecture design **Use case:** System integration and API strategy ``` Design integration architecture for [business scenario]. Systems to integrate: [list systems]. Requirements: [real-time/batch, volumes, latency]. Provide: 1) Integration patterns recommendation (API/ESB/event-driven), 2) Architecture diagram description, 3) Technology platform selection, 4) Data flow and transformation approach, 5) Error handling and monitoring, 6) Security and governance, 7) Scalability considerations. ``` ### Enterprise Architecture Frameworks Apply and customize EA frameworks for your organization. #### TOGAF implementation guide **Use case:** EA framework adoption and customization ``` Adapt TOGAF framework for [organization type and size]. Maturity level: [current EA maturity]. Create customized approach: 1) ADM phases to prioritize, 2) Deliverables and artifacts needed, 3) Governance structure, 4) Stakeholder engagement model, 5) Tools and repository requirements, 6) Quick start recommendations, 7) Tailoring rationale for our context. ``` #### Business capability modeling **Use case:** Business-IT alignment and strategic planning ``` Create business capability model for [business unit/organization]. Industry: [industry]. Include: 1) Level 1-3 capability hierarchy, 2) Capability definitions and scope, 3) Current maturity assessment per capability, 4) Strategic importance rating, 5) Investment priorities, 6) Enabling applications and technologies, 7) Capability heat map analysis. ``` #### Architecture view creator **Use case:** Stakeholder communication and decision support ``` Create architecture view for [stakeholder type: CXO/technical/business]. Focus area: [application/data/technology/business]. Purpose: [decision making/communication/planning]. Include: 1) View objectives and scope, 2) Key architecture elements to show, 3) Relationships and dependencies, 4) Abstraction level appropriate for audience, 5) Notation and diagramming approach, 6) Supporting narrative, 7) Decision points to highlight. ``` #### Architecture decision record (ADR) **Use case:** Architecture governance and knowledge management ``` Document architecture decision about [decision topic]. Context: [background and constraints]. Options considered: [list alternatives]. Create ADR with: 1) Decision statement, 2) Context and problem statement, 3) Options analysis (pros/cons), 4) Decision rationale, 5) Consequences and trade-offs, 6) Implementation implications, 7) Related decisions and dependencies. ``` ### Digital Transformation & Innovation Drive digital transformation and emerging technology adoption. #### Digital transformation strategy **Use case:** Enterprise-wide transformation planning ``` Develop digital transformation strategy for [organization/business unit]. Industry context: [market pressures, disruption]. Current state: [digital maturity]. Create strategy covering: 1) Vision and business outcomes, 2) Key transformation pillars, 3) Technology enablers and platforms, 4) Organization and skills changes, 5) Implementation roadmap (3-5 years), 6) Investment requirements, 7) Success metrics and KPIs. ``` #### Emerging technology assessment **Use case:** Innovation and technology scouting ``` Assess [emerging technology: AI/blockchain/IoT/etc.] for enterprise adoption. Our industry: [industry]. Use cases explored: [list potential applications]. Evaluate: 1) Technology maturity and readiness, 2) Business value and ROI potential, 3) Technical feasibility and risks, 4) Integration with existing systems, 5) Skills and organizational readiness, 6) Proof-of-concept recommendations, 7) Adoption timeline and investment. ``` #### API strategy and platform design **Use case:** API economy and platform strategy ``` Design API strategy and platform for [organization]. Scope: [internal/partner/public APIs]. Business goals: [ecosystem/monetization/agility]. Define: 1) API strategy and vision, 2) API platform architecture, 3) API design standards and patterns, 4) Developer experience approach, 5) Security and governance model, 6) Monetization strategy (if applicable), 7) Implementation roadmap. ``` #### Microservices architecture design **Use case:** Application modernization and cloud-native architecture ``` Design microservices architecture for [application/domain]. Current architecture: [monolith/SOA details]. Requirements: [scalability, deployment frequency]. Provide: 1) Service decomposition strategy, 2) Service boundaries and responsibilities, 3) Communication patterns (sync/async), 4) Data management approach, 5) DevOps and deployment architecture, 6) Observability and monitoring, 7) Migration approach from current state. ``` ### Data & Information Architecture Design enterprise data architecture and information management strategies. #### Enterprise data architecture **Use case:** Data strategy and platform design ``` Design enterprise data architecture for [organization]. Data landscape: [sources, volumes, types]. Business needs: [analytics/operations/compliance]. Define: 1) Data architecture principles, 2) Logical data architecture (domains, entities), 3) Data storage and platform strategy, 4) Data integration and pipelines, 5) Master data management approach, 6) Data governance framework, 7) Analytics and reporting architecture. ``` #### Data governance framework **Use case:** Data governance and compliance ``` Create data governance framework for [organization]. Current challenges: [data quality, compliance, silos]. Define: 1) Governance organization and roles (data stewards, owners), 2) Data policies and standards, 3) Data quality management approach, 4) Metadata management strategy, 5) Compliance and privacy controls, 6) Governance processes and workflows, 7) Tools and technology support. ``` #### Data lake/warehouse architecture **Use case:** Analytics platform design ``` Design [data lake/data warehouse/lakehouse] architecture for [use case]. Data sources: [list sources]. Scale: [volume, velocity]. Include: 1) Architecture pattern selection, 2) Technology platform recommendation, 3) Data ingestion strategy, 4) Storage and processing layers, 5) Security and access control, 6) Data catalog and discovery, 7) Analytics and consumption patterns. ``` #### Master data management strategy **Use case:** Data quality and consistency improvement ``` Design master data management (MDM) strategy for [data domains: customer/product/supplier]. Current issues: [duplicates, inconsistency, quality]. Create strategy with: 1) MDM approach (registry/consolidation/coexistence), 2) Golden record definition and rules, 3) Data stewardship model, 4) Integration architecture, 5) Technology platform selection, 6) Phased implementation approach, 7) Success metrics. ``` ### Architecture Governance & Communication Establish governance processes and communicate architecture effectively. #### Architecture review process **Use case:** Architecture governance and quality assurance ``` Design architecture review process for [organization]. Current state: [ad-hoc/none/inconsistent]. Create process with: 1) Review board structure and membership, 2) Review types (project/initiative/technology), 3) Review criteria and checkpoints, 4) Submission requirements and templates, 5) Decision-making framework, 6) Exception handling process, 7) Communication and follow-up. ``` #### Stakeholder communication plan **Use case:** Architecture adoption and change management ``` Create architecture communication plan for [initiative/transformation]. Stakeholders: [list stakeholder groups]. Create plan with: 1) Stakeholder analysis (interest/influence), 2) Key messages per stakeholder group, 3) Communication channels and formats, 4) Communication calendar and frequency, 5) Feedback mechanisms, 6) Success stories and case studies, 7) Change management integration. ``` #### Architecture standards document **Use case:** Technical standardization and compliance ``` Create architecture standards for [technology domain: cloud/integration/security/etc.]. Scope: [organization/department]. Include: 1) Standards rationale and objectives, 2) Approved technologies and patterns, 3) Design principles and guidelines, 4) Non-functional requirements, 5) Exception criteria and process, 6) Compliance verification approach, 7) Maintenance and update process. ``` #### Architecture maturity assessment **Use case:** EA capability development and improvement ``` Assess EA maturity for [organization]. Framework: [use standard model or custom]. Evaluate across dimensions: 1) Architecture process maturity, 2) Architecture artifacts and deliverables, 3) Governance and compliance, 4) Stakeholder engagement, 5) Tools and repository, 6) Skills and organization, 7) Business value delivered. Provide maturity score, gaps, and improvement roadmap. ``` ### Security & Compliance Architecture Design secure architectures and ensure regulatory compliance. #### Security architecture framework **Use case:** Security-by-design and risk management ``` Design security architecture for [system/platform]. Security requirements: [confidentiality/integrity/availability needs]. Compliance: [regulations: GDPR/SOX/HIPAA]. Define: 1) Security architecture principles, 2) Security zones and segmentation, 3) Identity and access management, 4) Data protection and encryption, 5) Security monitoring and response, 6) Secure development practices, 7) Compliance controls mapping. ``` #### Zero trust architecture design **Use case:** Modern security architecture transformation ``` Design zero trust architecture for [organization/network]. Current security model: [perimeter-based details]. Define: 1) Zero trust principles application, 2) Identity-centric security approach, 3) Micro-segmentation strategy, 4) Continuous verification mechanisms, 5) Technology platform requirements, 6) Migration approach from current state, 7) Implementation priorities and phases. ``` #### Compliance architecture mapping **Use case:** Regulatory compliance and audit readiness ``` Map architecture to compliance requirements for [regulation: GDPR/HIPAA/PCI-DSS/SOX]. Architecture scope: [systems and data]. Create: 1) Compliance requirements breakdown, 2) Architecture controls mapping, 3) Gaps and remediation needs, 4) Data flow and privacy impact, 5) Audit trail and reporting capabilities, 6) Risk assessment, 7) Compliance implementation roadmap. ``` --- ## AI for HVAC Engineers **Category:** Engineering **Prompts:** 15 **Description:** HVAC engineering prompts covering load calculations, system design, duct sizing, energy analysis, and troubleshooting for heating, ventilation, and air conditioning systems. **Tags:** HVAC, Mechanical, Engineering, Work Users ### Load Calculations & Sizing Calculate heating and cooling loads accurately for optimal system sizing. #### HVAC load calculation **Use case:** System sizing and equipment selection ``` Calculate heating and cooling loads for [building type]. Building specifications: Square footage [area], Location [city/climate zone], Occupancy [number of people and schedule], Insulation values [R-values for walls/roof/floor], Window area and type [glazing details], Internal heat gains [lighting, equipment loads]. Provide detailed breakdown using ASHRAE standards including: 1) Sensible and latent cooling loads by component, 2) Heating load calculations, 3) Peak load conditions and timing, 4) Design day weather data used, 5) Safety factors applied, 6) Recommended equipment capacity. ``` #### System selection and sizing **Use case:** System selection and feasibility analysis ``` Recommend appropriate HVAC system for [building type: office/retail/residential/industrial]. Requirements: Building size [sq ft], Climate zone [ASHRAE zone], Occupancy patterns [hours/density], Energy efficiency targets [LEED/code requirements], Budget constraints [capital cost range]. Compare at least 3 system options including: 1) System type descriptions (VAV, RTU, VRF, chilled water, etc.), 2) Pros and cons for this application, 3) First cost estimates, 4) Operating cost projections, 5) Maintenance requirements, 6) Energy efficiency ratings, 7) Recommendation with justification. ``` #### Equipment capacity verification **Use case:** Design review and quality assurance ``` Verify equipment capacity for [equipment type: AHU/RTU/chiller/boiler]. Project: [project name]. Design conditions: Cooling load [tons/BTU], Heating load [BTU], Airflow [CFM], Supply/return temps [temperatures]. Check: 1) Equipment selection adequacy, 2) Part-load performance, 3) Altitude and temperature derating, 4) Diversity factors applied, 5) Future expansion considerations, 6) Code compliance (IMC, local amendments), 7) Confirm or recommend adjustments. ``` ### Duct & Piping Design Design efficient ductwork and piping systems. #### Duct design and sizing **Use case:** Air distribution system design ``` Design ductwork layout for [space description]. Requirements: Total CFM [airflow rate], Supply/return configuration, Duct material [galvanized/flex/fiberglass], Pressure budget [available static pressure], Acoustic requirements [NC levels]. Provide: 1) Duct sizing calculations using equal friction or static regain method, 2) Main duct and branch sizes, 3) Pressure drop analysis per section, 4) Velocity verification (typically <2000 fpm mains, <1500 fpm branches), 5) Fitting losses and total system pressure drop, 6) Damper and diffuser locations, 7) Material recommendations following SMACNA standards. ``` #### Hydronic piping sizing **Use case:** Hydronic system design and pump selection ``` Size hydronic piping for [system type: chilled water/hot water/steam]. System parameters: Total load [tons or BTU/hr], Flow rate [GPM], Temperature differential [delta T], Pipe material [steel/copper/PEX], Max velocity [fps], Available head [pressure]. Calculate: 1) Pipe sizes by segment using Darcy-Weisbach, 2) Pressure drop per 100 ft, 3) Total system pressure drop, 4) Pump head requirements, 5) Expansion compensation needs, 6) Insulation thickness, 7) Provide sizing table with velocities and pressure drops. ``` #### Duct static pressure analysis **Use case:** System performance verification and fan selection ``` Analyze static pressure for duct system serving [zones]. System details: Fan available static pressure [in. w.g.], Longest run CFM [airflow] and length [feet], Number of fittings [elbows, transitions, dampers], Terminal units [VAV boxes, diffusers]. Perform: 1) Critical path pressure drop calculation, 2) Fitting loss coefficients and calculations, 3) Duct component pressure drops (coils, filters, dampers), 4) Total external static pressure, 5) Fan selection verification, 6) Pressure available at terminals, 7) Balancing damper budget. ``` ### Energy Analysis & Efficiency Optimize energy performance and reduce operating costs. #### Energy efficiency analysis **Use case:** Energy audits and retrofit planning ``` Analyze energy efficiency of HVAC system for [building]. Current system: [describe equipment and configuration]. Utility data: Annual energy consumption [kWh, therms], Energy costs [$/year], Operating hours [schedule]. Evaluate: 1) Current system efficiency and energy usage breakdown, 2) Benchmark against similar buildings (CBECS/Energy Star), 3) Improvement opportunities (equipment upgrades, controls, economizers, VFDs), 4) Energy savings potential per measure, 5) Cost estimates and simple payback, 6) Utility incentives available, 7) Recommended priority of improvements. ``` #### Economizer feasibility **Use case:** Energy conservation measure evaluation ``` Evaluate air-side or water-side economizer for [project]. Location [city/climate zone], System type [AHU/DX], Design airflow [CFM], Cooling load profile [operating hours and loads]. Analyze: 1) Climate suitability (dry-bulb or enthalpy control), 2) Free cooling hours available annually, 3) Energy savings estimate [kWh/year], 4) Cost premium for economizer installation, 5) Simple payback period, 6) Code requirements (ASHRAE 90.1 compliance), 7) Integration with existing controls, 8) Recommendation and ROI. ``` #### Heat recovery analysis **Use case:** Energy recovery and sustainability ``` Analyze heat recovery opportunity for [application]. Exhaust airstream: Temperature [°F], Flow rate [CFM], Operating hours [hrs/year]. Supply airstream: Requirements [temp, CFM]. Evaluate: 1) Heat recovery technology options (run-around coil, heat wheel, plate exchanger), 2) Recoverable energy calculation [BTU/hr], 3) Annual energy savings [$/year], 4) Equipment cost and installation, 5) Pressure drop impact and fan energy penalty, 6) Net energy savings and payback, 7) Maintenance considerations, 8) Recommendation. ``` ### Controls & Building Automation Design control systems and sequences of operation. #### Control sequence development **Use case:** Building automation programming and commissioning ``` Develop control sequence for [system: VAV AHU, chilled water plant, rooftop unit, etc.]. System components: [list equipment - fans, coils, dampers, valves]. Operating modes: [occupied, unoccupied, warmup, night setback]. Write sequence covering: 1) Start/stop and safety interlocks, 2) Setpoint management and resets, 3) Economizer operation and switchover, 4) Supply air temperature control, 5) Static pressure control and reset, 6) Demand-based ventilation, 7) Alarm and fault detection conditions, 8) Energy optimization strategies. ``` #### BAS points list **Use case:** Controls design and contractor coordination ``` Create BAS points list for [equipment: AHU/chiller/boiler]. Equipment nameplate: [capacity, voltage, control voltages]. Control strategy: [DDC, local panel]. Generate points list: 1) Monitored points (temperatures, pressures, flows, status), 2) Controlled points (valves, dampers, VFD speeds, enable/disable), 3) Calculated points (kW, efficiency, runtime), 4) Alarms and alerts, 5) Point names following naming convention, 6) Point types (AI, AO, BI, BO), 7) Engineering units and ranges, 8) Trending requirements. ``` #### VAV box schedule **Use case:** Construction documentation and coordination ``` Create VAV box schedule for [project floors/zones]. Zone requirements: [list zones with CFM requirements]. Include in schedule: 1) VAV box tag and location, 2) Cooling and heating airflow (max/min CFM), 3) Box type (cooling only, reheat, dual duct), 4) Reheat coil capacity if applicable, 5) Inlet size and neck dimensions, 6) Damper actuator type, 7) Controls interface (BACnet, etc.), 8) Sound criteria (NC rating), 9) Serving diffuser count and types. ``` ### Troubleshooting & Commissioning Diagnose problems and ensure proper system performance. #### HVAC system troubleshooting **Use case:** Operations and maintenance support ``` Troubleshoot HVAC issue: [describe symptoms: insufficient cooling, poor airflow, high energy use, etc.]. System details: Equipment type [make/model], System age [years], Recent changes [any modifications], Measured parameters [temps, pressures, currents]. Provide diagnostic approach: 1) Potential root causes ranked by likelihood, 2) Step-by-step diagnostic procedures, 3) Measurements and tests to perform, 4) Normal vs abnormal readings, 5) Likely failures and verification methods, 6) Corrective actions for each scenario, 7) Preventive measures. ``` #### Commissioning test procedure **Use case:** Commissioning and performance verification ``` Create functional test procedure for [equipment/system]. Equipment: [type and capacity]. Required performance: [design parameters]. Develop test procedure: 1) Pre-test requirements and checklist, 2) Test equipment and instruments needed, 3) Step-by-step test procedure, 4) Data to be collected (temps, flows, pressures), 5) Acceptance criteria (design vs measured), 6) Test forms and data sheets, 7) Deficiency documentation process, 8) Seasonal/deferred testing needs. ``` #### Air balance verification **Use case:** TAB coordination and performance verification ``` Verify air balance for [system/building]. Design airflows: [provide CFM requirements by zone]. Testing data: [measured CFM values]. Analyze: 1) Design vs actual airflow comparison, 2) Zones outside tolerance (typically ±10%), 3) Total system airflow verification, 4) Terminal device performance, 5) Root causes of imbalances, 6) Duct static pressure issues, 7) Recommended corrective actions, 8) Retest requirements. ``` --- ## AI for Piping Engineers **Category:** Engineering **Prompts:** 15 **Description:** Piping engineering prompts for pipe sizing, hydraulic analysis, material selection, stress analysis, and layout optimization for industrial piping systems. **Tags:** Piping, Mechanical, Engineering, Work Users ### Pipe Sizing & Hydraulics Calculate pipe sizes and analyze hydraulic performance. #### Pipe sizing calculation **Use case:** Piping system design and sizing ``` Calculate required pipe size for [fluid type]. Service conditions: Flow rate [GPM or lb/hr], Inlet pressure [PSIG], Outlet pressure [PSIG], Temperature [°F], Pipe length [ft], Elevation change [ft], Material [carbon steel/stainless/PVC/etc.]. Determine: 1) Recommended pipe size(s) with velocities, 2) Pressure drop calculation using Darcy-Weisbach, 3) Friction factor and Reynolds number, 4) Velocity verification (typical limits: liquid 3-10 fps, gas per erosional velocity), 5) Line sizes for alternatives with pros/cons, 6) Fitting and valve pressure losses, 7) NPSH considerations for liquids. ``` #### Pressure drop analysis **Use case:** Hydraulic analysis and system verification ``` Analyze pressure drop for piping system. System description: Fluid [type and properties], Flow rate [rate and units], Pipe specifications [size, schedule, material, length], Fittings [list elbows, tees, valves, etc.], Elevation profile [changes in height]. Calculate: 1) Friction losses using Darcy-Weisbach or Hazen-Williams, 2) Minor losses using K-factors or equivalent length, 3) Elevation head losses/gains, 4) Total system pressure drop, 5) Pressure at key points along the line, 6) Verification against allowable pressure drop, 7) Recommend modifications if needed. ``` #### Pump head calculation **Use case:** Pump selection and system design ``` Calculate required pump head for [application]. System details: Fluid [type, SG, viscosity], Flow rate [GPM], Suction conditions [pressure, elevation, line size/length], Discharge conditions [pressure, elevation, line size/length], Fittings and valves [list components]. Determine: 1) Static head (elevation difference), 2) Friction head losses (suction and discharge), 3) Pressure head requirements, 4) Velocity head changes, 5) Total dynamic head (TDH), 6) NPSH available vs required, 7) Recommended pump curve characteristics, 8) Safety margin and system curve. ``` ### Material Selection & Specifications Select appropriate materials and specify piping components. #### Piping material selection **Use case:** Material engineering and specifications ``` Recommend piping material for [service description]. Service conditions: Fluid [chemical composition], Temperature [operating and design], Pressure [operating and design, PSIG], Corrosivity [any known corrosion concerns], Environment [indoor/outdoor, weather exposure]. Evaluate materials: 1) Material options (carbon steel, stainless grades, alloys, plastics, FRP), 2) Corrosion resistance and service life, 3) Temperature and pressure ratings, 4) Code compliance (ASME B31.3, B31.1, etc.), 5) Cost comparison, 6) Maintenance requirements, 7) Welding and fabrication considerations, 8) Final recommendation with specification. ``` #### Pipe schedule selection **Use case:** Piping specification and design ``` Select pipe wall thickness (schedule) for [service]. Pipe size [NPS], Material [specification], Design pressure [PSIG], Design temperature [°F], Corrosion allowance [inches], Joint efficiency [welded/seamless]. Calculate: 1) Minimum required wall thickness per ASME B31.3, 2) Available standard schedules (Std, XS, XXS, Sch 80, etc.), 3) Pressure rating verification for each schedule, 4) Mill tolerance and corrosion allowance, 5) Recommended schedule with safety margin, 6) Weight and cost considerations, 7) Availability and lead time. ``` #### Valve specification **Use case:** Valve selection and procurement ``` Specify valve for [application: isolation, control, check, relief]. Service: Fluid [type], Line size [NPS], Pressure class [150#, 300#, etc.], Temperature [°F], Flow [GPM], Cv requirement [if control valve]. Specify: 1) Valve type selection with rationale, 2) End connections (flanged, threaded, welded), 3) Body and trim materials, 4) Operator type (manual, actuated), 5) Compliance standards (API, ASME, ANSI), 6) Special requirements (fire-safe, cryogenic, etc.), 7) Testing requirements. ``` ### Piping Layout & Routing Design piping layouts and optimize routing. #### Piping layout optimization **Use case:** Piping design and plant layout ``` Design piping layout for [facility/area]. Equipment to connect: [list sources and destinations]. Constraints: Space limitations [describe], Existing piping/equipment [interferences], Access requirements [maintenance]. Develop layout: 1) Optimal routing minimizing length and fittings, 2) Elevation changes and slope requirements, 3) Support locations and spacing, 4) Thermal expansion accommodation, 5) Accessibility for operation and maintenance, 6) Drainage and venting provisions, 7) Future expansion considerations, 8) 3D coordination recommendations. ``` #### Pipe support design **Use case:** Structural support design and analysis ``` Design pipe support system for [line]. Pipe details: Size [NPS], Schedule [wall thickness], Material [type], Service [contents], Insulation [thickness if any], Operating temperature [°F]. Calculate: 1) Pipe weight (empty, full, test), 2) Support spacing per ASME B31.3 or MSS SP-69, 3) Support types (shoe, clamp, hanger, guide, anchor), 4) Support loads and reactions, 5) Thermal movement provisions, 6) Anchor and guide locations, 7) Spring hanger requirements if needed, 8) Support details and specifications. ``` #### Thermal expansion analysis **Use case:** Flexibility analysis and expansion accommodation ``` Analyze thermal expansion for piping system. System details: Pipe size [NPS], Material [type], Installation temperature [°F], Operating temperature [°F], Layout [describe routing with dimensions], Fixed points [anchors]. Calculate: 1) Thermal expansion/contraction amount, 2) Expansion loop or offset design, 3) Guided cantilever or Z-bend dimensions, 4) Stresses induced by restrained expansion, 5) Forces on anchors and equipment nozzles, 6) Flexibility factor and stress ratios, 7) Expansion joint alternative if applicable. ``` ### Stress Analysis & Code Compliance Perform stress analysis and ensure code compliance. #### Pipe stress analysis **Use case:** Detailed engineering and code compliance ``` Perform pipe stress analysis for [critical line]. System: Pipe size/schedule [spec], Material [type], Design conditions [pressure/temp], Configuration [isometric sketch or description], Boundary conditions [equipment nozzles, anchors]. Analyze per ASME B31.3: 1) Sustained stress (weight + pressure), 2) Expansion stress (thermal), 3) Occasional stress (wind, seismic if applicable), 4) Combined stress check against allowables, 5) Nozzle loads on equipment vs allowables, 6) Support reactions, 7) Required modifications if overstressed, 8) Fatigue evaluation if cyclic. ``` #### Piping code compliance check **Use case:** Design review and quality assurance ``` Review piping design for code compliance. Code: [ASME B31.3/B31.1/B31.4/B31.8/other]. System: Service [fluid type], Design conditions [P/T], Material [specification]. Verify: 1) Material selection and ratings, 2) Wall thickness calculations, 3) Component ratings (fittings, flanges, valves), 4) Welding and fabrication requirements, 5) Support and restraint design, 6) Flexibility analysis requirements, 7) Testing and inspection requirements, 8) Documentation and quality assurance, 9) Non-compliances identified with remedies. ``` #### Flange rating verification **Use case:** Component selection and verification ``` Verify flange rating for [application]. Service: Fluid [type], Design pressure [PSIG], Design temperature [°F], Flange size [NPS], Flange class [rating]. Check: 1) Pressure-temperature rating from ASME B16.5 or B16.47, 2) Derating for temperature, 3) Bolt material and rating, 4) Gasket selection and suitability, 5) Compliance with service requirements, 6) Special considerations (thermal cycling, external loads), 7) Confirm adequacy or recommend higher rating. ``` ### Specialty Piping Systems Design specialty systems including steam, gas, and process piping. #### Steam piping design **Use case:** Steam system design and distribution ``` Design steam distribution piping. Steam conditions: Pressure [PSIG], Temperature [saturated or superheated °F], Flow rate [lb/hr], Distribution length [feet to end users]. Design system: 1) Pipe sizing for steam velocity limits (typically 6000-10000 fpm), 2) Pressure drop and available pressure at users, 3) Condensate formation and drainage, 4) Steam trap locations and sizing, 5) Thermal expansion loops or joints, 6) Support design for high temperature, 7) Insulation requirements, 8) Safety relief valve sizing and location. ``` #### Gas piping design **Use case:** Fuel gas system design and code compliance ``` Design gas piping system for [fuel type: natural gas, propane, etc.]. Requirements: Gas pressure [inlet PSIG], Flow rate [SCFH or Btu/hr load], Pipe length [distance to appliances], Number of outlets [appliances to serve], Code [NFPA 54, local]. Design: 1) Pipe sizing using pressure drop tables or calculations, 2) Pressure drop verification (<0.5 in w.c. typical), 3) Material selection (black steel, CSST, copper where allowed), 4) Longest run analysis, 5) Branch line sizing, 6) Regulator and meter requirements, 7) Shutoff valve locations, 8) Testing requirements per code. ``` #### Pressure relief device sizing **Use case:** Safety system design and overpressure protection ``` Size pressure relief device for [vessel or piping system]. Protected equipment: Type [vessel, heat exchanger, etc.], MAWP [max allowable working pressure], Set pressure [relief setting], Overpressure allowable [typically 10%], Relief scenario [describe: thermal expansion, blocked outlet, fire, runaway reaction]. Calculate per ASME Section VIII: 1) Required relief capacity (GPM, lb/hr, SCFM), 2) Orifice area calculation, 3) Standard orifice sizes and capacities, 4) Relief valve selection, 5) Inlet and outlet pipe sizing, 6) Backpressure analysis, 7) Discharge piping design, 8) Code compliance verification. ``` --- ## AI for Electrical Engineers **Category:** Engineering **Prompts:** 17 **Description:** Electrical engineering prompts for load calculations, wire sizing, power distribution, lighting design, short circuit analysis, and NEC compliance. **Tags:** Electrical, Power Systems, Engineering, Work Users ### Load Calculations & Service Sizing Calculate electrical loads and size electrical service. #### Electrical load calculation **Use case:** Service sizing and utility coordination ``` Calculate electrical load for [building type: residential/commercial/industrial]. Building details: Square footage [area], Occupancy type [use], Number of units [if multi-family], Equipment [list major loads]. Calculate per NEC Article 220: 1) General lighting load at [VA/sq ft per Table 220.12], 2) Receptacle loads (180 VA per outlet or per code), 3) Appliance and equipment loads, 4) HVAC loads (largest motor at 125%), 5) Demand factors application, 6) Total connected load and demand load, 7) Recommended service size (amps), 8) Panel schedule breakdown. ``` #### Panel load schedule **Use case:** Panel design and circuit distribution ``` Create panel load schedule for [panel name/location]. Panel type: [120/208V, 277/480V, single phase, three phase], Main breaker [rating], Service area [describe spaces/equipment]. Develop schedule: 1) Circuit numbering and descriptions, 2) Breaker sizes per circuit, 3) Load calculations (VA or watts), 4) Phase assignment (A, B, C), 5) Phase balancing (within 20% between phases), 6) Subtotals per phase, 7) Total connected and demand loads, 8) Verify panel capacity is adequate, 9) Spare circuits allowance (10-20%). ``` #### Transformer sizing **Use case:** Transformer selection and specification ``` Size transformer for [application]. Load requirements: Total connected load [kVA], Demand load [kVA], Load type [lighting, motor, mixed], Primary voltage [voltage], Secondary voltage [voltage], Phase [single/three]. Determine: 1) Transformer capacity (typically 125% of demand load), 2) Standard sizes available, 3) Impedance and voltage regulation, 4) Temperature rise and efficiency, 5) Primary and secondary overcurrent protection, 6) Load growth considerations, 7) Recommended transformer kVA rating with spec. ``` ### Wire & Cable Sizing Size conductors and cables per NEC requirements. #### Wire sizing calculation **Use case:** Conductor selection and NEC compliance ``` Size conductors for circuit. Circuit details: Load [amperage], Voltage [120V/208V/480V], Length [one-way distance in feet], Load type [continuous/non-continuous], Installation [conduit/cable tray/direct burial], Ambient temperature [°F], Number of current-carrying conductors. Calculate per NEC: 1) Continuous load adjustment (125% if continuous), 2) Ampacity from NEC Table 310.16 (formerly 310.15(B)(16)), 3) Temperature correction factors (Table 310.15(B)(2)(a)), 4) Conduit fill derating (Table 310.15(B)(3)(a)), 5) Voltage drop calculation (recommend <3% branch, <5% total), 6) Minimum wire size based on all factors, 7) Ground wire sizing per Table 250.122. ``` #### Voltage drop analysis **Use case:** Performance verification and code compliance ``` Analyze voltage drop for circuit. Circuit: Conductor size [AWG], Material [copper/aluminum], Length [feet], Current [amps], Voltage [volts], Power factor [if motor load], Installation [conduit configuration]. Calculate: 1) Conductor resistance (ohms per 1000 ft from NEC Chapter 9 Table 8), 2) Reactance for AC circuits if applicable, 3) Voltage drop using appropriate formula (single phase: VD = 2 × I × R × L / 1000; three phase: VD = 1.732 × I × R × L / 1000), 4) Voltage drop percentage, 5) Verify against NEC recommendation (3% max for branch circuits, 5% total feeder + branch), 6) Voltage at load end, 7) If excessive, recommend larger conductor sizes. ``` #### Conduit fill calculation **Use case:** Raceway design and installation planning ``` Calculate conduit fill for [number of conductors]. Conductors: [List sizes and types: THHN, THWN, etc.], Conduit type [EMT, rigid, PVC], Installation [underground, above ground]. Determine per NEC Article 300: 1) Cross-sectional area of each conductor (from NEC Chapter 9 Table 5), 2) Total conductor area, 3) Allowable conduit fill percentage (40% for 3+ conductors, per Table 1), 4) Required conduit size from NEC Chapter 9 Table 4, 5) Verify adequate space, 6) Derating factors for ampacity if more than 3 current-carrying conductors, 7) Recommended conduit size. ``` ### Lighting Design & Calculations Design lighting systems and calculate illumination levels. #### Lighting level calculation **Use case:** Lighting design and energy efficiency ``` Calculate lighting for [space type]. Space details: Dimensions [length × width × height], Mounting height [fixture height], Surface reflectances [ceiling/walls/floor], Use [office, warehouse, classroom, etc.], Target illumination [fc or lux per IES recommendations]. Using lumen method (zonal cavity): 1) Room cavity ratio (RCR) calculation, 2) Coefficient of utilization (CU) from fixture photometry, 3) Light loss factor (LLF) estimate, 4) Lumens required = (fc × area) / (CU × LLF), 5) Number of fixtures required, 6) Fixture layout for uniformity, 7) Watts per square foot and energy code compliance. ``` #### Lighting fixture selection **Use case:** Fixture specification and procurement ``` Select lighting fixtures for [application]. Requirements: Space type [use], Illumination level [fc required], Ceiling type/height [dimensions], Aesthetic preferences [recessed, pendant, surface], Energy efficiency [LED, LPW targets], Controls [dimming, occupancy sensors]. Recommend: 1) Fixture types suitable for application, 2) Light source (LED specs: CCT, CRI), 3) Lumen output and wattage, 4) Efficacy (lumens per watt), 5) Photometric distribution (Type I-V), 6) Mounting and installation method, 7) Quantity and layout, 8) Cost estimate and energy comparison. ``` #### Emergency lighting design **Use case:** Life safety and code compliance ``` Design emergency and egress lighting for [building/space]. Code requirements: [IBC, NFPA 101], Occupancy type [classification], Egress paths [describe routes]. Design per code: 1) Minimum illumination levels (1 fc average, 0.1 fc minimum), 2) Exit sign locations per travel distance, 3) Emergency lighting fixture locations, 4) Battery backup duration (typically 90 minutes), 5) Testing and maintenance requirements, 6) Photometric calculations at floor level, 7) Compliance with AHJ requirements, 8) Equipment schedule. ``` ### Power Distribution & Protection Design power distribution systems and protective devices. #### Overcurrent protection sizing **Use case:** Circuit protection and safety ``` Size overcurrent protection for [equipment/circuit]. Load details: Full load current [amps], Load type [motor, continuous, general], Conductor size [AWG], Conductor ampacity [amps]. Size per NEC: 1) Breaker or fuse rating selection, 2) Continuous load consideration (125% rule per 210.20), 3) Motor circuits (430.52 - typically 250% for inverse time breaker), 4) Conductor protection (240.4 - not exceed ampacity), 5) Standard sizes per 240.6, 6) Verify coordination with upstream devices, 7) Recommended overcurrent device rating and type. ``` #### Motor circuit design **Use case:** Motor control and power circuits ``` Design motor branch circuit for [motor application]. Motor nameplate: HP [horsepower], Voltage [volts], FLA [full load amps], Service factor [typically 1.15], Code letter [if applicable]. Design per NEC Article 430: 1) Branch circuit conductor sizing (125% of FLA per 430.22), 2) Overload protection (typically 115-125% per 430.32), 3) Short circuit protection (430.52 - breaker or fuse sizing), 4) Disconnecting means (430.110), 5) Controller sizing, 6) Conduit size with ground, 7) Voltage drop check, 8) Complete circuit design with specifications. ``` #### Short circuit analysis **Use case:** System protection and safety analysis ``` Calculate short circuit currents for [system]. System parameters: Utility available fault current [kA], Transformer [kVA, impedance %], Cable/bus impedances [from point of supply to point of fault], System voltage [volts]. Calculate: 1) Fault current at main switchboard/panel, 2) Point-to-point method for downstream faults, 3) Bolted 3-phase and line-to-ground fault currents, 4) Available fault current in kA rms symmetrical, 5) Verify equipment interrupting rating (SCCR), 6) Arc flash hazard category per NFPA 70E or IEEE 1584, 7) Recommend equipment ratings and PPE. ``` ### Grounding & Bonding Design grounding systems per NEC Article 250. #### Grounding system design **Use case:** Safety grounding and NEC compliance ``` Design grounding system for [facility type]. Service: Main service size [amps], Voltage [volts], Type [solidly grounded wye, etc.]. Design per NEC Article 250: 1) Grounding electrode system (rods, concrete-encased, ground ring), 2) Grounding electrode conductor size (Table 250.66), 3) Main bonding jumper sizing (Table 250.102(C)(1)), 4) Equipment grounding conductor sizes (Table 250.122), 5) Separately derived systems grounding, 6) Ground resistance target (<25 ohms preferred), 7) Testing and verification requirements. ``` #### Equipment grounding conductor sizing **Use case:** Safety and ground fault protection ``` Size equipment grounding conductor (EGC) for circuit. Circuit details: Overcurrent protection device [breaker/fuse rating], Circuit type [branch/feeder], Installation [conduit/cable], Distance [length]. Size per NEC 250.122: 1) Minimum EGC size from Table 250.122 based on OCPD rating, 2) Adjustments for voltage drop if very long circuit, 3) Upsizing if circuit conductors are increased for VD, 4) Aluminum vs copper if applicable, 5) Multiple circuits in conduit considerations, 6) Recommended EGC size and specifications. ``` ### Special Systems & Applications Design specialty electrical systems. #### Generator sizing and selection **Use case:** Backup power and emergency systems ``` Size standby/emergency generator for [facility]. Load requirements: Critical loads [kW], Essential loads [kW], Load types [resistive, inductive, motor], Starting inrush [largest motor HP or kW]. Determine: 1) Total connected and running loads, 2) Motor starting kVA (typically 6× kW for across-the-line start), 3) Generator capacity in kW and kVA, 4) Recommended generator size with margin, 5) Voltage and phase, 6) Fuel type and consumption, 7) Transfer switch specifications, 8) Code requirements per NEC 700/701/702. ``` #### Arc flash hazard analysis **Use case:** Worker safety and NFPA 70E compliance ``` Perform arc flash hazard analysis for [equipment]. Equipment: Type [switchboard, panel, MCC], Voltage [volts], Available fault current [kA], Protective device [breaker/fuse, clearing time], Working distance [inches]. Calculate per IEEE 1584 or NFPA 70E: 1) Incident energy (cal/cm²), 2) Arc flash boundary (distance), 3) PPE category or required PPE, 4) Arc flash label requirements, 5) Mitigation strategies (faster protection, current limiting, increased spacing), 6) Recommendations for safe operation. ``` #### Photovoltaic system design **Use case:** Renewable energy and sustainability ``` Design PV solar system for [application]. System parameters: Array capacity target [kW DC], Location [city/state for solar resource], Roof/ground mount [area available], Utility [interconnection voltage], Loads [building consumption pattern]. Design: 1) Array sizing (modules and configuration), 2) Inverter selection and sizing, 3) String calculations (Voc, Isc per NEC 690), 4) Wire sizing (125% continuous load rule), 5) Overcurrent protection, 6) Grounding and bonding, 7) AC and DC disconnect requirements, 8) Energy production estimate. ``` --- ## AI for Mechanical Engineers **Category:** Engineering **Prompts:** 6 **Description:** Mechanical engineering prompts for equipment selection, heat transfer, mechanical design, strength calculations, and system optimization. **Tags:** Mechanical, Engineering, Design, Work Users ### Equipment Selection Select and size mechanical equipment. #### Pump selection and sizing **Use case:** Fluid handling and pumping systems ``` Select pump for [application]. Service requirements: Fluid [type, viscosity, specific gravity], Flow rate [GPM or m³/h], Total head [feet or meters], NPSH available [feet], Temperature [°F], Solids content if any. Determine: 1) Pump type selection (centrifugal, positive displacement), 2) Impeller size and speed, 3) Pump curve analysis (flow, head, efficiency, NPSHR), 4) Motor horsepower (BHP = Q × H × SG / 3960 / efficiency), 5) Best efficiency point operation, 6) Cavitation check (NPSHA > NPSHR), 7) Material selection, 8) Recommended pump with specifications. ``` #### Fan selection and performance **Use case:** Ventilation and air moving systems ``` Select fan for [application]. Requirements: Airflow [CFM], Static pressure [inches w.g.], Altitude [feet], Temperature [°F], Application [supply/exhaust/process]. Determine: 1) Fan type selection (centrifugal, axial), 2) Fan size and speed (RPM), 3) Fan curve and operating point, 4) Motor horsepower (HP = CFM × SP / 6356 / efficiency), 5) Fan efficiency, 6) Sound power level estimates, 7) Drive type, 8) Recommended fan with performance data. ``` #### Heat exchanger sizing **Use case:** Heat transfer and thermal systems ``` Design/select heat exchanger for [application]. Service: Hot fluid [type, flow, inlet/outlet temps], Cold fluid [type, flow, inlet/outlet temps], Fouling factors, Pressure drop limits. Calculate: 1) Heat duty (Q = m × cp × ΔT), 2) LMTD (log mean temperature difference), 3) Overall heat transfer coefficient (U), 4) Required area (A = Q / (U × LMTD)), 5) Exchanger type selection (shell-tube, plate, air-cooled), 6) Size and configuration, 7) Pressure drop verification. ``` ### Mechanical Design & Analysis Perform strength and design calculations. #### Shaft design and sizing **Use case:** Rotating equipment and power transmission ``` Design shaft for [application]. Loading: Torque [lb-in], Bending moment [if any], Speed [RPM], Power [HP], Service factor, Material [steel grade, yield strength]. Design: 1) Shaft diameter from torsional stress (τ = 16T / πd³ < allowable), 2) Bending stress verification, 3) Combined stress analysis (Von Mises), 4) Deflection calculations, 5) Critical speed calculation, 6) Keyway design, 7) Recommended shaft diameter and material. ``` #### Bearing selection **Use case:** Bearing applications and machine design ``` Select bearing for [application]. Load conditions: Radial load [lbs], Axial load [lbs], Shaft speed [RPM], Shaft diameter [inches], Operating temperature [°F], Life requirement [hours], Lubrication [oil/grease]. Determine: 1) Bearing type (ball, roller, tapered), 2) Equivalent load calculation, 3) Basic load rating required (C = P × (L/10⁶)^(1/3) for ball bearings), 4) Bearing size selection from catalogs, 5) Life verification (L10 life), 6) Mounting and fit recommendations, 7) Recommended bearing with part number. ``` #### Pressure vessel design **Use case:** Pressure vessel engineering and ASME code compliance ``` Design pressure vessel for [service]. Requirements: Internal pressure [PSIG], Temperature [°F], Inside diameter [inches], Material [SA-516-70, etc.], Corrosion allowance [inches], Vessel length. Design per ASME Section VIII Div 1: 1) Shell thickness (t = PR / (SE - 0.6P)), 2) Head thickness and type selection, 3) Nozzle reinforcement calculations, 4) Support design (saddle, skirt, legs), 5) Maximum allowable working pressure, 6) Hydrostatic test pressure, 7) Required certifications and inspection. ``` --- ## AI for Structural Engineers **Category:** Engineering **Prompts:** 8 **Description:** Structural engineering prompts for beam and column design, foundation sizing, load calculations, seismic analysis, and building code compliance. **Tags:** Structural, Civil, Engineering, Work Users ### Member Design Design structural members including beams, columns, and connections. #### Beam design and analysis **Use case:** Structural framing and floor systems ``` Design beam for [application]. Loading: Span [length], Dead load [psf or plf], Live load [psf or plf], Point loads [if any], Load combinations per [ASCE 7], Beam material [steel/concrete/wood]. Design per applicable code: 1) Load combinations (LRFD or ASD), 2) Moment and shear diagrams, 3) Maximum bending moment and shear, 4) Required section modulus (S = M / Fb), 5) Select beam size (W-shape, C-channel, etc.), 6) Deflection check (typically L/360 or L/240), 7) Verify shear, 8) Connection requirements. ``` #### Column design **Use case:** Vertical load-bearing members ``` Design column for [structure type]. Loading: Axial load [kips or kN], Moment [if any], Unbraced length [feet], End conditions [pinned/fixed], Material [steel grade or concrete strength]. Design per AISC 360 or ACI 318: 1) Slenderness check (KL/r), 2) Effective length factor (K), 3) For steel: critical buckling stress, nominal compressive strength (Pn), 4) For concrete: minimum reinforcement, interaction diagram, 5) Select column size, 6) Verify capacity (φPn ≥ Pu), 7) Base plate design if applicable. ``` #### Connection design **Use case:** Steel connections and detailing ``` Design connection for [connection type: beam-to-column, splice, etc.]. Forces: Shear [kips], Moment [kip-ft], Axial [kips], Member sizes [describe connected members]. Design per AISC 360: 1) Connection type selection (bolted, welded, or hybrid), 2) Force distribution and load path, 3) Bolt sizing and quantity (for bolted), 4) Weld size and length (for welded), 5) Check bolt bearing, shear, and tension, 6) Check plate or angle thickness, 7) Verify all limit states, 8) Connection detail drawing description. ``` ### Foundation Design Design foundations and retaining structures. #### Spread footing design **Use case:** Shallow foundation design ``` Design spread footing for [column/wall]. Loading: Dead load [kips], Live load [kips], Moment [if any], Soil bearing capacity [PSF], Footing depth [feet below grade]. Design per ACI 318: 1) Unfactored loads and load combinations, 2) Required footing area (A = P / qa), 3) Footing dimensions (square or rectangular), 4) Check overturning and sliding if moment present, 5) Factored soil pressure, 6) One-way and two-way shear checks, 7) Flexural reinforcement design, 8) Development length and detailing. ``` #### Retaining wall design **Use case:** Earth retention and site work ``` Design cantilever retaining wall for [site conditions]. Wall height [feet], Retained soil properties [unit weight, friction angle, surcharge], Passive soil in front, Foundation soil bearing capacity. Design: 1) Select wall dimensions (stem thickness, base width, heel/toe lengths), 2) Lateral earth pressure calculations (Rankine or Coulomb), 3) Sliding check (FS ≥ 1.5), 4) Overturning check (FS ≥ 2.0), 5) Bearing pressure check, 6) Stem design (reinforcement), 7) Base slab design, 8) Drainage and waterproofing recommendations. ``` ### Load Analysis & Code Compliance Calculate loads and ensure code compliance. #### Load combination analysis **Use case:** Structural analysis and design basis ``` Determine critical load combinations for [structure type]. Applicable loads: Dead load [magnitude], Live load, Snow load [if applicable], Wind load, Seismic load [if applicable]. Create combinations per ASCE 7: 1) LRFD combinations (1.2D + 1.6L, 1.2D + 1.0L + 1.0W, etc.), 2) ASD combinations (D + L, D + 0.75L + 0.75S, etc.), 3) Identify governing combination for each member/element, 4) Factored loads for design, 5) Provide load combination table. ``` #### Seismic design parameters **Use case:** Seismic design and lateral force analysis ``` Determine seismic design parameters for [building]. Location: [address or coordinates], Occupancy category [I, II, III, IV], Seismic force-resisting system [moment frame, shear wall, braced frame, etc.], Building height and configuration. Calculate per ASCE 7: 1) Site class determination, 2) Mapped spectral accelerations (Ss, S1), 3) Site coefficients (Fa, Fv), 4) Design spectral accelerations (SDS, SD1), 5) Seismic design category (SDC), 6) Response modification factor (R), 7) Seismic base shear (V = Cs × W), 8) Vertical distribution of forces. ``` #### Wind load calculation **Use case:** Wind design and lateral loads ``` Calculate wind loads for [structure type]. Building data: Height [feet], Width [feet], Length [feet], Location [city/state], Exposure category [B, C, D], Importance factor [I]. Calculate per ASCE 7 Chapter 27 or 28: 1) Basic wind speed (V), 2) Wind directionality factor (Kd), 3) Velocity pressure (qz), 4) External pressure coefficients (Cp), 5) Internal pressure coefficient (GCpi), 6) Design wind pressure (p = qz × GCp - qi × GCpi), 7) Apply to windward, leeward, and side walls, 8) Lateral force for MWFRS design. ``` --- ## AI for Process Engineers **Category:** Engineering **Prompts:** 8 **Description:** Process engineering prompts for mass and energy balances, equipment sizing, process optimization, P&IDs, and chemical process design. **Tags:** Process, Chemical Engineering, Engineering, Work Users ### Mass & Energy Balances Perform process calculations and material balances. #### Mass balance calculation **Use case:** Process design and optimization ``` Perform mass balance for [process unit]. Input streams: [list compositions, flow rates], Reaction/separation [describe what occurs], Output streams: [desired products]. Calculate: 1) Overall material balance, 2) Component balances, 3) Conversion and yield calculations, 4) Recycle stream calculations if applicable, 5) Purge requirements, 6) Material requirements per unit product, 7) Verify balance closure (in = out + accumulation). ``` #### Energy balance and heat integration **Use case:** Energy efficiency and utility design ``` Perform energy balance for [process]. Process description: [unit operations], Stream data: [temperatures, flow rates, heat capacities], Reactions [heats of reaction if any]. Calculate: 1) Enthalpy of each stream, 2) Energy balance around each unit, 3) Heating and cooling duties, 4) Heat integration opportunities, 5) Utility requirements (steam, cooling water), 6) Energy consumption per unit product, 7) Pinch analysis if applicable, 8) Recommend heat recovery options. ``` ### Equipment Sizing & Selection Size and specify process equipment. #### Reactor design and sizing **Use case:** Reaction engineering and reactor design ``` Design reactor for [reaction type]. Reaction: [chemical equation, kinetics], Desired production rate [units/hr], Feed conditions [composition, temp, pressure], Target conversion [%]. Design: 1) Reactor type selection (batch, CSTR, PFR, PBR), 2) Volume calculation based on kinetics and residence time, 3) Heat transfer requirements (jacket, coils, external), 4) Pressure and temperature rating, 5) Agitation or mixing requirements, 6) Materials of construction, 7) Safety considerations (relief sizing), 8) Reactor specifications. ``` #### Distillation column sizing **Use case:** Separation processes and column design ``` Design distillation column to separate [mixture]. Feed: [composition, flow rate, condition], Products: [desired purity of distillate and bottoms], Operating pressure [or reflux ratio]. Design using McCabe-Thiele or Fenske equations: 1) Number of theoretical stages, 2) Minimum reflux ratio, 3) Operating reflux ratio (typically 1.2-1.5 × Rmin), 4) Column diameter (tray or packed), 5) Column height, 6) Reboiler and condenser duties, 7) Tray or packing selection, 8) Pressure drop estimate. ``` #### Relief valve sizing **Use case:** Process safety and overpressure protection ``` Size pressure relief device for [vessel/system]. Protected equipment: Design pressure [PSIG], Relieving scenario [thermal expansion, fire, runaway reaction, etc.], Relief rate calculation [describe basis]. Size per API 520/521: 1) Required relief capacity (mass or volumetric flow), 2) Relief valve set pressure and overpressure, 3) Orifice area calculation, 4) Standard orifice size selection, 5) Inlet and outlet piping design, 6) Back pressure analysis, 7) Discharge system design, 8) Relief valve specification. ``` ### Process Control & Optimization Design control schemes and optimize processes. #### Control loop design **Use case:** Process automation and control systems ``` Design control strategy for [process variable: temperature, pressure, flow, level, composition]. Process characteristics: [dynamics, time constants, dead time], Disturbances [expected disturbances], Control objective [setpoint tracking, disturbance rejection]. Develop: 1) Controlled variable selection, 2) Manipulated variable selection, 3) Controller type (P, PI, PID, cascade, feedforward), 4) Sensor and transmitter specifications, 5) Control valve sizing and selection, 6) Controller tuning recommendations, 7) Interlock and alarm strategy, 8) Control narrative. ``` #### P&ID development **Use case:** Process documentation and engineering basis ``` Create P&ID for [process unit]. Process description: [unit operations, equipment], Control philosophy [describe control strategy], Safety systems [interlocks, alarms]. Develop P&ID showing: 1) All equipment with tag numbers, 2) Process piping with line numbers, 3) Instrumentation (sensors, transmitters, controllers), 4) Control valves and on-off valves, 5) Utility connections, 6) Safety devices (relief valves, rupture disks), 7) Sample points, 8) Equipment specifications table, 9) Instrument index. ``` #### Process optimization study **Use case:** Process improvement and efficiency ``` Optimize [process or unit operation]. Current operation: [describe current conditions and performance], Constraints: [equipment limits, product specs, safety limits], Objective function: [maximize yield, minimize cost, maximize throughput]. Analyze: 1) Identify optimization variables, 2) Sensitivity analysis on key parameters, 3) Bottleneck identification, 4) Alternative operating conditions, 5) Economic evaluation of alternatives, 6) Recommended optimal conditions, 7) Expected improvement quantified, 8) Implementation plan. ``` --- ## AI for Instrumentation & Control Engineers **Category:** Engineering **Prompts:** 10 **Description:** Instrumentation and control engineering prompts for instrument selection, control valve sizing, loop tuning, calibration, and control system design. **Tags:** Instrumentation, Control Systems, Engineering, Work Users ### Instrument Selection & Sizing Select and specify instrumentation for process measurements. #### Flow meter selection **Use case:** Flow measurement and instrumentation design ``` Select flow meter for [application]. Fluid: [type, viscosity, density], Flow range: [min to max], Pipe size [inches], Accuracy required [%], Pressure/temperature [conditions]. Compare options: 1) Meter types suitable (orifice, magnetic, vortex, Coriolis, ultrasonic, turbine), 2) Pros and cons per technology, 3) Accuracy and rangeability, 4) Pressure drop considerations, 5) Installation requirements, 6) Cost comparison (capital and maintenance), 7) Recommended meter type with sizing, 8) Transmitter specifications. ``` #### Level measurement selection **Use case:** Level instrumentation and tank gauging ``` Select level measurement for [vessel/tank]. Service: [fluid type, density, temperature, pressure], Vessel: [size, orientation, nozzle locations], Measurement type needed: [continuous/point, local/remote], Accuracy [tolerance], Interface measurement [if two-phase]. Evaluate technologies: 1) Options (differential pressure, radar, ultrasonic, capacitance, float, displacer), 2) Suitability for service conditions, 3) Pros and cons, 4) Installation and maintenance, 5) Accuracy and response time, 6) Recommended solution with specifications. ``` #### Pressure transmitter sizing **Use case:** Pressure measurement systems ``` Specify pressure transmitter for [application]. Service: [fluid, process pressure range, temperature], Measurement type [gauge, absolute, differential], Required performance: [accuracy, turndown, response time], Process connection [flanged, threaded, remote seal]. Specify: 1) Pressure range selection (overpressure consideration), 2) Transmitter technology (capacitance, piezoresistive, resonant), 3) Materials (wetted parts, housing), 4) Output signal (4-20mA, HART, digital fieldbus), 5) Hazardous area classification if applicable, 6) Recommended transmitter model with specifications. ``` ### Control Valve Sizing & Selection Size and select control valves for process control. #### Control valve sizing **Use case:** Process control and valve specification ``` Size control valve for [service]. Process data: Fluid [type, specific gravity, viscosity], Flow rate [normal, min, max], Inlet pressure [PSIG], Outlet pressure [PSIG], Temperature [°F], Allowable pressure drop. Calculate per ISA-75.01: 1) Required Cv (Cv = Q × √(SG / ΔP) for liquids), 2) Valve size selection (typically 1-2 sizes smaller than line), 3) Check for flashing or cavitation (valve recovery factor), 4) Choked flow analysis for gases, 5) Valve characteristic (linear, equal %, quick opening), 6) Installed gain and rangeability, 7) Recommended valve size and trim, 8) Actuator sizing. ``` #### Valve actuator selection **Use case:** Valve automation and final control elements ``` Select valve actuator for [valve type and size]. Valve data: Size [inches], Cv [coefficient], Style [globe, ball, butterfly], Operating pressure [PSIG], Close-off pressure differential [PSI]. Environment: [indoor/outdoor, temperature, hazardous area]. Determine: 1) Required actuator thrust or torque, 2) Actuator type (pneumatic, electric, hydraulic), 3) Fail position (fail open, fail closed, fail last), 4) Stroking time requirements, 5) Accessories (positioner, limit switches, solenoids), 6) Environmental protection (NEMA rating), 7) Recommended actuator specifications. ``` ### Control Loop Design & Tuning Design control loops and tune controllers. #### PID controller tuning **Use case:** Process control optimization ``` Tune PID controller for [process variable] in [process description]. Process characteristics: [time constant, dead time, gain], Current response: [overshoot, oscillation, sluggish], Control objective: [setpoint tracking, disturbance rejection, stability]. Recommend tuning using [method]: 1) Open loop process reaction curve if available, 2) Ziegler-Nichols tuning rules (ultimate gain method or reaction curve), 3) Cohen-Coon tuning, 4) Lambda tuning (for first-order plus dead time), 5) Suggested PID parameters (Kp, Ki, Kd or proportional band, integral time, derivative time), 6) Expected closed-loop response, 7) Fine-tuning recommendations. ``` #### Cascade control design **Use case:** Advanced process control strategies ``` Design cascade control for [process]. Primary variable: [what ultimately needs control], Secondary variable: [faster responding variable to manipulate], Disturbances: [describe disturbances]. Design cascade loop: 1) Primary loop (master) selection and sensor, 2) Secondary loop (slave) selection and sensor, 3) Controller tuning sequence (tune inner loop first, then outer), 4) Tuning parameters for each controller, 5) Benefits analysis (disturbance rejection, improved response), 6) Implementation in DCS/PLC, 7) Commissioning procedure. ``` ### Instrumentation Documentation Create instrumentation specifications and documentation. #### Instrument datasheet creation **Use case:** Procurement and engineering documentation ``` Create instrument datasheet for [instrument type: transmitter, valve, analyzer]. Service: [process fluid, conditions], Tag number [from P&ID]. Datasheet should include: 1) Service description, 2) Process data (pressure, temperature, flow, composition), 3) Performance requirements (range, accuracy, response time), 4) Materials of construction, 5) Process connections and mounting, 6) Electrical classification and power supply, 7) Output signal and protocol, 8) Accessories and options, 9) Standards and approvals, 10) Vendor selection and model number. ``` #### Instrument index development **Use case:** Project instrumentation management ``` Create instrument index for [project/unit]. Based on P&ID tags. Index should list: 1) Tag number (per ISA-5.1 standard), 2) Service description, 3) Instrument type and function, 4) Process line or equipment served, 5) Instrument location (field, local, control room), 6) Input/output signals, 7) Power supply, 8) Datasheet reference, 9) Vendor and model when specified, 10) Installation status tracking. ``` #### Loop diagram creation **Use case:** Installation and commissioning documentation ``` Create instrument loop diagram for [control loop]. Loop: [tag number and description], Components: [field device, transmitter, controller, final element]. Diagram should show: 1) All loop components with tag numbers, 2) Signal types and ranges (4-20mA, digital, discrete), 3) Power supply sources, 4) Junction boxes and marshalling, 5) Cable and conduit routing, 6) Grounding and shielding, 7) Interconnection wiring details, 8) Terminal strip assignments, 9) I/O assignments in control system. ``` --- ## AI for Fire Protection Engineers **Category:** Engineering **Prompts:** 10 **Description:** Fire protection engineering prompts for sprinkler design, fire alarm systems, egress analysis, smoke control, and life safety code compliance. **Tags:** Fire Protection, Life Safety, Engineering, Work Users ### Sprinkler System Design Design automatic sprinkler systems per NFPA 13. #### Sprinkler system hydraulic calculation **Use case:** Sprinkler system design and code compliance ``` Perform hydraulic calculation for sprinkler system protecting [occupancy]. Design area: [sq ft per NFPA 13], Density: [gpm/sq ft per hazard classification], Hose stream allowance: [GPM], System type: [wet, dry, preaction]. Calculate per NFPA 13: 1) Number of sprinklers in design area, 2) Flow per sprinkler (Q = density × coverage area), 3) Pipe friction losses using Hazen-Williams (C=120), 4) Elevation pressure changes, 5) Fitting equivalent lengths, 6) Pressure at each node, 7) Required flow and pressure at source, 8) Verify water supply adequacy, 9) Hydraulic nameplate data. ``` #### Sprinkler spacing and layout **Use case:** Sprinkler protection and building coordination ``` Design sprinkler layout for [space]. Occupancy hazard: [light, ordinary, extra hazard], Ceiling type: [smooth, beamed, sloped], Ceiling height: [feet], Obstructions: [beams, ducts, lights]. Layout per NFPA 13: 1) Sprinkler coverage area (per listing and standard), 2) Maximum spacing (typically 15 ft), 3) Minimum spacing (typically 6 ft), 4) Distance from walls (maximum and minimum), 5) Obstruction rules and positioning, 6) Sprinkler type and temperature rating, 7) Branch line and main sizing, 8) Provide layout drawing description. ``` #### Water supply analysis **Use case:** Water supply adequacy and fire pump sizing ``` Analyze water supply for sprinkler system. Available supply: [static pressure, residual pressure at flow test, flow rate]. System demand: [required flow and pressure from hydraulic calc]. Evaluate: 1) Plot supply curve (pressure vs flow), 2) Plot system demand curve, 3) Safety margin at operating point (typically 5-10 PSI), 4) Adequacy determination (supply curve above demand), 5) Fire pump required (if supply inadequate), 6) Fire pump sizing (flow and pressure boost needed), 7) Suction source and pump specifications. ``` ### Fire Alarm Systems Design fire alarm and detection systems. #### Fire alarm device spacing **Use case:** Fire detection and notification design ``` Layout fire alarm devices for [space]. Building: Area [sq ft], Ceiling height [feet], Space use [occupancy type]. Design per NFPA 72: 1) Smoke detector spacing (typically 30 ft spacing, 900 sq ft per detector on smooth ceilings), 2) Heat detector spacing (based on detector listing and ceiling height), 3) Manual pull station locations (within 5 ft of exits, max 200 ft travel), 4) Notification appliance spacing (audible: 75 dBA coverage, visible: candela based on room size), 5) Adjust for ceiling configuration, 6) Provide device layout and quantities. ``` #### Fire alarm system design **Use case:** Complete fire alarm system engineering ``` Design fire alarm system for [building type]. Building: [size, occupancy, height, use]. Code requirements: [IBC, NFPA 72, local amendments]. System design: 1) System type (addressable, conventional), 2) Initiating devices (smoke, heat, pull stations, sprinkler flow/tamper), 3) Notification appliances (horns, strobes, speakers), 4) Control panel capacity and location, 5) Circuit design (signaling line, notification appliance), 6) Battery backup calculation (24hr standby + 5min alarm), 7) Annunciation and remote locations, 8) Interface with other systems (HVAC, elevators, doors), 9) Compliance with accessibility requirements. ``` ### Egress & Life Safety Analysis Analyze means of egress and life safety compliance. #### Egress capacity calculation **Use case:** Building code compliance and life safety ``` Calculate egress capacity for [building/floor]. Occupancy: [use group per IBC], Occupant load: [persons], Egress components: [doors, corridors, stairs]. Calculate per IBC Chapter 10: 1) Occupant load calculation (area / occupant load factor), 2) Required egress width (occupant load × 0.2 in per person for stairs, 0.15 for other), 3) Number of exits required (based on occupant load), 4) Exit separation distance, 5) Common path and dead-end limits, 6) Travel distance to exits (typically 200-250 ft), 7) Verify each egress component capacity, 8) Overall system adequacy. ``` #### Means of egress analysis **Use case:** Code review and egress design ``` Analyze means of egress for [building]. Building data: [stories, occupancy, construction type, area per floor]. Evaluate per IBC: 1) Occupant load calculations, 2) Number of exits required, 3) Exit arrangement and remoteness (typically 1/3 diagonal), 4) Exit access travel distance limits, 5) Corridor width and construction, 6) Door sizing and swing direction, 7) Stair width and construction, 8) Exit discharge to public way, 9) Signage and emergency lighting, 10) Identify any deficiencies and corrective measures. ``` ### Special Hazards & Suppression Design special suppression systems and analyze special hazards. #### Clean agent suppression system **Use case:** Computer room and special hazard protection ``` Design clean agent suppression system for [protected space]. Space: [volume, ceiling height, openings/leakage], Hazard: [equipment type, fuel load], Agent: [FM-200, Novec 1230, etc.]. Design per NFPA 2001: 1) Design concentration (typically 7-10% depending on agent and fuel), 2) Agent quantity calculation (based on volume, temperature, altitude), 3) Nozzle selection and placement, 4) Discharge time (typically 10 seconds), 5) Hold time requirements, 6) Ventilation lockdown, 7) Detection system (cross-zoned), 8) Pre-discharge alarm and abort, 9) Safety considerations (NOAEL, LOAEL). ``` #### Kitchen hood suppression system **Use case:** Commercial kitchen fire protection ``` Design kitchen hood suppression system for [cooking appliance]. Appliances: [type: solid fuel, char broiler, fryer, range, etc.], Hood dimensions: [length, width], Cooking media: [animal/vegetable oils, temperature]. Design per NFPA 96 and NFPA 17A: 1) System type selection (wet chemical for Class K), 2) Nozzle coverage and placement (per listing), 3) Agent quantity based on hazard, 4) Appliance fuel shutoff, 5) Hood exhaust fan shutdown, 6) Manual pull station location, 7) Link temperature rating, 8) Service and inspection requirements. ``` #### Smoke control system design **Use case:** Smoke management and tenability ``` Design smoke control system for [building feature: atrium, exit stair, corridor]. Building: [height, volume, use], Smoke management goal: [exhaust, pressurization, both]. Design per IBC Section 909: 1) Smoke control method (mechanical exhaust, pressurization, natural venting), 2) Design fire size (typically 5000 kW for atrium), 3) Exhaust rate calculation or pressure differential, 4) Supply and exhaust fan sizing, 5) Makeup air provisions, 6) Smoke detection and activation, 7) Control sequences, 8) Standby power, 9) Acceptance testing requirements, 10) Computer modeling recommendations. ``` --- ## AI for DevOps & SRE Engineers **Category:** Engineering **Prompts:** 20 **Description:** DevOps and Site Reliability Engineering prompts for CI/CD, infrastructure automation, container orchestration, monitoring, incident response, and cloud optimization. **Tags:** DevOps, SRE, Infrastructure, Work Users ### CI/CD & Automation Build and optimize continuous integration and deployment pipelines. #### CI/CD pipeline design **Use case:** Deployment automation and release management ``` Design CI/CD pipeline for [application type: web app, microservices, mobile, etc.]. Tech stack: [languages, frameworks], Deployment target: [Kubernetes, EC2, serverless, etc.], Current process: [describe manual steps]. Pipeline should include: 1) Source control triggers (branch strategies), 2) Build stage (compile, dependency management, artifact creation), 3) Testing stages (unit, integration, security scanning, performance), 4) Quality gates and approval steps, 5) Deployment stages (dev, staging, production), 6) Deployment strategy (blue-green, canary, rolling), 7) Rollback procedures, 8) Tools recommendation (Jenkins, GitLab CI, GitHub Actions, CircleCI). ``` #### Infrastructure as Code template **Use case:** Infrastructure provisioning and management ``` Create IaC template for [infrastructure requirement]. Platform: [AWS/Azure/GCP], Resources needed: [compute, networking, storage, databases, etc.], IaC tool: [Terraform, CloudFormation, Pulumi, ARM templates]. Template should include: 1) Resource definitions with parameters, 2) Network architecture (VPC, subnets, security groups), 3) Compute resources (instances, auto-scaling), 4) Data stores configuration, 5) IAM roles and policies, 6) Tagging strategy, 7) Output values, 8) State management approach, 9) Module structure if complex. ``` #### GitOps workflow design **Use case:** Declarative infrastructure and GitOps practices ``` Design GitOps workflow for [environment: Kubernetes cluster, cloud infrastructure]. Current deployment: [describe current state]. Requirements: [multi-environment, security, audit trail]. Create workflow: 1) Git repository structure (application, infrastructure, config repos), 2) Branch strategy and promotion flow, 3) GitOps operator selection (ArgoCD, Flux, Jenkins X), 4) Sync policies and health checks, 5) Secret management approach, 6) RBAC and access control, 7) Drift detection and remediation, 8) Disaster recovery from Git. ``` #### Build optimization strategy **Use case:** Developer productivity and pipeline efficiency ``` Optimize build pipeline for [project]. Current build time: [minutes], Build steps: [describe stages], Build tool: [Maven, Gradle, npm, Docker, etc.]. Analyze and optimize: 1) Identify bottlenecks (profiling build), 2) Caching strategies (dependencies, layers, artifacts), 3) Parallelization opportunities, 4) Incremental builds, 5) Multi-stage Docker builds, 6) Build agent optimization (resources, distribution), 7) Expected improvement, 8) Implementation plan. ``` ### Container & Kubernetes Design and manage containerized applications and Kubernetes clusters. #### Dockerfile optimization **Use case:** Container optimization and security ``` Optimize Dockerfile for [application]. Current Dockerfile: [describe or paste]. Base image: [current base image], Application type: [language/framework]. Optimization recommendations: 1) Base image selection (Alpine, distroless, language-specific), 2) Multi-stage build implementation, 3) Layer optimization (combine RUN commands), 4) .dockerignore configuration, 5) Build cache utilization, 6) Security best practices (non-root user, minimal packages), 7) Image size reduction techniques, 8) Build time improvements, 9) Final optimized Dockerfile. ``` #### Kubernetes deployment manifest **Use case:** Kubernetes application deployment ``` Create Kubernetes deployment manifest for [application]. Application details: [name, image, port, replicas], Requirements: [resource limits, scaling, health checks, config, secrets]. Create manifests for: 1) Deployment (replicas, rolling update strategy, pod template), 2) Service (ClusterIP, LoadBalancer, or NodePort), 3) ConfigMap for configuration, 4) Secret for sensitive data, 5) Resource requests and limits, 6) Liveness and readiness probes, 7) HorizontalPodAutoscaler if needed, 8) Ingress for external access, 9) NetworkPolicy for security. ``` #### Helm chart creation **Use case:** Kubernetes package management and templating ``` Create Helm chart for [application/service]. Application components: [list services, databases, dependencies], Configuration needs: [environment-specific values]. Chart structure: 1) Chart.yaml with metadata and dependencies, 2) values.yaml with default configurations, 3) Templates for Deployments, Services, ConfigMaps, 4) Environment-specific values files (dev, staging, prod), 5) Template helpers and functions, 6) NOTES.txt for post-install info, 7) Chart hooks for lifecycle management, 8) Versioning and upgrade strategy. ``` #### Kubernetes cluster sizing **Use case:** Capacity planning and cost optimization ``` Size Kubernetes cluster for [workload]. Workload characteristics: [number of services, expected traffic, resource requirements], Environment: [cloud provider, regions], Availability requirements: [uptime SLA]. Determine: 1) Node size and type recommendations, 2) Number of nodes for current load, 3) Auto-scaling configuration (cluster and pod), 4) Multi-AZ/region distribution, 5) Resource quotas and limits, 6) Control plane sizing, 7) Add-ons and system resources (monitoring, logging, service mesh), 8) Cost estimate and optimization. ``` ### Monitoring & Observability Implement comprehensive monitoring, logging, and observability. #### Monitoring strategy design **Use case:** System reliability and operational visibility ``` Design monitoring strategy for [system/application]. Architecture: [describe components], SLOs: [uptime, latency, error rate targets], Existing tools: [current monitoring if any]. Strategy should include: 1) Golden Signals monitoring (latency, traffic, errors, saturation), 2) Infrastructure metrics (CPU, memory, disk, network), 3) Application metrics (business and technical), 4) Log aggregation approach, 5) Distributed tracing strategy, 6) Dashboard design (overview, service-specific, infrastructure), 7) Alerting rules and thresholds, 8) On-call integration, 9) Tools recommendation (Prometheus, Grafana, ELK, Datadog, New Relic). ``` #### SLO and SLI definition **Use case:** Reliability engineering and service quality ``` Define SLOs and SLIs for [service/application]. Service description: [what it does, criticality], Users: [who depends on it], Current performance: [baseline metrics if known]. Define: 1) Service Level Indicators (what to measure: availability, latency, throughput), 2) Service Level Objectives (targets with time windows), 3) Error budget calculation, 4) Measurement and data source for each SLI, 5) Alerting based on SLO burn rate, 6) SLA implications if customer-facing, 7) Reporting and review process, 8) Continuous improvement triggers. ``` #### Alert configuration **Use case:** Incident detection and response automation ``` Configure alerting for [system/service]. Metrics available: [describe data sources], Alert destinations: [PagerDuty, Slack, email, etc.], On-call team: [team structure]. Create alert rules: 1) Critical alerts (page-worthy, immediate action), 2) Warning alerts (investigate during business hours), 3) Alert conditions with appropriate thresholds, 4) Alert grouping and suppression, 5) Escalation policies, 6) Runbook links for each alert, 7) Alert fatigue prevention strategies, 8) Testing and validation of alerts. ``` #### Logging architecture design **Use case:** Centralized logging and troubleshooting ``` Design logging architecture for [application/infrastructure]. Scale: [log volume per day], Log sources: [applications, infrastructure, security], Retention requirements: [how long to keep logs]. Architecture: 1) Log collection method (agents, sidecars, API), 2) Log aggregation platform (ELK, Splunk, CloudWatch, Loki), 3) Log parsing and structuring, 4) Indexing strategy, 5) Retention and archival policies, 6) Search and analysis capabilities, 7) Security and access control, 8) Cost optimization strategies, 9) Integration with monitoring and alerting. ``` ### Incident Response & SRE Practices Establish incident management and site reliability practices. #### Incident response runbook **Use case:** Operational excellence and MTTR reduction ``` Create incident response runbook for [service/system]. Common incidents: [list known issues], Service architecture: [components and dependencies], On-call team: [team members and escalation]. Runbook should include: 1) Incident severity definitions, 2) Initial response steps (triage, communication), 3) Common failure scenarios with troubleshooting steps, 4) Diagnostic commands and tools, 5) Mitigation and remediation procedures, 6) Rollback procedures, 7) Communication templates and channels, 8) Post-incident review process, 9) Escalation contacts and procedures. ``` #### Post-incident review template **Use case:** Continuous improvement and learning culture ``` Create post-incident review (postmortem) for [incident]. Incident: [brief description], Impact: [users affected, duration, business impact], Timeline: [key events]. Review should cover: 1) Incident summary, 2) Timeline of events (detection, escalation, resolution), 3) Root cause analysis (5 whys, fishbone), 4) Impact assessment (technical and business), 5) What went well, 6) What went wrong, 7) Action items with owners and deadlines, 8) Lessons learned, 9) Follow-up and tracking. Blameless culture focus. ``` #### Chaos engineering experiment **Use case:** Resilience testing and failure preparation ``` Design chaos engineering experiment for [system]. System: [architecture and critical components], Hypothesis: [what we believe about system resilience], Blast radius: [scope of experiment]. Design experiment: 1) Steady state definition (normal metrics), 2) Hypothesis to test (e.g., 'system remains available when database fails'), 3) Chaos injection method (kill pods, network latency, resource exhaustion), 4) Monitoring during experiment, 5) Abort conditions and safeguards, 6) Experiment steps and duration, 7) Expected vs actual behavior, 8) Improvements identified, 9) Gameday planning. ``` #### On-call rotation design **Use case:** Operational support and team health ``` Design on-call rotation for [team]. Team size: [number of engineers], Services: [systems being supported], Coverage needs: [24/7 or business hours]. Rotation design: 1) Rotation schedule (weekly, bi-weekly), 2) Primary and secondary on-call, 3) Handoff procedures and documentation, 4) Escalation path and backup contacts, 5) Compensation and time-off policies, 6) On-call responsibilities and expectations, 7) Training and readiness for new on-callers, 8) Tools (PagerDuty, OpsGenie), 9) Load balancing and burnout prevention. ``` ### Cloud Architecture & Optimization Design cloud infrastructure and optimize costs and performance. #### Cloud cost optimization **Use case:** FinOps and cloud cost management ``` Analyze and optimize cloud costs for [AWS/Azure/GCP account]. Current spend: [monthly cost], Resources: [compute, storage, network, etc.], Workload characteristics: [variable, steady, spiky]. Optimization recommendations: 1) Right-sizing analysis (over-provisioned resources), 2) Reserved instances or savings plans, 3) Spot instances for fault-tolerant workloads, 4) Storage tiering and lifecycle policies, 5) Unused resource identification, 6) Auto-scaling optimization, 7) Network cost reduction (data transfer), 8) Cost allocation and tagging strategy, 9) Expected savings and implementation priority. ``` #### High availability architecture **Use case:** Reliability and business continuity ``` Design high availability architecture for [application]. Requirements: Availability target [99.9%, 99.99%, etc.], RTO [recovery time objective], RPO [recovery point objective], Scale: [traffic volume, data size]. Architecture should include: 1) Multi-AZ/region deployment strategy, 2) Load balancing and health checks, 3) Database replication and failover, 4) Stateless application design, 5) Caching layers, 6) Disaster recovery procedures, 7) Backup strategy, 8) Monitoring and auto-healing, 9) Testing and validation approach. ``` #### Security hardening checklist **Use case:** Security posture and compliance ``` Create security hardening checklist for [infrastructure: cloud account, Kubernetes cluster, CI/CD pipeline]. Environment: [describe setup], Compliance requirements: [SOC2, PCI, HIPAA, etc.]. Checklist should cover: 1) IAM and access control (least privilege, MFA), 2) Network security (security groups, firewalls, segmentation), 3) Data encryption (at rest and in transit), 4) Secrets management, 5) Patch management and vulnerability scanning, 6) Logging and audit trails, 7) Backup and recovery, 8) Container security (image scanning, runtime protection), 9) Compliance controls, 10) Regular security assessments. ``` #### Disaster recovery plan **Use case:** Business continuity and resilience ``` Create disaster recovery plan for [system/application]. Architecture: [describe current setup], Data: [databases, storage, critical data], RTO: [target recovery time], RPO: [acceptable data loss]. DR plan: 1) Disaster scenarios (region failure, data corruption, security breach), 2) Backup strategy (frequency, retention, testing), 3) Data replication (sync vs async, cross-region), 4) Failover procedures (manual vs automatic), 5) Recovery steps by component, 6) Communication plan, 7) Testing schedule (quarterly DR drills), 8) Documentation and runbooks, 9) Post-recovery validation. ``` --- ## AI for Application Developers **Category:** Engineering **Prompts:** 24 **Description:** Application development prompts for frontend, backend, API design, database optimization, testing strategies, and software architecture patterns. **Tags:** Development, Software Engineering, Programming, Work Users ### Frontend Development Build modern, responsive frontend applications. #### React component architecture **Use case:** Frontend architecture and React development ``` Design React component architecture for [feature/application]. Requirements: [describe functionality], State management: [Redux, Context, Zustand, etc.], UI complexity: [simple, medium, complex]. Design: 1) Component hierarchy and structure, 2) State management approach (local vs global), 3) Props interface definitions, 4) Component reusability strategy, 5) Performance optimizations (memoization, lazy loading), 6) Folder structure and naming conventions, 7) Styling approach (CSS Modules, Styled Components, Tailwind), 8) Testing strategy (unit, integration), 9) Code example for key components. ``` #### Responsive design implementation **Use case:** Mobile-first and responsive web design ``` Implement responsive design for [component/page]. Target devices: [mobile, tablet, desktop], Design specs: [describe or reference design], Framework: [React, Vue, vanilla JS]. Implementation plan: 1) Breakpoint strategy (mobile-first or desktop-first), 2) CSS approach (Flexbox, Grid, frameworks), 3) Media query structure, 4) Component adaptation patterns, 5) Image optimization and responsive images, 6) Touch vs mouse interactions, 7) Performance considerations, 8) Testing across devices, 9) Code examples for key responsive patterns. ``` #### Frontend performance optimization **Use case:** Web performance and user experience ``` Optimize frontend performance for [application]. Current issues: [slow load time, janky animations, large bundle, etc.], Tech stack: [React/Vue/Angular, build tool], Metrics: [current performance scores]. Optimization strategies: 1) Bundle size reduction (code splitting, tree shaking), 2) Lazy loading components and routes, 3) Image optimization (formats, compression, lazy loading), 4) Caching strategies (service workers, HTTP caching), 5) JavaScript performance (debouncing, throttling, web workers), 6) CSS optimization (critical CSS, unused CSS removal), 7) Third-party script optimization, 8) Measurement and monitoring, 9) Expected improvements. ``` #### Accessibility implementation **Use case:** Inclusive design and WCAG compliance ``` Implement accessibility for [component/feature]. WCAG level target: [A, AA, AAA], User needs: [screen readers, keyboard navigation, visual impairments]. Implementation checklist: 1) Semantic HTML usage, 2) ARIA labels and roles, 3) Keyboard navigation support, 4) Focus management, 5) Color contrast compliance, 6) Screen reader testing, 7) Form accessibility, 8) Error handling and announcements, 9) Testing tools and procedures (axe, WAVE, screen readers). ``` ### Backend Development Design scalable backend services and APIs. #### REST API design **Use case:** API development and documentation ``` Design REST API for [domain/resource]. Resources: [list entities], Operations needed: [CRUD and custom operations], Auth: [authentication method]. API design: 1) Resource URIs and endpoint structure, 2) HTTP methods for each operation (GET, POST, PUT, DELETE, PATCH), 3) Request/response payload schemas, 4) Status codes and error responses, 5) Pagination, filtering, sorting parameters, 6) Versioning strategy, 7) Authentication and authorization, 8) Rate limiting approach, 9) OpenAPI/Swagger documentation. ``` #### Microservices architecture design **Use case:** Scalable architecture and service decomposition ``` Design microservices architecture for [application/domain]. Current architecture: [monolith/existing services], Scale: [users, transactions], Requirements: [scalability, deployment frequency, team structure]. Design: 1) Service boundary identification (domain-driven design), 2) Service responsibilities and APIs, 3) Inter-service communication (sync REST/gRPC vs async messaging), 4) Data management (database per service, event sourcing), 5) Service discovery and registration, 6) API gateway pattern, 7) Distributed tracing and logging, 8) Deployment strategy (containers, orchestration), 9) Trade-offs vs monolith. ``` #### Authentication and authorization **Use case:** Security and access control ``` Implement authentication and authorization for [application]. User types: [list user roles], Auth method: [JWT, OAuth2, session-based], Requirements: [MFA, SSO, RBAC]. Implementation: 1) Authentication flow design, 2) Token generation and validation, 3) Password security (hashing, policies), 4) Session management, 5) Role-based access control implementation, 6) Permission checking middleware, 7) OAuth2 flows if applicable, 8) Refresh token handling, 9) Security best practices (CSRF, XSS protection), 10) Testing strategy. ``` #### Background job processing **Use case:** Asynchronous processing and worker queues ``` Design background job processing for [use case: email sending, data processing, report generation, etc.]. Volume: [jobs per day/hour], Requirements: [retries, priority, scheduling], Tech stack: [language, framework]. Design: 1) Job queue selection (Redis, RabbitMQ, SQS, Celery), 2) Job structure and payload, 3) Worker architecture and scaling, 4) Error handling and retry logic, 5) Job priority and scheduling, 6) Monitoring and observability, 7) Dead letter queues, 8) Idempotency considerations, 9) Testing approach. ``` ### Database Design & Optimization Design efficient database schemas and optimize queries. #### Database schema design **Use case:** Data modeling and database design ``` Design database schema for [application/domain]. Entities: [list main entities and relationships], Database: [PostgreSQL, MySQL, MongoDB, etc.], Scale: [expected data volume, query patterns]. Schema design: 1) Entity-relationship diagram, 2) Table definitions with columns and types, 3) Primary keys and indexes, 4) Foreign keys and relationships, 5) Normalization decisions (3NF vs denormalization for performance), 6) Partitioning strategy if large scale, 7) Audit fields (created_at, updated_at, etc.), 8) Migration scripts, 9) Indexing strategy. ``` #### Query optimization **Use case:** Database performance tuning ``` Optimize database query performance. Problem query: [paste slow query or describe], Database: [type and version], Current performance: [execution time, rows scanned], Explain plan: [if available]. Optimization approach: 1) Query explain/analyze review, 2) Index recommendations (missing, unused, suboptimal), 3) Query rewrite suggestions, 4) Join optimization, 5) Subquery vs join analysis, 6) Avoiding N+1 queries, 7) Pagination optimization, 8) Caching opportunities, 9) Expected performance improvement, 10) Optimized query. ``` #### Data migration strategy **Use case:** Database migrations and schema changes ``` Plan data migration for [migration type: schema change, database switch, version upgrade]. Current state: [describe current data], Target state: [desired end state], Data volume: [size], Downtime tolerance: [zero-downtime or acceptable window]. Migration plan: 1) Migration approach (big bang vs phased), 2) Data transformation requirements, 3) Migration scripts development, 4) Rollback strategy, 5) Data validation approach, 6) Testing in non-prod environments, 7) Monitoring during migration, 8) Communication plan, 9) Post-migration verification, 10) Timeline and checklist. ``` #### Caching strategy design **Use case:** Performance optimization and scalability ``` Design caching strategy for [application/service]. Current bottlenecks: [slow queries, API calls, computations], Traffic: [requests per second], Tech stack: [Redis, Memcached, CDN, etc.]. Caching approach: 1) Cache layer selection (client, CDN, application, database), 2) What to cache (queries, API responses, computed results), 3) Cache key design, 4) TTL strategy per data type, 5) Cache invalidation patterns, 6) Cache warming strategies, 7) Fallback mechanisms, 8) Cache monitoring and hit rates, 9) Expected performance improvement. ``` ### Testing & Quality Assurance Implement comprehensive testing strategies. #### Test strategy development **Use case:** Quality assurance and test planning ``` Develop testing strategy for [application]. Application type: [web, mobile, API, etc.], Tech stack: [frameworks and tools], Current testing: [describe current state]. Strategy should include: 1) Testing pyramid (ratio of unit, integration, e2e tests), 2) Unit testing approach (tools, coverage targets), 3) Integration testing scope, 4) End-to-end testing critical paths, 5) Test data management, 6) Mocking and stubbing strategy, 7) CI/CD integration, 8) Performance testing, 9) Security testing, 10) Testing environments. ``` #### Unit test generation **Use case:** Automated testing and code quality ``` Generate unit tests for [function/class/component]. Code: [paste or describe code to test], Framework: [Jest, Pytest, JUnit, etc.], Coverage goal: [percentage or critical paths]. Generate tests for: 1) Happy path scenarios, 2) Edge cases and boundary conditions, 3) Error cases and exceptions, 4) Mock dependencies, 5) Assertions for expected behavior, 6) Test data setup and teardown, 7) Coverage of all branches, 8) Readable test descriptions, 9) Follow testing best practices (AAA pattern: Arrange, Act, Assert). ``` #### API testing framework **Use case:** API quality assurance and contract testing ``` Create API testing framework for [API/service]. API type: [REST, GraphQL], Testing tool: [Postman, Supertest, Rest-Assured, etc.], Scope: [endpoints to test]. Framework should include: 1) Test suite structure, 2) Authentication handling, 3) Test data management and fixtures, 4) Common assertions (status codes, response schema, data validation), 5) Positive and negative test cases, 6) Performance tests (load, stress), 7) Environment configuration, 8) Reporting and CI integration, 9) Example tests for key endpoints. ``` #### Code review checklist **Use case:** Peer review and code quality standards ``` Create code review checklist for [team/project]. Language: [programming language], Framework: [tech stack], Team standards: [coding guidelines]. Checklist categories: 1) Code quality (readability, maintainability, DRY, SOLID), 2) Functionality (requirements met, edge cases handled), 3) Performance (algorithmic efficiency, resource usage), 4) Security (input validation, auth checks, no secrets in code), 5) Testing (adequate test coverage, tests passing), 6) Documentation (comments, README updates, API docs), 7) Error handling, 8) Code style and formatting, 9) Dependencies management. ``` ### Software Architecture & Patterns Apply design patterns and architectural principles. #### Design pattern application **Use case:** Software design and best practices ``` Apply design pattern to solve [problem]. Problem: [describe the design challenge], Context: [language, framework, constraints], Requirements: [flexibility, extensibility, maintainability needs]. Recommend pattern: 1) Pattern selection (Singleton, Factory, Strategy, Observer, etc.), 2) Why this pattern fits the problem, 3) Implementation structure (classes, interfaces), 4) Code example in [language], 5) Benefits of applying pattern, 6) Trade-offs and when not to use, 7) Testing considerations, 8) Real-world examples. ``` #### Refactoring recommendation **Use case:** Code quality improvement and technical debt ``` Recommend refactoring for code. Code: [paste or describe code with issues], Issues: [technical debt, code smells, performance, maintainability], Constraints: [time, risk tolerance, testing coverage]. Refactoring plan: 1) Identify code smells and anti-patterns, 2) Prioritized refactoring opportunities, 3) Refactoring techniques to apply (Extract Method, Move Method, etc.), 4) Before/after code examples, 5) Testing strategy during refactoring, 6) Risk assessment, 7) Incremental refactoring steps, 8) Expected benefits, 9) Metrics to track improvement. ``` #### Architectural decision record **Use case:** Architecture documentation and team alignment ``` Document architectural decision for [decision topic]. Context: [problem or need], Options considered: [list alternatives]. Create ADR with: 1) Title and status (proposed/accepted), 2) Context and background, 3) Decision made, 4) Consequences (positive and negative), 5) Options evaluated with pros/cons, 6) Why chosen option is best, 7) Implementation implications, 8) Related decisions, 9) References and resources. ``` #### SOLID principles application **Use case:** Object-oriented design and code quality ``` Review code for SOLID principles compliance. Code: [describe or paste class/module], Language: [OOP language], Current issues: [rigidity, fragility, tight coupling, etc.]. Analyze each principle: 1) Single Responsibility: Does class have one reason to change?, 2) Open-Closed: Is it open for extension, closed for modification?, 3) Liskov Substitution: Can subtypes replace base types?, 4) Interface Segregation: Are interfaces client-specific?, 5) Dependency Inversion: Depends on abstractions not concretions?, 6) Violations identified, 7) Refactoring recommendations, 8) Improved code example. ``` ### Development Workflow & Tooling Optimize development processes and tooling. #### Git workflow design **Use case:** Version control and collaboration ``` Design Git branching strategy for [team/project]. Team size: [number of developers], Release frequency: [continuous, weekly, monthly], Environment: [dev, staging, prod]. Strategy options to evaluate: 1) Git Flow (feature, develop, release, master branches), 2) GitHub Flow (feature branches, main branch), 3) Trunk-based development, 4) Branching naming conventions, 5) Pull request process and reviews, 6) CI/CD integration, 7) Release tagging and versioning, 8) Hotfix procedures, 9) Recommended strategy with rationale. ``` #### Developer environment setup **Use case:** Developer onboarding and productivity ``` Create developer environment setup guide for [project]. Tech stack: [languages, frameworks, databases, tools], Operating systems: [Mac, Linux, Windows]. Setup guide should include: 1) Prerequisites and dependencies, 2) Installation instructions per OS, 3) IDE/editor configuration (VS Code, IntelliJ, etc.), 4) Environment variables and config files, 5) Database setup and seed data, 6) Running the application locally, 7) Common troubleshooting issues, 8) Docker/devcontainer option if applicable, 9) Testing setup verification. ``` #### Code quality automation **Use case:** Automated code review and standards enforcement ``` Set up automated code quality checks for [project]. Language: [programming language], Current issues: [code inconsistency, quality problems], CI/CD: [platform in use]. Setup automation for: 1) Linting configuration (ESLint, Pylint, RuboCop, etc.), 2) Code formatting (Prettier, Black, gofmt), 3) Static analysis tools (SonarQube, CodeClimate), 4) Security scanning (SAST tools), 5) Dependency vulnerability scanning, 6) Test coverage reporting, 7) Pre-commit hooks, 8) CI pipeline integration, 9) Quality gates and thresholds. ``` #### Documentation strategy **Use case:** Knowledge management and developer experience ``` Create documentation strategy for [project/codebase]. Audience: [new developers, users, API consumers], Current state: [outdated, minimal, non-existent]. Documentation plan: 1) Documentation types needed (README, API docs, architecture, runbooks), 2) Documentation-as-code approach, 3) Tools (Markdown, Swagger/OpenAPI, JSDoc, Sphinx), 4) Structure and templates, 5) Maintenance process and ownership, 6) Documentation in CI/CD, 7) Versioning strategy, 8) Examples and getting started guides, 9) Search and discoverability. ``` --- ## AI for Cloud & FinOps Teams **Category:** Cloud & FinOps **Prompts:** 30 **Description:** Practical prompts for cost governance, optimization, forecasting, unit economics, GreenOps, and automation across Azure, OCI, AWS, and GCP. **Tags:** Cloud, FinOps, Cost Optimization, Governance, Sustainability, Work Users ### Cost Governance & Tagging Standards, guardrails, and hygiene so costs stay attributable and controllable. #### Tag policy & standard **Use case:** Governance baseline and attribution **For:** FinOps Analyst, Cloud Architect, Platform Engineer ``` Create a cloud tagging policy for [org/team]. Scope: [Azure/OCI/AWS/GCP]. Required keys: [app, owner, env, costCenter, criticality]. Output: 1) Definitions & allowed values, 2) Validation rules, 3) Exceptions process, 4) Rollout plan, 5) Monitoring & audit queries, 6) Example tag sets for common resources. ``` #### Noncompliance audit queries **Use case:** Continuous compliance **For:** Platform Engineer, SRE, FinOps Analyst ``` Generate queries/policies to find resources missing tags or using forbidden SKUs. Clouds: [Azure/OCI/AWS/GCP]. Include: Azure Policy/Resource Graph, AWS Config/ATHENA, GCP Asset Inventory/Policy Controller, OCI Search/Events. Return: queries, evaluation cadence, and remediation actions. ``` #### Auto-tagging remediation plan **Use case:** Automated tag hygiene **For:** Cloud Architect, Platform Engineer ``` Design auto-tagging remediation for [subscription/project/compartment]. Trigger: [create/update]. Logic: inherit from [RG/Folder/Compartment]. Include: native policy-as-code, event-driven functions, failure handling, and reporting. ``` #### Naming & resource policy validator **Use case:** Preventive cost control **For:** Cloud Architect, Security Engineer, FinOps Analyst ``` Create rules to validate naming and block non-approved SKUs/regions. Clouds: [Azure/OCI/AWS/GCP]. Deliver: policy snippets, examples, exemptions, and rollout steps. ``` #### FinOps backlog (policy-as-code) **Use case:** Program management **For:** FinOps Analyst, Engineering Manager, PMO Lead ``` Prioritize a 90-day backlog of cost guardrails as code for [cloud(s)]. Include: business value, effort, owner, dependencies, and measurable outcomes. ``` ### Cost Optimization & Rightsizing Reduce waste across compute, storage, network, and databases. #### Rightsizing plan **Use case:** Compute/DB optimization **For:** FinOps Analyst, SRE, Cloud Architect ``` Create rightsizing recommendations for [workloads]. Inputs: CPU/Mem/IO trends, schedule, SLA/SLOs. Output: instance size moves, burstable/spot options, DB tier changes, expected monthly savings. ``` #### Idle & orphaned resource hunter **Use case:** Waste elimination **For:** FinOps Analyst, Platform Engineer ``` Detect idle/orphaned resources by service (VMs, disks, IPs, NICs, snapshots, LB, volumes). Provide: detection logic, safe-delete workflow, ownership ping template, and rollback plan. ``` #### Commitment plan advisor **Use case:** Discount commitments **For:** FinOps Analyst, Procurement Manager, CFO ``` Recommend [Savings Plans/Reservations/Committed Use/OCI Yearly Flex] for [services]. Inputs: 90-day usage, seasonality, growth. Output: term mix (1y/3y), coverage %, break-even, risk notes. ``` #### Storage tiering & lifecycle **Use case:** Storage optimization **For:** FinOps Analyst, Cloud Architect ``` Design lifecycle rules: hot→cool→archive by access pattern. Services: [Blob/S3/GCS/OCI Object]. Include: thresholds, retrieval costs, legal hold exceptions, expected savings. ``` #### Spot/preemptible strategy **Use case:** Compute cost reduction **For:** Platform Engineer, SRE ``` Create a spot/preemptible adoption plan for [batch/ML/CI/CD]. Cover: interruption handling, diversification, graceful drains, fallbacks, and target savings. ``` ### Forecasting, Budgeting & Anomaly Detection Plan spend, catch surprises early, and explain variance. #### Top-down & bottom-up forecast **Use case:** Budgeting & planning **For:** FinOps Analyst, CFO, Product Owner ``` Produce next-12-month forecast for [BU/app/portfolio] using top-down trends and bottom-up unit drivers (users, requests, builds). Return: P50/P90, seasonality, drivers table, and confidence notes. ``` #### Budget thresholds & alerting map **Use case:** Spend control **For:** FinOps Analyst, Engineering Manager ``` Define monthly/weekly/daily budget thresholds and alert routes per team. Include: severity ladder, who gets pinged, playbooks to triage spikes. ``` #### Anomaly triage playbook **Use case:** Incident-style cost response **For:** FinOps Analyst, SRE, Platform Engineer ``` Create a step-by-step playbook to investigate anomalies >[x]%. Include: checklist, common root causes by service, queries/dashboards, and communication template. ``` #### Event overlay calendar **Use case:** Narrative forecasting **For:** Product Owner, Marketing Manager, FinOps Analyst ``` Build a business event calendar (launches, campaigns, seasonality, holidays) and map it to forecast variance explanations. ``` #### Unit-cost forecast per app **Use case:** Unit economics planning **For:** FinOps Analyst, Product Owner ``` Forecast cost per [user/txn/GB/build] for [apps]. Provide driver sensitivities, breakeven scenarios, and SLA/SLO cost impact. ``` ### Chargeback/Showback & Unit Economics Make costs visible, fair, and actionable for teams and products. #### Allocation model builder **Use case:** Cost accountability **For:** FinOps Analyst, CFO, Product Owner ``` Design chargeback/showback model for [org]. Inputs: tags, RGs/projects, shared services. Output: allocation rules, fairness rationale, dispute workflow, and reporting views. ``` #### Shared cost splitter **Use case:** Fair allocation **For:** FinOps Analyst, Cloud Architect ``` Split shared costs (egress, security tools, platform) by [driver]. Provide: pros/cons of each driver, edge cases, and auditability guidance. ``` #### FinOps KPI dashboard spec **Use case:** Program visibility **For:** FinOps Analyst, CFO, Engineering Manager ``` Define a KPI dashboard: coverage %, idle %, RI/SP utilization, anomaly MTTR, forecast MAPE, cost per unit. Include: refresh cadence, owners, and target thresholds. ``` #### Executive one-pager **Use case:** Leadership updates **For:** CFO, COO, FinOps Lead ``` Create a monthly one-pager for execs with: headline savings, risks, forecast vs budget, key initiatives, and asks/decisions needed. ``` #### Product profitability view **Use case:** Pricing & margin insight **For:** Product Owner, CFO, FinOps Analyst ``` Model cost-to-serve for [products/tiers]. Include: unit margins, noisy neighbors effect, and pricing levers. ``` ### GreenOps (Sustainability + Cost) Reduce emissions while optimizing spend and performance. #### Carbon-aware workload plan **Use case:** Sustainable placement **For:** Sustainability Lead, Cloud Architect, FinOps Analyst ``` Propose region/SKU choices for [workload] to reduce carbon and cost. Include: grid intensity differences, latency constraints, and failover implications. ``` #### Compute intensity scorecard **Use case:** Efficiency benchmarking **For:** SRE, FinOps Analyst ``` Create a scorecard for VM/Container/Function efficiency (CPU throttling, mem pressure, over-provisioning). Recommend resizing/architecture changes. ``` #### Storage lifecycle with carbon math **Use case:** Data sustainability **For:** Sustainability Lead, FinOps Analyst ``` Quantify emissions savings for lifecycle tiering of [datasets]. Provide: kWh and CO₂e estimates alongside $ savings. ``` #### GreenOps reporting framework **Use case:** Integrated reporting **For:** Sustainability Lead, CFO, FinOps Analyst ``` Define a reporting pack aligning cost and carbon: scopes, data sources, frequency, owners, and assurance approach. ``` #### Carbon guardrails **Use case:** Policy-driven sustainability **For:** Sustainability Lead, Cloud Architect ``` Write policy ideas to block high-carbon regions/SKUs unless justified. Include exemptions and approval workflow. ``` ### Automation & IaC Guardrails Bake FinOps into pipelines, platforms, and policies. #### FinOps CI checks **Use case:** Shift-left cost control **For:** Platform Engineer, QA Automation Lead, FinOps Analyst ``` Design CI checks for Terraform/ARM/Bicep/OCI: tag presence, SKU allowlists, region allowlists, budget annotations, and projected monthly cost gates. ``` #### Scheduled shutdown runbook **Use case:** Operational savings **For:** SRE, Platform Engineer ``` Create an automated schedule to stop/start non-prod resources with opt-out tags and holiday overrides. Include: escalation rules and savings calc. ``` #### Cost export data pipeline **Use case:** Analytics foundation **For:** Data Engineer, FinOps Analyst ``` Design a pipeline to ingest [Azure/OCI/AWS/GCP] cost exports into a lakehouse. Include: schema, partitioning, PII handling, and BI models. ``` #### Advisor/Recommendations aggregator **Use case:** Centralized optimization **For:** FinOps Analyst, Engineering Manager ``` Aggregate native recommendations (Advisor/Compute Optimizer/Recommender) into a single backlog with deduping, ROI, and ownership. ``` #### Policy-as-code starter kit **Use case:** Guardrail acceleration **For:** Cloud Architect, Security Engineer, Platform Engineer ``` Provide starter policies to: require tags, deny premium SKUs in dev, restrict regions, enforce budgets. Include examples for [Azure Policy, AWS SCP/Config, GCP Policy Controller, OCI IAM/Events]. ``` --- ## AI for Leadership & Executive Management **Category:** Leadership & Executive **Prompts:** 50 **Description:** Leadership prompts for setting vision, strategic decision-making, executive communication, organizational design, change management, and leading with integrity. **Tags:** Leadership, Strategy, Executive, Management, Work Users ### Vision & Strategic Direction Clarify strategic direction, position the organization, and align execution. #### One-page strategy framework **Use case:** Executive alignment and strategic clarity **For:** CEO, Chief Strategy Officer, COO, Board Member, VP/Head of Strategy ``` Create comprehensive one-page strategy for [organization/business unit]. Strategic context: [market position, competitive landscape]. Time horizon: [1-3 years]. Build strategy on one page with: 1) Vision statement (aspirational future state in one sentence), 2) Where to play (target markets, segments, geographies with rationale), 3) How to win (unique value proposition and competitive differentiation), 4) Capabilities to build (3-5 critical capabilities needed), 5) Strategic priorities (top 3-5 initiatives), 6) North star metric plus 3-4 supporting KPIs, 7) Key assumptions and risks, 8) Strategic bets with expected outcomes, 9) What we'll stop doing. Make it memorable and executable. ``` #### Scenario planning framework **Use case:** Strategic resilience and preparedness **For:** CEO, CFO, Chief Strategy Officer, COO, Board Member ``` Develop scenario planning for next [12-24 months]. Current environment: [key uncertainties and variables]. Business context: [revenue model, cost structure, market dynamics]. Create three scenarios: Base Case: 1) Assumptions and triggers, 2) Financial implications (revenue, costs, cash), 3) Strategic response, 4) Resource allocation. Stretch Case: 5) Optimistic assumptions, 6) Growth investments, 7) Capacity planning. Downside Case: 8) Risk triggers, 9) Cost reduction levers, 10) Cash preservation, 11) Hiring freeze vs selective growth. For each scenario include: Decision checkpoints, leading indicators to monitor, contingency plans, communication approach. ``` #### Competitive positioning narrative **Use case:** Market positioning and competitive differentiation **For:** CEO, Chief Strategy Officer, Chief Marketing Officer, VP/Head of Product, VP/Head of Sales ``` Craft leadership narrative against [competitor(s)]. Competitive context: [their positioning, our current position]. Create narrative with: 1) Point of view on market evolution (where is the market heading), 2) Why now (timing and market forces), 3) Our unique wedge or advantage (what we do that others can't), 4) Three concrete proof points (customer wins, data, capabilities), 5) What we're building toward, 6) Internal rallying cry (motivating one-liner), 7) External positioning statement, 8) Competitive vulnerabilities we'll exploit, 9) Counter-positioning against their narrative, 10) Sales enablement talking points. ``` #### Strategy cascade and translation **Use case:** Enterprise-wide strategic alignment **For:** CEO, COO, Chief Strategy Officer, Senior Leadership Team, VP/Head of Function ``` Translate company strategy into functional execution. Company strategy: [high-level strategy]. Functions: [list: Engineering, Product, Sales, Marketing, Operations, etc.]. Cascade strategy: 1) Three strategic outcomes per function aligned to company goals, 2) Example OKRs for each function (Objectives with Key Results), 3) Cross-functional dependencies mapped, 4) Resource requirements by function, 5) Success metrics and review cadence, 6) Trade-offs and prioritization guidance, 7) Quarterly milestones, 8) Communication plan for alignment, 9) How to say no to off-strategy work. ``` #### Quarterly business review structure **Use case:** Executive reporting and governance **For:** CEO, COO, CFO, Board Member, Senior Leadership Team ``` Create QBR framework for [leadership team/board]. Business context: [company stage, key metrics]. Structure QBR with: 1) Executive summary (3 key headlines), 2) Wins and highlights this quarter, 3) Misses and why (honest assessment), 4) Key learnings and pivots, 5) KPI dashboard (actual vs target, trends), 6) Customer and market signals, 7) Product roadmap to revenue connection, 8) Top 3-5 risks and mitigation plans, 9) Next quarter priorities and commitments, 10) Decisions needed from this group, 11) Cross-functional dependencies, 12) Resource needs or constraints. Include appendix structure for deep dives. ``` ### Decision-Making & Prioritization Make high-quality decisions, set clear priorities, and measure what matters. #### OKR development workshop **Use case:** Goal setting and execution clarity **For:** VP/Head of Function, Director, Senior Manager, Product Manager, Team Lead ``` Facilitate OKR creation for [team/function]. Time period: [quarter/year]. Team context: [mission, current priorities]. Draft OKRs with: 1) 3-5 Objectives (qualitative, aspirational, time-bound), 2) 3-4 Key Results per Objective (quantitative, measurable, ambitious but achievable), 3) Mix of lead indicators and lag indicators, 4) Owners assigned for each KR, 5) Confidence levels (scored 1-10), 6) Alignment to company OKRs shown, 7) Dependencies on other teams, 8) Weekly/monthly check-in structure, 9) What gets cut to focus on these, 10) Success celebration criteria. ``` #### Priority kill list exercise **Use case:** Focus and resource optimization **For:** CEO, CTO, VP/Head of Product, VP/Head of Engineering, Director, Product Manager ``` Conduct prioritization and scope reduction. Current backlog: [list initiatives, projects, or paste]. Team capacity: [available bandwidth]. Strategic goals: [what we're optimizing for]. Create kill list: 1) Plot items on 2×2: Impact vs Effort, 2) Strategic fit scoring (0-5), 3) Stop list (projects to kill immediately), 4) Defer list (good ideas, wrong time), 5) Continue list (keep doing), 6) Capacity reclaimed (hours/headcount), 7) Stakeholder communication plan, 8) How to say no gracefully, 9) Criteria for future prioritization, 10) What we'll do with freed-up capacity. ``` #### Decision memo (Amazon 6-pager style) **Use case:** High-stakes decision documentation **For:** CEO, COO, CFO, CTO, VP/Head of Function, Senior Leadership Team ``` Write structured decision memo for [decision topic]. Stakeholders: [who needs to weigh in]. Create 6-page memo: 1) Executive summary (one paragraph decision recommendation), 2) Context and background (why this decision now), 3) Analysis and data (facts, research, customer input), 4) Options considered (minimum 3 alternatives), 5) Pros and cons per option, 6) Recommendation with rationale (why this option), 7) Risks and mitigation strategies, 8) Financial implications, 9) Implementation plan with owners and timeline, 10) Success metrics, 11) Reversibility (can we undo this?), 12) Next steps and decisions needed. Write in narrative form, not bullets. ``` #### Executive trade-off framework **Use case:** Consistent leadership decision-making **For:** CEO, COO, Senior Leadership Team, VP/Head of Function ``` Create decision-making rubric for leadership team. Common trade-offs: [growth vs profitability, speed vs quality, build vs buy, etc.]. Build framework: 1) Four dimensions to score (growth impact, profitability, customer value, risk level), 2) Scoring criteria (0-10 scale with definitions), 3) Weighting of dimensions (which matters most now), 4) Minimum threshold scores, 5) Tie-break rules (when scores are close), 6) Decision authority levels (who can decide at what score), 7) Escalation criteria, 8) Time-box for decisions, 9) Dissent and override process, 10) Decision log template. ``` #### Post-decision review process **Use case:** Continuous improvement and institutional learning **For:** CEO, COO, Chief Strategy Officer, VP/Head of Function, Director ``` Create learning framework for major decisions. Decision made: [describe]. Expected outcomes: [what we predicted]. Build review process: 30-day review: 1) Early signals (what are we seeing), 2) Hypotheses holding true?, 3) Unexpected consequences. 60-day review: 4) Data vs predictions, 5) Adjustment needed?, 6) Stakeholder feedback. 90-day review: 7) Full results analysis, 8) Lessons learned, 9) What we'd do differently, 10) Reversal triggers (conditions that would cause us to reverse), 11) Document in decision journal, 12) Share learnings with org. ``` ### Executive Communication & Presence Communicate with clarity, influence stakeholders, and inspire action. #### All-hands meeting script **Use case:** Company-wide alignment and transparency **For:** CEO, COO, Chief Communications Officer, VP/Head of Function, Senior Leadership Team ``` Write all-hands presentation for [topic: strategy update, organizational change, results, challenge]. Audience: [entire company]. Duration: [30-60 minutes]. Structure talk: 1) Opening hook (why this matters now - start with impact on them), 2) Context (what's happening in market/company), 3) What's changing (be specific and honest), 4) What stays the same (continuity and stability), 5) What we expect from everyone (clear asks), 6) How leadership will support you (resources, help), 7) Timeline and milestones, 8) Q&A preparation (anticipate tough questions with honest answers), 9) Closing call-to-action (what to do next), 10) Follow-up communication plan. Include speaker notes and transition phrases. ``` #### Executive update (BLUF style) **Use case:** Stakeholder management and visibility **For:** VP/Head of Function, Director, Senior Manager, Chief of Staff ``` Write weekly/monthly executive update for [audience: CEO, board, leadership team]. Reporting period: [dates]. Use Bottom Line Up Front format: 1) Top 3 headlines (most important news first), 2) Key metrics snapshot (actual vs target with deltas), 3) Wins and progress (celebrate successes), 4) Challenges and issues (be transparent), 5) Risks on the horizon, 6) Decisions needed from this audience (with deadline), 7) Team highlights and shout-outs, 8) Next period priorities, 9) How stakeholders can help. Keep main update to one page, add appendix for details. Use bold for scanability. ``` #### Media and analyst briefing **Use case:** External communications and media relations **For:** CEO, Chief Communications Officer, Chief Marketing Officer, VP/Head of Communications, VP/Head of PR ``` Prepare for [media interview / analyst briefing] on [topic: product launch, funding, strategy shift, crisis]. Outlet: [publication/firm]. Audience: [their readers/clients]. Prepare briefing: 1) Core message (one sentence we want them to remember), 2) Three supporting messages with proof points, 3) Likely questions (anticipate 10-15 questions), 4) Crisp answers (30-second responses), 5) Bridging phrases (to redirect to key messages), 6) Statistics and data points to cite, 7) Customer stories or examples, 8) Competitive positioning (if asked), 9) Redlines (topics to avoid or redirect), 10) Practice responses out loud. ``` #### Board meeting deck structure **Use case:** Board governance and strategic guidance **For:** CEO, CFO, COO, Chief of Staff, Board Member ``` Create board deck for [regular board meeting / special topic]. Meeting duration: [hours]. Create narrative arc: 1) Opening frame (state of business in one slide), 2) Strategic progress (goals vs actuals), 3) Financial performance (revenue, burn, runway, unit economics), 4) Key metrics dashboard (growth, retention, efficiency), 5) Product and go-to-market update, 6) Top risks and mitigation plans, 7) Talent and organization health, 8) Decisions we're seeking (with options and recommendation), 9) Where we need board help, 10) Questions for the board. Appendix: Detailed financials, org chart, customer metrics, competitive analysis. Keep main deck to 15-20 slides. ``` #### Data storytelling for executives **Use case:** Data-driven influence and decision support **For:** VP/Head of Function, Director, Data Analytics Lead, Chief of Staff, Business Intelligence Manager ``` Transform metrics into compelling leadership story. Data: [paste metrics, dashboard, or describe]. Audience: [executives, board, all-hands]. Create story: 1) Insight (what the data actually tells us), 2) So what (why it matters to the business), 3) Context (compared to what: targets, history, peers), 4) Implications (what this means for strategy), 5) Action (what we're going to do about it), 6) One-slide executive summary (headline + visual), 7) Supporting slides with data visualization, 8) Avoid chart junk (clear, simple visuals), 9) Narrative flow (don't just show data, tell story), 10) Call to action or decision needed. ``` ### Organizational Design & Talent Design scalable organizations and build world-class teams. #### Organization structure design **Use case:** Scaling organizational structure **For:** CEO, COO, Chief People Officer, Chief HR Officer, VP/Head of HR, Chief of Staff ``` Design org structure for [company/division]. Current size: [headcount]. Growth plan: [target size in 12-24 months]. Design structure: 1) Organizing principle (functional, divisional, matrix, product-led), 2) Reporting relationships and layers, 3) Span of control guidelines (direct reports per manager), 4) Product vs platform team split, 5) Centralized vs distributed functions (design, data, etc.), 6) Key interfaces and dependencies, 7) Role charters for leadership positions, 8) Decision rights (RACI for key decisions), 9) Transition plan from current to future state, 10) Costs and efficiency targets. Include rationale for structure choices. ``` #### Executive role scorecard **Use case:** Executive hiring and assessment **For:** CEO, Chief People Officer, Chief HR Officer, VP/Head of HR, VP/Head of Talent Acquisition ``` Create hiring scorecard for [executive role]. Business context: [why we need this role now]. Build scorecard: 1) Mission statement (why this role exists), 2) Outcomes expected in first 6 months, 3) Outcomes expected in first year, 4) Core competencies required (with definitions), 5) Leadership behaviors we value, 6) Experience profile (must-haves vs nice-to-haves), 7) Red flags or derailers, 8) Cultural fit considerations, 9) Interview loop design (who asks what), 10) Scorecards for each interviewer, 11) Reference check questions, 12) Offer and compensation philosophy. ``` #### Succession planning framework **Use case:** Leadership continuity and talent development **For:** CEO, Chief People Officer, Chief HR Officer, Board Member, VP/Head of HR ``` Build succession plan for critical roles. Key roles to cover: [C-suite, VP-level, critical individual contributors]. Create plan: 1) 9-box grid (performance vs potential for each leader), 2) Flight risk assessment (high/medium/low), 3) Readiness timeline (ready now, 1-2 years, 2+ years), 4) Development plans for each successor, 5) Knowledge transfer and shadowing, 6) External candidate profiles if gaps exist, 7) Emergency/interim succession (if someone leaves suddenly), 8) Risk mitigation for critical roles, 9) Succession review cadence (quarterly), 10) Board communication on bench strength. ``` #### Compensation philosophy **Use case:** Fair and strategic compensation **For:** CEO, CFO, Chief People Officer, Chief HR Officer, VP/Head of HR, VP/Head of Compensation ``` Define compensation philosophy for [company]. Company stage: [startup, growth, mature]. Market: [industry, geography]. Philosophy should cover: 1) Market positioning (lead, match, lag market - and why), 2) Pay mix philosophy (base, bonus, equity by role level), 3) Equity philosophy (who gets equity, refresh strategy), 4) Internal equity and pay bands, 5) Performance and pay linkage, 6) Promotion and progression criteria, 7) Geographic pay differences, 8) Transparency approach (what we share, what we don't), 9) Governance (who approves offers, changes), 10) FAQs for managers (common questions with answers). Ensure fairness and competitiveness. ``` #### Leader onboarding (90-day plan) **Use case:** Executive onboarding and integration **For:** CEO, Chief People Officer, Chief HR Officer, VP/Head of HR, Chief of Staff ``` Create 90-day onboarding for [new leader joining]. Role: [title and scope]. Create structured plan: Days 1-30: 1) Quick wins to identify, 2) Key relationships to build (internal and external), 3) Learning agenda (company, market, team, systems), 4) Team 1:1s and listening tour, 5) What to observe (don't change yet). Days 31-60: 6) Diagnosis complete (strengths, gaps, opportunities), 7) Draft plan for first year, 8) Early relationship building (peers, stakeholders), 9) Team assessment (talent, performance). Days 61-90: 10) Finalize plan and present to leadership, 11) Quick wins delivered, 12) Team changes if needed, 13) Establish operating rhythm, 14) Success measures defined. Include integration support and check-ins. ``` ### Coaching, Feedback & Performance Develop leaders through coaching, timely feedback, and clear accountability. #### 1:1 meeting framework **Use case:** Manager effectiveness and development **For:** All Managers, Director, VP/Head of Function, Senior Manager, Team Lead ``` Design effective 1:1 structure for [manager and direct report]. Meeting frequency: [weekly, bi-weekly]. Duration: [30-60 minutes]. Create framework: 1) Pre-meeting prep (both parties prepare agenda), 2) Their agenda first (direct report's topics take priority), 3) Progress on goals and OKRs, 4) Blockers and how to unblock, 5) Feedback exchange (both directions), 6) Career development and growth, 7) Manager updates and context, 8) Commitments and action items, 9) What to discuss vs not (avoid status updates), 10) Note-taking template (shared doc), 11) Monthly themes (alternate between tactical and strategic), 12) Quarterly career conversations. ``` #### SBI feedback delivery **Use case:** Effective feedback and behavior change **For:** All Managers, Director, VP/Head of Function, Senior Manager, Executive Coach ``` Prepare feedback using Situation-Behavior-Impact model. Feedback topic: [describe situation]. Person: [role, relationship]. Write feedback: 1) Situation (when and where - be specific), 2) Behavior observed (what they did or said - observable facts, not interpretation), 3) Impact (effect on you, team, business, customers - explain consequences), 4) Pause for their perspective (listen and understand), 5) Future behavior request (what you'd like to see differently), 6) Agreement on next steps, 7) Follow-up plan (when to check in), 8) Support offered (how you'll help), 9) Timeline for improvement, 10) Positive reinforcement if behavior changes. Practice delivery tone (curious, not accusatory). ``` #### Performance calibration process **Use case:** Fair performance evaluations and talent reviews **For:** Chief People Officer, Chief HR Officer, VP/Head of HR, VP/Head of Function, Director ``` Design calibration session for [team/organization]. Review cycle: [annual, semi-annual]. Create process: 1) Calibration principles (fairness, consistency, data-driven), 2) Rating scale definitions (with concrete examples per level), 3) Evidence standards (what constitutes strong performance), 4) Bias awareness (unconscious bias checks), 5) Forced distribution guidance (if applicable, typically avoid), 6) Compensation linkage, 7) Facilitation guide for calibration meetings, 8) How to handle disagreements, 9) Documentation requirements, 10) Communication plan (how results are shared), 11) Appeals process. Ensure fairness and transparency. ``` #### Performance improvement plan **Use case:** Performance management and accountability **For:** All Managers, Director, VP/Head of Function, VP/Head of HR, Chief HR Officer ``` Create performance improvement plan for [role]. Performance issues: [specific underperformance]. Create structured PIP: 1) Clear performance expectations (what good looks like), 2) Specific gaps and examples (concrete instances), 3) Measurable improvement goals (observable and time-bound), 4) Support and resources provided (training, coaching, tools), 5) Timeline (typically 30-60-90 days), 6) Check-in frequency (weekly recommended), 7) Success criteria (what does improvement look like), 8) Consequences if goals not met (clear and fair), 9) Documentation of meetings and progress, 10) HR partnership and legal review. Balance directness with support. ``` #### Recognition and appreciation system **Use case:** Employee engagement and culture **For:** Chief People Officer, Chief HR Officer, VP/Head of HR, VP/Head of Function, Director ``` Design recognition program for [organization]. Company values: [list values]. Create multi-tier recognition: 1) Spot recognition (peer-to-peer, immediate, frequent), 2) Monthly recognition (manager-led, values-based), 3) Quarterly awards (leadership team, high impact), 4) Annual recognition (company-wide, significant achievements), 5) Criteria tied to values and outcomes, 6) Nomination and selection process, 7) Rewards (monetary, experiential, visibility), 8) Communication and celebration approach, 9) Inclusion (recognize diverse contributions), 10) Making it meaningful (authentic, specific, timely). Build culture of appreciation. ``` ### Change & Transformation Leadership Lead organizational change, transformation initiatives, and new operating models. #### Change communication narrative **Use case:** Change management and adoption **For:** CEO, COO, Chief Transformation Officer, Change Management Lead, Chief Communications Officer ``` Craft change communication for [transformation or change initiative]. Audience: [who's affected]. Change: [what's changing]. Create narrative: 1) Why change is necessary (burning platform or opportunity), 2) Risks of not changing (consequences of status quo), 3) Vision of future state (what it will look like), 4) Benefits to organization and individuals, 5) What's changing specifically (be concrete), 6) What's staying the same (provide continuity), 7) Timeline and key milestones, 8) How we'll support you (resources, training, help), 9) How to give feedback or raise concerns, 10) Your role in making this successful, 11) Q&A with honest answers. Balance optimism with realism. ``` #### Stakeholder engagement map **Use case:** Change adoption and buy-in **For:** Change Management Lead, VP/Head of Function, Director, Chief of Staff, Project Manager ``` Map stakeholders for [change initiative]. Initiative: [describe]. Identify stakeholders and map: 1) Stakeholder inventory (individuals and groups), 2) Power/influence level (high/medium/low), 3) Interest level in change, 4) Current stance (champion, supporter, neutral, resistor, blocker), 5) Likely concerns or objections per stakeholder, 6) Engagement tactics per stakeholder (inform, consult, involve, partner), 7) Communication frequency and channel, 8) Quick wins to demonstrate value, 9) Measurement of adoption by stakeholder group, 10) Escalation plan for resistance. Prioritize high-power, high-interest stakeholders. ``` #### Operating model transformation **Use case:** Operating model evolution and execution at scale **For:** CEO, COO, Chief Transformation Officer, Chief Strategy Officer, Senior Leadership Team ``` Design shift to new operating model. From: [current model]. To: [target model: product-led, platform, pods, etc.]. Transform operating model: 1) Rationale for change (why new model is better), 2) New organizational structure, 3) Team topologies and interfaces, 4) Decision rights (RACI for key decisions), 5) Workflow and process changes, 6) OKR and goal alignment to new model, 7) Meetings and governance rhythm, 8) Tools and systems changes, 9) Skills and capabilities needed, 10) Transition plan (phased or big bang), 11) Success metrics for new model, 12) When to iterate or adjust. ``` #### Benefits realization tracking **Use case:** Value capture and transformation ROI **For:** Chief Transformation Officer, Change Management Lead, CFO, VP/Head of Function, PMO Lead ``` Define and track transformation value. Initiative: [change program]. Expected benefits: [what we hope to achieve]. Build tracking system: 1) Benefit categories (cost savings, revenue growth, productivity, quality, employee engagement), 2) Quantified targets per benefit, 3) Baseline measurement (where we start), 4) Leading indicators (early signs of progress), 5) Lagging indicators (final outcomes), 6) Measurement methodology and data sources, 7) Tracking cadence and dashboards, 8) Owners for each benefit, 9) Course correction triggers (if not tracking), 10) Reporting to leadership and stakeholders. Ensure ROI visibility. ``` #### Resistance management playbook **Use case:** Change resistance and risk mitigation **For:** Change Management Lead, VP/Head of Function, Director, Executive Coach, Chief People Officer ``` Anticipate and address resistance to [change]. Change: [describe]. Create resistance playbook: List resistance patterns by persona: 1) 'This won't work here' (cynics): Listen, acknowledge, provide data, pilot with them. 2) 'We tried this before' (skeptics): Learn from past, explain what's different now. 3) 'Too busy, no time' (overwhelmed): Simplify, remove other work, provide support. 4) 'Not my job' (disengaged): Connect to their goals, show personal benefit. 5) 'Losing power/control' (threatened): Involve early, find new role, address fear. For each: 6) Counter-strategies (listen, reframe, co-create, involve), 7) Escalation criteria (when to involve leadership), 8) How to identify active vs passive resistance, 9) Conversion tactics (resistor to champion). Focus on influence, not force. ``` ### Crisis, Risk & Ethical Leadership Lead through crises, manage risk, and make ethical decisions under pressure. #### Crisis communications plan **Use case:** Crisis preparedness and rapid response **For:** CEO, Chief Communications Officer, General Counsel, Chief Risk Officer, VP/Head of Communications ``` Prepare crisis response plan for [potential incident type]. Organization: [context]. Build crisis plan: 1) Severity levels defined (critical, major, minor), 2) Crisis team roles (commander, communications, legal, ops, etc.), 3) Decision tree (who decides what at each severity), 4) Holding statements (initial response templates), 5) 60-minute action plan (first hour checklist), 6) Internal communication channels (how to inform employees), 7) External communication (customers, media, partners), 8) Stakeholder notification sequence, 9) Social media protocol, 10) Legal and compliance considerations, 11) Post-crisis review and learning. Test plan through simulations. ``` #### Enterprise risk register **Use case:** Risk governance and oversight **For:** CEO, CFO, Chief Risk Officer, COO, Board Member, VP/Head of Risk ``` Build comprehensive risk register for [organization]. Risk categories: [strategic, operational, financial, compliance, reputational]. Create register: 1) Risk identification (brainstorm all potential risks), 2) Risk description (what could happen), 3) Impact if occurs (financial, operational, reputational - high/medium/low), 4) Likelihood of occurrence (high/medium/low), 5) Heat map (plot risks by likelihood × impact), 6) Risk owners assigned, 7) Current mitigation measures, 8) Additional mitigation needed, 9) Early warning indicators (leading signals), 10) Residual risk after mitigation, 11) Risk review cadence (quarterly), 12) Board reporting on top risks. ``` #### Ethical decision framework **Use case:** Values-based leadership and ethical decision-making **For:** CEO, General Counsel, Chief Ethics Officer, Board Member, Senior Leadership Team ``` Navigate ethical dilemma: [describe situation]. Stakeholders affected: [list]. Apply ethical decision canvas: 1) Define the ethical dilemma clearly (competing values), 2) Identify all stakeholders and their interests, 3) Principles at stake (honesty, fairness, respect, responsibility, care), 4) Legal constraints and requirements, 5) Precedents (what have we/others done before), 6) Short-term vs long-term consequences, 7) Option generation (multiple ethical paths), 8) Test each option (publicity test: comfortable if made public?), 9) Choose decision with clear rationale, 10) Implementation with integrity, 11) Communication (transparent explanation), 12) Reflection and learning. Choose values over expedience. ``` #### After-action review template **Use case:** Continuous improvement and organizational learning **For:** VP/Head of Function, Director, Chief of Staff, PMO Lead, Senior Manager ``` Conduct after-action review for [event or incident]. Participants: [team involved]. AAR structure: 1) What was supposed to happen (expected outcome, plan), 2) What actually happened (chronology of events, facts), 3) Why the difference (root cause analysis, not blame), 4) What went well (celebrate successes, even in failure), 5) What didn't go well (gaps, failures, mistakes), 6) Lessons learned (insights and takeaways), 7) Systemic issues uncovered, 8) Changes to make: People (training, hiring), Process (workflows, checks), Tools (systems, technology), 9) Owner and deadline for each change, 10) How to share learning across organization. Create blameless learning culture. ``` #### Regulatory readiness brief **Use case:** Compliance management and regulatory risk **For:** General Counsel, Chief Compliance Officer, CFO, Chief Risk Officer, VP/Head of Compliance ``` Prepare for [regulation or compliance requirement]. Regulation: [name and brief description]. Deadline: [compliance date]. Build readiness brief: 1) Regulation scope and requirements (what it covers), 2) Applicability to our business (which parts apply), 3) Gap analysis (current state vs required state), 4) Risks of non-compliance (financial, operational, reputational), 5) Workstreams needed (legal, technical, operational), 6) Owners per workstream, 7) Milestones and timeline (working back from deadline), 8) Budget and resources required, 9) Executive risks and decisions needed, 10) Audit and validation approach, 11) Ongoing compliance plan post-deadline. Ensure executive visibility and accountability. ``` ### Culture, DEI & Psychological Safety Build inclusive, high-performing culture where people thrive. #### Values to behaviors translation **Use case:** Culture operationalization and alignment **For:** CEO, Chief People Officer, Chief HR Officer, VP/Head of Culture, Senior Leadership Team ``` Operationalize company values. Values: [list company values]. Make values actionable: For each value create: 1) What this value means (definition), 2) Observable behaviors (what it looks like in practice), 3) Anti-patterns (what violates this value), 4) Examples in action (real stories from company), 5) Hiring screen (interview questions to assess), 6) Performance evaluation (how to assess in reviews), 7) Recognition criteria (when to celebrate this value), 8) Decision-making (how value guides choices), 9) Trade-offs (when values conflict, which wins), 10) Leadership modeling (how leaders demonstrate). Integrate into all people processes. ``` #### DEI strategy and metrics **Use case:** Inclusive culture and equitable opportunity **For:** CEO, Chief Diversity Officer, Chief People Officer, Chief HR Officer, VP/Head of DEI ``` Build diversity, equity, and inclusion plan for [organization]. Current state: [demographic baseline]. Create DEI strategy: 1) DEI vision and why it matters to business, 2) Three strategic priorities (representation, belonging, advancement), 3) Representation goals by level and function (specific targets with timeline), 4) Belonging metrics (engagement scores, inclusion index), 5) Career mobility tracking (promotion rates by demographic), 6) Recruitment strategy (diverse sourcing, unbiased process), 7) Retention and exit interview insights, 8) Development and sponsorship programs, 9) Inclusive leadership training, 10) Accountability mechanism (how leaders are measured), 11) Employee resource groups and support, 12) Reporting and transparency (what we share publicly). Create safe and accountable environment. ``` #### Psychological safety practices **Use case:** High-performing and innovative teams **For:** All Managers, Director, VP/Head of Function, Senior Manager, Team Lead ``` Increase psychological safety in [team/organization]. Assessment: [current state of safety]. Build safety through leader behaviors: 1) Meeting practices (equal airtime, no interrupting, build on ideas), 2) How we handle mistakes (learn vs blame, celebrate failure that taught us), 3) Encouraging dissent (reward speaking up, devil's advocate role), 4) Leader vulnerability (admit mistakes, say 'I don't know'), 5) Inclusive decision-making (seek input before deciding), 6) Credit sharing (acknowledge contributions publicly), 7) Giving and receiving feedback (regular, bidirectional), 8) Escalation norms (how and when to escalate), 9) Team agreements (working norms co-created), 10) Measuring safety (regular pulse surveys, retrospectives). Safety enables high performance. ``` #### Team rituals and operating norms **Use case:** Team effectiveness and healthy culture **For:** All Managers, Director, VP/Head of Function, Senior Manager, Team Lead ``` Design team rituals and norms for [team]. Team context: [size, location, way of working]. Create rituals that reinforce culture: 1) Demo days (showcase work, celebrate shipping), 2) Retrospectives (regular reflection and improvement), 3) Wins sharing (celebrate team and individual wins), 4) Customer time (regular exposure to customer feedback), 5) Learning sessions (lunch and learns, skill sharing), 6) Social connection (team building, fun), Operating norms: 7) Communication SLAs (response times, when to use what channel), 8) Meeting guidelines (purpose, duration, optional vs required), 9) Doc-first culture (write things down, async-friendly), 10) Decision-making process (how we decide), 11) Conflict resolution (how we handle disagreement). Co-create with team for buy-in. ``` #### Recognition and storytelling program **Use case:** Cultural reinforcement and values activation **For:** Chief People Officer, Chief HR Officer, VP/Head of Culture, Chief Communications Officer, VP/Head of HR ``` Build values-based recognition program. Company values: [list]. Create storytelling system: 1) Monthly storytelling cadence (regular rhythm), 2) Story collection process (how to surface good examples), 3) Story template (situation, action, impact, value demonstrated), 4) Channels for sharing (all-hands, newsletter, Slack), 5) Value tagging (which value each story represents), 6) Leader amplification (executives share and reinforce), 7) Manager toolkit (templates and examples for managers to use), 8) Peer recognition (empower employees to recognize each other), 9) Linking to performance reviews, 10) Measuring impact (engagement, value awareness). Make culture visible and tangible. ``` ### Operating Rhythm & Executive Effectiveness Run the business with discipline, cadence, and focus. #### Leadership operating cadence **Use case:** Rhythm of business and execution **For:** CEO, COO, Chief of Staff, Senior Leadership Team, VP/Head of Function ``` Design executive operating rhythm for [company/leadership team]. Create cadence map: Quarterly: 1) Strategic planning offsite (2 days: strategy, talent, big bets), 2) Board meeting and prep, 3) All-hands with quarterly themes, 4) OKR setting and calibration. Monthly: 5) Business review (metrics, forecast, risks), 6) Leadership team meeting (strategy, cross-functional), 7) All-company update. Weekly: 8) Executive team standup (quick sync, unblocks), 9) CEO 1:1s with directs. For each meeting: 10) Purpose and outcomes, 11) Owner and participants, 12) Pre-read requirements, 13) Agenda template, 14) Outputs (decisions, actions), 15) Decision SLAs (how fast we decide). Balance structure with flexibility. ``` #### Meeting redesign and effectiveness **Use case:** Meeting productivity and time management **For:** All Managers, Director, VP/Head of Function, Chief of Staff, Senior Manager ``` Redesign [specific recurring meeting] for effectiveness. Current state: [duration, frequency, pain points]. Redesign to halve time, double outcomes: 1) Clear purpose (why this meeting exists, outcomes), 2) Attendees (required vs optional, keep small), 3) Pre-work required (reading, prep, pre-decisions), 4) Roles in meeting (decision maker, approver, contributor, informed), 5) Agenda with time boxes, 6) Decision-making process (how we'll decide), 7) Parking lot (off-topic items), 8) Exit criteria (what 'done' looks like), 9) Action items and owners, 10) Decision log template, 11) Follow-up process, 12) When to cancel vs must happen. Apply these principles broadly. ``` #### Executive offsite design **Use case:** Strategic alignment and team cohesion **For:** CEO, COO, Chief of Staff, Senior Leadership Team, VP/Head of Function ``` Plan executive offsite for [leadership team]. Duration: [1.5-2 days]. Objectives: [alignment, strategy, team building]. Design offsite: Day 1: 1) Opening: state of business and context (CEO), 2) Strategic discussion: market, competition, positioning (facilitated), 3) Strategic bets and priorities (debate and align), 4) Lunch: informal connection. 5) Talent review: bench strength, succession, key roles. 6) Operating model: how we work, what to change. 7) Dinner: team building and social. Day 2: 8) Key risks and mitigation, 9) 90-day commitments by function, 10) Cross-functional dependencies and agreements, 11) Closing: key decisions, commitments, communication plan. 12) Post-offsite: Action tracker, share-out plan, follow-through. ``` #### Decision and action tracking **Use case:** Execution discipline and accountability **For:** Chief of Staff, PMO Lead, VP/Head of Function, Director, Senior Leadership Team ``` Create decision and action log system. Decision/action tracking: 1) Centralized log (shared system of record), 2) Decision template (what was decided, rationale, owner, date), 3) Action template (what, who, when, status), 4) Categorization (strategic, operational, tactical), 5) Status tracking (not started, in progress, complete, blocked), 6) Review cadence (weekly review in leadership meetings), 7) Accountability (owners update before meetings), 8) Escalation (when blocked or at risk), 9) Archive and search (historical decisions), 10) Dashboard view (at-a-glance status). Close loop on decisions and ensure follow-through. ``` #### Async-first operating system **Use case:** Distributed work and deep focus **For:** COO, Chief of Staff, VP/Head of Function, Director, Senior Manager ``` Build async-first culture for [distributed/hybrid team]. Create async playbook: 1) Core principle (default to async, sync when necessary), 2) Tools (docs, Slack, Loom, async video), 3) Doc-first culture (write proposals, decisions, updates), 4) Document types and templates (strategy docs, decision memos, updates), 5) When to sync vs async (complex discussions, brainstorms, crises = sync; updates, decisions, reviews = async), 6) Response-time norms (urgent: 1 hour, normal: 24 hours, FYI: no response needed), 7) Meeting guidelines (shorter, focused, optional recordings), 8) Time zone respect (core hours, handoffs), 9) Over-communication to prevent silos, 10) Trust and autonomy (empower decisions without meetings). Increase focus and productivity. ``` ### Innovation & Continuous Learning Foster innovation, experimentation, and organizational learning. #### Innovation portfolio management **Use case:** Strategic innovation and growth **For:** CEO, CTO, Chief Innovation Officer, Chief Strategy Officer, VP/Head of Product ``` Manage innovation investment portfolio. Current state: [describe innovation efforts]. Balance portfolio across: Core (70%): 1) Improving existing business, 2) Incremental innovation, 3) Clear ROI and near-term. Adjacent (20%): 4) Extensions to new markets or customers, 5) Platform plays, 6) Medium-term horizon. Transformational (10%): 7) Moonshots and breakthroughs, 8) New business models, 9) Long-term bets. Portfolio management: 10) Resource allocation by horizon, 11) Kill criteria (when to stop), 12) Stage-gate process, 13) Metrics per horizon, 14) Review cadence, 15) Balancing portfolio over time. Ensure innovation pipeline. ``` #### Experimentation framework **Use case:** Innovation and data-driven decisions **For:** CTO, Chief Innovation Officer, VP/Head of Product, VP/Head of Engineering, Director ``` Build culture of experimentation for [organization]. Create framework: 1) Experimentation principles (test and learn, fail fast, iterate), 2) Hypothesis format (If [action], then [outcome], because [rationale]), 3) Experiment design (control, variable, metrics), 4) Minimum viable test (smallest test to learn), 5) Success and failure criteria (defined upfront), 6) Resource allocation for experiments (time, money, people), 7) Experiment review process (learn from all experiments), 8) Scaling successful experiments, 9) Celebrating smart failures, 10) Knowledge sharing (what we learned), 11) Portfolio of experiments running. Increase learning velocity. ``` #### Learning organization practices **Use case:** Organizational capability building **For:** Chief Learning Officer, Chief People Officer, VP/Head of Learning & Development, VP/Head of Function, Director ``` Build learning culture in [organization]. Current state: [learning maturity]. Implement practices: 1) After-action reviews (regular reflection on projects), 2) Knowledge sharing rituals (demo days, lunch and learns), 3) Failure retrospectives (blameless, focused on learning), 4) Documentation culture (write things down, searchable), 5) Mentoring and coaching programs, 6) Learning budget per employee, 7) Skill development time (20% time, learning Fridays), 8) External learning (conferences, courses), 9) Internal knowledge base (wiki, lessons learned), 10) Leader learning (executives model learning), 11) Measuring learning (skills acquired, knowledge sharing). Build competitive advantage through learning. ``` #### Strategic foresight process **Use case:** Strategic agility and future readiness **For:** CEO, Chief Strategy Officer, Chief Innovation Officer, Senior Leadership Team, VP/Head of Strategy ``` Develop strategic foresight capability. Time horizon: [3-10 years]. Build process: 1) Environmental scanning (trends in technology, society, economy, politics), 2) Weak signals (early indicators of change), 3) Scenario development (multiple futures), 4) Implications for business (threats and opportunities), 5) Strategic options (how to respond to each scenario), 6) Indicators to monitor (what tells us which scenario), 7) Regular review cadence (quarterly scanning), 8) Integration into strategy (inform decisions), 9) Team involvement (cross-functional perspectives), 10) External engagement (customers, experts, partners). Anticipate change and adapt faster. ``` #### Leadership development program **Use case:** Succession planning and talent development **For:** Chief People Officer, Chief Learning Officer, Chief HR Officer, VP/Head of Leadership Development, VP/Head of HR ``` Design leadership development program for [target audience: emerging leaders, directors, executives]. Program goals: [what capabilities to build]. Build program: 1) Competency model (what great leadership looks like here), 2) 70-20-10 approach (70% experience, 20% relationships, 10% training), 3) Experiential learning (stretch assignments, rotations, special projects), 4) Coaching and mentoring (senior leader sponsorship), 5) Cohort learning (peer learning groups), 6) Formal training (workshops, offsites, content), 7) 360 feedback and development plans, 8) Duration and commitment (6-12 months), 9) Graduation and next steps, 10) Measuring impact (promotions, retention, performance). Build leadership bench strength. ``` --- ## AI for OT Cybersecurity Engineers **Category:** Cybersecurity & OT **Prompts:** 42 **Description:** OT/ICS cybersecurity prompts covering security assessments, network segmentation, threat detection, incident response, compliance, and securing industrial control systems and critical infrastructure. **Tags:** OT Security, ICS Security, SCADA, Critical Infrastructure, Work Users ### OT Security Assessment & Risk Analysis Assess OT/ICS security posture and identify vulnerabilities and risks. #### OT security assessment plan **Use case:** Security baseline and gap analysis **For:** OT Security Engineer, OT Security Analyst, CISO, ICS Security Specialist, IT Security Manager ``` Design comprehensive OT security assessment for [facility/plant]. Environment: [manufacturing, utilities, oil & gas, etc.], Systems: [PLCs, SCADA, DCS, HMI, historians, safety systems], Network zones: [describe OT network architecture]. Create assessment plan: 1) Scope definition (systems, boundaries, exclusions), 2) Assessment methodology (passive monitoring, active scanning, interviews, doc review), 3) Risk-based prioritization (critical systems first), 4) Safety considerations (no disruption to operations), 5) Asset discovery approach (network scanning, manual inventory), 6) Vulnerability assessment methods (authenticated vs unauthenticated scans), 7) Configuration review (hardening, patching, access controls), 8) Network architecture analysis (segmentation, DMZ, remote access), 9) Access control review (physical and logical), 10) Deliverables (findings report, risk register, remediation roadmap). ``` #### OT risk assessment and scoring **Use case:** Risk-based security planning and budget justification **For:** OT Security Engineer, Risk Manager, CISO, Plant Manager, Operations Manager ``` Conduct risk assessment for OT environment. Assets: [list critical OT assets], Threats: [ransomware, insider threat, supply chain, nation-state, etc.], Current controls: [existing security measures]. Perform risk analysis: 1) Asset criticality scoring (impact to safety, production, compliance), 2) Threat likelihood assessment (based on threat intel and attack surface), 3) Vulnerability severity (CVSS scoring adapted for OT), 4) Consequence analysis (safety, environmental, financial, regulatory), 5) Existing control effectiveness evaluation, 6) Inherent risk calculation (likelihood × impact), 7) Residual risk after controls, 8) Risk ranking and heat map, 9) Risk treatment options (accept, mitigate, transfer, avoid), 10) Prioritized remediation recommendations with cost-benefit analysis. ``` #### Consequence-based security analysis **Use case:** Safety-critical system protection and security prioritization **For:** OT Security Engineer, Process Safety Engineer, Operations Manager, Plant Manager, Safety Manager ``` Analyze potential consequences of cyber incidents on [OT process/facility]. Process description: [describe critical process and dependencies]. Conduct consequence analysis: 1) Safety impact assessment (injury, fatality, environmental release scenarios), 2) Production impact (downtime, throughput reduction, quality issues), 3) Financial impact (lost revenue, repair costs, regulatory fines), 4) Environmental consequences (emissions, spills, releases), 5) Regulatory and compliance impact, 6) Reputation and brand damage, 7) Cascade effects to other systems, 8) Recovery time objectives (RTO) and recovery point objectives (RPO), 9) Critical assets requiring enhanced protection, 10) Security requirements by consequence level. ``` #### Supply chain security assessment **Use case:** Third-party risk management and procurement security **For:** OT Security Engineer, Procurement Manager, Vendor Management, CISO, IT Security Manager ``` Assess OT supply chain security risks for [organization]. Suppliers/vendors: [OEM, system integrators, maintenance providers, etc.], Products/services: [ICS components, software, services]. Evaluate supply chain: 1) Vendor security posture assessment (questionnaires, certifications), 2) Product security evaluation (secure development, patch management, EOL support), 3) Third-party access risks (remote support, VPN, cloud services), 4) Software bill of materials (SBOM) review, 5) Counterfeit component risks, 6) Supply chain attack vectors (compromised updates, malicious hardware), 7) Contractual security requirements and SLAs, 8) Incident response and notification obligations, 9) Vendor risk scoring and classification, 10) Remediation plan for high-risk vendors. ``` #### OT penetration test scoping **Use case:** Security validation and compliance testing **For:** OT Security Engineer, CISO, Penetration Tester, Operations Manager, IT Security Manager ``` Scope penetration test for OT environment. Environment: [describe OT network and systems], Test objectives: [validate controls, identify vulnerabilities, test detection], Constraints: [no production impact, approved time windows]. Define pen test scope: 1) Systems in scope (networks, devices, applications), 2) Out-of-scope systems (safety critical, legacy without spares), 3) Test methodology (black box, gray box, white box), 4) Testing techniques (network scanning, exploit attempts, social engineering, physical), 5) Rules of engagement (approved times, change freezes, emergency stops), 6) Success criteria and objectives, 7) Safety precautions and abort conditions, 8) Coordination with operations (SMEs, shutdown procedures), 9) Deliverables (report, executive summary, remediation guidance), 10) Retest scope and schedule. ``` ### Network Segmentation & Architecture Design secure OT network architectures with proper segmentation and defense in depth. #### Purdue model implementation **Use case:** OT network architecture and segmentation **For:** OT Security Architect, Network Engineer, OT Security Engineer, Control Systems Engineer, IT/OT Convergence Manager ``` Design network segmentation based on Purdue model for [facility]. Current architecture: [describe flat or existing network]. Implement Purdue levels: Level 0 (Process): 1) Physical process (sensors, actuators, field devices), 2) Isolation from upper levels. Level 1 (Control): 3) PLCs, RTUs, IEDs, 4) Local HMI. Level 2 (Supervision): 5) SCADA, DCS, HMI servers, 6) Engineering workstations, historians. Level 3 (Operations): 7) MES, asset management, 8) Patch management servers. Level 3.5 (DMZ): 9) Data diodes or firewalls, 10) Jump servers, data historians for IT access. Level 4-5 (Enterprise): 11) Business networks, ERP, email. Design: 12) Firewall rules between levels (deny-by-default), 13) Unidirectional gateways where appropriate, 14) Network monitoring and logging, 15) Remote access architecture (VPN, jump hosts, MFA). ``` #### Firewall rules and policies for OT **Use case:** Network security policy enforcement **For:** OT Security Engineer, Firewall Administrator, Network Security Engineer, ICS/SCADA Engineer, IT Security Manager ``` Design firewall ruleset for OT network. Network zones: [describe zones: control, SCADA, DMZ, corporate]. Protocols in use: [Modbus, DNP3, OPC, Ethernet/IP, Profinet, etc.]. Create firewall policy: 1) Default deny posture (explicit allow rules only), 2) Zone-to-zone communication matrix (what talks to what), 3) Allow rules by zone pair (source, destination, protocol, port, justification), 4) Protocol-specific rules (deep packet inspection for industrial protocols), 5) Deny rules for prohibited traffic, 6) Logging requirements (all denies, critical allows), 7) Time-based rules (maintenance windows, remote access), 8) Emergency override procedures (incident response), 9) Change management process (rule approval, testing, rollback), 10) Periodic review and cleanup (remove unused rules). ``` #### Remote access security architecture **Use case:** Secure remote access and third-party management **For:** OT Security Engineer, OT Security Architect, Network Engineer, Identity and Access Management, IT Security Manager ``` Design secure remote access for OT environment. Access requirements: [vendor support, remote sites, mobile workforce, emergency access]. Remote access design: 1) Remote access tiers (vendor, employee, contractor), 2) Authentication requirements (MFA mandatory, certificate-based, token), 3) Access methods (VPN, jump servers, web-based clientless VPN, PAM), 4) Network zones accessible per tier (least privilege), 5) Session recording and monitoring, 6) Just-in-time access (request/approve workflow, time-limited), 7) Vendor access controls (escorted, monitored, audited), 8) Break-glass procedures (emergency access with logging), 9) Endpoint security requirements (patching, EDR, antivirus), 10) Termination procedures (access revocation, session cleanup). ``` #### Data diode implementation **Use case:** High-security data transfer and network isolation **For:** OT Security Architect, OT Security Engineer, Network Engineer, Control Systems Engineer, IT/OT Convergence Manager ``` Implement data diodes for [use case: OT to IT data transfer, safety system isolation]. Data requirements: [what data needs to flow, direction, frequency, protocols]. Design data diode solution: 1) Use case identification (historian replication, alert forwarding, read-only access), 2) Data flow direction (unidirectional OT→IT typical), 3) Protocol support (OPC, Modbus, DNP3, database replication), 4) Data transformation and normalization, 5) Source and destination systems, 6) Latency and throughput requirements, 7) Data validation and integrity checking, 8) Monitoring and alerting (diode health, data flow), 9) Bypass procedures (emergency scenarios, testing), 10) Physical security and tamper detection. ``` #### Wireless security in OT environments **Use case:** Wireless OT connectivity and mobility security **For:** OT Security Engineer, Wireless Network Engineer, Network Security Engineer, ICS/SCADA Engineer, IT Security Manager ``` Secure wireless networks in OT facility. Wireless uses: [sensors, mobile HMI, predictive maintenance, asset tracking]. Wireless security design: 1) Network segregation (separate SSIDs for OT, guest, corporate), 2) Authentication mechanisms (WPA3-Enterprise, 802.1X, certificates), 3) Encryption standards (AES-256), 4) Rogue access point detection and prevention, 5) Wireless intrusion prevention system (WIPS), 6) Coverage mapping and heat maps (avoid interference with OT), 7) Frequency management (avoid ISM bands used by OT), 8) Client device security (MDM, posture checking, EDR), 9) Monitoring and logging (connection attempts, anomalies), 10) Physical security (AP placement, anti-tamper, secure mounting). ``` ### Threat Detection & Monitoring Implement monitoring, detection, and threat hunting capabilities for OT environments. #### OT-specific SIEM/SOC use cases **Use case:** OT threat detection and security operations **For:** OT Security Analyst, SOC Analyst, OT Security Engineer, SIEM Administrator, Threat Hunter ``` Develop detection use cases for OT SOC. SIEM platform: [specify tool]. OT protocols: [list protocols to monitor]. Create detection use cases: 1) Unauthorized network connections (new devices, rogue IPs, unexpected communication), 2) Protocol anomalies (malformed packets, illegal commands, out-of-sequence messages), 3) Configuration changes (PLC logic, setpoint modifications, user account changes), 4) Access anomalies (after-hours access, privileged escalation, failed logins), 5) Malware indicators (known signatures, behavioral anomalies, C2 traffic), 6) Insider threat patterns (data exfiltration, abnormal file access), 7) Process anomalies (unexpected starts/stops, parameter deviations), 8) Safety system tampering (bypass, disable, test mode), 9) Asset lifecycle events (new devices, firmware changes, decommissions), 10) Alert tuning and threshold settings (reduce false positives). ``` #### Passive network monitoring deployment **Use case:** Visibility and threat detection without disruption **For:** OT Security Engineer, Network Engineer, SOC Analyst, ICS/SCADA Engineer, IT Security Manager ``` Deploy passive monitoring for OT network. Monitoring scope: [network segments to monitor]. Architecture: 1) TAP or SPAN port placement (coverage of critical zones), 2) Monitoring sensor locations (physical and virtual), 3) Asset discovery and inventory (automatic vs manual baseline), 4) Protocol decoding (deep packet inspection for ICS protocols), 5) Behavioral baselining (learning mode duration, normal patterns), 6) Anomaly detection rules (deviations from baseline), 7) Threat intelligence integration (IoCs, known malware signatures), 8) Alerting and escalation (severity thresholds, notification methods), 9) Forensic data retention (packet capture, flow data, logs), 10) Integration with SIEM/SOC (log forwarding, alert correlation). ``` #### OT threat hunting playbook **Use case:** Proactive threat detection and hunting **For:** Threat Hunter, OT Security Analyst, SOC Analyst, Incident Responder, OT Security Engineer ``` Create threat hunting procedures for OT environment. Threat landscape: [ransomware, APT, insider threats, supply chain]. Develop hunting playbook: 1) Hypothesis development (what threats to look for and why), 2) Data sources (network traffic, logs, endpoint telemetry, historian data), 3) Hunting techniques (statistical analysis, stack counting, pattern matching), 4) IOC sweeps (hash checks, IP reputation, domain lookups), 5) Anomaly hunting (deviations from baseline, outlier detection), 6) Protocol analysis (malformed packets, unusual command sequences), 7) Lateral movement detection (east-west traffic, privilege escalation), 8) Persistence mechanism checks (scheduled tasks, registry, startup items), 9) Documentation and evidence collection, 10) Escalation and incident response handoff. ``` #### OT vulnerability management program **Use case:** Vulnerability and patch management for OT **For:** OT Security Engineer, Vulnerability Management Analyst, Patch Management, Change Manager, Operations Manager ``` Establish vulnerability management for OT systems. Asset inventory: [list OT assets and software]. Challenge: Many OT systems cannot be patched immediately. Program design: 1) Asset inventory and criticality classification, 2) Vulnerability scanning approach (passive monitoring preferred, scheduled active scans for non-critical), 3) Vulnerability intelligence sources (ICS-CERT, vendor advisories, CVE feeds), 4) Risk-based prioritization (CVSS + exploitability + asset criticality + compensating controls), 5) Virtual patching and compensating controls (firewall rules, segmentation, monitoring), 6) Patch testing process (lab validation, change control, rollback plan), 7) Patch deployment windows (planned outages, maintenance windows), 8) Acceptance criteria for unpatched systems (risk accepted with controls), 9) Tracking and reporting (aging, SLA compliance, executive dashboard), 10) Exception process and risk acceptance. ``` #### Insider threat detection in OT **Use case:** Insider threat detection and response **For:** OT Security Analyst, Insider Threat Analyst, SOC Analyst, CISO, HR Security ``` Detect insider threats in OT environments. Insider risk scenarios: [sabotage, data theft, negligence, coercion]. Detection strategy: 1) User behavior analytics (UBA) baseline (normal access patterns, work hours, systems accessed), 2) Privileged user monitoring (admin actions, configuration changes, database access), 3) Anomaly detection (after-hours access, unusual downloads, lateral movement), 4) Data exfiltration indicators (large transfers, USB usage, cloud uploads, email attachments), 5) Prohibited actions (accessing unrelated systems, tampering with safety systems, disabling logs), 6) Physical access correlation (badge swipes, video surveillance integration), 7) Peer group analysis (comparing behavior to similar roles), 8) Alert tuning (reduce false positives while maintaining sensitivity), 9) Investigation playbooks (evidence collection, interviews, legal considerations), 10) Insider threat program (awareness, reporting, HR integration). ``` ### Incident Response & Recovery Prepare for and respond to OT cyber incidents with minimal operational impact. #### OT incident response plan **Use case:** Cyber incident preparedness and response **For:** Incident Response Manager, OT Security Engineer, SOC Manager, Operations Manager, CISO ``` Develop OT incident response plan for [facility/organization]. OT environment: [describe critical systems and processes]. Build IR plan: 1) Incident classification (severity levels: informational, low, medium, high, critical), 2) Response team roles (OT security, operations, IT, engineering, legal, comms, management), 3) Notification and escalation (who to call, when, decision trees), 4) Communication protocols (internal, external, regulatory, public), 5) Containment strategies (isolation vs shutdown, safety first, preserve evidence), 6) Eradication procedures (malware removal, account lockout, patch deployment), 7) Recovery procedures (restore from backups, rebuild systems, validation testing), 8) Root cause analysis (5 whys, timeline, lessons learned), 9) Post-incident activities (documentation, reporting, improvements), 10) Tabletop exercises and drills (quarterly practice, scenario-based). ``` #### Ransomware response playbook for OT **Use case:** Ransomware defense and recovery **For:** Incident Response Manager, OT Security Engineer, Ransomware Specialist, Operations Manager, Business Continuity Manager ``` Create ransomware-specific playbook for OT environment. Environment: [OT systems at risk]. Ransomware playbook: 1) Initial detection and validation (indicators of compromise, spread assessment), 2) Immediate containment (network segmentation activation, isolate infected systems, halt backups), 3) Safety assessment (ensure safety systems unaffected, manual control procedures), 4) Scope determination (identify patient zero, lateral movement paths, encryption extent), 5) Eradication (remove malware, disable attacker access, credential reset), 6) Recovery decision tree (pay ransom vs restore, legal and ethical considerations, executive decision), 7) Restore from backups (offline backups, integrity validation, incremental restoration), 8) System hardening (patch, credential hygiene, re-segmentation), 9) Business continuity (manual operations, alternate production, supply chain notification), 10) Regulatory reporting (timeframes, templates, evidence collection). ``` #### OT forensics and evidence collection **Use case:** Incident investigation and legal evidence **For:** Digital Forensics Analyst, Incident Responder, OT Security Engineer, Legal Counsel, Law Enforcement Liaison ``` Conduct digital forensics in OT environment. Incident scenario: [describe incident]. Forensics plan: 1) Legal and regulatory considerations (chain of custody, attorney-client privilege, employee privacy), 2) Evidence identification (logs, network traffic, memory dumps, configuration files, physical evidence), 3) Volatile data collection (live memory, running processes, network connections - order of volatility), 4) Non-volatile data (disk images, historian data, PLC ladder logic, firmware), 5) Network forensics (packet captures, flow data, DNS logs, firewall logs), 6) Timeline construction (correlate events across data sources), 7) Artifact analysis (malware reverse engineering, IOC extraction, attribution), 8) Safety constraints (no disruption to operations, read-only access where possible), 9) Documentation (detailed notes, screenshots, chain of custody forms), 10) Expert testimony preparation (clear findings, defensible methodology). ``` #### OT disaster recovery and continuity **Use case:** Operational resilience and disaster recovery **For:** Business Continuity Manager, Disaster Recovery Manager, Operations Manager, OT Security Engineer, Plant Manager ``` Develop business continuity and disaster recovery plan for OT. Critical processes: [describe operations]. DR/BC strategy: 1) Business impact analysis (RTO, RPO, criticality by system), 2) Backup strategy (offline backups, immutable storage, offsite replication, backup validation), 3) Recovery procedures (step-by-step restoration, dependency order, testing scripts), 4) Manual operation procedures (run plant without automation, operator training), 5) Alternate production sites (hot/warm/cold sites, mutual aid agreements), 6) Failover mechanisms (redundant controllers, N+1 architecture, automatic switchover), 7) Data recovery (historian data, configuration backups, version control), 8) Supply chain continuity (critical spares, vendor support, alternate suppliers), 9) Testing and drills (annual DR test, tabletop exercises, lessons learned), 10) Plan maintenance (quarterly reviews, post-incident updates). ``` #### Post-incident security improvements **Use case:** Continuous improvement and lessons learned **For:** OT Security Engineer, CISO, Incident Response Manager, Security Architecture Lead, Risk Manager ``` Identify improvements after OT security incident. Incident summary: [describe what happened]. Root cause: [identified causes]. Improvement plan: 1) Technical controls (segmentation, monitoring, access controls, patching), 2) Policy and procedure updates (change management, access review, vendor management), 3) Training and awareness (phishing, social engineering, security hygiene, incident reporting), 4) Detection capabilities (new use cases, tuning, threat intelligence), 5) Response procedures (playbook updates, communication templates, escalation paths), 6) Architecture changes (segmentation, DMZ, remote access redesign), 7) Vendor and third-party management (contract terms, security requirements, monitoring), 8) Budget and resource requests (tools, headcount, consulting), 9) Metrics and KPIs (track improvement, measure effectiveness), 10) Implementation roadmap (quick wins, medium-term, long-term priorities). ``` ### Security Controls & Hardening Implement and maintain security controls for OT assets and systems. #### PLC and ICS device hardening **Use case:** Device-level security and attack surface reduction **For:** OT Security Engineer, Control Systems Engineer, ICS/SCADA Engineer, Automation Engineer, PLC Programmer ``` Harden PLC and ICS devices for [manufacturer and models]. Current state: [default configurations, weak passwords, unused services]. Hardening checklist: 1) Change default passwords (strong complexity, unique per device), 2) Disable unnecessary services and protocols (Telnet, FTP, HTTP, SNMP v1/v2), 3) Enable secure protocols (SSH, HTTPS, SNMPv3), 4) Update firmware to latest secure version, 5) Configure access controls (IP whitelisting, VLANs, port security), 6) Enable audit logging (configuration changes, access attempts, errors), 7) Physical security (locked cabinets, tamper detection, serial port protection), 8) Remove or disable test/debug modes, 9) Implement role-based access control (RBAC) if supported, 10) Configuration backup and change management, 11) Monitor for unauthorized changes (integrity checking, alerts). ``` #### Privileged access management for OT **Use case:** Privileged account security and insider threat mitigation **For:** OT Security Engineer, Identity and Access Management, PAM Administrator, IT Security Manager, Compliance Manager ``` Implement privileged access management in OT environment. Privileged accounts: [admin, service, vendor accounts]. PAM design: 1) Inventory privileged accounts (local admin, domain admin, service accounts, vendor accounts), 2) Password vaulting (secure storage, automatic rotation, check-out/check-in), 3) Just-in-time access (temporary elevation, time-limited, approval workflow), 4) Session management (recording, monitoring, playback, keystroke logging), 5) MFA enforcement (all privileged access requires second factor), 6) Break-glass procedures (emergency access, audited and reviewed), 7) Least privilege principle (minimize standing privileges, temporary elevation), 8) Service account management (rotating passwords, monitoring usage), 9) Vendor account controls (unique per vendor, time-limited, escorted), 10) Audit and compliance (access reviews, usage reports, anomaly detection). ``` #### OT endpoint protection strategy **Use case:** Endpoint security and malware prevention **For:** OT Security Engineer, Endpoint Security Engineer, Systems Administrator, IT Security Manager, SOC Analyst ``` Deploy endpoint protection in OT environment. Endpoints: [HMI, engineering workstations, historians, OPC servers]. Constraints: [no performance impact, no unplanned reboots, vendor support]. Endpoint security strategy: 1) Asset inventory and categorization (criticality, OS, applications), 2) Antivirus/EDR selection (OT-aware, low overhead, no auto-reboot, whitelist-capable), 3) Application whitelisting (default-deny, only approved applications run), 4) USB control (block or scan removable media, authorized devices only), 5) Host-based firewall (restrict inbound/outbound, port/protocol filtering), 6) Patch management (test in lab, scheduled deployment, rollback capability), 7) Configuration hardening (disable services, remove unnecessary software, secure settings), 8) Integrity monitoring (detect unauthorized changes, file integrity checking), 9) Logging and monitoring (agent telemetry, SIEM integration), 10) Incident response agent (EDR for containment, forensics, remediation). ``` #### Secure remote maintenance procedures **Use case:** Third-party access security and vendor risk management **For:** OT Security Engineer, Vendor Management, Access Control Administrator, Operations Manager, IT Security Manager ``` Establish secure procedures for remote vendor maintenance. Vendors: [list vendors requiring remote access]. Remote maintenance process: 1) Pre-approval workflow (request, business justification, risk assessment, approver), 2) Time-limited access (access granted for specific maintenance window only, auto-expiration), 3) MFA requirement (vendors must use MFA, no shared accounts), 4) Jump host architecture (vendors connect to jump host, not directly to OT), 5) Session monitoring (real-time monitoring, recording, alert on suspicious activity), 6) Least privilege (access only to systems needed for maintenance task), 7) Activity logging (what was done, who did it, when, audit trail), 8) Change validation (verify changes, test, document, rollback if needed), 9) Access revocation (immediate removal after maintenance window, kill active sessions), 10) Periodic access reviews (quarterly review of vendor access, remove stale accounts). ``` #### OT asset inventory and management **Use case:** Asset visibility and lifecycle management **For:** OT Security Engineer, Asset Manager, CMDB Administrator, Control Systems Engineer, IT Asset Management ``` Establish OT asset inventory program. Current state: [incomplete or missing inventory]. Asset management program: 1) Discovery methods (passive monitoring, active scanning, manual survey, documentation review), 2) Asset attributes (IP, MAC, hostname, manufacturer, model, serial, firmware, location, owner, criticality), 3) Asset classification (safety critical, production critical, support, IT managed), 4) Inventory tools (CMDB, asset management system, spreadsheet), 5) Change tracking (adds, moves, changes, removals, lifecycle states), 6) Ownership assignment (who is responsible for each asset), 7) Refresh and validation (quarterly sweeps, reconciliation, accuracy checks), 8) Integration with security tools (vulnerability scanner, SIEM, EDR, NAC), 9) Reporting and dashboards (asset counts, criticality, risk scores, unmanaged devices), 10) Decommissioning process (secure wiping, documentation, removal from inventory). ``` ### OT Backup & Configuration Management Establish robust backup strategies and vendor backup management for OT systems. #### OT backup strategy and architecture **Use case:** Data protection and disaster recovery **For:** OT Security Engineer, Backup Administrator, Control Systems Engineer, Operations Manager, IT Security Manager ``` Design comprehensive backup strategy for OT environment. Systems to backup: [PLCs, HMIs, SCADA servers, historians, engineering workstations, DCS, safety systems]. Backup architecture: 1) Backup scope (what to backup: PLC/DCS programs, HMI projects, SCADA databases, historian data, network device configs, security configs, engineering tools/licenses), 2) Backup frequency (production systems: daily, engineering workstations: weekly, configuration baselines: on each change), 3) Backup methods by system type (online vs offline, hot vs cold, snapshot vs incremental), 4) Backup storage (primary: local NAS, secondary: offsite/tape, tertiary: air-gapped/offline for ransomware protection), 5) Retention policy (operational: 30 days, compliance: 7 years, golden images: indefinitely), 6) Backup windows (maintenance windows, planned outages, risk acceptance for online backup), 7) Version control (configuration management, change tracking, rollback capability), 8) Encryption (data at rest and in transit, key management), 9) Validation and testing (monthly restore tests, annual DR exercise, documented procedures), 10) Backup monitoring (success/failure alerts, capacity monitoring, backup integrity checks). ``` #### Vendor backup and source code escrow **Use case:** Vendor risk management and business continuity **For:** Procurement Manager, Contract Manager, OT Security Engineer, Legal Counsel, Risk Manager ``` Establish vendor backup and escrow agreements for critical OT systems. Vendor systems: [list proprietary/critical vendor systems]. Vendor management strategy: 1) Contract requirements (backup provisions in procurement contracts, SLA for backup delivery, backup format specifications, update frequency), 2) Source code escrow (trigger events: vendor bankruptcy, acquisition, EOL/EOS, failure to support, terms for escrow release, third-party escrow agent), 3) Configuration backup access (engineering files, PLC/DCS programs, HMI projects, licenses/dongles, system documentation), 4) Knowledge transfer (training on restore procedures, documentation of dependencies, vendor-specific tools required), 5) Backup validation with vendor (joint testing, restore verification, compatibility confirmation, version tracking), 6) Vendor EOL planning (final backup before support ends, migration path documentation, alternative vendor evaluation), 7) Legal protections (IP rights, license portability, audit rights, penalty clauses for non-compliance), 8) Backup storage (vendor-provided backups stored air-gapped, offsite copies, encryption requirements), 9) Periodic refresh (annual backup updates from vendor, compatibility testing with current systems), 10) Succession planning (if vendor acquired or fails, maintain ability to operate and restore systems). ``` #### PLC and DCS configuration backup **Use case:** Configuration management and rapid recovery **For:** Control Systems Engineer, PLC Programmer, DCS Engineer, Automation Engineer, OT Security Engineer ``` Implement configuration backup for controllers and DCS. Systems: [PLC brands: Allen-Bradley, Siemens, Schneider; DCS: Honeywell, Emerson, ABB, Yokogawa]. Backup procedures: 1) Baseline configuration capture (as-commissioned state, validated logic, parameter settings, I/O configuration), 2) Change-triggered backups (after any programming change, automatic upload to repository, change documentation required), 3) Backup tools and methods (vendor software: RSLogix, TIA Portal, DeltaV Explorer; version control: Git, SVN; automated scripts where possible), 4) What to backup (ladder logic/function blocks, HMI screens and graphics, alarm and event configs, communication settings, historian tags, control narratives/documentation), 5) Storage location (engineering workstation, network share with access controls, offline/removable media for air gap), 6) Version management (semantic versioning, change notes, author tracking, approval workflow), 7) Backup validation (compare online vs offline, checksum verification, test compile/download), 8) Restoration procedures (step-by-step restore guide, safety precautions, validation testing before startup), 9) Access controls (who can backup, who can restore, audit trail of all backup/restore operations), 10) Disaster recovery (offsite copies, spare hardware compatibility, firmware version matching). ``` #### Historian and SCADA database backup **Use case:** Data integrity and compliance **For:** Historian Administrator, Database Administrator, SCADA Administrator, OT Security Engineer, Compliance Manager ``` Backup strategy for historians and SCADA databases. Systems: [OSIsoft PI, GE Proficy, Wonderware, Ignition, custom SQL databases]. Database backup approach: 1) Data types to backup (real-time data, historical trends, tag configuration, alarm/event logs, reports, dashboards, user configurations), 2) Backup frequency (configuration: daily, historical data: continuous replication or daily incremental, transactional logs: hourly), 3) Backup methods (database native tools: PI backup, SQL Server backup; filesystem snapshots; replication to secondary server), 4) Performance impact (schedule during low-activity periods, use read replicas for backup source, throttle backup processes), 5) Data retention (high-frequency data: 90 days, aggregated data: 7 years, configuration: indefinitely), 6) Point-in-time recovery (transaction log backups for granular recovery, documented RPO: typically 1 hour), 7) Compression and deduplication (reduce storage footprint, balance with restore speed), 8) Backup validation (test restores monthly, verify data integrity, check for corruption), 9) Disaster recovery (replicate to DR site, document dependencies: licensing, network configs, client connections), 10) Long-term archival (move old data to cheaper storage tiers, maintain ability to query archived data, compliance requirements for data retention). ``` #### Air-gapped backup for ransomware protection **Use case:** Ransomware resilience and data protection **For:** OT Security Engineer, Backup Administrator, Business Continuity Manager, CISO, Operations Manager ``` Implement air-gapped backup strategy against ransomware. Critical systems: [identify must-protect systems]. Air-gap backup design: 1) Backup media (LTO tape, removable HDDs, write-once media: WORM tape or optical), 2) Backup schedule (full backup: weekly, incremental: daily, critical systems: after each change), 3) Physical security (locked safe, separate building, offsite location, dual custody), 4) Media rotation (grandfather-father-son scheme, monthly offsite rotation, annual long-term archival), 5) Connection protocol (connect backup media only during backup window, disconnect immediately after, no continuous network attachment), 6) Integrity verification (cryptographic hashing, verify before disconnect, test restore quarterly), 7) Backup systems isolation (dedicated backup server not on production network, ephemeral connection only during backup), 8) Immutable backups (WORM tape, S3 Object Lock, append-only mode, cannot be encrypted by ransomware), 9) Restore testing (full DR test annually using air-gapped backups, document time to restore, identify gaps), 10) Backup security (encrypt backup media, strict access control, audit trail of media access, tamper-evident seals). ``` #### Backup validation and restore testing **Use case:** Backup reliability and recovery assurance **For:** Backup Administrator, Control Systems Engineer, OT Security Engineer, Operations Manager, Disaster Recovery Manager ``` Establish backup validation and testing program. Backup inventory: [all OT system backups]. Testing program: 1) Validation frequency (automated: after each backup, manual: monthly for critical systems, full DR test: annually), 2) Automated validation (checksum verification, backup completion status, file integrity checks, restore to test environment), 3) Manual restore testing (select sample systems monthly, full system restore, functional testing, document time-to-restore), 4) Restore scenarios to test (single PLC restore, full SCADA server rebuild, historian data recovery, network device config restore, multiple system recovery), 5) Test environment (isolated lab network, spare hardware, virtual environment where possible, no impact to production), 6) Success criteria (restored system matches source, functional testing passes, documentation is complete, RTO/RPO met), 7) Failure investigation (root cause if backup fails, corrective action, retest after fix), 8) Documentation (restore procedures tested and updated, time logs: actual vs expected, lessons learned, gaps identified), 9) Tabletop exercises (walk through restore procedures with team, identify dependencies, clarify roles), 10) Continuous improvement (update procedures based on test results, address identified gaps, train new staff on restore). ``` #### OT backup security controls **Use case:** Backup infrastructure protection and trust **For:** OT Security Engineer, Backup Administrator, IT Security Manager, Systems Administrator, CISO ``` Secure backup infrastructure and processes. Backup systems: [backup servers, storage, network]. Security controls: 1) Access control (RBAC for backup systems, MFA required, least privilege, separate admin accounts for backup), 2) Encryption (backup data encrypted at rest: AES-256, encrypted in transit: TLS 1.2+, secure key management: HSM or vault), 3) Network segmentation (backup network isolated from production, separate VLAN, firewall controls, no direct internet access), 4) Integrity protection (digital signatures, write-once storage, version control, tamper detection), 5) Monitoring and alerting (backup success/failure, unauthorized access attempts, configuration changes, capacity thresholds), 6) Audit logging (all backup/restore operations, access to backup systems, retention per compliance requirements), 7) Backup system hardening (minimal services, patched and updated, EDR/antivirus, host firewall), 8) Physical security (backup media in locked storage, datacenter access controls, offsite storage security), 9) Vendor access controls (if vendor manages backups, escorted access, session recording, time-limited), 10) Incident response (backup compromise procedures, backup isolation capability, malware scanning before restore, clean restore from air-gapped if infected). ``` ### Compliance & Standards Achieve and maintain compliance with OT security regulations and standards. #### IEC 62443 compliance roadmap **Use case:** IEC 62443 compliance and certification **For:** OT Security Engineer, Compliance Manager, IEC 62443 Specialist, CISO, Control Systems Engineer ``` Develop IEC 62443 compliance program for [facility/organization]. Target level: [SL 1/2/3/4]. Compliance roadmap: 1) Gap assessment (current state vs IEC 62443 requirements by security level), 2) Foundational requirements (FR1: Identification and Authentication, FR2: Use Control, FR3: System Integrity, FR4: Data Confidentiality, FR5: Restricted Data Flow, FR6: Timely Response, FR7: Resource Availability), 3) System requirements (SR) mapping to technical controls, 4) Zone and conduit model (define zones, conduits, security levels per zone), 5) Risk assessment (threat identification, vulnerability assessment, impact analysis), 6) Security requirements specification (by zone and system), 7) Implementation plan (policies, technical controls, testing, validation), 8) Maintenance and improvement (continuous monitoring, periodic assessment, updates), 9) Documentation (policies, procedures, architecture diagrams, risk register), 10) Certification path (self-assessment, third-party audit, certification timeline). ``` #### NERC CIP compliance program **Use case:** Electric sector regulatory compliance **For:** NERC CIP Compliance Manager, OT Security Engineer, Compliance Analyst, CISO, Auditor ``` Implement NERC CIP compliance for [utility/electric entity]. Applicable standards: [CIP-002 through CIP-014]. Compliance program: 1) CIP-002: BES Cyber System categorization (identify and classify assets - High, Medium, Low), 2) CIP-003: Security management controls (policies, leadership, exceptions), 3) CIP-004: Personnel and training (background checks, training, access revocation), 4) CIP-005: Electronic security perimeter (ESP definition, access control, monitoring), 5) CIP-006: Physical security (PSP definition, access controls, monitoring), 6) CIP-007: System security management (ports/services, patching, malware, security events, account management), 7) CIP-008: Incident response (IR plan, testing, reporting), 8) CIP-009: Recovery plans (backup, testing, preservation), 9) CIP-010: Configuration change management and vulnerability assessments, 10) CIP-011: Information protection, 11) CIP-013: Supply chain risk management, 12) Evidence collection and retention, 13) Audit preparation and readiness. ``` #### NIST Cybersecurity Framework for OT **Use case:** Risk-based cybersecurity program framework **For:** CISO, OT Security Engineer, Risk Manager, Compliance Manager, Security Program Manager ``` Apply NIST CSF to OT environment. Organization: [describe OT operations]. CSF implementation: Identify: 1) Asset management (inventory OT assets), 2) Business environment (mission, objectives, stakeholders), 3) Governance (policies, procedures, risk tolerance), 4) Risk assessment (threats, vulnerabilities, likelihood, impact), 5) Risk management strategy. Protect: 6) Access control (identity, authentication, authorization), 7) Awareness and training, 8) Data security (protection at rest and in transit), 9) Protective technology (firewalls, segmentation, hardening). Detect: 10) Anomalies and events (monitoring, detection), 11) Continuous monitoring. Respond: 12) Response planning, 13) Communications, 14) Analysis, 15) Mitigation, 16) Improvements. Recover: 17) Recovery planning, 18) Improvements, 19) Communications. For each function, define current maturity (Tier 1-4) and target maturity. ``` #### TSA pipeline security compliance **Use case:** Oil and gas pipeline regulatory compliance **For:** TSA Compliance Manager, OT Security Engineer, Pipeline Security Specialist, CISO, Operations Manager ``` Comply with TSA pipeline security directives for [pipeline operator]. Directive requirements: [SD-02C or applicable directive]. Compliance program: 1) Cybersecurity coordinator designation (qualified individual, contact info), 2) Cybersecurity incident response plan (IR plan, notification procedures), 3) Cybersecurity assessment (annual assessment by 3rd party, vulnerability identification), 4) Cybersecurity operational implementation plan (controls by category: architecture, access, monitoring, governance), 5) OT/IT segmentation (network architecture, DMZ, firewall rules), 6) Access controls (MFA for remote access, privileged account management), 7) Continuous monitoring (IDS/IPS, SIEM, anomaly detection), 8) Physical security measures, 9) Annual review and testing, 10) Reporting to TSA (incidents, assessments, plan updates), 11) Documentation and evidence retention. ``` #### OT security policy development **Use case:** Security governance and policy framework **For:** Policy Manager, OT Security Engineer, CISO, Compliance Manager, Legal Counsel ``` Develop OT security policies for [organization]. Policy framework: Create policies covering: 1) Acceptable use (who can access OT, for what purpose, restrictions), 2) Access control (authentication, authorization, privilege management, termination), 3) Asset management (inventory, lifecycle, disposal), 4) Change management (approval, testing, documentation, rollback), 5) Incident response (roles, procedures, reporting, training), 6) Network security (segmentation, remote access, wireless, external connections), 7) Physical security (facility access, device protection, environmental controls), 8) Third-party management (vendor access, supply chain, contracts), 9) Vulnerability management (assessment, patching, compensating controls), 10) Monitoring and logging (what to log, retention, review). For each policy: Purpose, scope, responsibilities, standards/procedures, enforcement, exceptions, review schedule. ``` ### OT Security Architecture & Design Design secure OT architectures for new projects and modernization initiatives. #### Secure OT system design **Use case:** Greenfield OT security architecture **For:** OT Security Architect, Control Systems Engineer, OT Security Engineer, System Integrator, Project Manager ``` Design secure OT system for [new facility or modernization project]. System scope: [SCADA, DCS, PLC, safety systems, etc.]. Secure design approach: 1) Security by design principles (defense in depth, least privilege, fail secure, simplicity), 2) Network architecture (Purdue model, segmentation, DMZ, firewalls, data diodes), 3) Platform selection (vendor security maturity, patch support, secure development practices), 4) Redundancy and high availability (N+1, failover, diverse paths, no single points of failure), 5) Authentication and access control (MFA, RBAC, PAM, certificate-based), 6) Secure protocols (encrypted communications, authenticated sessions, integrity checking), 7) Monitoring and logging (comprehensive visibility, SIEM integration, alerting), 8) Physical security (locked cabinets, access controls, environmental monitoring), 9) Incident response capabilities (isolation, forensics, recovery), 10) Compliance requirements (IEC 62443, NERC CIP, industry standards). ``` #### Legacy system security retrofit **Use case:** Legacy system risk mitigation **For:** OT Security Engineer, OT Security Architect, Control Systems Engineer, Risk Manager, Operations Manager ``` Secure legacy OT systems that cannot be upgraded. Legacy systems: [describe unsupported or unpatched systems]. Retrofit strategy: 1) Compensating controls (since patching unavailable): Network segmentation (dedicated VLAN, ACLs, microsegmentation), 2) Firewall protection (explicit allow rules, protocol filtering, stateful inspection), 3) Unidirectional gateways (data diodes for critical legacy systems), 4) Network monitoring (passive IDS, anomaly detection, protocol analysis), 5) Physical security (locked cabinets, badge access, CCTV), 6) Procedural controls (change approval, access logging, periodic review), 7) Application whitelisting (on adjacent systems that interact with legacy), 8) Backup and recovery (frequent backups, tested restoration), 9) Risk acceptance documentation (management approval, documented compensating controls), 10) Replacement roadmap (plan for eventual upgrade/replacement). ``` #### Cloud integration for OT data **Use case:** Digital transformation and cloud adoption **For:** OT Security Architect, Cloud Security Architect, OT Security Engineer, Cloud Engineer, Data Architect ``` Securely integrate OT data with cloud platforms. Cloud use cases: [analytics, predictive maintenance, remote monitoring, historian]. Secure cloud integration: 1) Architecture (DMZ, jump servers, reverse proxy, no direct OT-to-cloud), 2) Data flow design (unidirectional where possible, aggregation layer, data diodes), 3) Authentication and authorization (OAuth, SAML, API keys, certificate-based), 4) Encryption (TLS 1.2+, end-to-end encryption, encrypted storage), 5) Data governance (classification, masking, anonymization, retention), 6) API security (rate limiting, input validation, authentication, logging), 7) Cloud provider security (shared responsibility model, compliance certifications, security controls), 8) Network connectivity (VPN, private connectivity, no internet-routable IPs), 9) Monitoring and incident response (cloud SIEM, anomaly detection, playbooks), 10) Business continuity (local caching, fallback to on-prem, data replication). ``` #### IoT and IIoT security design **Use case:** Industrial IoT security and smart manufacturing **For:** OT Security Architect, OT Security Engineer, IoT Security Specialist, Network Engineer, Control Systems Engineer ``` Secure Industrial IoT deployment in OT environment. IIoT use case: [sensors, predictive maintenance, asset tracking, mobile devices]. IIoT security design: 1) Device security (secure boot, TPM/secure element, encrypted storage, OTA updates), 2) Authentication (unique credentials per device, certificate-based, no hardcoded passwords), 3) Network connectivity (dedicated network segment, VPN/TLS, no internet routing), 4) Data protection (encryption in transit and at rest, integrity checking, signed messages), 5) Device management (MDM/EMM, remote wipe, posture checking, geofencing), 6) Lifecycle management (provisioning, updates, decommissioning, certificate rotation), 7) Monitoring and anomaly detection (behavioral baseline, outlier detection, traffic analysis), 8) Physical security (tamper detection, secure mounting, environmental protection), 9) Supply chain security (verified source, firmware validation, counterfeit detection), 10) Scalability (certificate management at scale, key rotation, firmware distribution). ``` #### OT security reference architecture **Use case:** Enterprise OT security standardization **For:** OT Security Architect, Enterprise Architect, CISO, Security Architecture Lead, Standards Manager ``` Create reference architecture for OT security. Organization type: [manufacturing, utilities, etc.]. Reference architecture components: 1) Network architecture (Purdue model, zones, conduits, segmentation), 2) Security zones (definitions, security levels, trust boundaries), 3) Connectivity (firewalls, DMZ, data diodes, jump servers, remote access), 4) Identity and access management (authentication, RBAC, PAM, MFA), 5) Endpoint protection (AV, EDR, application whitelisting, hardening), 6) Monitoring and detection (network monitoring, SIEM, IDS/IPS, threat intel), 7) Incident response (IR plan, forensics, communication, recovery), 8) Governance (policies, standards, change management, risk management), 9) Compliance mapping (IEC 62443, NERC CIP, NIST CSF), 10) Architecture diagrams (logical, physical, data flow), 11) Security controls matrix (by zone and requirement). ``` --- ## AI for Project & Program Managers **Category:** Project & Program Management **Prompts:** 48 **Description:** Project and program management prompts covering project planning, scheduling, risk management, stakeholder communication, resource allocation, agile methodologies, and project delivery across all industries. **Tags:** Project Management, Program Management, PMO, Agile, Work Users ### Project Initiation & Charter Launch projects with clear charters, stakeholder alignment, and success criteria. #### Project charter creation **Use case:** Project authorization and stakeholder alignment **For:** Project Manager, Program Manager, PMO Lead, Portfolio Manager, Senior Project Manager ``` Create comprehensive project charter for [project name]. Business context: [problem/opportunity]. Stakeholders: [key stakeholders]. Build charter with: 1) Executive summary (project purpose in 2-3 sentences), 2) Business case and justification (why this project, why now), 3) Project objectives (SMART goals - specific, measurable, achievable, relevant, time-bound), 4) Scope statement (in-scope and explicitly out-of-scope), 5) High-level requirements (functional and non-functional), 6) Key deliverables and milestones, 7) Success criteria and metrics, 8) Assumptions and constraints, 9) High-level timeline and phases, 10) Budget estimate and funding source, 11) Risks and dependencies (top 5), 12) Project organization (sponsor, PM, steering committee, core team), 13) Decision authority and escalation path, 14) Approval signatures required. Make it executive-ready (2-3 pages max). ``` #### Stakeholder analysis and mapping **Use case:** Stakeholder management and engagement planning **For:** Project Manager, Program Manager, Senior Project Manager, PMO Lead, Business Analyst ``` Conduct stakeholder analysis for [project]. Identify stakeholders: [list known stakeholders]. Create analysis: 1) Stakeholder inventory (individuals and groups affected or influencing project), 2) Power/influence assessment (high/medium/low for each), 3) Interest level (high/medium/low), 4) Current stance (champion/supporter/neutral/resistor/blocker), 5) Power-Interest grid (plot stakeholders - prioritize high power/high interest), 6) Impact on project (how each stakeholder affects success), 7) Stakeholder needs and expectations, 8) Communication preferences (channel, frequency, detail level), 9) Engagement strategy per stakeholder (inform/consult/involve/collaborate/empower), 10) Risk and mitigation (if key stakeholder disengaged), 11) RACI matrix for key decisions, 12) Relationship building plan (champions first, address resistors). ``` #### Project kickoff meeting agenda **Use case:** Project launch and team alignment **For:** Project Manager, Program Manager, Senior Project Manager, Scrum Master, Agile Coach ``` Design project kickoff meeting for [project name]. Attendees: [core team, stakeholders, extended team]. Duration: [90-120 minutes recommended]. Create agenda: 1) Welcome and introductions (roles and responsibilities), 2) Project background and business case (why we're here), 3) Project objectives and success criteria (what we're achieving), 4) Scope overview (what's in and out), 5) High-level timeline and key milestones, 6) Project organization and governance (decision-making, escalation), 7) Communication plan (meetings, reporting, tools), 8) Ways of working and team norms (working agreements, collaboration tools), 9) Risks, assumptions, and constraints (transparency on challenges), 10) Next steps and immediate actions (first 30 days), 11) Q&A and open discussion, 12) Parking lot for follow-up items. Include: Pre-read materials, slide deck outline, engagement activities (not just presentation), post-meeting survey. ``` #### Business case development **Use case:** Project justification and funding approval **For:** Project Manager, Program Manager, Portfolio Manager, Business Analyst, PMO Lead ``` Build business case for [project/initiative]. Problem statement: [describe current state pain]. Proposed solution: [high-level approach]. Create business case: 1) Executive summary (recommendation and key financials), 2) Problem definition (current state, impact, urgency), 3) Options analysis (minimum 3 alternatives including do-nothing), 4) Recommended solution with rationale, 5) Benefits (quantitative and qualitative - revenue, cost savings, efficiency, quality, customer satisfaction, risk reduction), 6) Costs (one-time: capital, implementation; ongoing: maintenance, support, licenses), 7) Financial analysis (NPV, IRR, payback period, ROI, cost-benefit over 3-5 years), 8) Non-financial factors (strategic alignment, risk mitigation, competitive advantage), 9) Implementation approach and timeline, 10) Risks and mitigation strategies, 11) Success metrics and measurement plan, 12) Recommendation and request for approval. Format for executive decision-making. ``` #### Project success criteria definition **Use case:** Clear success definition and outcome measurement **For:** Project Manager, Program Manager, Senior Project Manager, PMO Lead, Portfolio Manager ``` Define success criteria for [project]. Project objectives: [list goals]. Stakeholder expectations: [describe]. Establish success measures: 1) Project success vs product success (delivery on time/budget/scope vs business value realization), 2) Iron triangle metrics (scope: deliverables met, time: schedule variance, cost: budget variance), 3) Quality criteria (defect rates, acceptance test pass rate, customer satisfaction), 4) Business value metrics (ROI, revenue impact, cost savings, efficiency gains, customer metrics), 5) Stakeholder satisfaction (survey scores, sponsor feedback, user adoption), 6) Team health (morale, retention, velocity, collaboration), 7) Leading indicators (on-track metrics during project - burn rate, milestone completion), 8) Lagging indicators (outcome metrics post-delivery - usage, adoption, benefits realization), 9) Minimum viable success (must-have vs nice-to-have), 10) Measurement approach (how and when to measure, data sources, reporting cadence), 11) Success thresholds (green/yellow/red criteria). Align with stakeholders upfront. ``` #### Project feasibility analysis **Use case:** Project viability assessment and risk identification **For:** Project Manager, Program Manager, Business Analyst, PMO Lead, Portfolio Manager ``` Assess project feasibility for [initiative]. Proposed approach: [high-level solution]. Conduct feasibility study: 1) Technical feasibility (is solution buildable with current technology, skills available, integration complexity, technical risks), 2) Operational feasibility (can organization support solution, process changes needed, training requirements, change management), 3) Economic feasibility (cost-benefit positive, funding available, acceptable ROI, affordability), 4) Schedule feasibility (realistic timeline, resource availability, dependencies manageable), 5) Resource feasibility (skilled resources available, capacity vs demand, hiring/contracting needs), 6) Legal/regulatory feasibility (compliance requirements, contracts, IP considerations), 7) Market feasibility (for external products - market size, competition, timing), 8) Risk assessment (major risks per feasibility dimension, likelihood and impact, mitigation options), 9) Go/no-go recommendation (score each dimension, overall feasibility rating), 10) Alternative approaches if current approach not feasible, 11) Assumptions validated and open questions. Decision gate for project approval. ``` ### Planning & Scheduling Create realistic project schedules with clear dependencies and critical path. #### Work breakdown structure (WBS) **Use case:** Scope decomposition and work organization **For:** Project Manager, Program Manager, Senior Project Manager, Project Scheduler, PMO Lead ``` Create WBS for [project]. Project deliverables: [major outputs]. Develop WBS: 1) Level 1: Project name (top level), 2) Level 2: Major deliverables or phases (5-9 major components), 3) Level 3: Sub-deliverables or work packages (decompose level 2), 4) Level 4: Activities (continue until work is estimable and assignable - typically 8-80 hour chunks), 5) WBS dictionary (for each work package: description, deliverables, acceptance criteria, owner, effort estimate, assumptions), 6) WBS coding scheme (hierarchical numbering: 1.0, 1.1, 1.1.1), 7) Deliverable-oriented structure (organize by outputs not activities), 8) Ensure 100% rule (sum of child elements equals parent, no missing work), 9) Peer review with team (completeness check, nothing missed), 10) Traceability to scope (every scope item in WBS, every WBS item in scope). Foundation for scheduling and estimating. ``` #### Project schedule development **Use case:** Realistic timeline development and critical path management **For:** Project Manager, Program Manager, Project Scheduler, Senior Project Manager, PMO Lead ``` Build project schedule for [project]. WBS: [reference WBS if available]. Create schedule: 1) Activity list (from WBS decomposition, all work packages), 2) Activity sequencing (identify dependencies - finish-to-start, start-to-start, finish-to-finish, start-to-finish, mandatory vs discretionary), 3) Network diagram (logical flow, critical path identification), 4) Duration estimating (three-point estimates: optimistic, most likely, pessimistic - calculate expected duration using PERT), 5) Resource assignment (who does what, availability and capacity), 6) Schedule calculation (forward pass for early start/finish, backward pass for late start/finish, float/slack calculation), 7) Critical path identification (longest path, zero float activities, focus management here), 8) Schedule compression (crashing: add resources, fast-tracking: parallel activities, analyze cost and risk trade-offs), 9) Milestones (decision gates, deliverable completions, external dependencies, typically 0-duration events), 10) Baseline schedule (approved version for tracking), 11) Schedule risk analysis (Monte Carlo simulation if complex), 12) Schedule formats (Gantt chart, milestone chart, network diagram). Use scheduling tool (MS Project, Smartsheet, Jira). ``` #### Milestone planning and tracking **Use case:** Executive visibility and schedule control **For:** Project Manager, Program Manager, Senior Project Manager, PMO Lead, Portfolio Manager ``` Define project milestones for [project]. Project phases: [major phases]. Establish milestones: 1) Phase gate milestones (go/no-go decision points between phases), 2) Deliverable milestones (major deliverable completions: requirements approved, design complete, system tested), 3) External milestones (dependencies on external parties, regulatory approvals, procurement deliveries), 4) Management milestones (steering committee reviews, funding gates, resource decisions), 5) Milestone criteria (entry criteria: what must be done before, exit criteria: what must be achieved, acceptance criteria: how to know it's done), 6) Milestone schedule (target dates, typically 4-8 weeks apart for visibility), 7) Milestone RACI (who's accountable for achievement, who approves), 8) Tracking approach (status colors: on-track/at-risk/missed, variance from plan, trend analysis), 9) Milestone reports (dashboard, steering committee updates, escalation triggers), 10) Milestone dependencies (blocking relationships, critical path impact). Focus executive attention on milestone achievement. ``` #### Resource allocation and leveling **Use case:** Resource optimization and capacity management **For:** Project Manager, Program Manager, Resource Manager, Senior Project Manager, PMO Lead ``` Allocate and level resources for [project]. Team: [available resources and capacity]. Schedule: [reference project schedule]. Manage resources: 1) Resource requirements (by activity, skill needed, effort hours, timing), 2) Resource availability (team calendars, holidays, other commitments, capacity %), 3) Resource assignment (match skills to activities, primary and backup assignments), 4) Resource loading chart (allocated hours per person per period, identify overallocations), 5) Resource leveling (resolve overallocations: adjust schedule within float, extend timeline if on critical path, request additional resources, outsource or contract), 6) Resource smoothing (optimize utilization, reduce peaks and valleys, prefer consistent loading), 7) Resource conflicts (competing priorities, resolve with stakeholders and functional managers), 8) Resource cost (labor rates, calculate loaded labor costs, track against budget), 9) Contingency resources (buffer for risks, plan for unplanned work), 10) Resource histograms and heatmaps (visualize allocations, identify bottlenecks). Balance timeline, resources, and quality. ``` #### Dependency management **Use case:** Inter-team coordination and schedule risk mitigation **For:** Project Manager, Program Manager, Senior Project Manager, Integration Manager, PMO Lead ``` Manage project dependencies for [project]. Known dependencies: [list dependencies]. Dependency tracking: 1) Dependency inventory (internal dependencies within project, external dependencies on other projects/teams/vendors), 2) Dependency type (hard dependencies: must finish before, soft dependencies: should finish before, resource dependencies, informational dependencies), 3) Dependency mapping (dependency matrix: our deliverables others depend on, their deliverables we depend on), 4) Criticality assessment (impact on critical path, schedule risk if dependency delayed), 5) Ownership (who's responsible on both sides, contact info, escalation path), 6) Status tracking (on-track/at-risk/blocked, percentage complete, forecasted delivery date vs needed date), 7) Communication protocol (regular sync meetings, shared dashboards, escalation process), 8) Contingency planning (alternative approaches if dependency fails, schedule buffer, work-arounds), 9) Change management (dependency changes impact our schedule, formal change control), 10) Dependency risk register (likelihood of delay, impact, mitigation strategies). Proactive dependency management prevents delays. ``` #### Schedule compression techniques **Use case:** Schedule acceleration and deadline management **For:** Project Manager, Program Manager, Senior Project Manager, Project Scheduler, PMO Lead ``` Compress project schedule for [project]. Current timeline: [duration]. Required reduction: [time to save]. Constraints: [budget, quality, resource limits]. Compression strategies: 1) Critical path analysis (focus compression on critical path activities only, float activities don't help), 2) Fast-tracking (perform activities in parallel instead of sequence, analyze dependency risks, where can we overlap, impact on quality and rework risk), 3) Crashing (add resources to shorten duration, analyze cost-per-day saved, crash activities with best cost-benefit ratio, law of diminishing returns), 4) Scope reduction (negotiate must-have vs nice-to-have, phase deliverables, MVP approach), 5) Resource optimization (overtime, specialized resources, remove bottlenecks, co-locate team), 6) Process improvements (eliminate waste, reduce approvals/handoffs, streamline decision-making, automation), 7) Vendor acceleration (expedited delivery, premium payments, parallel vendor tracks), 8) Risk vs reward (quantify schedule risks introduced, additional cost, quality impact, decide if worth it), 9) Rebaseline schedule (document compression decisions, get stakeholder approval, reset baseline), 10) Monitor compressed schedule closely (higher risk, more frequent tracking, early warning system). Balance time, cost, quality, and risk. ``` ### Scope & Requirements Management Define, validate, and control project scope and requirements. #### Requirements gathering and documentation **Use case:** Clear requirements definition and stakeholder alignment **For:** Project Manager, Business Analyst, Product Manager, Requirements Engineer, System Analyst ``` Gather and document requirements for [project]. Stakeholders: [list requirement sources]. Requirements process: 1) Elicitation techniques (interviews, workshops, surveys, observation, document analysis, prototyping), 2) Stakeholder interviews (one-on-one sessions, open-ended questions, pain points and needs, desired outcomes), 3) Requirements workshop (facilitated session with key stakeholders, prioritization exercises, consensus building), 4) User stories (as a [user type], I want [functionality] so that [benefit] - acceptance criteria in given-when-then format), 5) Requirements categorization (functional: what system does, non-functional: performance/security/usability, business requirements, technical requirements, regulatory requirements), 6) Requirements attributes (ID, description, priority: must-have/should-have/nice-to-have, source, acceptance criteria, assumptions, dependencies), 7) Requirements traceability (map to business objectives, trace through design and testing), 8) Requirements validation (review with stakeholders, feasibility assessment, testability check, completeness and consistency), 9) Requirements approval (sign-off from key stakeholders, baseline for change control), 10) Requirements documentation (requirements specification document or backlog, version control, searchable repository). ``` #### Scope statement creation **Use case:** Scope baseline and change control foundation **For:** Project Manager, Program Manager, Senior Project Manager, Business Analyst, Product Manager ``` Write detailed scope statement for [project]. High-level scope: [charter-level scope]. Detailed scope statement: 1) Product scope (characteristics and features of product/service being created), 2) Project scope (work required to deliver product scope), 3) In-scope items (explicit list: features, deliverables, locations, phases, user groups), 4) Out-of-scope items (explicit exclusions: what we're NOT doing - critical to prevent scope creep), 5) Deliverables (tangible outputs: documents, systems, training, each with acceptance criteria), 6) Acceptance criteria (how stakeholder will evaluate deliverables, definition of done, quality standards), 7) Constraints (budget, schedule, resources, technology, regulatory), 8) Assumptions (factors assumed true for planning: resource availability, access to environments, stakeholder availability), 9) Project boundaries (where project starts and stops, interfaces with other systems/projects), 10) Exclusions and dependencies (work done by others, pre-requisites, handoff points). Get stakeholder sign-off to establish baseline. ``` #### Scope change control process **Use case:** Scope control and baseline management **For:** Project Manager, Program Manager, Change Control Manager, PMO Lead, Senior Project Manager ``` Establish change control process for [project]. Current baseline: [approved scope, schedule, budget]. Change management process: 1) Change request template (requester info, description of change, business justification, urgency, impact if not approved), 2) Change impact analysis (scope: what changes, schedule: delay or acceleration, cost: budget increase/decrease, quality: impact, resources: additional needs, risks: new risks introduced), 3) Change classification (major: requires steering committee, minor: PM approval, emergency: expedited process), 4) Change evaluation criteria (value vs cost, strategic alignment, resource availability, risk tolerance), 5) Change approval workflow (PM reviews, impact assessment, CCB review, approvals by authority level, requestor notification), 6) Change Control Board (CCB) (membership: PM, sponsor, key stakeholders, meeting cadence, decision authority), 7) Change log (all changes tracked: request date, description, status: pending/approved/rejected/deferred, decision date and rationale), 8) Baseline updates (after approval: update scope docs, schedule, budget, communicate changes to team), 9) Scope creep prevention (clear scope baseline, stakeholder education on change process, say no to out-of-process requests), 10) Change metrics (number of changes, approval rate, schedule impact, cost impact, trends over time). ``` #### Requirements prioritization **Use case:** Scope optimization and value delivery **For:** Project Manager, Product Manager, Business Analyst, Product Owner, Program Manager ``` Prioritize requirements for [project]. Requirements list: [list or paste requirements]. Constraints: [budget, timeline, resource limits]. Prioritization approach: 1) MoSCoW method (Must have: critical for MVP, Should have: important but not vital, Could have: nice-to-have if time/budget, Won't have: out of scope for this release), 2) Value vs effort matrix (plot requirements: high value/low effort: do first, high value/high effort: plan carefully, low value/low effort: quick wins, low value/high effort: deprioritize or eliminate), 3) Kano model (basic needs: must satisfy, performance needs: more is better, excitement needs: delight users), 4) Weighted scoring (criteria: business value, cost, risk, strategic fit, urgency - weight criteria, score each requirement, rank by total score), 5) Cost of delay (economic impact if requirement delayed, urgency vs value), 6) Risk-based prioritization (high-risk items first to retire risk early, or last if risk is acceptable), 7) Dependency-based (prerequisites first, foundational capabilities before dependent features), 8) Stakeholder voting (dot voting, rank ordering, forced ranking), 9) Incremental value delivery (phased releases: MVP first, enhancements later, continuous delivery approach), 10) Documentation (prioritized backlog, rationale captured, stakeholder sign-off on priorities). Revisit priorities regularly as context changes. ``` #### Scope verification and acceptance **Use case:** Deliverable validation and stakeholder sign-off **For:** Project Manager, Program Manager, Quality Manager, Business Analyst, Product Manager ``` Verify and obtain acceptance of deliverables for [project]. Deliverable: [specific deliverable or phase]. Verification process: 1) Acceptance criteria review (compare deliverable to documented acceptance criteria from scope statement), 2) Deliverable inspection (walkthroughs, demonstrations, testing results, documentation review), 3) Quality validation (meets quality standards, passes quality gates, defect levels acceptable), 4) Completeness check (all features delivered, no missing functionality, documentation complete), 5) Stakeholder review (scheduled review sessions, gather feedback, address concerns), 6) Acceptance testing (user acceptance testing, business process validation, edge cases and scenarios), 7) Issue resolution (defects and gaps identified, fix or accept as-is decisions, impact on acceptance), 8) Formal acceptance (sign-off documentation, acceptance form with signatures, conditions of acceptance if applicable), 9) Rejection process (if not accepted: document gaps, remediation plan, re-submission timeline), 10) Lessons learned (feedback on process, what worked well, improvements for future deliverables), 11) Transition to operations (handoff procedures, training, support documentation). Formal acceptance protects project and establishes completion. ``` #### Scope creep identification and prevention **Use case:** Scope control and project success **For:** Project Manager, Program Manager, Senior Project Manager, PMO Lead, Change Control Manager ``` Prevent and address scope creep in [project]. Symptoms: [describe scope creep indicators]. Prevention and management: 1) Root causes of scope creep (vague requirements, stakeholder pressure, gold-plating, lack of change control, poor communication, informal commitments), 2) Warning signs (work not in WBS, deliverables not in scope statement, schedule slipping with same team, budget overruns, team working on unplanned items), 3) Prevention strategies (clear baseline scope documentation, stakeholder education on change process, requirements traceability, regular scope reviews, gate reviews before phases), 4) When scope creep detected (stop work on out-of-scope items, document the additional work, quantify impact: time, cost, resources, risk), 5) Address with stakeholders (present findings, explain change control process, request formal change request, get decision: approve as change or descope), 6) Communication approach (factual not accusatory, focus on project success and tradeoffs, provide options with pros/cons), 7) Reset expectations (remind of baseline scope, reconfirm priorities, update project plan if change approved), 8) Team training (empower team to identify scope creep, teach them to say 'that's not in scope, let's submit a change request'), 9) Regular scope audits (compare work in progress to baseline scope, catch drift early), 10) Metrics (track unauthorized work hours, change request volume, trend analysis). Protect scope or project will fail. ``` ### Risk & Issue Management Identify, assess, and mitigate project risks and resolve issues proactively. #### Risk identification and assessment **Use case:** Proactive risk management and threat mitigation **For:** Project Manager, Program Manager, Risk Manager, Senior Project Manager, PMO Lead ``` Identify and assess risks for [project]. Project context: [describe project and environment]. Risk management: 1) Risk identification techniques (brainstorming with team, expert interviews, SWOT analysis, lessons learned from past projects, checklists by category, pre-mortem: imagine project failed - why?), 2) Risk categories (technical: technology, quality, performance, integration; external: vendor, regulatory, market, weather; organizational: resources, priorities, politics, funding; project management: estimation, planning, communication, control), 3) Risk register creation (for each risk: ID, description, category, triggers/symptoms, owner), 4) Probability assessment (likelihood: high >50%, medium 25-50%, low <25% - or 5-point scale), 5) Impact assessment (if occurs, impact on: schedule, budget, quality, scope - rate high/medium/low or 1-5 scale), 6) Risk scoring (probability × impact = risk score, plot on risk matrix), 7) Risk prioritization (high risks need immediate response, medium risks monitor closely, low risks watch), 8) Risk response planning (avoid: eliminate threat, mitigate: reduce probability or impact, transfer: insurance or contract, accept: acknowledge and monitor), 9) Risk owner assignment (who's responsible for monitoring and executing response), 10) Residual risk (risk remaining after response), 11) Secondary risks (new risks introduced by response actions), 12) Regular risk reviews (weekly high risks, monthly all risks, update throughout project). ``` #### Risk response planning **Use case:** Risk mitigation and contingency planning **For:** Project Manager, Program Manager, Risk Manager, Senior Project Manager, PMO Lead ``` Develop risk response strategies for [top risks]. Risk: [describe specific risk]. Risk details: Probability [%], Impact [description]. Response strategies: 1) Risk response type (avoid, mitigate, transfer, accept - select based on risk severity and cost of response), 2) Avoidance strategies (eliminate root cause: change scope, use proven technology, remove risky dependency, extend timeline, add resources, change approach completely), 3) Mitigation strategies (reduce probability: prototyping, training, buy expertise, parallel paths; reduce impact: incremental approach, backup plans, buffer time/cost), 4) Transfer strategies (insurance, performance bonds, fixed-price contracts, warranties, penalties for vendor failure), 5) Acceptance strategies (active acceptance: contingency reserve allocated, passive acceptance: deal with it if happens), 6) Response action plan (specific actions, owner, deadline, resources needed, cost), 7) Triggers (warning signs risk is materializing, monitoring metrics, decision point to execute response), 8) Contingency plans (pre-defined response if risk occurs, step-by-step procedures, who does what), 9) Fallback plans (plan B if primary response doesn't work), 10) Risk budget (contingency reserve for mitigations, management reserve for unknown risks), 11) Response effectiveness (track: did response work, residual risk level, lessons learned). Document in risk register. ``` #### Issue log and resolution tracking **Use case:** Problem resolution and project unblocking **For:** Project Manager, Program Manager, Senior Project Manager, Scrum Master, PMO Lead ``` Manage project issues for [project]. Current issues: [describe known issues]. Issue management process: 1) Issue vs risk (issue: problem that exists now, risk: problem that might happen - issues need immediate resolution), 2) Issue log template (issue ID, description, category, date identified, raised by, severity/priority, assigned to, status, target resolution date), 3) Issue severity (critical: project blocked, high: major impact, medium: moderate impact, low: minor inconvenience), 4) Issue categories (technical, resource, vendor, communication, scope, stakeholder, dependency), 5) Issue triage (daily or weekly triage meeting, prioritize by impact and urgency, assign owners, set target dates), 6) Resolution workflow (open → assigned → work in progress → resolved → closed - track status transitions), 7) Escalation criteria (can't resolve within project team, needs sponsor/stakeholder decision, impacts critical path, exceeds PM authority level), 8) Escalation process (document issue and attempted resolutions, present options with recommendations, escalate to next level: sponsor, steering committee, executive), 9) Root cause analysis (for significant issues: 5 whys, fishbone diagram, identify systemic causes, prevent recurrence), 10) Issue metrics (number of issues, open vs closed, age of open issues, resolution time, recurring issues). Active issue management prevents small problems from becoming big crises. ``` #### RAID log management **Use case:** Integrated project tracking and visibility **For:** Project Manager, Program Manager, Senior Project Manager, PMO Lead, Scrum Master ``` Maintain RAID log for [project]. RAID = Risks, Assumptions, Issues, Dependencies. Comprehensive RAID log: Risks section: 1) Risk register (as described in risk prompts above: ID, description, probability, impact, owner, response, status), Assumptions section: 2) Assumptions list (factors assumed true for planning, if assumption invalid project plan affected - examples: resource availability, vendor delivery dates, stakeholder availability, regulatory approval timing), 3) Assumption validation (test assumptions: still true?, if false becomes risk or issue, periodic review), Issues section: 4) Issue log (as described in issue prompt above: current problems, ownership, resolution plan, status), Dependencies section: 5) Dependency register (internal and external dependencies, what we depend on, what others depend on us for, owner both sides, status, risk if delayed), 6) RAID log format (single document or dashboard, color coding: green/amber/red for status, updated weekly, reviewed in status meetings), 7) Ownership (PM owns log, team members own individual items, stakeholders have visibility), 8) Integration (RAID items link to schedule, changes, decisions, lessons learned), 9) Reporting (RAID summary in status reports, highlight high-priority items, trend analysis over time). RAID log is central PM tool for tracking project health. ``` #### Risk monitoring and control **Use case:** Ongoing risk management and adaptive response **For:** Project Manager, Program Manager, Risk Manager, Senior Project Manager, PMO Lead ``` Monitor and control risks throughout [project]. Risk register: [reference existing risk register]. Risk monitoring process: 1) Risk review cadence (weekly for high risks, bi-weekly or monthly for medium/low risks, ad-hoc when triggers occur), 2) Risk status updates (for each risk: probability and impact reassessment, response progress, residual risk level, new information or changes), 3) Trigger monitoring (watch for warning signs risk is materializing, metrics and indicators, early detection enables proactive response), 4) Response execution (implement planned risk responses, track actions to completion, measure effectiveness), 5) New risk identification (as project progresses, new risks emerge, add to register, assess and plan response), 6) Risk closure (when risk no longer relevant: resolved, avoided, or passed window of opportunity), 7) Risk escalation (if risk increasing in severity, response not working, exceeds PM authority - escalate to sponsor or steering committee), 8) Risk reserve management (track use of contingency reserve, remaining buffer, forecast if adequate), 9) Risk reporting (risk dashboard: top risks by score, trend over time - improving or worsening, status in project status reports), 10) Lessons learned (capture what worked/didn't work in risk management, improve process for future projects), 11) Risk audit (periodic independent review: are we following risk process, are we identifying all risks, are responses effective). Risk management is continuous not one-time. ``` #### Risk-based decision making **Use case:** Risk-informed decision making and trade-off analysis **For:** Project Manager, Program Manager, Senior Project Manager, PMO Lead, Portfolio Manager ``` Make project decision considering risks for [decision topic]. Decision options: [list alternatives]. Context: [describe situation requiring decision]. Risk-based decision framework: 1) Identify decision options (minimum 3 alternatives including status quo), 2) Risk identification per option (what could go wrong with each option, what risks does each introduce or mitigate), 3) Risk assessment (probability and impact of risks for each option), 4) Expected value calculation (probability × impact for each risk, sum for each option - option with lowest risk exposure), 5) Risk-opportunity balance (weigh downside risks vs upside opportunities, risk-adjusted return), 6) Qualitative factors (strategic fit, team confidence, stakeholder acceptance, flexibility and reversibility), 7) Risk tolerance consideration (organization's appetite for risk, some options too risky even if high reward), 8) Sensitivity analysis (which assumptions have biggest impact on decision, what if assumptions are wrong), 9) Decision criteria (weigh: risk, cost, schedule, quality, benefits, feasibility, stakeholder support), 10) Recommendation with rationale (preferred option, why it's best risk-adjusted choice, dissenting opinions considered), 11) Contingency plan (if chosen option doesn't work, what's plan B, decision checkpoints to reevaluate). Document decision and rationale for future reference and lessons learned. ``` ### Stakeholder Communication & Reporting Communicate effectively with stakeholders through reports, dashboards, and presentations. #### Project status report creation **Use case:** Regular stakeholder updates and transparency **For:** Project Manager, Program Manager, Senior Project Manager, PMO Lead, Portfolio Manager ``` Create project status report for [project]. Reporting period: [week/month]. Audience: [sponsor, steering committee, stakeholders]. Status report format: 1) Executive summary (overall status in 3-4 bullets: on track, risks, decisions needed, top priority), 2) Status indicators (RAG status: green/amber/red for schedule, budget, scope, quality, risks - with brief explanation of each), 3) Accomplishments this period (key milestones achieved, deliverables completed, wins and progress), 4) Planned activities next period (upcoming milestones, critical path activities, key deliverables), 5) Schedule status (percent complete, milestones hit/missed, critical path status, forecast completion date vs baseline, variance explanation), 6) Budget status (spent to date, forecast to complete, variance to budget, burn rate trend), 7) Scope status (approved changes, pending changes, scope creep indicators), 8) Top risks and issues (highest priority items from RAID log, status, mitigation progress), 9) Decisions needed (from leadership: approvals, resources, direction, priorities - with deadline), 10) Metrics dashboard (KPIs: velocity, quality, resource utilization, trend charts), 11) Next reporting period, contact info. Keep concise (1-2 pages), use visuals, lead with what matters most. ``` #### Executive dashboard design **Use case:** Executive visibility and governance **For:** Project Manager, Program Manager, PMO Lead, Portfolio Manager, Senior Project Manager ``` Design executive dashboard for [project/portfolio]. Audience: [executives, sponsors, steering committee]. Dashboard requirements: 1) Overall health (single RAG indicator: green/yellow/red, at-a-glance status), 2) Key metrics (3-5 most important KPIs: schedule variance, budget variance, quality metrics, benefits realization - actual vs target), 3) Milestone timeline (visual timeline: past milestones, upcoming milestones, critical path, on-track vs at-risk), 4) Risks and issues (count of open items by severity, top 3-5 by impact with brief description and status), 5) Budget burn (spend to date vs plan, forecast vs budget, visual burn chart or S-curve), 6) Resource utilization (allocation %, capacity vs demand, critical resource constraints), 7) Trend indicators (are things getting better or worse: arrows or sparklines, period-over-period comparison), 8) Dependencies status (external dependencies: on-track/at-risk/blocked, impact on project), 9) Benefits tracking (if post-launch: benefits realized vs projected, ROI tracking), 10) Action required (decisions needed from executives, escalations, approvals pending). Design principles: Single page, visual-heavy with minimal text, use color coding consistently, update frequency defined, drill-down available but not on main dashboard. Tools: PowerBI, Tableau, Smartsheet, Excel, PPT. ``` #### Steering committee presentation **Use case:** Governance and executive decision-making **For:** Project Manager, Program Manager, Senior Project Manager, Portfolio Manager, PMO Lead ``` Prepare steering committee presentation for [project]. Meeting objective: [status update, decision needed, issue escalation]. Duration: [15-30 minutes typical]. Presentation structure: 1) Agenda slide (meeting purpose, topics, time allocation, decisions needed), 2) Project overview reminder (for context: goals, scope, timeline, budget - brief, they know this), 3) Status summary (overall RAG, key accomplishments, schedule/budget/scope status - 1-2 slides), 4) Deep dive topic (focus of this meeting: major milestone review, critical decision, significant issue - 3-5 slides), 5) Risks and issues (top items requiring committee attention, mitigation status, escalated issues needing decision), 6) Decisions required (clearly articulated asks: options presented, recommendation with rationale, what happens if delayed, deadline for decision), 7) Next steps (immediate actions, upcoming milestones, next committee meeting topics), 8) Q&A preparation (anticipate questions, prepare backup slides, have supporting data ready). Presentation tips: Lead with what matters most, be concise (executives are time-constrained), use visuals not walls of text, know your audience (what they care about), practice timing, have backup slides for deep questions but not in main flow. Send deck as pre-read 24-48 hours before meeting. ``` #### Stakeholder communication plan **Use case:** Stakeholder engagement and information flow **For:** Project Manager, Program Manager, Communications Manager, Senior Project Manager, PMO Lead ``` Develop communication plan for [project]. Stakeholders: [list from stakeholder analysis]. Communication plan: 1) Stakeholder communication matrix (for each stakeholder or group: information needs, communication method, frequency, owner), 2) Communication methods (status reports, dashboards, email updates, meetings: stand-ups/steering committee/working sessions, presentations, chat/Slack, collaboration tools, newsletters), 3) Communication frequency (executives: monthly/quarterly, sponsors: weekly/bi-weekly, team: daily stand-ups, stakeholders: monthly or as-needed), 4) Content by audience (executives: strategic and risks, sponsors: status and decisions, team: detailed and tactical, end users: changes and benefits), 5) Meeting cadence (recurring meetings: schedule, purpose, participants, duration, agendas), 6) Escalation communication (when and how to escalate issues, who to contact for what, response time expectations), 7) Change communication (how changes are communicated: change log, change notices, impact assessment, approval notifications), 8) Tools and platforms (project management tool: Jira/Smartsheet, collaboration: Teams/Slack, documentation: SharePoint/Confluence), 9) Communication owners (PM owns overall plan, team members own specific communications, stakeholders have clear points of contact), 10) Feedback loops (how stakeholders provide input, two-way communication, pulse checks and surveys). Document and share communication plan with all stakeholders. ``` #### Project metrics and KPI tracking **Use case:** Performance measurement and predictive management **For:** Project Manager, Program Manager, PMO Lead, Senior Project Manager, Portfolio Manager ``` Define and track project KPIs for [project]. Project type: [describe project]. Establish metrics: 1) Schedule metrics (schedule performance index: SPI = EV/PV, milestone completion %, critical path status, schedule variance days, forecast completion date variance), 2) Cost metrics (cost performance index: CPI = EV/AC, budget variance $, burn rate $/period, estimate to complete, estimate at completion variance), 3) Scope metrics (requirements completed %, change request volume, approved changes, scope creep incidents), 4) Quality metrics (defect density, test pass rate, rework %, customer satisfaction score, acceptance criteria met), 5) Resource metrics (resource utilization %, overtime hours, attrition rate, resource availability), 6) Risk metrics (number of risks by severity, risk exposure $ value, mitigation actions completed, risks closed vs new), 7) Team health metrics (velocity or throughput, team morale survey, blockers resolved, collaboration score), 8) Business value metrics (benefits realization %, user adoption, ROI, customer outcomes), 9) Leading indicators (predict future performance: burn rate trend, velocity trend, defect introduction rate), 10) Lagging indicators (measure past performance: milestone slippage, budget overrun, quality escapes). Establish baseline, targets, and thresholds (green/yellow/red). Track weekly or bi-weekly, report monthly, trend analysis over time. Use metrics for predictive insights not just historical reporting. ``` #### Change communication plan **Use case:** Change management and stakeholder adoption **For:** Project Manager, Program Manager, Change Manager, Communications Manager, Senior Project Manager ``` Communicate project changes to stakeholders for [change]. Change: [describe approved change]. Impact: [scope, schedule, budget, resources affected]. Change communication: 1) Communication objectives (inform affected stakeholders, explain rationale, set expectations, address concerns, gain buy-in), 2) Key messages (what's changing and why, business justification, benefits of change, how it affects stakeholders, new timeline/deliverables/processes), 3) Audience segmentation (different messages for: executives, project team, end users, external stakeholders - tailor content and detail level), 4) Communication sequence (order of communication: 1st project team, 2nd sponsors/steering, 3rd broader stakeholders, 4th end users - avoid surprises), 5) Communication channels (email announcement, team meeting, town hall, FAQ document, updated project plan, dashboard updates), 6) Timing (communicate after approval but before implementation, allow time for questions, regular updates during implementation), 7) Two-way communication (feedback mechanism: office hours, Q&A sessions, survey, discussion forum, address concerns and resistance), 8) Training and support (if change affects work practices: training plan, job aids, support channels, change champions), 9) Reinforcement (repeat key messages, celebrate early wins, share success stories, address issues promptly), 10) Measurement (track understanding and acceptance: surveys, adoption metrics, support tickets, feedback themes). Change fails without effective communication. ``` ### Resource & Budget Management Manage project resources, track costs, and control budget effectively. #### Project budget development **Use case:** Budget planning and cost baseline **For:** Project Manager, Program Manager, Financial Analyst, PMO Lead, Portfolio Manager ``` Develop project budget for [project]. Scope: [high-level scope]. Timeline: [duration]. Create budget: 1) Cost categories (labor, materials, equipment, software/licenses, contractors/vendors, travel, facilities, training, contingency, management reserve), 2) Labor costs (by role: hours estimated × loaded labor rate, include benefits and overhead, by phase or sprint), 3) Non-labor costs (vendor contracts, procurement, software/tool subscriptions, hardware, infrastructure, travel, facilities), 4) Estimation techniques (bottom-up: estimate each work package from WBS, analogous: similar past projects, parametric: cost per unit × units, three-point: optimistic/most likely/pessimistic), 5) Contingency reserve (for known risks: typically 5-15% of base cost, owned by PM, used for risk responses and minor changes), 6) Management reserve (for unknown risks: typically 5-10% of total, owned by sponsor, requires approval to use), 7) Cost baseline (approved budget for work packages, time-phased: budget by period, basis for earned value management), 8) Funding requirements (cash flow: when funds needed, payment milestones, procurement schedule), 9) Budget assumptions and constraints (document all assumptions, exchange rates if international, inflation if multi-year), 10) Budget approval (present to sponsor and steering committee, get sign-off, establish change control threshold: % or $ variance requiring approval). Track costs against this baseline. ``` #### Resource planning and acquisition **Use case:** Resource acquisition and capacity planning **For:** Project Manager, Program Manager, Resource Manager, Senior Project Manager, PMO Lead ``` Plan and acquire resources for [project]. Project needs: [describe resource requirements]. Resource planning: 1) Resource requirements (by role: skills needed, quantity, when needed, duration, experience level), 2) Resource sources (internal: from functional departments, external: contractors/consultants/vendors, new hires), 3) Resource request process (negotiate with functional managers, justify business need, priority vs other projects, document commitments), 4) Resource calendar (availability: start dates, end dates, % allocation, holidays/PTO, other commitments, capacity planning), 5) Resource gaps (shortfalls: skills not available, timing conflicts, insufficient capacity), 6) Acquisition strategies (for gaps: hire, contract, train existing staff, outsource, negotiate for resources, adjust schedule, reduce scope), 7) Onboarding plan (especially for external resources: orientation, access, tools, training, ramp-up time), 8) Resource costs (include in budget: salaries, contractor rates, hiring costs, training costs, tools/equipment), 9) Resource agreements (document: who, when, how much time, backup plans, escalation if not available), 10) Contingency resources (bench of backup resources, contractor relationships, skill redundancy in team). Secure resources early or schedule is at risk. ``` #### Earned value management (EVM) **Use case:** Cost and schedule performance measurement **For:** Project Manager, Program Manager, PMO Lead, Financial Analyst, Senior Project Manager ``` Implement earned value management for [project]. Project status: [current phase]. Baseline: [approved schedule and budget]. EVM tracking: 1) Planned Value (PV): budgeted cost of work scheduled to be completed by date, cumulative from project start, 2) Actual Cost (AC): actual cost of work completed to date, includes all spent costs, 3) Earned Value (EV): budgeted cost of work actually completed, based on % complete of each work package, 4) Schedule Variance (SV): EV - PV, positive = ahead of schedule, negative = behind schedule, 5) Cost Variance (CV): EV - AC, positive = under budget, negative = over budget, 6) Schedule Performance Index (SPI): EV/PV, >1 = ahead of schedule, <1 = behind, 7) Cost Performance Index (CPI): EV/AC, >1 = under budget, <1 = over budget, 8) Estimate at Completion (EAC): forecasted total cost at project end, formula depends on performance assumptions: BAC/CPI or AC + (BAC-EV)/CPI×SPI, 9) Estimate to Complete (ETC): forecasted cost to finish project = EAC - AC, 10) Variance at Completion (VAC): BAC - EAC, expected budget overrun or underrun, 11) To Complete Performance Index (TCPI): (BAC-EV)/(BAC-AC), CPI needed to finish on budget, 12) EVM reporting (S-curve charts: PV, AC, EV over time, variance trends, forecasts). Calculate monthly, report to stakeholders, take corrective action if CPI or SPI <0.95 or >1.05. ``` #### Cost control and variance analysis **Use case:** Budget adherence and financial management **For:** Project Manager, Program Manager, Financial Analyst, PMO Lead, Portfolio Manager ``` Control project costs for [project]. Current status: [budget spent to date, forecast to complete]. Budget baseline: [approved budget]. Cost control process: 1) Regular cost tracking (weekly or bi-weekly: collect actuals, update forecast, calculate variances), 2) Variance analysis (budget vs actual by cost category, by phase/sprint, by work package - identify where overspending or underspending), 3) Root cause analysis (for significant variances: scope change, poor estimates, rework, resource rates, vendor costs, inefficiencies - understand why), 4) Corrective actions (to address overruns: reduce scope, increase efficiency, negotiate lower rates, reduce quality or schedule, request additional budget; for underspend: expedite work, add scope, move work earlier), 5) Trend analysis (cost performance over time: improving or deteriorating, forecast accuracy, burn rate), 6) Cash flow management (forecast cash needs by period, payment schedule, monitor and manage invoices, ensure funding available when needed), 7) Procurement tracking (purchase orders, vendor invoices, contract costs, change orders), 8) Committed costs (costs not yet spent but committed: POs, contracts, planned purchases - include in forecast), 9) Cost reporting (variance reports to sponsor/steering committee, explain significant variances >10% or >$X threshold, trend charts), 10) Change impact (cost impact of all approved changes, update baseline after changes, separate baseline vs approved changes vs unapproved work). Cost control is continuous discipline throughout project. ``` #### Resource performance tracking **Use case:** Team productivity and resource optimization **For:** Project Manager, Program Manager, Resource Manager, Senior Project Manager, Scrum Master ``` Track and manage resource performance for [project]. Team: [list resources]. Current utilization: [describe]. Resource management: 1) Resource allocation tracking (actual hours worked vs planned, by resource and by task, identify over/under allocation), 2) Utilization metrics (% of available time on project work vs overhead, target: 70-85% typically, idle time and wait time), 3) Productivity metrics (work completed vs hours spent, story points or tasks per sprint, compare to estimates and past performance), 4) Resource burnout indicators (overtime hours, extended high utilization, vacation/PTO not taken, morale and engagement), 5) Skills and competency tracking (skills demonstrated, certifications, training completed, skill gaps identified), 6) Quality of work (defects per deliverable, rework %, peer review feedback, customer satisfaction), 7) Collaboration and teamwork (participation in meetings, knowledge sharing, helping others, team feedback), 8) Performance conversations (one-on-ones with team members, feedback on contribution, address issues early, recognize good work), 9) Resource optimization (reallocate underutilized resources, address skill mismatches, cross-training, rotation to prevent burnout), 10) Resource forecasting (future needs based on performance: do we need more or fewer resources, adjust timeline based on actual productivity). People are most important resource - manage actively. ``` #### Procurement and vendor management **Use case:** Vendor management and procurement control **For:** Project Manager, Program Manager, Procurement Manager, Contracts Manager, Senior Project Manager ``` Manage procurement and vendors for [project]. Procurement needs: [describe goods/services to procure]. Procurement process: 1) Procurement planning (make-or-buy analysis, statement of work: what to procure, acceptance criteria, delivery schedule), 2) Vendor selection (RFP/RFQ process, evaluation criteria: cost, quality, timeline, experience, scoring and selection), 3) Contract negotiation (terms and conditions, pricing: fixed-price or T&M, payment terms and schedule, deliverables and acceptance, change control, IP and confidentiality, termination clauses, dispute resolution), 4) Contract award and kickoff (execute contract, vendor onboarding, kickoff meeting, communication plan, escalation paths), 5) Vendor performance management (regular status meetings, track deliverables vs schedule, quality review, issue resolution, relationship management), 6) Invoice and payment management (verify invoices vs contract, approval process, payment tracking, budget tracking), 7) Change management (contract changes: scope, schedule, cost, formal change orders, both parties sign-off), 8) Risk management (vendor risks: delays, quality, viability, have contingencies and backup vendors), 9) Contract closeout (final deliverable acceptance, final payment, close POs and contracts, lessons learned, vendor performance evaluation), 10) Vendor relationships (for strategic vendors: partnership approach, long-term relationship, mutual success, communication and transparency). Procurement failures cause project delays - manage closely. ``` ### Agile & Hybrid Methodologies Apply agile, scrum, and hybrid project management approaches. #### Agile project initiation and roadmap **Use case:** Agile project launch and vision alignment **For:** Product Owner, Scrum Master, Agile Coach, Project Manager, Program Manager ``` Initiate agile project for [product/project]. Vision: [product vision]. Stakeholders: [list key stakeholders]. Agile setup: 1) Product vision and goals (why we're building this, who for, what problem solved, success looks like), 2) Product roadmap (high-level features and themes by quarter or release, priorities, dependencies), 3) User personas (who are users, their goals and pain points, jobs to be done), 4) Epics and features (large bodies of work, broken down into user stories later, prioritized by value), 5) Release planning (MVP: must-have features for first release, subsequent releases: enhancements and new features), 6) Team formation (cross-functional team: developers, testers, designer, PO, SM, co-located or distributed), 7) Working agreements (team norms: core hours, communication, definition of ready, definition of done, meetings and ceremonies), 8) Tools and environments (Jira/Azure DevOps, development environments, CI/CD pipeline, collaboration tools), 9) Stakeholder engagement (demo schedule, feedback loops, steering committee for governance), 10) Success metrics (product metrics: usage, adoption, satisfaction, NPS; project metrics: velocity, quality, predictability). Agile is iterative - plan enough to start, refine as you learn. ``` #### Sprint planning and execution **Use case:** Sprint execution and iterative delivery **For:** Scrum Master, Product Owner, Agile Coach, Development Team, Project Manager ``` Plan sprint for [team/product]. Sprint length: [2 weeks typical]. Velocity: [average story points per sprint]. Product backlog: [prioritized list]. Sprint planning: 1) Sprint goal (single sentence: what we aim to achieve this sprint, aligns to product goal), 2) Capacity planning (team availability: holidays, PTO, meetings, support - available hours for sprint work), 3) Backlog refinement (top backlog items: well-defined, estimated, acceptance criteria clear, dependencies identified), 4) Story selection (pull from top of backlog, until capacity full, team commits to sprint backlog), 5) Task breakdown (decompose stories into tasks, hours estimated per task, identify who works on what), 6) Definition of done (checklist: coded, tested, code reviewed, documented, deployed to test environment, accepted by PO), 7) Sprint backlog (committed stories and tasks, visualized on sprint board: to do, in progress, done), 8) Daily stand-ups (15 min daily: what I did yesterday, what I'll do today, any blockers - SM removes blockers), 9) Sprint execution (team self-organizes, pulls tasks, updates board, transparent progress, collaborate and pair), 10) Sprint review (demo completed work to stakeholders, get feedback, adapt backlog), 11) Sprint retrospective (team reflects: what went well, what didn't, action items to improve). Focus on delivering potentially shippable increment every sprint. ``` #### User story writing and refinement **Use case:** Backlog management and requirement definition **For:** Product Owner, Business Analyst, Scrum Master, Agile Coach, UX Designer ``` Write and refine user stories for [feature]. Feature description: [describe feature]. Story writing: 1) User story format (As a [user type], I want [functionality] so that [benefit/value], focus on user need not technical solution), 2) Acceptance criteria (Given [context], When [action], Then [expected outcome], specific and testable, 3-7 criteria per story), 3) Story splitting (large stories: split by user workflow, by data type, by CRUD operations, by acceptance criteria, keep vertical slices of functionality), 4) INVEST criteria (Independent: minimize dependencies, Negotiable: details emerge through conversation, Valuable: clear user value, Estimable: team can estimate size, Small: completable in sprint, Testable: clear pass/fail), 5) Story estimation (planning poker: team consensus, story points reflect complexity/effort/uncertainty, relative sizing not hours), 6) Definition of ready (story checklist before sprint planning: acceptance criteria defined, dependencies identified, estimated, no open questions), 7) Wireframes and mockups (attach if UI work, clarify expected behavior, reduce ambiguity), 8) Technical notes (non-functional requirements: performance, security, constraints, integration points), 9) Dependencies (other stories, external teams, environment access), 10) Questions and clarifications (discuss with PO, resolve before sprint planning, update story). Well-written stories enable team to deliver value. ``` #### Backlog prioritization and grooming **Use case:** Agile planning and priority management **For:** Product Owner, Scrum Master, Agile Coach, Product Manager, Business Analyst ``` Prioritize and groom product backlog for [product]. Current backlog: [size and state]. Backlog management: 1) Backlog structure (epics at top, user stories underneath, tasks within stories, organized and hierarchical), 2) Prioritization frameworks (value vs effort: high value/low effort first, MoSCoW: must/should/could/won't, WSJF: weighted shortest job first, cost of delay), 3) Stakeholder input (product owner synthesizes: customer feedback, business priorities, technical debt, compliance, strategic initiatives), 4) Backlog refinement sessions (weekly or bi-weekly, team and PO, discuss upcoming stories, clarify, estimate, split large stories, goal: 2-3 sprints refined ahead), 5) Story readiness (definition of ready met, clear acceptance criteria, dependencies resolved, ready for sprint planning), 6) Technical debt management (allocate capacity: typically 10-20% per sprint, prioritize debt that enables velocity or reduces risk), 7) Dependency management (stories blocked by others higher priority, coordinate with other teams), 8) Backlog health metrics (story age: how long stories sit, refining enough ahead, balanced priorities: new features vs debt vs bugs), 9) Epic decomposition (break epics into stories when near top of backlog, just-in-time detail), 10) Regular backlog grooming (keep backlog trimmed: remove outdated stories, merge duplicates, maximum backlog size). Product backlog is never done - living artifact. ``` #### Agile metrics and reporting **Use case:** Agile performance measurement and transparency **For:** Scrum Master, Agile Coach, Product Owner, Project Manager, PMO Lead ``` Track agile project metrics for [team/product]. Reporting needs: [stakeholder visibility requirements]. Agile metrics: 1) Velocity (story points completed per sprint, average over last 3-5 sprints, used for forecasting, track trend: stable, improving, or declining), 2) Sprint burndown (remaining work in sprint, daily progress, identify if sprint goal at risk, flat line = blocked or not pulling work), 3) Release burnup (completed work toward release goal over time, scope changes visible, forecast release date), 4) Cumulative flow diagram (work by stage: to do, in progress, done, identify bottlenecks and WIP, flow should be smooth), 5) Cycle time (time from start to done, average and distribution, target: reduce cycle time, indicates flow efficiency), 6) Lead time (time from backlog to done, includes wait time, customer perspective), 7) Throughput (stories or features completed per sprint, predictability metric), 8) Quality metrics (defects found in sprint, defects escaping to production, test coverage %, technical debt ratio), 9) Team happiness (mood tracking, retrospective sentiment, retention), 10) Stakeholder satisfaction (product feedback, NPS, demo attendance and engagement), 11) Predictability (forecast accuracy: planned vs actual, commitment reliability). Focus on flow and value delivery not just velocity. Use metrics for improvement not blame. ``` #### Hybrid agile-waterfall approach **Use case:** Adaptive project management in constrained environments **For:** Project Manager, Program Manager, Scrum Master, Agile Coach, PMO Lead ``` Design hybrid methodology for [project]. Project characteristics: [describe project - where agile makes sense, where waterfall needed]. Constraints: [compliance, fixed budget, procurement, hardware dependencies]. Hybrid approach: 1) Phase structure (waterfall phases: initiation, planning, execution, closure - agile within execution: sprints for software development), 2) Requirements approach (high-level requirements upfront and approved: baseline scope, detailed requirements iteratively: user stories per sprint), 3) Design approach (architectural design upfront: interfaces, data model, infrastructure, detailed design iteratively: per sprint or feature), 4) Development approach (agile sprints: iterative development, demos, continuous integration, test automation), 5) Testing approach (test planning upfront: test strategy, environments, acceptance criteria, test execution iteratively: automated tests in sprints, regression, UAT at release), 6) Release approach (release plan upfront: major releases with dates, incremental delivery: frequent deployments to test, controlled production releases), 7) Governance (stage gates for phase transitions, agile ceremonies within sprints: standups, retros, reviews, steering committee oversight at milestones), 8) Documentation (requirements traceability, design documents, test plans, user manuals - produced iteratively, finalized at release), 9) Change control (major scope changes: formal CCB approval, story-level changes: product owner approval in backlog prioritization), 10) Metrics (blend: milestone completion, earned value, velocity, quality, team health). Hybrid provides flexibility while meeting organizational needs for predictability and governance. ``` ### Project Closure & Lessons Learned Close projects formally with knowledge transfer and continuous improvement. #### Project closure checklist **Use case:** Formal project completion and transition **For:** Project Manager, Program Manager, Senior Project Manager, PMO Lead, Portfolio Manager ``` Close project for [project name]. Project status: [deliverables status, acceptance status]. Closure checklist: 1) Deliverable acceptance (all deliverables formally accepted, sign-off from stakeholders, any open items documented and transitioned), 2) Contract closeout (vendor contracts closed, final payments made, warranties and support agreements in place, procurement complete), 3) Financial closure (final costs recorded, budget vs actual reconciliation, all invoices paid, financial reports finalized, close project codes), 4) Resource release (team members released, return to functional groups or reassigned, final performance reviews, thank team and celebrate), 5) Knowledge transfer (operational handoff to support/maintenance team, training provided, documentation delivered, contacts and escalation), 6) Asset disposition (return equipment, software licenses transferred or cancelled, physical space released), 7) Lessons learned session (retrospective with team and stakeholders, document what worked and didn't, improve for future projects), 8) Archive project artifacts (store project documents: charter, plans, reports, decisions, contracts, central repository, retention policy), 9) Final project report (executive summary: goals, deliverables, schedule, budget, lessons learned, 1-2 pages), 10) Project closure authorization (sponsor sign-off, formal project closure document, close project in PMO systems). Don't skip closure - captures value and learning for organization. ``` #### Lessons learned session facilitation **Use case:** Organizational learning and process improvement **For:** Project Manager, Scrum Master, Agile Coach, PMO Lead, Program Manager ``` Facilitate lessons learned for [project]. Participants: [project team, key stakeholders]. Session format: [retrospective, 90-120 minutes]. Lessons learned process: 1) Session preparation (review project: charter, status reports, issues, changes, metrics, identify topics to discuss), 2) Set the stage (safe environment for candid feedback, focus on learning not blame, confidentiality if needed, Retrospective Prime Directive: assume everyone did their best), 3) Gather data (what happened: timeline of project, key events, decisions, successes, challenges), 4) Generate insights (what went well: celebrate and reinforce, what didn't go well: identify and understand, what surprised us), 5) Root cause analysis (for problems: 5 whys, fishbone diagram, systemic issues not individual mistakes), 6) Decide what to do (action items: specific, assigned, deadlines, improve processes, update templates, training needs), 7) Categories of lessons (project management process, estimation and planning, team and collaboration, technology and tools, stakeholder management, vendor management, quality and testing), 8) Document lessons (lessons learned report: context, lesson, recommendation, applicable to future projects), 9) Share lessons (add to organizational knowledge base, present at PMO meetings, incorporate into templates and training), 10) Close positively (thank team, celebrate successes, acknowledge growth, team bonding). Continuous improvement comes from honest reflection. ``` #### Post-implementation review **Use case:** Benefits validation and project success measurement **For:** Project Manager, Program Manager, PMO Lead, Portfolio Manager, Business Analyst ``` Conduct post-implementation review for [project]. Time post-launch: [3-6 months typical]. Review purpose: [assess benefits realization and operational performance]. PIR structure: 1) Benefits realization (compare actual benefits to business case: cost savings, revenue increase, efficiency, quality, customer satisfaction, measure and quantify), 2) Success criteria review (revisit defined success criteria, achievement level for each, overall project success rating), 3) Operational performance (system/product in production: uptime, performance, user adoption, support tickets, quality issues), 4) User feedback (surveys, interviews, usage analytics, satisfaction scores, feature requests, pain points), 5) Financial review (total project cost vs budget, ongoing operational costs vs forecast, ROI calculation, payback period), 6) Schedule review (actual timeline vs baseline, major variances and causes, milestone achievement), 7) Scope review (delivered scope vs planned, scope changes and impact, deferred features and their priority), 8) Stakeholder satisfaction (sponsor feedback, steering committee perspective, team retrospective), 9) Lessons learned validation (did implemented improvements work, what would we still change, organizational adoption of lessons), 10) Recommendations (enhancements, fixes, additional training, support model, future phase priorities). PIR informs future project planning and validates business case assumptions. Present to sponsor and steering committee. ``` #### Knowledge transfer and documentation **Use case:** Operational transition and sustainability **For:** Project Manager, Technical Lead, Operations Manager, Support Manager, Training Manager ``` Execute knowledge transfer for [project deliverable]. Receiving team: [operations, support, maintenance team]. Knowledge transfer plan: 1) Documentation inventory (what exists: design docs, user manuals, technical guides, runbooks, admin guides, SOPs, architecture diagrams), 2) Documentation gaps (identify missing documentation, create or update before handoff, templates and standards), 3) Training plan (who needs training: operations, support, end users, training format: workshops, hands-on, shadowing, certification if needed), 4) Training delivery (schedule sessions, hands-on practice, Q&A, record sessions for future reference, validate understanding), 5) Shadowing and transition period (project team available for period: 2-4 weeks typical, respond to questions, assist with issues, knowledge transfer in real scenarios), 6) Access and permissions (grant necessary access, document how to request access, escalation paths, admin procedures), 7) Support model (incident management, escalation procedures, SLAs, on-call rotation, backup contacts), 8) Key contacts (SMEs by area, vendor contacts, escalation paths, update contact lists), 9) Handoff checklist (sign-off that receiving team is ready, gaps documented and mitigated, formal acceptance of responsibility), 10) Follow-up (check-ins at 1 week, 1 month, 3 months, address issues, capture feedback, refine documentation). Successful handoff ensures sustainability and support. ``` #### Project success celebration **Use case:** Team morale and recognition **For:** Project Manager, Program Manager, Team Lead, HR Business Partner, Senior Project Manager ``` Plan project success celebration for [project]. Team: [project team members]. Budget: [available for celebration]. Celebration plan: 1) Recognition objectives (appreciate team efforts, celebrate successes, build morale, reinforce desired behaviors, strengthen team bonds), 2) Celebration format (team lunch/dinner, awards ceremony, team outing, online event if distributed team, hybrid options), 3) Individual recognition (highlight individual contributions, specific achievements, shout-outs by name, personalized thank yous), 4) Team recognition (team awards, certificates, team gifts or swag, bonus or spot awards if budget allows), 5) Success storytelling (share project journey: challenges overcome, milestones achieved, customer impact, business value), 6) Stakeholder participation (sponsor attends to thank team, executives present awards, customer testimonials if available), 7) Fun and connection (team building activity, photo booth, games, informal time together, lighthearted and enjoyable), 8) Inclusive approach (ensure all team members invited: developers, QA, BA, designers, part-time contributors, vendor team if appropriate), 9) Timing (soon after project completion while excitement fresh, but after hectic delivery phase), 10) Communication (send invitation and agenda, encourage attendance, optional but highly encouraged, capture photos and share). Recognition boosts morale and retention, sets positive tone for future projects. People remember how they were treated. ``` #### Project portfolio review **Use case:** Organizational PM maturity and continuous improvement **For:** PMO Lead, Portfolio Manager, PMO Director, Program Manager, Senior Leadership ``` Review project performance for portfolio governance. Projects: [list completed projects in period]. Portfolio review: 1) Project outcomes (for each project: objectives achieved, deliverables status, budget and schedule performance, benefits realized or on track), 2) Success patterns (what common factors in successful projects: good planning, strong sponsorship, experienced PM, right team size, agile approach, etc.), 3) Failure patterns (common issues: scope creep, resource constraints, poor requirements, technology challenges, stakeholder misalignment), 4) Portfolio health metrics (on-time delivery %, on-budget %, scope delivered %, stakeholder satisfaction, project ROI, strategic alignment), 5) Resource utilization (resource pool: utilization, bottlenecks, skill gaps, bench strength, contractor vs employee mix), 6) Lessons learned themes (across all projects: process improvements needed, tools, training, template updates, governance changes), 7) Best practices (identify and codify: what worked well, standards and templates, PM methodologies, risk management approaches), 8) Process improvements (based on lessons: update project lifecycle, improve templates, enhance training, tooling, governance), 9) Capability building (skills needed: training programs, certifications, mentoring, hiring priorities), 10) Portfolio strategy (adjust project selection criteria, capacity planning, pipeline management, strategic alignment). Portfolio reviews drive organizational PM maturity. Conduct quarterly or semi-annually. ``` --- ## AI for DevOps & Cloud Infrastructure Engineers **Category:** DevOps & Cloud Infrastructure **Prompts:** 29 **Description:** Advanced prompts for DevOps, SRE, and Cloud Infrastructure professionals covering Terraform, Ansible, Kubernetes, cloud cost optimization, security auditing, CI/CD automation, and infrastructure architecture across AWS, Azure, and GCP. **Tags:** DevOps, Cloud Infrastructure, Terraform, Kubernetes, Security, Technical Users ### Terraform Infrastructure as Code Generate production-ready Terraform configurations with best practices, security, and scalability. #### Multi-tier AWS infrastructure with Terraform **Use case:** Production-grade multi-tier application infrastructure **For:** DevOps Engineer, Cloud Architect, Infrastructure Engineer, Platform Engineer, SRE ``` Generate complete Terraform configuration for multi-tier AWS infrastructure. Requirements: [describe application: web tier, app tier, database tier]. Scale: [traffic volume, availability requirements]. Environment: [dev/staging/prod]. Create comprehensive IaC: 1) Project structure (modular design: modules/ for reusable components, environments/ for env-specific configs, backend.tf for state management, providers.tf, variables.tf, outputs.tf, terraform.tfvars for sensitive values in .gitignore), 2) VPC architecture (multi-AZ VPC with public/private/database subnets, CIDR planning for no overlap, NAT gateways in each AZ for HA, Internet gateway, VPC endpoints for S3/DynamoDB to avoid NAT costs, flow logs to CloudWatch), 3) Security groups (least-privilege rules, separate SGs per tier: ALB SG, app SG, database SG, no 0.0.0.0/0 for ingress except ALB from internet, egress restricted, description for each rule), 4) Compute layer (Auto Scaling Groups with launch templates, AMI with Packer or golden AMI, instance types optimized for workload, mixed instance policy for cost optimization: on-demand + spot, user data for bootstrapping, IAM instance profiles with minimal permissions), 5) Load balancing (Application Load Balancer, target groups with health checks, listener rules, SSL/TLS termination with ACM certificates, WAF integration, access logs to S3), 6) Database (RDS Multi-AZ for HA, read replicas for read scaling, automated backups with retention, encryption at rest with KMS, parameter groups for performance tuning, option groups if needed, subnet groups in database subnets, no public accessibility), 7) Caching and storage (ElastiCache Redis for session management, S3 buckets with versioning and lifecycle policies, CloudFront for static assets), 8) State management (S3 backend with versioning and encryption, DynamoDB table for state locking, separate state files per environment), 9) Variables and locals (parameterize all resources, use locals for computed values, validation rules, sensitive variables marked, default values where appropriate), 10) Outputs (export critical values: ALB DNS, RDS endpoint, VPC ID for use in other modules or stacks), 11) Terraform best practices (use data sources for existing resources, depends_on only when necessary, for_each over count for flexibility, lifecycle rules for critical resources: prevent_destroy, tags for all resources with environment/project/owner, use terraform fmt and validate). Include: provider versions pinned, workspace strategy, cost estimates with infracost, README with architecture diagram. ``` #### Terraform module development and best practices **Use case:** Reusable infrastructure components and organizational standards **For:** Platform Engineer, DevOps Engineer, Cloud Architect, Infrastructure Engineer, SRE ``` Develop reusable Terraform module for [resource type: VPC, EKS cluster, RDS, etc.]. Module purpose: [describe intended use cases]. Create production-ready module: 1) Module structure (standard layout: main.tf for primary resources, variables.tf with descriptions and validation, outputs.tf for return values, versions.tf for provider requirements, README.md with usage examples, examples/ directory with complete implementations, tests/ for Terratest), 2) Input variables (required vs optional variables clearly marked, validation blocks for input constraints: regex patterns, allowed values, type constraints: object, list, map, default values that are secure and sensible, descriptions explaining purpose and format), 3) Resource definitions (follow naming conventions: project-env-resource, use for_each for dynamic resource creation, conditional resource creation with count, tags merging: merge(var.common_tags, var.additional_tags), data sources for references: AMIs, availability zones, IAM policies), 4) Security by default (encryption enabled by default, public access disabled by default, security groups/NACLs restrictive by default, IAM least privilege, secrets never in plaintext: use AWS Secrets Manager references), 5) High availability (multi-AZ deployment as default, health checks and monitoring, auto-recovery enabled, backup and disaster recovery configured), 6) Outputs (expose necessary attributes only, output sensitive values marked as sensitive, output descriptions for documentation, structured outputs using objects for complex data), 7) Dependencies (explicit depends_on only when Terraform can't infer, implicit dependencies through references preferred, module depends_on for module-level dependencies), 8) Documentation (README with: description, requirements, providers, modules, resources, inputs table, outputs table, usage examples: minimum, complete, advanced, architecture diagram), 9) Versioning (semantic versioning for releases, CHANGELOG.md with version history, git tags for versions, backwards compatibility considerations), 10) Testing strategy (Terratest for integration tests, terraform validate and fmt in CI, tflint for linting, checkov for security scanning, test multiple scenarios: create, update, destroy, example configurations that actually work), 11) Performance optimization (use data sources efficiently, minimize provider API calls, locals for heavy computations, resource timeouts configured), 12) Cost optimization (right-sizing recommendations in comments, cost-effective defaults, optional premium features as variables). Publish to: Terraform Registry, GitHub with templates, internal module registry. ``` #### Terraform state management and backend configuration **Use case:** Enterprise-grade state management and governance **For:** Platform Engineer, DevOps Lead, Cloud Architect, Infrastructure Engineer, Security Engineer ``` Design Terraform state management strategy for [organization size and structure]. Environments: [number and types]. Teams: [number and access patterns]. State management design: 1) Backend selection (S3 + DynamoDB for AWS: versioning, encryption, locking, Azure Storage for Azure: blob with lease, GCS for GCP: bucket with versioning, Terraform Cloud for enterprise features: remote execution, policy as code, cost estimation), 2) State file organization (separate state per environment: dev, staging, prod, separate state per application or service, workspace strategy: pros and cons, mono-repo vs multi-repo implications), 3) S3 backend configuration (bucket naming convention: terraform-state--, versioning enabled for rollback, encryption with KMS: customer-managed key, MFA delete for production state, lifecycle policies for old versions, bucket policy restricting access, logging to separate audit bucket), 4) DynamoDB locking table (table name: terraform-state-lock, primary key: LockID (String), on-demand billing for cost efficiency, point-in-time recovery enabled, deletion protection enabled), 5) State encryption (encryption at rest: S3 SSE-KMS, encryption in transit: TLS, separate KMS keys per environment, key policies restricting access, never commit state to git: .gitignore, remote state only), 6) Access control (IAM policies for state access: read-only for most users, write access for CI/CD and admins, state locking prevents concurrent modifications, audit logging: CloudTrail for all state access, separate AWS accounts per environment for isolation), 7) State migration (from local to remote state: terraform init -migrate-state, between backends: terraform init -reconfigure, state file refactoring: terraform state mv, splitting large states into smaller states: resource targeting), 8) Disaster recovery (automated state backups beyond S3 versioning, backup to separate region, backup retention policy, tested restore procedures, state file corruption recovery plan), 9) State inspection and manipulation (terraform state list for inventory, terraform state show for details, terraform state rm for resource removal without destroy, terraform import for existing resources, terraform refresh for state synchronization, read-only operations safe for non-admins), 10) Remote state data sources (consume outputs from other state files: data terraform_remote_state, dependency management between projects, avoid tight coupling: consider API or service discovery), 11) State security hardening (never expose sensitive outputs without sensitive = true, regularly audit state file access, state file contains plaintext credentials: minimize secrets in state, use dynamic credentials, rotate credentials that leak into state, monitor state file changes: alerting on unexpected modifications), 12) CI/CD integration (backend configuration in pipeline: environment variables for credentials, terraform init in every pipeline run, state locking timeout configuration, plan artifacts stored securely, apply requires manual approval in production). Documentation: state management runbook, access request procedures, disaster recovery procedures, state migration procedures. ``` #### Terraform CI/CD pipeline with validation and security **Use case:** Automated infrastructure deployment with governance **For:** DevOps Engineer, Platform Engineer, SRE, Cloud Architect, Release Engineer ``` Build comprehensive Terraform CI/CD pipeline for [platform: GitHub Actions, GitLab CI, Jenkins, Azure DevOps]. Repository structure: [mono-repo or multi-repo]. Compliance: [security and governance requirements]. Pipeline design: 1) Pipeline stages (validate: fmt, validate, tflint, plan: generate plan with -out flag, security scan: checkov/tfsec, cost estimate: infracost, manual approval for production, apply: execute plan, test: validate deployment, notify: Slack/email), 2) Terraform validation (terraform fmt -check: enforce formatting, terraform validate: syntax and consistency, tflint: linting rules, custom validation scripts, fail fast on validation errors), 3) Security scanning (checkov for 500+ security checks: misconfigurations, compliance, secrets detection, tfsec for AWS/Azure/GCP: static analysis, custom OPA policies with Conftest, Snyk for IaC scanning, fail pipeline on HIGH severity, allow manual override for false positives with justification), 4) Terraform plan analysis (plan artifact stored securely: encrypted storage, plan output includes: resource changes, cost delta, security impact, automated plan comparison: detect drift and unexpected changes, Atlantis for PR-based workflows: plan on PR, apply on merge), 5) Cost estimation (infracost for cost impact analysis, compare against budget thresholds, cost breakdown by resource, show monthly and hourly costs, diff from previous infrastructure cost, block if cost increase exceeds threshold without approval), 6) Approval workflows (production requires manual approval: multiple approvers, approval must review plan output, automated approval for dev/test: after all checks pass, approval timeout and rollback, audit log of all approvals), 7) Terraform apply (apply uses saved plan file: prevents surprises, apply with -auto-approve only after plan review, parallelism tuning for performance: -parallelism=30, timeout configuration for long-running applies, detailed logging: verbose output), 8) State locking and concurrency (prevent concurrent applies to same state, queue system for sequential applies, lock timeout configuration, automatically unlock on failure with notification), 9) Drift detection (scheduled terraform plan runs: nightly drift detection, compare current state to desired state, alert on unexpected drift: pager duty for critical resources, automated remediation for low-risk drift, drift report to stakeholders), 10) Testing and validation (post-apply validation: health checks, terratest for integration tests: Go-based testing, inspec for compliance testing, automated rollback on test failure, smoke tests for critical functionality), 11) Secrets management (never commit secrets to repo: .gitignore for .tfvars, use secret managers: AWS Secrets Manager, HashiCorp Vault, environment variables in CI/CD: masked and scoped, dynamic credentials: OIDC federation, rotate credentials regularly), 12) Pipeline permissions (principle of least privilege for service accounts, separate credentials per environment, read-only for plan, write for apply, audit all pipeline executions: who, what, when), 13) Notifications and reporting (Slack notifications: plan summary, apply results, failures, email reports for stakeholders, dashboard for pipeline metrics: success rate, duration, resource costs, link to detailed logs), 14) Disaster recovery (pipeline configuration versioned in git, automated pipeline recreation, backup of pipeline secrets, documented manual procedures, tested regularly). Example pipeline code for GitHub Actions/GitLab CI, documentation for operators. ``` #### Multi-cloud Terraform architecture **Use case:** Enterprise multi-cloud strategy and vendor diversification **For:** Cloud Architect, Principal Engineer, Platform Architect, DevOps Lead, Infrastructure Architect ``` Design multi-cloud infrastructure with Terraform for [application or workload]. Clouds: [AWS, Azure, GCP combination]. Requirements: [HA, DR, data sovereignty, cost optimization]. Multi-cloud strategy: 1) Architecture design (active-active: both clouds serve traffic, active-passive: failover to secondary cloud, geo-distributed: serve users from nearest cloud, hybrid: on-prem + cloud, multi-cloud for vendor diversification), 2) Provider configuration (multiple provider blocks: alias for each, provider version constraints, authentication per cloud: separate credentials, region/location selection, rate limiting and quotas), 3) State management (separate state files per cloud: blast radius, combined state with careful dependencies, workspace per cloud, backend per cloud: S3 for AWS portion, Azure Storage for Azure portion), 4) Networking (VPN tunnels between clouds: AWS VGW to Azure VPN Gateway, GCP Cloud VPN, VPC peering where available, Transit Gateway for AWS multi-region, ExpressRoute/Direct Connect for dedicated connections, DNS management: Route53 or Azure DNS, global load balancing: AWS Global Accelerator, GCP Cloud Load Balancing), 5) Compute abstraction (modules that abstract cloud differences, input variable for cloud provider, conditional resource creation: count or for_each based on cloud, similar instance types: map of equivalent instance families, unified tagging strategy across clouds), 6) Data replication (database replication across clouds: AWS RDS to Azure SQL, object storage replication: S3 to GCS or Azure Blob, consistency considerations: eventual consistency acceptable or strong consistency required, conflict resolution strategy), 7) Identity and access (federated identity: Azure AD SSO to AWS, GCP Workload Identity Federation, unified IAM policies where possible, role mapping across clouds, audit logging to centralized SIEM), 8) Monitoring and observability (unified monitoring: Datadog, New Relic, Grafana Cloud, metrics aggregation from all clouds, distributed tracing across clouds, alerting strategy: consistent alert thresholds, log aggregation: ELK stack or Splunk), 9) Cost optimization (reserved instances and committed use discounts per cloud, spot instances and preemptible VMs, right-sizing across clouds, cost allocation tags: consistent taxonomy, automated cost reports: compare cloud costs, TCO analysis including egress costs), 10) Disaster recovery (RPO and RTO requirements, automated failover: DNS-based or global load balancer, backup strategy: cross-cloud backups, DR testing: regularly test failover, runbook for disaster scenarios), 11) Security and compliance (encryption at rest: cloud-native KMS, encryption in transit: TLS everywhere, compliance: shared responsibility model per cloud, security monitoring: GuardDuty, Azure Sentinel, Chronicle, vulnerability scanning across environments, penetration testing considerations), 12) Terraform modules (abstraction modules: compute, database, storage, cloud-specific modules: child modules per cloud, composition: root module ties together, DRY principles: don't repeat configuration), 13) CI/CD for multi-cloud (unified pipeline for all clouds, cloud-specific validation and scanning, cost estimation per cloud, approval workflow per cloud: different risk profiles, deployment strategy: canary across clouds), 14) Operational complexity (training for team on multiple clouds, runbooks per cloud and per scenario, on-call rotation with multi-cloud expertise, vendor management: AWS, Azure, GCP accounts and support, cost of complexity vs benefits). Architecture diagram showing inter-cloud connectivity, data flows, failover paths. Terraform workspaces or directory structure for organization. ``` #### Terraform state migration and refactoring **Use case:** Infrastructure reorganization and technical debt reduction **For:** Senior DevOps Engineer, Platform Engineer, Infrastructure Architect, SRE, Cloud Architect ``` Plan and execute Terraform state refactoring for [existing infrastructure]. Current state: [describe current setup: large monolith, multiple environments in one state, legacy structure]. Goal: [target structure and organization]. Migration strategy: 1) Assessment (inventory current resources: terraform state list, understand dependencies: terraform state show and outputs, identify blast radius: what can break, map current to target organization: which resources move to which state, risk analysis: critical resources, data loss potential), 2) Target architecture (separate states per environment: new backend configs, separate states per application/service: microservices approach, module structure: reusable modules, naming conventions: consistent resource names, tag strategy: environment, application, owner tags), 3) Pre-migration preparation (full backup of current state: S3 versioning, export state: terraform state pull > backup.tfstate, documentation: current architecture diagram, freeze changes: no applies during migration, communication plan: notify stakeholders and team, rollback plan: how to undo if fails), 4) State splitting (create new state backends: S3 buckets and DynamoDB tables, copy resources to new states: terraform state mv, handle dependencies: terraform_remote_state between new states, update configurations: point resources to new modules, validate no resource recreation: terraform plan shows no changes), 5) Resource renaming (terraform state mv for resource address changes, update resource names in configs, address notation: module.name.resource.name, handle count and for_each migrations, meta-arguments consistency), 6) Import existing resources (for resources created outside Terraform, terraform import with resource ID, write configuration to match imported resource, verify with terraform plan: no unexpected changes, gradual import: start with simple resources), 7) Module refactoring (extract duplicated config to modules, create versioned modules: git tags, update root modules to use new modules, test module changes: example configurations, handle module version upgrades), 8) Workspace consolidation or separation (migrate between workspaces: terraform workspace, separate workspace state files, or eliminate workspaces for explicit environments, update CI/CD for new structure), 9) Resource replacement strategy (for resources that must be recreated, plan replacement during maintenance window, use lifecycle: create_before_destroy, data sources for zero-downtime: route traffic to new resource before destroying old, backup data before replacement: RDS snapshot, EBS snapshot), 10) Validation (terraform plan shows expected changes only, no unexpected deletions or creations, outputs still accessible: dependent systems still work, integration tests: test application functionality, security validation: no security group or IAM changes), 11) Execution (stage migration: do dev first, then staging, then production, execute during low-traffic window, monitor during migration: CloudWatch metrics, alerts disabled temporarily to prevent alarm fatigue, team on standby: all hands during production migration, communication: status updates in Slack), 12) Post-migration (verify all resources present: compare resource counts, test functionality: end-to-end tests, documentation: update runbooks and architecture diagrams, lessons learned: what went well and what didn't, delete old state files: after retention period and confidence, celebrate: migration is complex work). Migration runbook with step-by-step commands, rollback procedure for each step, estimated timeline per phase. ``` ### Ansible Configuration Management Create sophisticated Ansible playbooks for configuration management, orchestration, and automation. #### Ansible playbook for application deployment **Use case:** Automated application deployment and configuration **For:** DevOps Engineer, Automation Engineer, Infrastructure Engineer, SRE, Systems Administrator ``` Write comprehensive Ansible playbook for deploying [application]. Environment: [on-prem, cloud, hybrid]. Servers: [number and types]. Requirements: [zero-downtime, rollback capability]. Playbook structure: 1) Project organization (roles/ for reusable components: common, webserver, appserver, database, each role with: tasks/, handlers/, templates/, files/, vars/, defaults/, inventory/ for environments: production, staging, dev, group_vars/ and host_vars/ for variables, playbooks/ for orchestration, filter_plugins/ for custom filters), 2) Inventory management (dynamic inventory for cloud: AWS EC2, Azure, GCP, static inventory for on-prem: INI or YAML format, groups: webservers, appservers, loadbalancers, variables per group and host, ansible_host, ansible_user, ansible_port, ansible_python_interpreter for Python 3), 3) Variable precedence (understand precedence: command line > playbook vars > host_vars > group_vars > defaults, sensitive variables in ansible-vault: encrypt passwords, API keys, vault password file or --ask-vault-pass, variable validation: assert module), 4) Pre-deployment checks (gather facts: setup module for system info, pre-flight validation: check disk space, memory, connectivity, verify prerequisites: dependencies installed, ports available, backup current state: database backup, config backup, dry-run mode: --check and --diff), 5) Application deployment (download artifact: get_url or git module, extract archive: unarchive module, copy files: copy or template, file permissions: owner, group, mode, systemd service: template for unit file, enable and start service, configuration files: template with Jinja2, secrets injection from vault), 6) Zero-downtime deployment (rolling updates: serial: 1 or percentage, pre_tasks: remove from load balancer, tasks: deploy new version, post_tasks: add back to load balancer, health checks: wait_for or uri module, verify app responding before proceeding), 7) Database migrations (run migrations: command or script module, idempotency: check if migration needed, transaction safety: rollback on failure, lock table to prevent concurrent migrations, backup before migration: delegate_to database server), 8) Load balancer management (remove server from pool: pause before deploying, HAProxy: disable server, NGINX: upstream directive, ELB/ALB: deregister target, wait for connections to drain: sleep or wait_for, add server back after deployment, verify in rotation: check status endpoint), 9) Configuration management (manage system configs: sysctl for kernel params, firewalld or ufw for firewall rules, selinux for security policies, user management: user and group modules, SSH key distribution: authorized_key module, package management: yum, apt, dnf modules with latest or specific versions), 10) Error handling (block/rescue/always: try-catch equivalent, failed_when: custom failure conditions, changed_when: idempotency control, ignore_errors: continue on non-critical failures, any_errors_fatal: stop all hosts on error, handlers: run on change, notify handlers), 11) Rollback capability (maintain previous version: symlink strategy, rollback playbook: separate playbook or tags, quick revert: switch symlink and restart service, database rollback: restore from backup, git-based: checkout previous commit), 12) Testing and validation (post-deployment tests: smoke tests, integration tests, verify endpoints: curl or uri module, check logs: grep for errors, monitor metrics: brief period of observation, assert expectations: expected behavior), 13) Notifications (Slack notifications: slack module or uri to webhook, email notifications: mail module, PagerDuty for failures: pagerduty module, deployment status: started, in progress, completed, failed), 14) Performance optimization (fact caching: to avoid repeated gathering, pipelining: ansible_pipelining = True, SSH multiplexing: ControlPersist, async tasks: for long-running tasks, mitogen for speed: connection plugin), 15) Idempotency (every task idempotent: can run multiple times, check before change: stat module, creates and removes parameters, state: present vs latest tradeoff). Playbook with roles, handlers, templates. Documentation: README with usage, requirements.yml for galaxy roles, examples/ ``` #### Ansible role development with testing **Use case:** Reusable automation components and best practices **For:** Automation Engineer, DevOps Engineer, Platform Engineer, Senior Systems Administrator, SRE ``` Develop production-grade Ansible role for [service or configuration: nginx, postgresql, kubernetes, monitoring agent]. Role purpose: [describe functionality]. Role structure: 1) Directory layout (roles/rolename/: tasks/main.yml for entry point, handlers/main.yml for service restarts, templates/ for Jinja2 configs, files/ for static files, vars/main.yml for internal variables, defaults/main.yml for user-overridable defaults, meta/main.yml for dependencies and metadata, tests/ for molecule tests, README.md with usage), 2) Task design (main.yml includes subtasks: include_tasks for organization, task names descriptive: what and why, tags for selective execution: install, configure, service, check_mode support: --check for dry-run, delegate_to for actions on different hosts), 3) Variables and defaults (defaults/main.yml for all configurable options, vars/main.yml for internal constants, variable naming: rolename_variable_name, documentation in comments: type, purpose, examples, validation: assert module for required vars, complex variables: dictionaries and lists), 4) Templates and files (Jinja2 templates for configs: conditionals, loops, filters, template validation: Jinja2 syntax, ansible.builtin.validate, files for static content: scripts, keys, checksums for integrity), 5) Handlers (restart services: on config change, reload vs restart: reload when possible for less disruption, handler names clear: restart nginx, handler chaining: notify another handler, idempotency: only run on change), 6) Idempotency design (all tasks idempotent: safe to run multiple times, state: present, started, enabled, creates and removes: skip if already done, changed_when: accurate reporting, register and when: conditional execution), 7) Error handling (block/rescue for error handling, failed_when for custom failures, assert for prerequisites, ignore_errors judiciously: document why, retry logic: retries and delay parameters), 8) Platform support (multiple OS support: when ansible_os_family, package manager abstraction: package module, service manager: systemd, init, upstart, paths: use variables for OS differences, facts: ansible_distribution, ansible_distribution_version), 9) Testing with Molecule (molecule init role: scaffold testing, molecule.yml: define test scenarios, prepare.yml: setup dependencies, converge.yml: apply role, verify.yml: test assertions, test multiple platforms: Docker, Vagrant, EC2, lint: ansible-lint and yamllint), 10) Unit tests (test each task or task file: include_tasks, mock external dependencies: with test inventory, verify variable handling: default and override, test failure paths: error conditions), 11) Integration tests (full role execution: molecule converge, verify service running: netstat, curl, ps, test configuration: grep configs, permissions check, end-to-end: actual service functionality), 12) CI/CD integration (GitHub Actions or GitLab CI for testing, test on push and PR: automated validation, test matrix: multiple OS versions, publish to Ansible Galaxy: automated release, version tagging: semantic versioning), 13) Documentation (README.md: requirements, role variables with descriptions and defaults, dependencies: other roles or collections, example playbooks: simple and complex, platform support matrix, license and author info, CHANGELOG.md: version history), 14) Dependencies (meta/main.yml for role dependencies: other roles needed, galaxy_info: for Ansible Galaxy, namespace and name: author.rolename, supported platforms list, tags for discovery), 15) Security (no secrets in defaults or vars: use ansible-vault, sensitive: true for outputs, secure defaults: restrictive permissions, SSL/TLS by default, principle of least privilege: run as non-root where possible). Role published to Ansible Galaxy or internal repository, full test suite with 80%+ coverage, example playbooks. ``` #### Ansible dynamic inventory for cloud **Use case:** Cloud automation and auto-scaling environments **For:** DevOps Engineer, Cloud Engineer, Infrastructure Automation Engineer, SRE, Platform Engineer ``` Implement dynamic inventory for [cloud provider: AWS, Azure, GCP]. Requirements: [auto-discovery, auto-scaling groups, metadata tagging]. Dynamic inventory setup: 1) Cloud provider plugin (use ansible plugin: amazon.aws.aws_ec2, azure.azcollection.azure_rm, google.gcp_compute, install collection: ansible-galaxy collection install, alternative: custom script returning JSON), 2) Plugin configuration (plugin config file: aws_ec2.yml, azure_rm.yml, gcp_compute.yml, authentication: IAM role, service principal, service account, regions: which regions to query, filters: tag-based filtering, caching: for performance), 3) AWS EC2 inventory (aws_ec2 plugin configuration: filters for instance state: running, tag-based groups: compose groups from tags, keyed_groups: group by tag key, hostnames: use tag or public IP, regions: list of regions or all, strict_permissions: false for common IAM issues), 4) Azure inventory (azure_rm plugin: filters for resource groups, tags, conditional_groups: expression-based grouping, plain_host_names: for shorter names, default_host_filters: VM state, exclude_host_filters: deallocated VMs), 5) GCP inventory (gcp_compute plugin: projects list, filters: label filters, zones: specify or all, keyed_groups: by labels or properties, hostnames: internal IP, external IP, or name, authentication: service account key or application default), 6) Group composition (compose: create new variables from instance metadata, groups: define groups with conditionals, ansible_host: set to correct IP address, ansible_user: based on OS, ansible_python_interpreter: for Python 3), 7) Caching (cache: true for performance, cache_timeout: seconds before refresh, cache_plugin: memory, file, redis, balance: fresh inventory vs speed, cache_connection: file path or redis connection), 8) Host variables (hostvars from instance metadata: instance type, region, AZ, tags as variables: automatic, custom variables: set_fact in playbooks, merge inventory and playbook vars), 9) Multiple inventories (combine static and dynamic: all loaded together, inventory directory: all .yml and .json files, layered approach: dynamic discovery + static overrides), 10) Testing inventory (ansible-inventory command: view generated inventory, --list: full inventory JSON, --host: specific host vars, --graph: tree view of groups, verify connectivity: ansible all -m ping), 11) Inventory plugins vs scripts (plugins: native Ansible, better performance, scripts: custom logic, return JSON format, execute permission required, shebang for interpreter), 12) Security (IAM permissions: read-only for inventory, network access: can reach metadata service, credentials: never in repository, use instance profiles or service accounts, audit: log inventory queries), 13) Performance optimization (limit query scope: by region, tag, resource group, parallel queries: for multiple regions, cache aggressively: especially for large environments, selective facts: gather_subset), 14) Auto-scaling integration (groups update automatically: as instances scale, ASG tags: propagate to instances, health checks: exclude unhealthy instances, immutable infrastructure: inventory refreshed each run), 15) Hybrid inventory (on-prem in static inventory: known servers, cloud in dynamic inventory: auto-discovered, consistent grouping: same group names, unified playbooks: work across environments). Example inventory configs for each cloud, test commands, troubleshooting guide. ``` #### Ansible Tower/AWX workflow orchestration **Use case:** Enterprise automation orchestration and governance **For:** DevOps Lead, Automation Architect, Platform Engineer, Senior DevOps Engineer, Infrastructure Architect ``` Design Ansible Tower/AWX workflow for [complex orchestration]. Process: [describe multi-step process]. Teams: [RBAC requirements]. Workflow setup: 1) Job templates (create job template per playbook: inventory, project, playbook, credentials, variables: survey for user input, tags: for partial execution, job concurrency, timeout, verbosity, fact caching, enable privilege escalation), 2) Workflow job template (combine job templates: nodes in workflow, success/failure/always branches: conditional execution, approval nodes: human approval required, inventory sync: refresh before workflow, project sync: pull latest code, parallel execution: jobs that can run concurrently), 3) Workflow visualization (graphical workflow editor: drag and drop nodes, node types: job template, project sync, inventory sync, approval, workflow job template, edge conditions: on success, on failure, always, convergence nodes: wait for multiple branches), 4) Credentials management (credential types: machine, cloud, SCM, vault, credential assignment: per job template or workflow, secret management: encrypted at rest, rotation: regular credential updates, least privilege: minimum permissions needed), 5) Projects (SCM integration: git, SVN, manual, project path: playbooks and roles, update on launch: always get latest, branching: use specific branch or tag, webhooks: trigger on push, caching: project files), 6) Inventories (static inventory: manual host entry, dynamic inventory: cloud provider, smart inventory: host filter query, inventory sources: scheduled sync, variables: group_vars and host_vars, inventory plugins: AWS, Azure, GCP, custom scripts), 7) RBAC and teams (organizations: top-level container, teams: group of users, roles: permissions, auditor, admin, execute, read, permissions: per resource type, user assignments: users to teams, SSO: LDAP, SAML, OAuth), 8) Surveys (user input at job launch: parameters, question types: text, password, multiple choice, choice multi-select, integer, float, validation: regex pattern, required vs optional, default values, variable mapping: survey answer to extra variable), 9) Scheduling (scheduled jobs: cron syntax, rrule for complex schedules, job slice: divide inventory for parallel execution, concurrent jobs: limit per instance group, cleanup: purge old job outputs), 10) Notifications (notification templates: email, Slack, PagerDuty, webhook, notification triggers: job start, success, failure, error, customization: message template, test notification: verify working), 11) Job output management (stdout in real-time: websocket streaming, job artifacts: for file outputs, fact caching: share facts between jobs, stdout size limits: truncation, retention: days to keep job outputs), 12) Instance groups (control capacity: assign job templates to instance groups, isolated nodes: for DMZ or remote sites, container groups: kubernetes for dynamic capacity, queuing: prioritize job execution), 13) Webhooks (webhook service: GitHub, GitLab integration, webhook key: authentication, trigger workflow: on code push, payload: event data to workflow), 14) Workflow nesting (workflow job template as node: reusable workflows, abstraction: complex workflows composed of sub-workflows, limit nesting: 5 levels max for complexity), 15) Monitoring and logging (dashboard: job status overview, activity stream: audit log, Grafana integration: metrics and graphs, API access: programmatic monitoring, logging: to syslog or ELK). Workflow diagram exported from Tower, RBAC matrix, runbooks for operators. ``` ### Kubernetes Orchestration & Manifests Generate production-ready Kubernetes manifests with security, scalability, and operational best practices. #### Production Kubernetes deployment manifest **Use case:** Production-grade microservices deployment **For:** Kubernetes Engineer, DevOps Engineer, SRE, Platform Engineer, Cloud Native Engineer ``` Generate Kubernetes manifests for [application]. Requirements: [HA, auto-scaling, zero-downtime]. Environment: [EKS, GKE, AKS, on-prem]. Create comprehensive deployment: 1) Namespace (isolate application: namespace.yaml, resource quotas: limit CPU, memory, pods, network policies: namespace isolation, labels: environment, team, app), 2) Deployment (apiVersion: apps/v1, replicas: minimum 3 for HA across zones, selector: matchLabels must match pod labels, template: pod template spec, strategy: RollingUpdate with maxSurge: 1 and maxUnavailable: 0 for zero-downtime, minReadySeconds: wait before considering ready, revisionHistoryLimit: keep last 10), 3) Pod specification (container image: use specific tag never :latest, imagePullPolicy: IfNotPresent or Always, ports: containerPort for listening, resources: requests and limits for CPU and memory, no swap: memory limit = request for QoS Guaranteed, env: environment variables, envFrom: ConfigMap and Secret, volumeMounts: persistent storage, readiness and liveness probes), 4) Health checks (readinessProbe: when to receive traffic, httpGet: /health or /ready endpoint, initialDelaySeconds: app startup time, periodSeconds: check frequency, failureThreshold: before marking unready, livenessProbe: when to restart, startupProbe: for slow starting apps, tcpSocket or exec: alternative checks), 5) Resource management (requests: minimum resources needed, used for scheduling, limits: maximum resources allowed, prevent resource starvation, CPU: millicores, memory: Mi or Gi, QoS class: Guaranteed, Burstable, BestEffort, vertical pod autoscaling: VPA for right-sizing recommendations), 6) ConfigMap and Secret (ConfigMap: for configuration data, data: key-value pairs, immutable: true for safety, Secret: for sensitive data, type: Opaque, kubernetes.io/tls, stringData for plain text, data for base64, external secrets: AWS Secrets Manager, HashiCorp Vault via operator), 7) Service (ClusterIP: internal access, type: LoadBalancer for external, NodePort for specific needs, selector: matches pod labels, ports: port, targetPort, protocol, sessionAffinity: ClientIP for sticky sessions, externalTrafficPolicy: Local for source IP preservation), 8) Ingress (apiVersion: networking.k8s.io/v1, ingressClassName: nginx, alb, traefik, rules: host and path routing, backend: service and port, TLS: certificates, annotations: ingress controller specific settings, rate limiting, authentication), 9) Horizontal Pod Autoscaler (HPA: scale pods based on metrics, minReplicas and maxReplicas, metrics: CPU, memory, custom metrics, behavior: scale up and down policies, stabilization window: prevent flapping, external metrics: from Prometheus, Datadog), 10) Pod Disruption Budget (PDB: maintain availability during disruptions, minAvailable: minimum pods always available, or maxUnavailable: maximum that can be unavailable, voluntary disruptions: node drains, cluster upgrades, rolling updates), 11) Network Policy (ingress and egress rules: restrict traffic, podSelector: which pods this applies to, namespaceSelector: allow from specific namespaces, default deny: explicit allow required, ports and protocols: specific or all), 12) Service Account (RBAC: least privilege, automountServiceAccountToken: false if not needed, annotations: for workload identity on EKS/GKE, imagePullSecrets: for private registries), 13) Security context (securityContext at pod and container level, runAsNonRoot: true, runAsUser: specific UID, fsGroup: for volume permissions, readOnlyRootFilesystem: true, capabilities: drop ALL, add only needed, seccomp profile: runtime/default, AppArmor or SELinux), 14) Init containers (run before main container: setup tasks, database migrations, wait for dependencies, shared volume: emptyDir, same resource limits: included in pod total), 15) Sidecar containers (logging: fluent-bit sidecar, service mesh: envoy proxy, monitoring: export metrics, shared process namespace: for debugging). Use Kustomize or Helm for templating, label strategy: app, version, component, managed-by, separate files per resource type, validate with kubeval or kube-score. ``` #### Helm chart development and best practices **Use case:** Reusable Kubernetes application packaging **For:** Platform Engineer, Kubernetes Engineer, DevOps Engineer, SRE, Cloud Native Architect ``` Develop Helm chart for [application]. Chart purpose: [deploy and configure application]. Requirements: [multi-environment, customization, security]. Helm chart structure: 1) Chart layout (Chart.yaml: chart metadata, values.yaml: default values, templates/: Kubernetes manifest templates, charts/: sub-charts, .helmignore: files to exclude, README.md: usage documentation, templates/NOTES.txt: post-install notes), 2) Chart.yaml (apiVersion: v2 for Helm 3, name: chart name, version: chart version, appVersion: application version, description: clear description, keywords: for discovery, maintainers: contact info, dependencies: other charts, annotations: for metadata), 3) Values.yaml (default configuration: sensible defaults, nested structure: logical grouping, comments: explain each value, types: strings, integers, booleans, arrays, objects, override: users customize via --set or values file), 4) Template structure (templates/deployment.yaml, templates/service.yaml, etc., _helpers.tpl: template helpers and functions, consistent naming: use helper functions, labels: common labels template, selectors: consistent selectors), 5) Templating syntax ({{ .Values.image.repository }}: access values, {{ .Release.Name }}: built-in objects, {{- if .Values.feature.enabled }}: conditionals, {{- range .Values.items }}: loops, {{- include "chart.fullname" . }}: include helpers, {{- toYaml .Values.resources | nindent 12 }}: YAML formatting, {{- required "message" .Values.required }}: required values), 6) Helper templates (_helpers.tpl: {{- define "chart.fullname" -}}, naming helpers: chart name, full name, service account name, selector labels: app.kubernetes.io/name, app.kubernetes.io/instance, common labels: add version, managed-by), 7) Values validation (required values: error if not provided, type validation: string, integer, pattern matching, range validation: min/max values, custom validation: using fail function, schema validation: values.schema.json), 8) Multi-environment support (values-dev.yaml, values-prod.yaml: environment-specific, override strategy: base values + env overrides, Kustomize alternative: for complex scenarios, namespace: templated per environment), 9) Security (no secrets in values.yaml: reference external secrets, Secret resources: base64 encoded, security context: runAsNonRoot, ReadOnlyRootFilesystem, RBAC: least privilege, network policies: restrict traffic, image pull secrets: for private registries), 10) Resource management (resources block: requests and limits, autoscaling: HPA templates, pod disruption budgets: maintain availability, affinity rules: spread across zones), 11) Dependencies (declare in Chart.yaml: dependencies list, sub-charts: in charts/ directory, condition and tags: enable/disable dependencies, override values: for sub-charts, dependency update: helm dependency update), 12) Hooks (pre-install, post-install: job templates, pre-upgrade, post-upgrade, pre-delete, hook-delete-policy: cleanup, use cases: migrations, backup, test jobs, hook-weight: execution order), 13) Testing (templates/tests/: test pod templates, helm test: run tests, test connection: curl to service, test data: query database, exit code: 0 for success), 14) Documentation (README.md: installation instructions, configuration options table: parameter, description, default value, examples: common scenarios, upgrading: version migration notes, CHANGELOG.md: version history), 15) Packaging and distribution (helm package: create .tgz, chart repository: ChartMuseum, Harbor, Artifact Hub, helm repo add and install, versioning: semantic versioning, sign charts: for integrity, CI/CD: automated testing and publishing). Use helm lint, template and dry-run for validation, chart testing: ct for comprehensive validation. ``` #### Kubernetes RBAC and security policies **Use case:** Enterprise Kubernetes security and compliance **For:** Security Engineer, Kubernetes Engineer, Platform Engineer, DevOps Engineer, SRE, Security Architect ``` Implement Kubernetes RBAC and security for [cluster or namespace]. Requirements: [multi-tenancy, least privilege, compliance]. Security implementation: 1) RBAC architecture (Subjects: users, groups, service accounts, Roles: permissions in namespace, ClusterRoles: cluster-wide permissions, RoleBindings: bind role to subject in namespace, ClusterRoleBindings: cluster-wide binding), 2) Service accounts (per application: dedicated service account, automountServiceAccountToken: false by default, only true when needed, annotations: for cloud IAM, EKS IRSA, GKE Workload Identity, imagePullSecrets: for registries), 3) Roles and ClusterRoles (define permissions: verbs on resources, verbs: get, list, watch, create, update, patch, delete, resources: pods, deployments, services, resourceNames: specific resources only, aggregation: combine roles with labels, built-in roles: view, edit, admin, cluster-admin), 4) RoleBindings (bind role to subjects: serviceaccounts, users, groups, namespace scoped: permissions in namespace only, subjects list: multiple subjects, roleRef: role or cluster role, naming convention: clear bindings), 5) Pod Security Standards (restricted, baseline, privileged profiles, pod security admission: enforce, audit, warn, namespace labels: pod-security.kubernetes.io/enforce, exemptions: specific pods or users, migration: from PSPs), 6) Security contexts (runAsNonRoot: true enforced, allowPrivilegeEscalation: false, capabilities: drop ALL, readOnlyRootFilesystem: true, seccompProfile: RuntimeDefault, SELinux or AppArmor: additional hardening), 7) Network policies (default deny: start with deny all, egress and ingress rules: explicit allows, podSelector: apply to pods, namespaceSelector: allow from namespaces, ports: specific ports, policyTypes: Ingress and/or Egress), 8) Admission controllers (built-in: NamespaceLifecycle, LimitRanger, ServiceAccount, PodSecurity, custom: using webhooks, validating webhooks: validate requests, mutating webhooks: modify requests, policy engines: OPA Gatekeeper, Kyverno), 9) OPA Gatekeeper policies (constraint templates: define policy, constraints: instantiate policy, rego language: policy logic, audit: find violations, enforcement: block violations, library: common policies), 10) Kyverno policies (policy as code: YAML-based, validate, mutate, generate: policy types, cluster policies: cluster-wide, policies: namespaced, background scanning: audit mode, exception: for specific resources), 11) Image security (image scanning: Trivy, Clair, Anchore, admission: block vulnerable images, vulnerability thresholds: critical, high only, image signing: Cosign, Notary, trusted registries: allow list, private registries: credentials), 12) Secrets management (avoid in git: never commit secrets, sealed secrets: encrypt for git storage, external secrets operator: sync from vault, AWS Secrets Manager, encryption at rest: KMS, encryption provider config, secret rotation: automated), 13) Audit logging (enable audit: kube-apiserver flags, audit policy: define what to log, backend: log file, webhook, dynamic audit: at runtime, retention: compliance requirements, SIEM integration: forward logs), 14) Runtime security (Falco: runtime threat detection, rules: suspicious behavior, alerts: to SIEM, pods in host network: detect, privilege escalation: alert, unexpected process: monitor), 15) Compliance (CIS benchmark: kubernetes security, kubesec: static analysis, kube-bench: compliance checks, policy engines: enforce compliance, audit trail: who did what when). Implement defense in depth: multiple security layers, document security architecture, regular security audits, incident response plan. ``` #### Kubernetes monitoring and observability stack **Use case:** Full-stack Kubernetes observability and performance **For:** SRE, DevOps Engineer, Kubernetes Engineer, Platform Engineer, Observability Engineer ``` Deploy comprehensive monitoring for Kubernetes cluster. Cluster: [EKS, GKE, AKS, on-prem]. Scale: [number of nodes and pods]. Requirements: [metrics, logs, traces, alerts]. Observability stack: 1) Prometheus deployment (prometheus-operator: CRDs for easy management, service monitors: automatic discovery, alertmanager: alert routing, persistent storage: for metrics retention, high availability: multiple replicas, thanos: for long-term storage and global view, federation: for multi-cluster), 2) Metrics collection (node-exporter: host metrics, kube-state-metrics: cluster object state, cadvisor: container metrics, custom metrics: application instrumentation, service monitors: scrape configs as CRDs, pod monitors: for pods without service), 3) Grafana dashboards (deployment: stateful with persistence, datasources: Prometheus, Loki, Tempo, dashboards: pre-built for Kubernetes, custom dashboards: application-specific, alerting: Grafana alerts, SSO: integrate with identity provider, RBAC: role-based dashboards), 4) Logging with Loki (loki deployment: scalable components, promtail: log collection agent, daemonset: on every node, fluent-bit alternative: more processors, log labels: minimize cardinality, retention: days to keep, compaction: for cost efficiency), 5) Distributed tracing (Jaeger or Tempo deployment, trace collection: OTLP protocol, instrumentation: application libraries, OpenTelemetry: vendor-neutral, sampling: head-based or tail-based, storage: Cassandra, Elasticsearch, or S3, query interface: Jaeger UI), 6) Service mesh observability (Istio or Linkerd: automatic tracing, traffic metrics: golden signals, service graph: visualize traffic, mutual TLS: secure communication, policy enforcement: authorization), 7) Cluster-level metrics (control plane: API server, scheduler, controller manager, etcd: health and performance, kubelet: node agent, cluster resources: CPU, memory, storage, pod metrics: running, pending, failed), 8) Application metrics (RED method: rate, errors, duration, USE method: utilization, saturation, errors, golden signals: latency, traffic, errors, saturation, custom metrics: business metrics, Prometheus client libraries: instrument code), 9) Log aggregation (centralized logging: all logs in one place, structured logging: JSON format, log parsing: extract fields, search: Kibana or Grafana, retention: hot, warm, cold tiers, compliance: long-term archive), 10) Alerting rules (prometheus rules: PromQL queries, alert severity: critical, warning, info, alert labels: for routing, alert description: actionable, SLO-based alerts: error budget, symptom-based: user-facing issues, alertmanager routes: to Slack, PagerDuty, email), 11) SLIs and SLOs (service level indicators: key metrics, service level objectives: target values, error budgets: acceptable failures, burn rate: alert on budget consumption, SLO dashboards: visibility, incident retrospectives: learn and improve), 12) Visualization (Grafana dashboards per layer: cluster, node, pod, application, RED dashboards: for services, logs correlation: link metrics to logs, query builder: explore data, annotations: mark deployments, variables: dynamic dashboards), 13) Cost monitoring (kubecost: Kubernetes cost visibility, resource usage: by namespace, label, pod, cost allocation: showback or chargeback, recommendations: right-sizing, idle resources: waste identification), 14) Event monitoring (kubernetes events: warnings and errors, event exporter: to time-series, event archival: beyond default retention, alert on events: crashloopbackoff, imagepullbackoff), 15) Performance profiling (continuous profiling: Parca, Pyroscope, flamegraphs: CPU, memory profiles, production profiling: low overhead, optimization: hotspot identification). Deploy using Helm: prometheus-community, grafana, architecture diagram showing data flows, runbooks for common alerts. ``` #### Kubernetes disaster recovery and backup **Use case:** Business continuity and data protection for Kubernetes **For:** SRE, Kubernetes Engineer, Platform Engineer, DevOps Engineer, Infrastructure Architect ``` Implement disaster recovery for Kubernetes. Cluster: [cloud provider or on-prem]. Requirements: [RPO, RTO]. Critical applications: [list stateful workloads]. DR strategy: 1) Backup scope (cluster state: etcd backup, persistent volumes: snapshots, application configs: manifests, secrets: encrypted backup, custom resources: CRDs and instances, namespace or cluster-wide), 2) Velero deployment (install velero: CLI and server, backup storage: S3, GCS, Azure Blob, volume snapshots: cloud-native CSI, backup schedule: daily, weekly, monthly, retention: days to keep, backup hooks: pre and post commands), 3) Etcd backup (regular snapshots: of etcd data, snapshot frequency: hourly or more, snapshot storage: encrypted bucket, retention: point-in-time recovery, automated scripts: cron jobs, test restores: verify backup integrity), 4) Persistent volume backup (CSI snapshots: cloud provider, volume snapshot class: for snapshots, backup all PVCs: or selective, snapshot retention: lifecycle policies, cross-region: for DR, restic: for filesystem backups if CSI unavailable), 5) Application configuration backup (gitops: manifests in git, CI/CD: regenerate from source, manual: export current state, kustomize or helm: values files, secrets: separate encrypted storage), 6) Backup strategies (full backup: entire cluster state, incremental: changes since last, differential: changes since full, scheduled: automated regular backups, on-demand: before major changes), 7) Restore procedures (restore to same cluster: in-place restore, restore to new cluster: DR failover, selective restore: specific namespaces or resources, namespace mapping: to different namespace, storage location: where to restore from), 8) Disaster scenarios (cluster failure: restore to new cluster, region failure: cross-region restore, data corruption: point-in-time restore, ransomware: isolated backup location, human error: quick restore of deleted resources), 9) Cross-region DR (multi-region deployment: active-passive or active-active, data replication: storage replication, DNS failover: route53 or similar, cluster ready: standby cluster warm or cold, regular DR drills: test failover), 10) Backup testing (regular restore tests: monthly minimum, restore to test cluster: not production, verify application functionality: end-to-end tests, measure RTO: actual recovery time, improve based on results: reduce RTO), 11) Secrets and encryption (backup secrets: encrypted at rest, encryption keys: separate from backup, key rotation: regular key changes, access control: who can restore, transit encryption: for backup transfer), 12) Monitoring and alerting (backup job success: alert on failure, backup size and duration: track trends, storage utilization: space available, restore dry-run: verify backup usable, dashboard: backup overview), 13) Documentation (runbook: step-by-step restore, decision tree: which scenario which restore, contact list: escalation, recovery time objectives: documented, tested procedures: validated), 14) Compliance and retention (regulatory requirements: retention period, immutable backups: cannot be deleted or modified, audit trail: who backed up/restored what, encryption: meet compliance standards, geographic requirements: data residency), 15) Cost optimization (snapshot lifecycle: delete old snapshots, incremental backups: reduce storage, compression: if supported, tiered storage: hot, cold, glacier, monitor costs: backup storage expense). Backup verification: restore tests every month, automate with tools: Velero schedules, integrate with monitoring: alert on backup failures. ``` #### Multi-cluster Kubernetes management **Use case:** Enterprise multi-cluster strategy and high availability **For:** Platform Architect, Kubernetes Architect, SRE Lead, Cloud Architect, Principal Engineer ``` Design multi-cluster Kubernetes architecture for [use case: DR, multi-region, multi-tenant, hybrid]. Requirements: [number of clusters, connectivity, workload distribution]. Multi-cluster design: 1) Architecture patterns (failover: active-passive clusters, multi-region: active-active, development clusters: per team or per environment, edge computing: regional clusters, hybrid: on-prem and cloud), 2) Cluster federation (KubeFed: federate resources across clusters, federated types: deployments, services, configmaps, placement policies: target clusters, overrides: per-cluster customization, propagation: automatic sync, cluster registry: metadata about clusters), 3) Service mesh (Istio multi-cluster: single or multi-network, shared control plane: or replicated, service discovery: across clusters, traffic management: routing between clusters, security: mutual TLS, observability: unified view), 4) GitOps for multi-cluster (Argo CD or Flux: per cluster, application sets: deploy to multiple clusters, cluster generators: dynamic cluster list, placement: which app to which cluster, progressive delivery: canary across clusters), 5) Networking (cluster mesh: Cilium for cross-cluster networking, service connectivity: ClusterIP not routable, multi-cluster service: Kubernetes MECs, global load balancing: route traffic to clusters, VPN or transit gateway: connectivity, subnet planning: no overlap between clusters), 6) Storage replication (persistent data: replicate across clusters, database replication: master-slave or multi-master, object storage: S3 replication, backup and restore: cross-cluster Velero, eventually consistent: or strongly consistent), 7) Identity and access (centralized identity: SSO across clusters, RBAC propagation: consistent policies, service accounts: per cluster, workload identity: cloud provider IAM), 8) Multi-cluster monitoring (centralized Prometheus: thanos or cortex, grafana: multi-cluster datasources, unified dashboards: cluster selector, distributed tracing: across clusters, log aggregation: from all clusters), 9) Deployment strategies (deploy to one cluster: test and validate, progressive rollout: cluster by cluster, blue-green: cluster level, canary: portion of traffic to new cluster, rollback: revert traffic), 10) Disaster recovery (cluster failure: failover to another, data replication: for stateful apps, DNS failover: automatic or manual, RPO and RTO: per cluster, regular DR drills: test failover), 11) Cluster lifecycle (provisioning: IaC for cluster creation, upgrades: staggered per cluster, decommissioning: graceful shutdown, scaling: add or remove clusters, drift detection: config drift between clusters), 12) Workload placement (affinity: which workload to which cluster, resource availability: capacity planning, data locality: reduce latency, compliance: data residency, cost optimization: prefer cheaper regions), 13) Secret management (sealed secrets: or external secrets operator, secret replication: to target clusters, encryption: per cluster encryption keys, secret rotation: centralized management), 14) Cost management (cost allocation: per cluster, cost optimization: cluster utilization, spot instances: for non-production clusters, auto-scaling: cluster autoscaler, unused clusters: shutdown or delete), 15) Governance and compliance (policy enforcement: OPA or Kyverno across clusters, audit logging: centralized audit, compliance: consistent policies, change management: controlled rollouts). Tools: Rancher, Anthos, OpenShift for multi-cluster management, architecture diagram, cluster topology, traffic flow. ``` ### Cloud Cost Optimization Analyze and optimize cloud spending with actionable recommendations across AWS, Azure, and GCP. #### Comprehensive cloud cost analysis **Use case:** Cloud financial management and cost reduction **For:** Cloud Architect, FinOps Engineer, DevOps Lead, Infrastructure Lead, CTO, Engineering Manager ``` Analyze cloud costs for [AWS/Azure/GCP account]. Time period: [last 3-6 months]. Current spend: [monthly average]. Cost analysis: 1) Spending breakdown (by service: EC2, S3, RDS, Lambda, etc., by region: cost per region, by account or project: chargeback/showback, by tag: cost allocation tags, by environment: dev, staging, prod, trend analysis: month-over-month growth, forecast: next 3-6 months based on trends), 2) Top cost drivers (most expensive services: top 10, most expensive resources: specific instances, buckets, fastest-growing costs: anomaly detection, unutilized resources: idle instances, unattached volumes, orphaned resources: unassociated elastic IPs, unused load balancers), 3) Compute optimization (right-sizing: oversized instances, instance type recommendations: newer generations, usage patterns: CPU, memory utilization, savings plans or reserved instances: commitment discounts, spot instances: for fault-tolerant workloads, auto-scaling: turn off unused instances, idle detection: <5% CPU for days), 4) Storage optimization (S3 lifecycle policies: transition to IA, Glacier, object analysis: access patterns, old data, snapshot cleanup: unused EBS snapshots, AMI deregistration: old images, tiering: premium to standard storage, deduplication: redundant data), 5) Database optimization (RDS right-sizing: over-provisioned, read replicas: necessary or remove, reserved instances: for steady-state workloads, Aurora serverless: for variable workloads, backup retention: excessive retention, multi-AZ: necessary for dev/test?), 6) Networking costs (data transfer: inter-region, to internet, VPC endpoints: avoid NAT gateway costs for AWS services, CloudFront: cache at edge, direct connect: for high volume, cross-AZ traffic: minimize), 7) Unused resources (unattached EBS volumes: delete, idle elastic IPs: release, orphaned load balancers: no targets, empty S3 buckets: delete, unused elastic IPs: hourly charge, old snapshots: no parent volume), 8) Reserved instances and savings plans (coverage: % of usage covered, utilization: % of purchased RI used, recommendations: new purchases, instance families: flexible RIs, compute savings plans: broader coverage, convertible RIs: flexibility), 9) Spot instances (workload suitability: fault-tolerant, batch, stateless services: web servers behind ALB, spot strategies: diversified instance types, interruption handling: graceful shutdown, savings: 70-90% vs on-demand), 10) Tagging and allocation (tag coverage: % of resources tagged, cost allocation tags: activated, tag strategy: environment, project, owner, cost center, untagged resources: identify and tag, showback reports: per team or project), 11) Budget and alerts (budget: monthly or quarterly, alerts: at 80%, 90%, 100%, anomaly detection: unusual spending, forecasted alerts: projected overspend, action: auto-remediation or approval), 12) Commitment analysis (current commitments: RIs, savings plans, utilization: actual vs purchased, recommendations: additional commitments, breakeven: time to recoup investment, flexibility: convertible vs standard), 13) Multi-account or multi-project (consolidated billing: master payer account, linked account analysis: per team cost, shared services: allocation, credits: distribution strategy), 14) Quick wins (top 10 immediate actions: highest impact, low effort, estimated savings: $ per month, implementation: how to achieve), 15) Long-term recommendations (architectural changes: serverless, containers, auto-scaling, reserved capacity: annual commitments, monitoring: continuous cost awareness). Generate: detailed cost report with charts, prioritized recommendations, estimated annual savings, implementation roadmap. ``` #### AWS cost optimization deep dive **Use case:** AWS-specific cost reduction strategies **For:** AWS Solutions Architect, Cloud Architect, FinOps Engineer, DevOps Lead, Infrastructure Engineer, Engineering Manager ``` Optimize AWS costs for [organization]. Accounts: [number and structure]. Focus areas: [compute, storage, database, or all]. AWS cost optimization: 1) EC2 optimization (right-sizing: CloudWatch metrics for CPU, memory, network, compute optimizer: recommendations, instance generations: m5 to m6i, graviton2: arm-based, up to 40% savings, burstable instances: T3/T4g for variable workloads, hibernation: for dev/test), 2) Savings plans (compute savings plans: 1 or 3 year, EC2 instance savings plans: specific families, flexibility: any region, any OS, any tenancy, recommendation: cost explorer recommendations, commitment: pay upfront, partial, no upfront, utilization: maximize use), 3) Reserved instances (standard RIs: max savings, convertible RIs: flexibility to change, regional RIs: AZ flexibility, marketplace: sell unused RIs, modification: change AZ or instance size, RI coverage: target 70-80%), 4) Spot instances (spot fleets: diversified, spot instances: up to 90% discount, spot interruption: 2-minute notice, stateless apps: web servers, containers, batch jobs: EMR, rendering, persistent storage: EBS survives termination, ASG with spot: mixed on-demand and spot), 5) EBS optimization (gp3: vs gp2, 20% cheaper, volume right-sizing: unused IOPS, snapshot lifecycle: delete old snapshots, snapshot copy: cross-region only if needed, volume types: st1/sc1 for throughput-optimized or cold, delete unattached: automated cleanup), 6) S3 cost reduction (storage classes: Standard, IA, One Zone IA, Glacier, Glacier Deep Archive, lifecycle policies: transition after 30, 90, 180 days, intelligent tiering: automatic transitions, requester pays: for large public datasets, S3 analytics: access pattern analysis, CloudFront: reduce S3 requests), 7) RDS optimization (right-sizing: smaller instance types, reserved instances: 1 or 3 year commitments, aurora serverless: for unpredictable workloads, read replicas: necessary?, multi-AZ: disable for dev/test, backup retention: reduce retention days, snapshot exports: to S3 then delete), 8) Lambda optimization (memory allocation: more memory, less duration may save, provisioned concurrency: for latency, not cost, arm/graviton: 20% cheaper, ephemeral storage: 512MB free, beyond costs, timeouts: prevent long-running functions, cold starts: optimization reduces cost), 9) Data transfer optimization (CloudFront: reduce origin requests, VPC endpoints: avoid NAT gateway for S3, DynamoDB, PrivateLink: for AWS services, regional data transfer: keep data in region, S3 transfer acceleration: only if needed, snowball: for large data migrations), 10) CloudWatch costs (log retention: reduce to 7 or 30 days, log insights: expensive queries, metrics: reduce custom metrics, detailed monitoring: EC2 $2/mo per instance, consider necessity, cross-region logs: keep in same region), 11) Elastic Load Balancer (ALB vs NLB vs CLB: ALB most cost-effective for HTTP, idle connections: timeout settings, consolidation: multiple services per ALB, unused LBs: delete, cross-zone: disable if not needed), 12) Cost allocation tags (mandatory tags: environment, project, owner, cost center, enforcement: config rules or lambda, untagged resources: identify and tag, cost and usage report: enable detailed billing), 13) Unused resources (trusted advisor: checks for unused resources, AWS config: inventory, custom scripts: boto3 for automation, cost anomaly detection: ML-based, regular audits: monthly reviews), 14) Organization-level (consolidated billing: volume discounts, service control policies: prevent expensive services, RI/SP sharing: across linked accounts, budgets: per account, reserved capacity: shared pool), 15) Tools and automation (cost explorer: analyze trends, cost anomaly detection: ML alerts, budgets: proactive alerts, 3rd party tools: CloudHealth, CloudCheckr, Apptio, infrastructure as code: Terraform with cost estimates using infracost). Action plan with prioritized recommendations, automation scripts for quick wins, estimated monthly and annual savings. ``` #### Kubernetes cost optimization and FinOps **Use case:** Container platform cost efficiency **For:** Platform Engineer, FinOps Engineer, Kubernetes Engineer, SRE, DevOps Lead, Engineering Manager ``` Optimize Kubernetes infrastructure costs. Cluster: [EKS, GKE, AKS, on-prem]. Workloads: [number of services and teams]. Cost optimization: 1) Resource requests and limits (right-size requests: match actual usage, VPA: vertical pod autoscaler recommendations, requests too high: waste capacity, limits too low: OOM kills, QoS class: prefer Guaranteed for predictability, Burstable for flexibility, profiling: continuous profiling for actual usage), 2) Node optimization (node right-sizing: match workload requirements, node groups: separate for different workload types, spot/preemptible nodes: for fault-tolerant workloads, up to 80% savings, mixed instance types: on-demand + spot, cluster autoscaler: scale nodes based on pending pods, node affinity: pack workloads efficiently), 3) Cluster autoscaler (scale down: remove underutilized nodes, scale up: when pods pending, scale down delay: 10 minutes default, unneeded time: node utilization threshold, skip nodes with local storage: prevent data loss, pod disruption budgets: respect PDBs), 4) Horizontal pod autoscaler (HPA: scale pods based on CPU, memory, custom metrics: scale on queue depth, business metrics, KEDA: event-driven autoscaling, target utilization: 70-80%, scale down stabilization: prevent flapping, behavior: scale up fast, scale down slowly), 5) Vertical pod autoscaler (VPA: recommend resource requests, update mode: auto, recreate, or off, target utilization: optimize requests, conflict with HPA: don't use both for same metric, analysis: identify over/under provisioned), 6) Namespace resource quotas (resource quotas: limit per namespace, limit ranges: default requests/limits, prevent resource hogging: one team using all, enforce with admission: OPA or Kyverno, showback: cost per namespace), 7) Storage optimization (persistent volumes: delete unused PVCs, storage classes: cheaper storage tiers, volume expansion: only when needed, snapshot management: automated cleanup, object storage: S3 for archives, not persistent volumes), 8) Multi-tenancy (namespace per team: cost allocation, shared clusters: vs dedicated, resource quotas: per namespace, network policies: isolation, priority classes: critical workloads get resources first), 9) Spot/preemptible nodes (spot instances: AWS, GCP preemptible, Azure spot, savings: 60-80%, interruption handling: node affinity, pod disruption budgets, stateless workloads: web servers, batch jobs, mixed clusters: spot for most, on-demand for critical), 10) Bin packing (pack pods efficiently: maximize node utilization, descheduler: rebalance pods, node affinity: prefer underutilized nodes, anti-affinity: spread for HA, but increases nodes, taints and tolerations: dedicated nodes for specific workloads), 11) Idle resource detection (underutilized namespaces: low resource usage, zombie pods: running but unused, over-provisioned: resources far exceed usage, scheduling efficiency: pod density per node, cost per pod: allocate node cost), 12) Cost allocation (kubecost: Kubernetes cost visibility, cost per namespace, per label, per pod, showback/chargeback: to teams, idle cost: unallocated resources, shared cost: cluster overhead, recommendations: optimization opportunities), 13) Development and testing (scale down dev/test: non-business hours, scheduled scaling: CronJob to scale deployments, HPA on non-prod: more aggressive scale down, spot instances: all dev/test on spot, auto-deletion: old namespaces), 14) Observability costs (prometheus: retention and cardinality, log volume: reduce verbose logging, distributed tracing: sampling rates, metrics: only essential custom metrics, storage costs: observability data), 15) Monitoring and alerts (cost monitoring: dashboard with trends, budget alerts: approaching limits, anomaly detection: unexpected cost spike, regular reviews: monthly optimization sessions, KPIs: cost per service, cost efficiency). Implement kubecost or similar tool, create cost dashboards, establish FinOps culture. ``` #### FinOps culture and governance **Use case:** Enterprise cloud financial management and culture **For:** FinOps Lead, Engineering Manager, Director of Engineering, VP Engineering, CTO, Cloud Architect, Finance Manager ``` Establish FinOps practice for [organization]. Current state: [describe cloud usage and spending maturity]. Team size: [engineering team size]. FinOps framework: 1) FinOps foundation (FinOps principles: everyone owns cost, teams empowered, centralized team drives practice, real-time decisions, cloud-native tools, cost is variable metric, organizational buy-in: leadership support, cultural shift: cost awareness, measurement: before optimization), 2) Organizational structure (FinOps team: practitioners, engineers, product, stakeholders: engineering, finance, leadership, RACI: who's responsible for what, communication: regular meetings, syncs, escalation: for budget issues), 3) Visibility and reporting (cost dashboards: real-time visibility, cost allocation: showback per team, tagging strategy: mandatory tags, cost anomaly detection: alerts on spikes, forecasting: predict future spend, reporting cadence: weekly, monthly, quarterly), 4) Budgets and accountability (budgets per team: ownership, budget alerts: approaching limits, accountability: teams own their spend, cost conversations: regular reviews, business context: cost relative to revenue or users), 5) Optimization processes (regular reviews: monthly or quarterly cost reviews, optimization backlog: prioritized list, quick wins: immediate actions, strategic changes: architectural, measurement: track savings, continuous improvement: iterative approach), 6) Unit economics (cost per customer: calculate and track, cost per transaction: efficiency metric, cost per service: microservice costs, trend analysis: improving or worsening, benchmarking: against industry), 7) Tagging standards (required tags: environment, application, owner, cost center, team, tag enforcement: automated, tag compliance: % of resources tagged, propagation: inherit from parent resources, cleanup: retag non-compliant), 8) Rightsizing and recommendations (automated recommendations: from cloud provider, cost explorer, prioritization: high impact, low effort, implementation: assign to teams, tracking: recommendation vs actual savings, validation: verify savings achieved), 9) Reserved capacity management (RI/SP strategy: coverage targets, purchasing process: approval workflow, monitoring: utilization tracking, optimization: exchange or modify, accounting: treat as commitment), 10) Showback and chargeback (showback: inform teams of their costs, no cross-charging, chargeback: actual internal billing, allocation methods: direct, proportional, cost transparency: detailed breakdown, behavioral change: teams optimize when they see costs), 11) Tools and automation (cost management platform: native cloud tools or 3rd party, automation: rightsizing scripts, scheduling scripts, policy enforcement: guardrails, integration: with CI/CD, existing workflows), 12) Governance and policies (cloud policies: prevent expensive resources, approval workflows: for large resources, compliance: mandatory tagging, security, cost guardrails: max limits, sandbox accounts: controlled experimentation), 13) Education and training (FinOps training: for all engineers, cost awareness: in onboarding, brown bags: share optimization tactics, documentation: internal wiki, runbooks, champion network: per team ambassador), 14) Metrics and KPIs (cost efficiency: cost per workload, waste: unused resources, RI/SP coverage: commitment utilization, forecast accuracy: actual vs predicted, optimization velocity: rate of improvement, team engagement: cost review participation), 15) Continuous improvement (retrospectives: after cost spikes, lessons learned: what went wrong, best practices: share across teams, goal setting: quarterly cost targets, celebrate wins: recognize cost-saving efforts). Implementation roadmap: 3-6 month plan, success metrics, stakeholder engagement plan, communication strategy. ``` ### Security Audits & Vulnerability Management Conduct comprehensive security audits, vulnerability assessments, and compliance checks. #### Cloud infrastructure security audit **Use case:** Comprehensive infrastructure security assessment **For:** Security Engineer, Cloud Security Architect, Security Architect, Compliance Officer, CISO, DevSecOps Engineer ``` Perform comprehensive security audit of [AWS/Azure/GCP] infrastructure. Scope: [accounts, projects, subscriptions]. Compliance: [SOC2, ISO 27001, HIPAA, PCI-DSS, etc]. Security audit framework: 1) Identity and access management (IAM policies: review for least privilege, overly permissive policies: wildcards in actions or resources, unused credentials: users, access keys, password policies: complexity, rotation, MFA enforcement: especially for admin accounts, service accounts: minimal permissions, role trust policies: who can assume, cross-account access: external IDs), 2) Network security (security groups: 0.0.0.0/0 inbound rules, NACLs: default allow vs deny, VPC flow logs: enabled and monitored, VPN and direct connect: encryption in transit, network segmentation: public, private, database subnets, internet gateways: only in public subnets, bastion hosts: secure access, VPC peering: necessary connections only), 3) Encryption (data at rest: all storage encrypted, KMS keys: customer-managed, not AWS-managed, key rotation: enabled, data in transit: TLS 1.2+, SSL certificates: no expired or self-signed in production, S3 bucket encryption: default encryption enabled, RDS encryption: enabled, cannot enable after creation), 4) Logging and monitoring (CloudTrail: enabled in all regions, log integrity: validation enabled, CloudWatch logs: retention policies, alarms: security-relevant events, VPC flow logs: for network analysis, access logs: S3, ELB, CloudFront, log aggregation: SIEM integration, immutable logs: prevent tampering), 5) Data protection (S3 bucket policies: public access blocked, bucket ACLs: not public, versioning: enabled for critical buckets, MFA delete: for critical buckets, object lock: for compliance, cross-region replication: for DR, lifecycle policies: data retention, DLP: data loss prevention), 6) Compute security (EC2 instances: no IMDSv1, use IMDSv2, systems manager: for patching, no SSH keys in user data, instance profiles: not access keys, AMI: golden images, security patches, EBS encryption: all volumes, Lambda: environment variables encrypted, VPC: Lambda in VPC if accessing private resources), 7) Secrets management (no hardcoded secrets: in code or configs, Secrets Manager or Parameter Store: for secrets, rotation: automated secret rotation, least privilege: access to secrets, encryption: all secrets encrypted at rest, audit: who accessed which secret), 8) Compliance and governance (AWS Config: enabled, rules for compliance, conformance packs: for standards, security hub: aggregated findings, GuardDuty: threat detection, Inspector: vulnerability scanning, Trusted Advisor: security checks, Macie: sensitive data discovery), 9) Database security (RDS: not publicly accessible, encryption: at rest and in transit, automated backups: enabled, minor version upgrades: automatic, parameter groups: secure settings, option groups: review, snapshot: not public, IAM authentication: for RDS), 10) Container security (ECR: image scanning enabled, vulnerability findings: remediate critical/high, image signing: verify provenance, ECS/EKS: task roles, not EC2 instance roles, pod security: run as non-root, security context, network policies: restrict pod communication, secrets: not in environment variables), 11) API security (API Gateway: authentication and authorization, WAF: in front of APIs, rate limiting: prevent abuse, CORS: restrictive settings, encryption: TLS only, logging: CloudWatch logs, private APIs: VPC endpoint for internal only), 12) Web application security (WAF: AWS WAF or 3rd party, DDoS protection: Shield Standard or Advanced, input validation: prevent injection, authentication: strong authentication, session management: secure cookies, headers: security headers, HTTPS: enforce, no HTTP), 13) Vulnerability management (scanning: regular vulnerability scans, patch management: automated patching, CVE tracking: monitor for new vulnerabilities, remediation: SLA for critical/high, penetration testing: annual or semi-annual, bug bounty: if applicable), 14) Incident response (IR plan: documented procedures, runbooks: for common incidents, detection: logging and monitoring, containment: isolate compromised resources, eradication: remove threat, recovery: restore to normal, lessons learned: post-incident review), 15) Architecture review (defense in depth: multiple security layers, least privilege: minimize permissions, secure by default: default-deny approach, encryption: everywhere, segmentation: network and data, immutability: immutable infrastructure, zero trust: verify always). Output: detailed findings with severity, remediation steps, compliance mapping, executive summary with risk score, prioritized action plan. ``` #### Kubernetes security assessment **Use case:** Container orchestration security and compliance **For:** Security Engineer, Kubernetes Security Specialist, DevSecOps Engineer, Cloud Security Architect, SRE, Compliance Officer ``` Conduct Kubernetes security audit for [cluster or clusters]. Cluster: [EKS, GKE, AKS, on-prem]. Workloads: [application types]. Security assessment: 1) Cluster configuration (API server: authentication, authorization, admission controllers, etcd: encrypted at rest, access control, kubelet: authentication, authorization, certificate rotation, control plane: hardened nodes, regular updates, network: encrypted communication), 2) RBAC audit (roles and cluster roles: review permissions, overly permissive: cluster-admin, edit for all, service accounts: each workload has own, auto-mount: disabled by default, users and groups: who has access, bindings: review all bindings, unused: clean up stale permissions), 3) Pod security (security context: runAsNonRoot, readOnlyRootFilesystem, no privileged pods: or documented exceptions, capabilities: drop ALL, add minimum, seccomp: runtime/default profile, AppArmor or SELinux: additional hardening, pod security standards: enforce restricted), 4) Network policies (default deny: start with deny all, ingress rules: explicit allows only, egress rules: restrict outbound, namespace isolation: pod-to-pod restrictions, external traffic: only from allowed sources, policy coverage: all namespaces have policies), 5) Secrets management (no secrets in env vars: mount as volumes, sealed secrets: encryption for git, external secrets: vault or cloud secret manager, encryption at rest: KMS, rotation: regular secret rotation, least privilege: limit access to secrets, audit: who accessed secrets), 6) Image security (image scanning: Trivy, Clair, scan on push: in CI/CD, vulnerability threshold: fail on critical/high, image signing: verify with Cosign, trusted registries: allow list only, latest tag: prohibited in production, base images: minimal, alpine or distroless), 7) Admission control (validating webhooks: OPA Gatekeeper, Kyverno, policies: enforced, not just audit, mutating webhooks: inject security defaults, policy violations: blocked, custom policies: organization-specific, policy testing: CI/CD integration), 8) Runtime security (Falco: threat detection, baseline behavior: alert on deviations, file integrity: monitor critical files, process monitoring: unexpected processes, network monitoring: unexpected connections, syscalls: audit unusual syscalls, incident response: automated responses), 9) Supply chain security (SBOM: software bill of materials, dependency scanning: for vulnerabilities, signed artifacts: provenance verification, admission: verify signatures, update strategy: keep dependencies current, private registry: control source of images), 10) Logging and monitoring (audit logs: enabled and retained, log aggregation: centralized logging, security events: monitored and alerted, anomaly detection: unusual activity, forensics: logs for investigation, immutable logs: prevent tampering, compliance: retain per requirements), 11) Backup and DR (etcd backup: regular snapshots, Velero: cluster and application backup, test restores: verify backups work, encryption: backups encrypted, access control: who can restore, disaster recovery: documented procedures), 12) Compliance (CIS benchmark: Kubernetes security, kube-bench: automated checks, NSA/CISA hardening: Kubernetes guidance, compliance scanning: continuous, policy enforcement: prevent non-compliant resources, audit trail: changes and access), 13) Network segmentation (namespace isolation: network policies, ingress: authenticated and authorized, egress: limited outbound, service mesh: mutual TLS, microsegmentation: fine-grained policies, zero trust: verify all traffic), 14) Data protection (encryption in transit: TLS for all communication, encryption at rest: volumes and secrets, PVC encryption: CSI with encryption, sensitive data: handled securely, data classification: label sensitivity, DLP: prevent exfiltration), 15) Third-party components (Helm charts: security review, operators: trust and audit, CRDs: security implications, service mesh: Istio, Linkerd security, ingress controller: secure configuration, monitoring stack: Prometheus, Grafana access). Generate: prioritized findings, remediation guide, compliance mapping, risk scores per finding, executive summary, Kubernetes security posture score. ``` #### Application vulnerability assessment **Use case:** Web and API security testing and hardening **For:** Application Security Engineer, Security Analyst, Penetration Tester, DevSecOps Engineer, Security Architect, Developer ``` Perform application security assessment for [application name]. Type: [web app, API, mobile backend]. Technology: [languages, frameworks]. Assessment scope: 1) OWASP Top 10 (injection: SQL, command, XSS, broken authentication: weak passwords, session management, sensitive data exposure: encryption, XML external entities: XXE, broken access control: authorization flaws, security misconfiguration: default credentials, defaults, XSS: reflected, stored, DOM-based, insecure deserialization: untrusted data, using components with known vulnerabilities: outdated dependencies, insufficient logging: security events), 2) Authentication (authentication mechanism: password, MFA, SSO, OAuth, password policy: complexity, length, storage, bcrypt or Argon2, not MD5/SHA1, session management: secure cookies, HttpOnly, Secure, SameSite, session timeout: idle and absolute, account lockout: brute force protection, credential storage: never plaintext), 3) Authorization (access control: role-based or attribute-based, privilege escalation: vertical and horizontal, direct object reference: IDOR vulnerabilities, forced browsing: unauthorized access, API authorization: token validation, least privilege: minimal permissions), 4) Input validation (input validation: all user inputs, whitelisting: prefer over blacklisting, output encoding: context-aware encoding, SQL injection: parameterized queries, command injection: avoid shell commands, XSS: sanitize and encode, file upload: validate type, size, content, deserialization: avoid untrusted data), 5) Cryptography (encryption: TLS 1.2+, no SSL, hashing: bcrypt, Argon2 for passwords, certificates: valid, trusted CA, no self-signed in prod, key management: secure key storage, random: cryptographically secure random, sensitive data: encrypted at rest and in transit), 6) Session management (session ID: random, long, secure, session fixation: regenerate after login, session timeout: expire after inactivity, cookie security: HttpOnly, Secure, SameSite, CSRF: tokens for state-changing requests, logout: invalidate session), 7) Error handling (error messages: no sensitive information, stack traces: disabled in production, logging: security events logged, log injection: sanitize log inputs, custom error pages: user-friendly, generic), 8) API security (authentication: API keys, OAuth tokens, rate limiting: prevent abuse, input validation: all inputs, versioning: maintain backward compatibility, CORS: restrictive policies, documentation: accurate, sensitive endpoints: authenticated), 9) Data protection (encryption: at rest and in transit, sensitive data: identify and protect PII, PHI, PCI, minimize: collect only necessary data, retention: delete when no longer needed, masking: in logs and outputs, backups: encrypted and secured), 10) Code security (static analysis: SAST tools, dependency scanning: SCA tools, secrets: no hardcoded secrets, code review: security-focused reviews, dangerous functions: avoid eval, exec, secure coding: OWASP guidelines, linting: security linters), 11) Infrastructure (server hardening: minimal services, OS patching, web server: secure configuration, headers: security headers, CSP, HSTS, X-Frame-Options, HTTPS: forced redirection, CDN: DDoS protection, WAF, firewall: restrictive rules, egress: limited outbound), 12) Third-party components (dependencies: outdated libraries, vulnerability scanning: npm audit, pip check, OWASP Dependency Check, update strategy: keep current, supply chain: trusted sources, licenses: compatible), 13) Testing (automated testing: security tests in CI/CD, manual testing: penetration testing, fuzzing: find crashes, code coverage: security tests, regression: ensure fixes work), 14) Monitoring and logging (security monitoring: failed logins, access attempts, anomaly detection: unusual patterns, SIEM: integration, alerting: security incidents, incident response: documented procedures, audit trail: comprehensive logs), 15) Compliance (standards: PCI-DSS, HIPAA, GDPR, SOC2, security controls: mapped to requirements, privacy: data handling, consent, audit: regular compliance audits). Output: vulnerability report with CVSS scores, proof of concept for findings, remediation guidance with code examples, retest: verify fixes, executive summary with risk assessment. ``` #### Compliance audit preparation **Use case:** Regulatory compliance and audit readiness **For:** Compliance Officer, Security Architect, CISO, Compliance Manager, IT Auditor, Risk Manager, DevSecOps Lead ``` Prepare for compliance audit. Standard: [SOC2, ISO 27001, HIPAA, PCI-DSS, GDPR]. Audit scope: [systems, processes in scope]. Timeline: [audit date]. Preparation plan: 1) Scope definition (systems in scope: applications, infrastructure, data: types and classification, processes: development, operations, security, boundaries: what's included, excluded, service organization: TSP vs service org, description: SOD or system description), 2) Control framework (control objectives: from standard, controls: mapped to objectives, evidence: for each control, attestation: Type I or Type II, period: audit period, CUECs: complementary user entity controls if applicable), 3) Documentation (policies: information security policy, acceptable use, incident response, procedures: SOPs for key processes, runbooks: incident response, change management, system documentation: architecture, data flows, data classification: PII, sensitive, risk assessment: annual or continuous, vendor management: third-party security), 4) Technical controls (access control: IAM, RBAC, MFA, encryption: at rest and in transit, key management, network security: firewalls, segmentation, vulnerability management: scanning, patching, secure development: SDLC, code review, testing, logging and monitoring: SIEM, alerts, backup: and disaster recovery), 5) Operational controls (change management: approval, testing, rollback, incident response: detection, containment, recovery, business continuity: BCP and DR plans, vendor management: security assessments, contracts, training: security awareness, asset management: inventory, configuration management: hardening), 6) Administrative controls (risk management: risk assessment, treatment, security organization: roles, responsibilities, HR security: background checks, termination, compliance: legal, regulatory, audit: internal audits, executive oversight: board or C-suite reviews), 7) Evidence collection (automated: screenshots, logs, reports, manual: policies, procedures, attestations, period: throughout audit period, not just at end, continuous: demonstrate ongoing compliance, retention: secure storage, samples: if population too large), 8) Access controls evidence (user list: with roles, access review: quarterly or annual, provisioning: new user process, de-provisioning: termination checklist, privileged access: admin accounts, MFA: enabled for all or high-risk, password policy: enforced), 9) Encryption evidence (at rest: RDS, S3, EBS encryption enabled, in transit: TLS everywhere, key management: KMS or HSM, rotation: key rotation enabled, certificate: valid certificates, no expired), 10) Vulnerability management (scan reports: monthly or quarterly, remediation: critical/high patched within SLA, patch management: process and evidence, penetration testing: annual or semi-annual, bug bounty: if applicable), 11) Logging and monitoring (log sources: all systems, retention: per requirements, monitoring: 24/7 or business hours, alerting: incidents detected and alerted, SIEM: aggregation and analysis, review: logs reviewed), 12) Incident response (IR plan: documented and approved, testing: tabletop exercises, actual incidents: if any, documentation of response, lessons learned: improvements made, reporting: to management and authorities if required), 13) Change management (change requests: documented, approval: CAB or equivalent, testing: in non-prod first, rollback: plan and tested, documentation: post-implementation review, emergency: process for urgent changes), 14) Business continuity (BCP: business continuity plan, DR: disaster recovery plan, RTO/RPO: defined and tested, backup: regular backups, test restores, failover: tested annually or more, documentation: up-to-date), 15) Pre-audit readiness (gap analysis: identify gaps in controls, remediation: fix gaps before audit, mock audit: internal assessment, training: audit team training, audit liaison: point of contact, clean up: remove obsolete documents). Create: evidence binder, audit response template, control matrix, readiness checklist, audit kick-off deck. ``` #### Security incident response plan **Use case:** Incident response preparedness and cyber resilience **For:** Security Operations Manager, Incident Response Lead, CISO, Security Analyst, SOC Manager, Security Architect ``` Develop security incident response plan for [organization]. Environment: [cloud, on-prem, hybrid]. Team size: [security and operations team]. Incident response framework: 1) Preparation (IR team: roles and responsibilities, RACI: who does what, contact list: on-call rotation, 24/7 coverage, tools: SIEM, EDR, forensics, playbooks: per incident type, training: tabletop exercises, annual or quarterly, communication: internal and external), 2) Detection (monitoring: SIEM alerts, EDR, CSPM, alerts: tuned to reduce false positives, anomaly detection: ML-based, threat intelligence: feeds integrated, user reports: easy reporting mechanism, honeypots: deception technology), 3) Analysis (triage: initial assessment of severity, scope: affected systems, data, users, impact: confidentiality, integrity, availability, root cause: how did it happen, timeline: incident timeline, indicators: IOCs collected, classification: incident type and severity), 4) Containment (short-term: isolate affected systems, quarantine: malware, compromised accounts, network segmentation: limit lateral movement, disable accounts: compromised users, snapshots: before changes, long-term: rebuild systems, patch, harden), 5) Eradication (remove threat: malware, backdoors, access, patch vulnerabilities: that enabled compromise, rebuild: from known-good state, verify: no remnants, lessons: what allowed compromise), 6) Recovery (restore: from clean backups, monitoring: closely for reinfection, verification: systems working correctly, documentation: recovery steps taken, communication: all clear to stakeholders, gradual: phased return to production), 7) Post-incident (lessons learned: what went well, what didn't, documentation: complete incident report, improvements: update IR plan, playbooks, metrics: time to detect, contain, resolve, follow-up: implement improvements, executive brief: for leadership), 8) Communication (internal: stakeholders, employees, who needs to know, external: customers, partners, required?, legal: legal counsel involvement, PR: public relations if needed, transparency: balance with security, templates: pre-approved messages, spokesperson: who can speak), 9) Incident classification (severity: critical, high, medium, low, impact: data breach, service disruption, unauthorized access, scope: single system or widespread, reporting: to authorities if required, escalation: when to escalate), 10) Playbooks (malware: steps for malware incident, DDoS: mitigation steps, data breach: containment and notification, ransomware: isolate and never pay, phishing: user education, insider threat: HR involvement, cloud compromise: IAM review, credential theft), 11) Forensics (evidence collection: memory dumps, logs, disk images, chain of custody: documented handling, analysis: malware analysis, timeline reconstruction, tools: EnCase, FTK, Volatility, preservation: legal hold, expert: external forensics if needed), 12) Legal and compliance (legal counsel: when to involve, law enforcement: FBI, Secret Service for certain incidents, regulatory: breach notification requirements, data protection: GDPR, CCPA notifications, timeline: notification deadlines, documentation: for legal proceedings), 13) Tools and technology (SIEM: Splunk, ELK, Sentinel, EDR: CrowdStrike, Carbon Black, network: packet capture, netflow, forensics: memory and disk analysis, orchestration: SOAR platforms, threat intel: STIX/TAXII feeds), 14) Metrics and reporting (MTTD: mean time to detect, MTTC: mean time to contain, MTTR: mean time to resolve, incident count: by type and severity, trends: improving or worsening, executive dashboard: for leadership visibility), 15) Testing and exercises (tabletop: scenario-based discussions, red team: authorized attacks, purple team: collaborative testing, frequency: quarterly or annual, scope: test specific playbooks, post-exercise: lessons learned and improvements). Deliver: comprehensive IR plan document, incident response runbook, playbook templates, communication templates, training materials, contact lists with escalation paths. ``` #### Container and supply chain security **Use case:** Secure software supply chain and container security **For:** DevSecOps Engineer, Security Architect, Container Security Specialist, Platform Engineer, Security Engineer, Application Security Engineer ``` Implement container supply chain security for [organization]. Container platform: [Docker, Kubernetes]. Registry: [ECR, ACR, GCR, Harbor]. Supply chain security: 1) Image security (base images: minimal attack surface, alpine, distroless, scratch, trusted sources: official images only, vulnerability scanning: Trivy, Clair, Anchore in CI/CD, scan frequency: on build and daily, remediation: SLA for critical/high, latest tag: prohibited in production, specific digests preferred), 2) Image signing and verification (content trust: Docker Content Trust, Notary, signing: Cosign for signing images, verification: admission controller validates signatures, sigstore: transparency log, key management: secure key storage, policy: only signed images in production), 3) SBOM generation (software bill of materials: generate for all images, tools: Syft, trivy sbom, format: SPDX, CycloneDX, storage: alongside images, tracking: component inventory, vulnerability mapping: CVEs to components), 4) Build security (CI/CD security: secure pipeline, secrets: not in Dockerfiles, scanner integration: fail build on vulnerabilities, multi-stage builds: separate build and runtime, minimal layers: reduce attack surface, build attestation: provenance metadata, reproducible builds: deterministic outputs), 5) Registry security (private registry: access control, authentication: strong auth, RBAC, vulnerability scanning: registry-native scanning, retention policies: delete old images, image promotion: dev to staging to prod, replication: for DR, audit logging: who pulled what), 6) Runtime security (security context: non-root user, read-only filesystem, capabilities dropped, AppArmor or seccomp: restrict syscalls, runtime scanning: detect vulnerabilities in running containers, behavioral monitoring: Falco for anomalies, process restrictions: only expected processes, network policies: restrict communication), 7) Dependency management (dependency scanning: npm audit, pip-audit, yarn audit, outdated dependencies: regular updates, vulnerability databases: OSV, NVD, automated PRs: Dependabot, Renovate, license compliance: allowed licenses, transitive dependencies: scan all layers), 8) Secrets in images (no secrets: in layers, environment variables, secret scanning: detect leaked secrets, build-time secrets: BuildKit secrets, runtime secrets: mount from secret manager, history: docker history to check for secrets), 9) CI/CD pipeline security (pipeline as code: version controlled, branch protection: prevent tampering, secrets management: vault, not in repo, least privilege: service account permissions, audit: pipeline runs logged, isolation: build isolation, supply chain attacks: verify dependencies), 10) Admission control (policy enforcement: OPA, Kyverno, image verification: check signatures, vulnerability threshold: block high/critical, registry restrictions: allowed registries only, mutation: inject security defaults, audit mode: before enforcement), 11) Registry scanning (continuous scanning: daily or on-push, vulnerability feeds: updated feeds, policy violations: alert on new vulnerabilities, image lifecycle: deprecate vulnerable images, dashboard: visualization of vulnerabilities), 12) Third-party images (risk assessment: before use, alternatives: build own if risky, scanning: same as own images, pinning: specific versions, monitoring: for new vulnerabilities, replacement: plan to replace if compromised), 13) Compliance (regulatory: compliance requirements, policies: documented policies, audit: audit trail for images, attestation: evidence of security, reporting: compliance reports, frameworks: NIST, CIS benchmarks), 14) Incident response (compromised image: identify and remove, notification: alert users, forensics: investigate how compromised, remediation: rebuild from clean source, prevention: improve controls), 15) Developer education (secure coding: for containers, training: security best practices, tooling: provide secure tools, feedback: security findings in dev workflow, culture: shift-left security). Implement: full supply chain security program, policies and standards, automated tooling, monitoring dashboards, metrics: image vulnerabilities over time, mean time to remediate. ``` ### CI/CD & Automation Build sophisticated CI/CD pipelines with security, quality gates, and deployment automation. #### Production-grade CI/CD pipeline design **Use case:** Enterprise application delivery automation **For:** DevOps Engineer, Release Engineer, Platform Engineer, SRE, CI/CD Architect, Build Engineer ``` Design comprehensive CI/CD pipeline for [application]. Tech stack: [languages, frameworks]. Platform: [GitHub Actions, GitLab CI, Jenkins, CircleCI]. Deployment target: [Kubernetes, ECS, EC2, serverless]. Pipeline architecture: 1) Source control integration (git workflow: trunk-based or gitflow, branch protection: required reviews, status checks, webhook triggers: on push, PR, tag, monorepo or multi-repo: strategy, versioning: semantic versioning), 2) Build stage (dependency installation: cache dependencies, compilation: language-specific build, artifact creation: Docker image, JAR, ZIP, versioning: tag with commit SHA, semantic version, build matrix: test multiple versions, parallel builds: speed optimization), 3) Code quality gates (linting: language linters, code formatting: prettier, black, gofmt, static analysis: SonarQube, CodeClimate, complexity metrics: cyclomatic complexity, code coverage: minimum threshold 80%, quality gate: fail if below threshold), 4) Security scanning (SAST: static application security testing, dependency scanning: known vulnerabilities, secret scanning: detect leaked credentials, container scanning: Trivy, Clair for images, license compliance: allowed licenses, DAST: dynamic testing in test environment), 5) Testing stages (unit tests: fast feedback, integration tests: API and database, contract tests: API contracts, smoke tests: basic functionality, performance tests: load testing, security tests: OWASP ZAP, manual gates: UAT approval for production), 6) Artifact management (registry: Docker registry, artifact repository, versioning: immutable tags, retention: lifecycle policies, scanning: registry scanning, promotion: dev to staging to prod, metadata: labels and annotations), 7) Deployment stages (environments: dev, staging, production, deployment strategy: blue-green, canary, rolling, configuration: per environment, secrets: inject at runtime, rollback: automatic on failure, health checks: readiness before routing traffic), 8) Infrastructure as code (Terraform: provision infrastructure in pipeline, validation: terraform plan, approval: manual gate for production, state management: remote backend, drift detection: scheduled checks), 9) Database migrations (migration scripts: versioned migrations, rollback scripts: for failed migrations, testing: in staging first, zero-downtime: online migrations, backup: before migration, validation: check data integrity), 10) Monitoring and observability (deployment markers: annotate in Grafana, metrics: deployment frequency, lead time, alerts: deployment failures, dashboards: pipeline health, logs: centralized logging, tracing: distributed traces), 11) Progressive delivery (feature flags: LaunchDarkly, split.io, canary analysis: automated metrics evaluation, traffic shifting: gradual rollout, rollback: automatic on error rate spike, A/B testing: for features), 12) Approval workflows (environment gates: approval before production, approvers: who can approve, timeout: auto-reject if no approval, audit: approval trail, notifications: to approvers), 13) Notification and communication (Slack: build status, failures, email: to team or individuals, PagerDuty: for production failures, status page: for stakeholders, deployment notes: automated release notes), 14) Performance optimization (caching: dependencies, Docker layers, parallel execution: independent jobs, incremental builds: only changed code, resource allocation: appropriate compute, pipeline as code: reusable workflows), 15) Compliance and audit (audit trail: all pipeline runs logged, approvals documented, security scans: evidence for compliance, artifact provenance: build attestation, retention: meet compliance requirements, access control: RBAC for pipeline). Deliverables: pipeline configuration files, architecture diagram, runbook, security policy, metrics dashboard. ``` #### GitOps implementation with Argo CD or Flux **Use case:** Declarative Kubernetes deployment and operations **For:** Platform Engineer, DevOps Engineer, SRE, Kubernetes Engineer, GitOps Specialist, Release Engineer ``` Implement GitOps workflow for [organization]. Platform: [Argo CD or Flux CD]. Cluster: [Kubernetes clusters]. Applications: [number and types]. GitOps setup: 1) Git repository structure (app-of-apps pattern: root app that deploys apps, environment per directory: dev, staging, prod, or environment per branch, base and overlays: Kustomize structure, Helm values: per environment, documentation: README per app), 2) Argo CD installation (deployment: HA with multiple replicas, ingress: with authentication, SSO: OIDC integration, RBAC: project-based access, repositories: connect to git repos, credentials: SSH or HTTPS, plugins: custom config management tools), 3) Application definitions (Application CRD: define desired state, source: git repo and path, destination: cluster and namespace, sync policy: manual or automated, automated prune: delete removed resources, self-heal: correct drift automatically), 4) Sync strategies (manual sync: require human approval, automatic sync: on git commit, sync windows: allowed sync times, sync waves: order of resource creation, hooks: pre-sync, sync, post-sync, skip-dry-run: for certain resources), 5) Multi-environment management (application sets: generate apps for multiple clusters, cluster generator: from cluster list, git generator: from directory structure, matrix generator: combine generators, templating: parameterize applications), 6) Secrets management (sealed secrets: encrypted in git, external secrets operator: sync from vault, SOPS: encrypted files in git, Argo CD vault plugin: inject secrets, rotation: automated secret rotation), 7) Progressive delivery (Argo Rollouts: advanced deployment strategies, canary: gradual traffic shift, blue-green: instant switch, analysis: metrics-based promotion, rollback: automatic on failure, experiments: A/B testing), 8) Access control (projects: isolate applications, RBAC: role-based permissions, SSO groups: map to Argo roles, cluster permissions: least privilege, audit: track who synced what), 9) Notifications (triggers: on sync, health status, errors, destinations: Slack, email, webhook, templates: customize messages, subscriptions: per application or project, aggregation: summary notifications), 10) Health assessment (built-in health: for standard resources, custom health: for CRDs, resource hooks: for complex checks, status: progressing, healthy, degraded, sync status: synced or out-of-sync), 11) Application dependencies (sync waves: numeric order, depends-on: explicit dependencies, wait: for resource to be healthy, skip: dependencies for certain resources), 12) Multi-cluster management (cluster registration: add multiple clusters, cluster credentials: service account, application placement: target cluster, network: cluster connectivity, multi-tenancy: isolate per team), 13) Configuration drift (detection: continuous reconciliation, diff: show differences, prune: remove extra resources, self-heal: automatic correction, orphan resources: flag unmanaged resources), 14) Disaster recovery (backup: application definitions, restore: recreate applications, git history: rollback to previous commit, declarative: everything in git, testing: regular DR drills), 15) Monitoring and observability (metrics: Prometheus metrics, dashboards: Grafana dashboards, alerts: sync failures, drift, health: application health status, logs: audit logs, API access: programmatic queries). Best practices: trunk-based development, small PRs, automated testing before merge, Git as single source of truth, declarative configuration, separate config from code, immutable artifacts. ``` #### Infrastructure testing and validation **Use case:** Infrastructure quality assurance and validation **For:** Platform Engineer, DevOps Engineer, Infrastructure Engineer, Test Automation Engineer, SRE, Quality Engineer ``` Implement infrastructure testing strategy for [infrastructure type]. IaC tool: [Terraform, CloudFormation, Pulumi]. Testing requirements: [compliance, security, cost]. Testing framework: 1) Unit tests (test modules in isolation: inputs and outputs, mock dependencies: using test fixtures, assertions: expected resource properties, Terraform: Terratest with Go, coverage: high percentage of code, fast feedback: run on every commit), 2) Integration tests (deploy to test environment: ephemeral environment, test actual resources: API calls to verify, cross-module: test interactions, cleanup: destroy after tests, idempotency: run multiple times safely, realistic: mirror production), 3) Policy testing (OPA: test rego policies, policy assertions: expected allow/deny, edge cases: boundary conditions, compliance: map to standards, Sentinel: for Terraform Enterprise, Conftest: CLI tool), 4) Security testing (checkov: security and compliance, tfsec: Terraform security, infrastructure as code scanning, penetration testing: on deployed infrastructure, vulnerability scanning: for all resources, compliance frameworks: CIS, NIST), 5) Cost testing (infracost: estimate costs, cost assertions: max cost threshold, diff: cost change from baseline, budget gates: fail if over budget, optimization: identify costly resources, reporting: cost breakdown), 6) Contract testing (API contracts: for integrations, schema validation: for data structures, backward compatibility: don't break consumers, versioning: test multiple versions), 7) End-to-end tests (full deployment: complete stack, application tests: test running app, user flows: critical paths, monitoring: check metrics and logs, cleanup: teardown environment), 8) Smoke tests (basic connectivity: can reach resources, health checks: endpoints responding, configuration: basic settings correct, fast: quick validation, post-deployment: in CI/CD pipeline), 9) Chaos engineering (failure injection: kill pods, terminate instances, latency: introduce delays, resilience: verify graceful degradation, blast radius: limit scope, tools: Chaos Mesh, Litmus, Gremlin), 10) Performance testing (load testing: expected traffic volume, stress testing: beyond normal load, scalability: auto-scaling works, latency: response times acceptable, resource utilization: CPU, memory within limits), 11) Compliance testing (policy as code: codified compliance, automated scanning: checkov, sentinel, drift detection: from compliant state, audit: evidence generation, remediation: automated fixes), 12) Terraform testing (terraform validate: syntax, terraform plan: expected changes, terraform fmt: formatting, tflint: linting, terraform test: new testing framework, modules: test module outputs), 13) Test environments (ephemeral: created and destroyed per test, isolated: no shared state, realistic: mirror production, automated: creation and destruction, cost-effective: minimal resources, fast: quick provisioning), 14) Test data (fixtures: test inputs, factories: generate test data, snapshots: expected outputs, anonymized: production-like but safe, versioned: track with code), 15) CI/CD integration (automated: run on every PR, required: block merge on failure, parallel: speed up testing, reporting: test results in PR, coverage: track test coverage trends). Test pyramid: many unit tests, fewer integration tests, few end-to-end tests, implement testing at multiple layers, shift-left: test early in development, fast feedback loops. ``` --- ## AI for Financial Strategists: Advanced Wealth Management **Category:** Financial Planning & Wealth Management **Prompts:** 14 **Description:** Sophisticated financial planning prompts for wealth managers, CFPs, and high-net-worth individuals covering Monte Carlo simulations, tax optimization, portfolio analysis, estate planning, and complex investment modeling with mathematical rigor. **Tags:** Financial Planning, Wealth Management, Investment Analysis, Tax Strategy, Finance Professionals ### Retirement Planning & Monte Carlo Analysis Advanced retirement modeling with probabilistic analysis and sophisticated withdrawal strategies. #### Monte Carlo retirement simulation **Use case:** Probabilistic retirement planning and goal feasibility analysis **For:** Financial Planner, Wealth Manager, CFP, Investment Advisor, Financial Analyst, High-Net-Worth Individual ``` Run comprehensive Monte Carlo retirement simulation. Client profile: Age [current age], Retirement age [target], Life expectancy [years or age], Current portfolio: $[amount], Asset allocation: [stocks %/bonds %/cash %/alternatives %], Annual savings: $[amount], Employer match: [%]. Retirement needs: Annual expenses: $[amount in today's dollars], Healthcare: $[additional annual], Legacy goal: $[target bequest]. Economic assumptions: Expected returns: Stocks [%], Bonds [%], Cash [%], Inflation: [%], Volatility: Stocks [standard deviation %], Bonds [%], Correlation matrix if available. Monte Carlo parameters: 1) Simulation methodology (10,000 iterations minimum for statistical significance, random number generation: use normal distribution for returns with specified mean and standard deviation, annual rebalancing assumption, sequence of returns risk: account for order of returns, longevity risk: model to age 95-100, stochastic processes: geometric Brownian motion for asset prices), 2) Return assumptions (historical returns: base on [time period] historical data, risk premium: equity risk premium over risk-free rate, mean reversion: consider whether to model, real vs nominal: use real returns and adjust for inflation separately, asset class assumptions: detailed by asset class with correlations), 3) Withdrawal strategies (constant dollar: [amount] adjusted for inflation annually, constant percentage: [%] of portfolio value each year, dynamic withdrawal: guardrails method with [%] ceiling and floor, required minimum distributions: RMDs from age 73, Social Security: $[monthly amount] starting at age [age], pension income: $[amount] if applicable), 4) Inflation modeling (general inflation: [%] mean with [%] standard deviation, healthcare inflation: typically 1-2% above general inflation, sequence of inflation: vary by year, purchasing power: calculate real returns, TIPS: consider inflation-protected securities), 5) Tax considerations (tax-deferred accounts: 401k, Traditional IRA balances and RMDs, tax-free accounts: Roth IRA, Roth 401k balances, taxable accounts: cost basis and dividend yield, withdrawal sequencing: optimize tax efficiency, tax rates: current and projected future rates, qualified vs ordinary dividends, long-term vs short-term capital gains), 6) Asset allocation adjustments (glide path: reduce equity exposure with age, target date approach: automatic rebalancing, dynamic allocation: based on market valuation or portfolio performance, tactical adjustments: considered or pure strategic, rebalancing: annual, semi-annual, or threshold-based), 7) Success probability calculation (success threshold: portfolio lasts until age [target longevity], success rate: % of simulations that succeed, percentile analysis: 10th, 25th, 50th, 75th, 90th percentile outcomes, probability of ruin: % chance of running out of money, shortfall analysis: magnitude and timing of shortfalls if occur), 8) Sensitivity analysis (vary retirement age: impact of retiring at [earlier/later ages], vary spending: test spending at [80%, 90%, 110%, 120%] of plan, vary returns: stress test with returns 1-2% lower, vary inflation: test higher inflation scenarios, longevity: model to age 85, 90, 95, 100, sequence of returns: worst historical sequences), 9) Optimization recommendations (savings increase: additional annual savings needed for [target] success rate, retirement delay: years to delay for adequate savings, spending reduction: sustainable withdrawal rate for [target] success rate, asset allocation: optimal allocation for risk tolerance and goals, part-time work: income needed in early retirement, catch-up contributions: maximize after age 50), 10) Scenario analysis (best case: 90th percentile outcome and implications, worst case: 10th percentile and contingency plans, median case: 50th percentile as baseline expectation, economic downturn: portfolio performance in 2008-style crisis, longevity: living to 100 or beyond, healthcare costs: major medical expenses, long-term care: $100k+ annually), 11) Social Security optimization (claiming age: 62, FRA, 70 - break-even analysis, spousal benefits: maximize household benefits, file and suspend strategies: if applicable, earnings test: if working before FRA, taxation: portion subject to income tax, COLA: inflation adjustments, longevity considerations: when early claiming makes sense), 12) Healthcare planning (Medicare: premiums, copays, out-of-pocket max, Medigap or Medicare Advantage: costs and coverage, prescription drug coverage: Part D costs, HSA: maximize contributions and invest for retirement healthcare, long-term care insurance: evaluate need and cost, IRMAA: avoid Medicare surcharges by managing income), 13) Output metrics (success probability: % of simulations reaching goal, median terminal value: ending portfolio value at 50th percentile, sustainable withdrawal rate: maximum inflation-adjusted withdrawal, years until depletion: in failure scenarios, legacy value: expected bequest amount, required portfolio size: for desired success rate), 14) Visualization (histogram: distribution of outcomes, time series: portfolio value over time with confidence intervals, heat map: success rate by retirement age and spending level, scenario comparison: side-by-side scenarios, probability curves: likelihood of portfolio lasting to each age), 15) Action plan (prioritized recommendations: ranked by impact, timeline: immediate, short-term, long-term actions, trade-offs: explicit acknowledgment of choices, monitoring: metrics to track and review frequency, contingencies: plan B if markets underperform). Generate: comprehensive simulation results, probability of success calculation, recommended adjustments, visual distribution of outcomes, sensitivity analysis showing impact of key variables. ``` #### Withdrawal strategy optimization **Use case:** Tax-efficient retirement income distribution planning **For:** Financial Planner, CFP, Tax Advisor, Wealth Manager, Retirement Specialist, CPA ``` Optimize retirement withdrawal strategy. Portfolio: Total: $[amount], Allocation: [stocks/bonds/cash %], Location: Tax-deferred $[amount], Roth $[amount], Taxable $[amount]. Retirement details: Age: [current], Life expectancy: [years], Annual spending: $[amount], Inflation: [%], Healthcare: $[additional annual]. Income sources: Social Security: $[monthly] at age [age], Pension: $[monthly] if applicable, Part-time work: $[annual] for [years]. Tax situation: Filing status: [single/married], State: [state], Current tax bracket: [%], Deductions: [itemized/standard]. Withdrawal optimization: 1) Strategy comparison (constant dollar method: $[amount] + inflation annually, pros: predictable spending, cons: doesn't adapt to portfolio performance, constant percentage method: [%] of portfolio annually, pros: never runs out, cons: variable spending, guardrails method: [base %] with [%] increase/decrease thresholds, dynamic spending adjusts to portfolio performance, required minimum distributions: mandatory from age 73, pros: tax-deferred growth, cons: forced withdrawals, Guyton-Klinger rules: inflation-adjusted with guardrails and portfolio management, actuarial method: remaining life expectancy method), 2) Tax-efficient sequencing (sequence priority: taxable accounts first to allow tax-deferred growth, then tax-deferred for RMD compliance, then Roth last for maximum growth, Roth conversion opportunities: low-income years before RMD age, fill tax brackets: withdraw up to top of [bracket], capital gains harvesting: realize long-term gains at 0% rate, qualified dividend income: coordinate with other income, avoid IRMAA: Medicare premium surcharges at income thresholds), 3) Tax bracket management (marginal rate: keep below [%] bracket, standard deduction: $[amount] for [year], utilize fully, capital gains rates: 0% up to $[income], 15% up to $[income], 20% above, QCD: qualified charitable distributions at age 70.5+, itemized deductions: medical expenses, SALT, charitable, bracket bunching: accelerate or defer income), 4) Required minimum distributions (RMD age: 73 for those born 1951-1959, 75 for 1960+, calculation: account balance / distribution period from IRS table, multiple accounts: aggregate for calculation, separate withdrawal, QCD strategy: up to $100k directly to charity, tax implications: ordinary income, avoid penalties: 50% penalty on missed RMDs, inherited IRAs: beneficiary RMD rules), 5) Roth conversion analysis (conversion amount: optimal annual conversion, tax cost: marginal rate on converted amount, break-even: years until tax savings exceed cost, future RMDs: reduce future required distributions, estate planning: tax-free inheritance for beneficiaries, Medicare impact: avoid IRMAA thresholds, state taxes: consider state tax implications, long-term benefit: tax-free growth and withdrawals), 6) Capital gains management (tax-loss harvesting: offset gains with losses up to $3k ordinary income, wash sale rules: 30-day rule for substantially identical securities, long-term holding: preferential rates on assets held 1+ year, step-up basis: at death for taxable accounts, gifting appreciated assets: for charitable or family transfers, low-income years: realize gains at 0% rate), 7) Spending flexibility (essential expenses: non-discretionary spending $[amount], discretionary spending: flexible expenses $[amount], one-time expenses: plan for major purchases, healthcare variability: budget for fluctuations, longevity planning: increase/decrease spending by age, market adaptation: reduce spending in down markets, prosperity rule: increase spending in strong markets), 8) Asset location optimization (tax-deferred accounts: bonds and REITs, taxable accounts: tax-efficient equity funds and municipal bonds, Roth accounts: highest growth potential assets, asset allocation maintenance: across all account types, rebalancing: tax-efficient across accounts, withdrawal rebalancing: use withdrawals to rebalance), 9) Healthcare expense planning (Medicare costs: Part B premium $[amount], Part D $[amount], Medigap: $[amount] monthly, out-of-pocket maximum: plan for $[amount] annually, HSA withdrawals: tax-free for qualified medical, long-term care: potential $[amount] annually, IRMAA avoidance: manage income below thresholds: single $97k, married $194k), 10) Inflation protection (TIPS allocation: [%] of fixed income, I-bonds: consider $10k annual limit per person, equity allocation: stocks as inflation hedge, real estate: REITs or rental property, commodities: small allocation [%], COLA income: Social Security and some pensions), 11) Longevity risk management (spend more early: front-load retirement spending, annuity consideration: SPIA or DIA for longevity insurance, portfolio allocation: maintain equity exposure, healthcare reserve: separate bucket for late-life care, family support: plan for assistance if needed, long-term care insurance: evaluate need vs self-insure), 12) Scenario planning (market crash: portfolio down 30-40% in year 1-2, high inflation: 5%+ sustained inflation, early health issues: major medical expenses in 60s, longevity: living to 95-100, widow/widower: surviving spouse planning, tax law changes: future rates or rule changes), 13) Monitoring and adjustment (annual review: assess portfolio performance and spending, rebalancing: back to target allocation, tax planning: year-end tax moves, RMD calculation: verify annual RMDs, inflation adjustment: update spending, success probability: re-run Monte Carlo), 14) Estate considerations (RMD beneficiaries: who inherits IRAs, Roth conversion for heirs: leave tax-free assets, spend-down strategy: vs legacy goal, gifting: annual exclusion $18k per person, charitable: from IRA or appreciated assets), 15) Coordination strategies (Social Security timing: coordinate with withdrawal strategy, part-time income: bridge to Social Security or reduce withdrawals, pension decision: lump sum vs annuity analysis, healthcare bridge: before Medicare eligibility, geographic arbitrage: consider LCOL areas). Output: year-by-year withdrawal plan, tax projection by year, probability of success, total taxes paid over retirement, recommended strategy with rationale. ``` #### Social Security optimization analysis **Use case:** Social Security claiming optimization for maximum lifetime benefits **For:** Financial Planner, CFP, Retirement Specialist, Social Security Consultant, Wealth Manager, Elder Law Attorney ``` Optimize Social Security claiming strategy. Primary earner: Age: [age], FRA benefit: $[monthly], Age 62 benefit: $[monthly], Age 70 benefit: $[monthly], Earnings record: [years of coverage], Life expectancy: [age]. Spouse: Age: [age], FRA benefit: $[monthly], Spousal benefit: $[monthly at FRA], Life expectancy: [age]. Financial situation: Current assets: $[amount], Other retirement income: $[annual], Retirement age: [age], Health status: [excellent/good/fair/poor], Liquidity needs: [high/medium/low]. Social Security analysis: 1) Individual claiming strategies (age 62 claiming: $[monthly] for life, pros: immediate income, more payments, cons: 30% reduction, longer break-even, age 67 claiming: FRA benefit $[monthly], pros: full benefit, no earnings test, cons: delay income, age 70 claiming: $[monthly] with DRCs, pros: 24-32% increase, inflation-protected, cons: fewer payments, break-even later, delayed retirement credits: 8% per year from FRA to 70, earnings test: $1 reduction per $2 above $22k before FRA, file and suspend: no longer available post-2016), 2) Break-even analysis (62 vs 67: break-even age [age], total benefits equalize, 67 vs 70: break-even age [age], NPV calculation: present value of benefits at [discount rate], longevity assumption: if living beyond break-even favors delay, opportunity cost: alternative use of funds), 3) Spousal benefit strategies (spousal benefit: 50% of higher earner at FRA, restricted application: grandfathered for those born before 1/1/1954, claiming strategy: lower earner claims early, higher delays, coordination: maximize household benefit, deemed filing: both spousal and own benefit after 2016, survivor benefit: higher of two benefits), 4) Married couple optimization (higher earner delays to 70: maximizes survivor benefit, lower earner claims early: provides income, survivor benefit: 100% of higher earner's benefit including DRCs, widow/widower strategy: claim survivor benefit first or switch later, file and suspend eliminated: can't use since 2016, do-over option: withdraw application within 12 months, repay benefits), 5) Tax considerations (provisional income: AGI + non-taxable interest + 50% of SS, taxation thresholds: single: $25k-$34k 50% taxable, $34k+ 85% taxable, married: $32k-$44k 50% taxable, $44k+ 85% taxable, planning: manage other income to minimize SS taxation, Roth conversions: before SS to reduce RMDs later, QCDs: qualified charitable distributions don't count toward income), 6) Net present value analysis (discount rate: [%] for present value calculation, lifetime benefits: sum of all payments with longevity assumption, tax impact: after-tax value of benefits, inflation: COLA adjustments in NPV, opportunity cost: what else could be done with delay funds, risk-adjusted: account for sequence of returns risk), 7) Longevity considerations (family history: parents' longevity, health status: current health and conditions, lifestyle factors: smoking, exercise, diet, gender: women typically live longer, conservative assumption: plan to age 90-95, break-even: only relevant if living beyond, insurance value: longevity insurance for both), 8) Widow/widower planning (higher earner delay: survivor inherits higher benefit, lower earner's benefit: drops off at first death, survivor benefit timing: can switch to survivor benefit at any age, remarriage: after age 60 doesn't affect benefit, divorced: eligible if married 10+ years, file as divorced spouse), 9) Earnings test impact (working before FRA: $1 reduced per $2 over $22,320, year reaching FRA: $1 per $3 over $59,520, after FRA: no earnings test, benefit adjustment: withheld benefits recalculated at FRA, strategy: if working delay claiming until FRA or stop work), 10) Health and liquidity factors (poor health: claim early if unlikely to reach break-even, excellent health: strong case for delay, liquidity needs: if need income claim early, emergency fund: if adequate can afford to delay, other income sources: pensions, rental, part-time work), 11) Divorced spouse benefits (eligibility: married 10+ years, unmarried currently, ex-spouse benefit: up to 50% of ex-spouse's FRA benefit, no impact: claiming doesn't reduce ex-spouse's benefit, survivor benefit: if ex-spouse dies, two ex-spouses: can both claim), 12) Government pension offset (GPO: if receiving government pension, reduction: 2/3 of government pension reduces SS spousal/survivor benefit, affected: teachers, police, firefighters in some states, planning: consider in claiming strategy), 13) Windfall elimination provision (WEP: if receiving pension from non-SS covered work, reduction: formula reduces PIA, maximum reduction: limited to 50% of pension, substantial earnings: years with substantial SS earnings reduce impact), 14) Medicare considerations (age 65 enrollment: regardless of SS claiming, Part B premium: deducted from SS benefit if receiving, delayed enrollment: if not claiming SS must enroll separately, IRMAA: higher income leads to higher premiums, planning: coordinate SS and Medicare), 15) Scenario comparison (scenario A: both claim at 62, total household lifetime benefits $[amount], scenario B: lower earner 62, higher earner 70, total $[amount], scenario C: both claim at FRA, total $[amount], scenario D: both delay to 70, total $[amount], recommendation: optimal strategy with rationale). Deliver: claiming strategy recommendation, break-even analysis, lifetime benefit comparison table, sensitivity analysis for longevity assumptions, tax impact analysis, year-by-year cash flow. ``` #### Pension vs lump sum decision analysis **Use case:** Pension distribution election and retirement income optimization **For:** Financial Planner, CFP, Pension Consultant, Actuary, Retirement Specialist, Wealth Manager ``` Analyze pension decision: monthly annuity vs lump sum. Pension offer: Monthly single life: $[amount], Joint 100% survivor: $[amount], Joint 50% survivor: $[amount], Lump sum offer: $[amount]. Personal details: Age: [age], Spouse age: [age], Health: [status], Life expectancy: [years], Risk tolerance: [low/moderate/high], Other retirement assets: $[amount], Annual expenses: $[amount], Guaranteed income: Social Security $[monthly], other $[monthly]. Analysis framework: 1) Present value comparison (discount rate: use [%] reflecting personal rate, mortality tables: use IRS tables or individual estimate, NPV of annuity: present value of all monthly payments, NPV comparison: lump sum vs annuity PV, actuarial fairness: is lump sum fair value, implied interest rate: rate that equates lump sum to annuity PV), 2) Break-even analysis (break-even years: when total annuity payments exceed lump sum, single life: break-even at age [age], joint and survivor: break-even at age [age], probability: likelihood of reaching break-even, sensitivity: impact of ±5 years longevity, reinvestment assumption: return on lump sum investment), 3) Income guarantee analysis (annuity floor: guaranteed monthly income for life, lump sum risk: subject to market volatility and longevity, inflation protection: does annuity have COLA?, purchasing power: annuity value over 20-30 years, pension insurance: PBGC coverage and limits, company financial health: bond rating and pension funding status), 4) Investment analysis (lump sum management: required return to match annuity, portfolio allocation: to generate equivalent income, withdrawal rate: sustainable withdrawal rate, sequence risk: impact of market downturns early, management costs: fees reduce net return, required return: [%] needed to replicate annuity), 5) Longevity risk (annuity advantage: eliminates risk of outliving money, lump sum risk: could deplete portfolio, joint life expectancy: probability one spouse lives to [age], single vs joint: survivor income needs, health factors: family history and current conditions, insurance value: worth of lifetime income guarantee), 6) Survivor protection (joint life options: 100% vs 50% vs 75% survivor, cost of survivorship: reduction in primary benefit, spouse's needs: income required for survivor, other assets: available for survivor, life insurance: alternative to pension survivor benefit, comparison: cost of insurance vs reduced pension), 7) Tax considerations (annuity taxation: ordinary income rates on benefits, lump sum rollover: to IRA avoids immediate tax, withdrawal taxation: ordinary income as taken, tax bracket management: control taxable income, state taxes: some states exempt pension income, RMD impact: lump sum IRA subject to RMDs, Roth conversion: opportunity with lump sum), 8) Flexibility analysis (annuity: no flexibility once chosen, lump sum: full control and liquidity, early death: lump sum can be inherited, annuity stops (or reduced for survivor), legacy goals: leaving assets to heirs, emergency access: lump sum provides liquidity, changing needs: can adapt lump sum withdrawals), 9) Inflation protection (annuity COLA: does it have one? [%] annual increase, without COLA: purchasing power erodes at [inflation %], lump sum: can invest for inflation protection, TIPS allocation: inflation-protected securities, equity exposure: stocks as inflation hedge, real return: after inflation, initial $[amount] becomes $[amount] in 20 years at [%] inflation), 10) Health considerations (poor health: favors lump sum if short life expectancy, excellent health: favors annuity for longevity protection, spouse health: factor in for joint and survivor decision, long-term care: flexibility of lump sum for major expenses, medical underwriting: some insurers offer medically underwritten annuities), 11) Company pension health (funded status: plan funded at [%], company rating: credit rating [rating], PBGC coverage: maximum monthly benefit $[amount], bankruptcy risk: assess company financial stability, portability: lump sum removes company risk, monitoring: ongoing financial health assessment), 12) Alternative income strategies (immediate annuity: buy SPIA with portion of lump sum, laddered bonds: create income stream, dividend portfolio: stocks for income and growth, rental income: real estate for cash flow, combination: annuity for floor, portfolio for upside), 13) Spouse income needs (survivor income: how much does spouse need, Social Security: survivor benefit from SS, other pensions: any other guaranteed income, working spouse: additional household income, lifestyle: expenses in widowhood, health: expected healthcare costs), 14) Estate planning (legacy goals: importance of leaving inheritance, annuity: stops or reduces at death(s), lump sum: remaining assets to heirs, life insurance: replace pension if choosing lump sum, trust: lump sum can fund trust, charitable: annuity ends, lump sum can leave to charity), 15) Emotional factors (peace of mind: value of guaranteed income, complexity: managing investments vs receiving check, control: desire for control over assets, risk: comfort with market volatility, spending: discipline to make lump sum last). Recommendation: detailed analysis, optimal choice with rationale, sensitivity analysis, if-then scenarios, action plan for chosen option, what-if analysis for different longevity/return assumptions. ``` ### Investment Analysis & Portfolio Optimization Quantitative investment analysis with CAPM, MPT, factor models, and portfolio optimization. #### Modern Portfolio Theory optimization **Use case:** Scientific portfolio construction and optimization **For:** Investment Advisor, Portfolio Manager, Wealth Manager, Financial Analyst, Quantitative Analyst, CFP ``` Optimize investment portfolio using Modern Portfolio Theory. Current portfolio: Positions: [list holdings with amounts], Total value: $[amount], Current allocation: [asset class percentages]. Investor profile: Age: [age], Risk tolerance: [conservative/moderate/aggressive], Time horizon: [years], Income needs: [$/year], Liquidity needs: [high/medium/low], Tax status: [bracket and account types]. Investment universe: Asset classes available: [domestic stocks, international stocks, bonds, REITs, commodities, alternatives], Constraints: [any restrictions]. MPT analysis: 1) Return and risk inputs (expected returns: historical or forward-looking for each asset class, standard deviation: volatility measure for each asset, covariance matrix: correlation between all asset pairs, time period: base on [X years] of historical data, frequency: monthly or annual returns, data source: [source], risk-free rate: current Treasury bill rate [%]), 2) Efficient frontier calculation (mathematical optimization: maximize return for given risk or minimize risk for given return, portfolio weights: optimal % allocation to each asset class, frontier curve: plot risk-return combinations, corner portfolios: turning points on frontier, tangency portfolio: maximum Sharpe ratio portfolio, global minimum variance: lowest risk portfolio, constraints: sum of weights = 100%, no shorting: weights ≥ 0%, concentration limits: maximum % per asset), 3) Sharpe ratio optimization (Sharpe ratio: (Return - Risk-free rate) / Standard deviation, maximize Sharpe: optimal risk-adjusted return portfolio, tangency portfolio: highest Sharpe ratio on frontier, comparison: current portfolio Sharpe vs optimal, information ratio: for active management, Sortino ratio: downside deviation alternative), 4) Capital allocation line (CAL: combinations of risk-free asset and tangency portfolio, risk-free asset: Treasury bills or money market, leverage: if willing to use margin, optimal CAL: highest Sharpe ratio, investor utility: along CAL based on risk aversion, allocation: % risky portfolio vs risk-free), 5) Asset class expected returns (equities: ERP equity risk premium [%] + risk-free rate, bonds: yield to maturity adjusted for default and call risk, REITs: historical premium over bonds, commodities: inflation hedge, expected real return, international: developed markets [%], emerging markets [%], alternatives: private equity, hedge funds if accessible, geometric vs arithmetic: use geometric for multi-period), 6) Correlation analysis (correlation matrix: -1 to +1 for each asset pair, diversification benefit: low or negative correlations improve efficiency, time-varying: correlations increase in market stress, factor models: underlying factor correlations, international: geographic diversification benefits, alternatives: typically low correlation with traditional assets), 7) Risk decomposition (portfolio variance: weighted sum of variances and covariances, marginal contribution: each asset's contribution to total risk, risk parity: equal risk contribution from each asset, factor risk: systematic vs idiosyncratic, tracking error: vs benchmark, downside risk: semi-deviation, VaR, CVaR), 8) Rebalancing strategy (threshold rebalancing: rebalance when drift exceeds [%], calendar rebalancing: quarterly or annually, tolerance bands: [%] around target weights, tax-loss harvesting: coordinate with rebalancing, transaction costs: consider in rebalancing decision, drift analysis: current vs target allocations), 9) Constraints and preferences (minimum allocation: asset class minimums [%], maximum allocation: concentration limits [%], liquidity: required liquid assets $[amount], income: required dividend/interest yield [%], ESG criteria: environmental, social, governance screens, factor tilts: value, momentum, quality, size, geographic: home bias or international diversification), 10) Tax optimization (asset location: tax-efficient placement across accounts, taxable account: municipal bonds, tax-efficient equity funds, tax-deferred: bonds, REITs, actively managed funds, Roth: highest growth potential, turnover: minimize in taxable accounts, capital gains: manage realization, qualified dividends: preferential treatment), 11) Factor analysis (Fama-French: market, size, value factors, momentum: price momentum factor, quality: profitability, investment factors, low volatility: defensive factor, factor exposures: current portfolio factor loadings, factor premiums: historical and expected, factor timing: tactical vs strategic factor exposure), 12) Scenario analysis (historical scenarios: 2008 financial crisis, COVID crash, dot-com bubble, stress testing: portfolio performance in extreme events, Monte Carlo: simulate future outcomes, probability distribution: range of possible returns, downside risk: worst-case scenarios at [%] confidence, recovery time: time to recover from drawdowns), 13) Benchmark comparison (benchmark: appropriate market index or blended benchmark, tracking error: standard deviation of excess returns, information ratio: excess return / tracking error, active share: % difference from benchmark holdings, risk-adjusted performance: alpha, beta, Sharpe vs benchmark), 14) Implementation (transition plan: move from current to target portfolio, tax impact: capital gains on sales, timing: immediate or phased transition, dollar cost averaging: for new investments, minimum investment: per fund or asset class, fund selection: specific mutual funds, ETFs, or individual securities, costs: expense ratios, trading commissions), 15) Monitoring and review (performance tracking: vs benchmark and target return, drift monitoring: alert when allocations drift [%], rebalancing triggers: threshold or calendar, review frequency: quarterly or annually, adjustments: for life changes or market conditions, risk assessment: ongoing risk tolerance check). Deliverables: efficient frontier chart, optimal portfolio allocation, expected return and risk, Sharpe ratio comparison, transition plan, rebalancing schedule, sensitivity analysis showing impact of return/risk assumption changes. ``` #### CAPM and expected return analysis **Use case:** Scientific return forecasting and asset valuation **For:** Investment Analyst, Portfolio Manager, Quantitative Analyst, Equity Research Analyst, Wealth Manager, CFA ``` Calculate expected returns using Capital Asset Pricing Model and factor models. Asset analysis: Security/Fund: [name and ticker], Current price: $[price], Historical data: [time period], Benchmark: [index], Risk-free rate: [current Treasury rate %]. Market conditions: Market risk premium: [%], Current market: bull/bear/neutral, Volatility: [VIX level]. Analysis framework: 1) CAPM calculation (formula: E(R) = Rf + β(E(Rm) - Rf), risk-free rate: current 10-year Treasury yield [%], beta: regression of asset returns vs market returns, market risk premium: historical ERP [%] or forward-looking estimate, expected return: calculated E(R), comparison: vs historical return, assumptions: market efficiency, single period, all investors hold market portfolio), 2) Beta estimation (regression: historical returns vs market index, time period: [36 or 60 months] of data, frequency: daily, weekly, or monthly returns, R-squared: explanatory power of market factor, adjusted beta: Bloomberg adjustment toward 1.0, fundamental beta: based on business characteristics, bottom-up beta: weighted average of segment betas for diversified companies, levered vs unlevered: adjust for capital structure), 3) Market risk premium (historical approach: long-term stock returns minus bond returns, supply-side: earnings growth + dividend yield + P/E change, survey approach: CFO or investor surveys, implied premium: from current valuations, time period: [1926+] vs recent decades, geometric vs arithmetic: geometric for multi-period forecasting, current estimate: [4-6%] is typical range, forward-looking: adjust for current valuations and economic conditions), 4) Fama-French 3-factor model (formula: E(R) = Rf + β_market(MRP) + β_size(SMB) + β_value(HML), SMB: small minus big size premium, HML: high minus low book-to-market value premium, factor loadings: regression coefficients, factor premiums: historical SMB ~2%, HML ~3-5%, expected return: sum of factor contributions, improved fit: typically higher R-squared than CAPM), 5) Carhart 4-factor model (adds momentum: UMD (up minus down), momentum premium: ~6-8% historically, momentum factor: 12-month return minus 1 month, factor loading: sensitivity to momentum, total return: CAPM + size + value + momentum, short-term: momentum stronger in shorter horizons), 6) Multi-factor models (quality: profitability and investment factors, low volatility: defensive factor premium, liquidity: compensation for illiquidity, custom factors: industry-specific or macro factors, factor zoo: be careful of overfitting, parsimony: balance complexity vs explanatory power), 7) Alpha and excess returns (Jensen's alpha: intercept from regression, alpha = actual return - CAPM expected return, statistical significance: t-statistic and p-value, skill vs luck: sustained alpha indicates skill, active management: positive alpha after fees is rare, attribution: performance attribution to factors vs alpha), 8) R-squared and residual risk (R-squared: % of variance explained by factors, idiosyncratic risk: residual unexplained variance, diversification: can eliminate idiosyncratic risk, systematic risk: cannot diversify away, total risk: systematic + idiosyncratic, appropriate: high R-squared indicates good model fit), 9) Time-varying risk (rolling beta: estimated over rolling windows, beta drift: changes over time with business evolution, conditional CAPM: beta depends on market conditions, bull vs bear: betas can differ, downside beta: sensitivity in down markets, upside capture: performance in up markets), 10) Industry and sector analysis (sector betas: vary by industry, cyclical: higher betas for cyclical sectors, defensive: lower betas for utilities, healthcare, sector rotation: tactical allocation based on economic cycle, relative valuation: sector over/underweight decisions), 11) International CAPM (global CAPM: world market portfolio, currency risk: exposure to exchange rates, developed vs emerging: different risk premiums, home bias: actual vs optimal international allocation, hedging: currency hedge decisions, political risk: country-specific risks), 12) Alternative assets (private equity: illiquidity premium, leverage, public market equivalent: PME comparison, real estate: real estate risk premium, hedge funds: factor exposures despite absolute return claims, commodities: inflation hedge, portfolio role, alternative beta: replicating hedge fund returns with factors), 13) Forward-looking adjustments (valuation: high valuations suggest lower forward returns, economic cycle: adjust for recession or expansion, regime change: structural shifts in markets, black swan: tail risk considerations, demographic trends: aging population impacts, policy: monetary and fiscal policy impacts), 14) Equity risk premium estimation (historical: US ~8% since 1926, supply model: dividend yield + earnings growth + P/E change, implied: from current S&P 500 valuations, survey: economist and CFO surveys, current environment: [estimated current ERP %], range: reasonable range for sensitivity analysis), 15) Practical application (portfolio construction: allocate based on expected returns, tactical: overweight high expected return assets, strategic: long-term policy based on long-term expectations, risk budgeting: allocate risk to highest return opportunities, manager selection: evaluate if manager beats CAPM/factor expectations, performance evaluation: risk-adjusted return assessment). Output: detailed expected return calculation, beta and factor exposures, alpha estimate if applicable, graphical representation of risk-return relationship, sensitivity analysis for key inputs, comparison vs historical returns and peer assets. ``` #### Real estate investment ROI analysis **Use case:** Real estate investment evaluation and due diligence **For:** Real Estate Investor, Financial Planner, Real Estate Analyst, Wealth Manager, Investment Advisor, Property Manager ``` Comprehensive real estate investment analysis. Property details: Address: [address], Purchase price: $[price], Property type: [single-family, multi-family, commercial], Square footage: [sqft], Year built: [year], Condition: [condition]. Financing: Down payment: $[amount] ([%]), Loan amount: $[amount], Interest rate: [%], Term: [years], Monthly P&I: $[amount]. Income and expenses: Gross rental income: $[monthly], Vacancy rate: [%], Operating expenses: Property tax $[annual], Insurance $[annual], HOA $[monthly], Repairs/maintenance $[annual], Property management [%], Utilities if paid: $[monthly], CapEx reserve: [%] of income. Analysis framework: 1) Cash flow analysis (gross rental income: $[monthly] × 12 = $[annual], vacancy loss: gross income × [vacancy %], effective gross income: gross - vacancy, operating expenses: sum of all operating costs, net operating income: EGI - OpEx, debt service: principal + interest payments, cash flow before tax: NOI - debt service, cash-on-cash return: annual cash flow / initial cash invested × 100%), 2) Cap rate analysis (cap rate: NOI / purchase price × 100%, market cap rate: [compare to market average], cap rate spread: vs mortgage rate, valuation: implied value = NOI / market cap rate, comparison: to other properties and asset classes, trends: cap rate compression or expansion, yield: annual return ignoring financing), 3) Net present value (NPV) (discount rate: required rate of return [%], cash flows: annual cash flows for [holding period], terminal value: sale proceeds in year [N], present value: discount all cash flows to present, NPV: sum of PV minus initial investment, decision: positive NPV means invest, IRR: solve for rate where NPV = 0), 4) Internal rate of return (IRR) (cash flows: initial investment (negative), annual cash flows, terminal value, IRR calculation: rate where NPV = 0, comparison: vs required return, vs alternative investments, hurdle rate: minimum acceptable IRR [%], sensitivity: test with different assumptions), 5) Cash-on-cash return (initial investment: down payment + closing costs + immediate repairs, annual pre-tax cash flow: from year 1, CoC return: annual cash flow / initial investment, target: [aim for 8-12%+], comparison: vs stock market, bonds, alternative: vs required return), 6) Gross rent multiplier (GRM: purchase price / annual gross rental income, market GRM: [compare to area average], quick screen: low GRM better, limitations: ignores expenses, operating differences, refinement: use GIM gross income multiplier instead), 7) Operating expense ratio (OER: operating expenses / effective gross income, typical range: 35-45% for rental properties, comparison: vs market average for property type, efficiency: lower OER indicates better management, exclusions: does not include debt service or CapEx), 8) Break-even ratio (operating expenses + debt service / gross rental income, safety margin: should be <85% for safety, cushion: for vacancy and unexpected expenses, risk: higher ratio = less margin for error), 9) Debt coverage ratio (DCR: NOI / debt service, lender requirement: typically 1.2-1.25× minimum, cushion: higher DCR = more safety, refinancing: need adequate DCR to refinance), 10) Appreciation analysis (historical: area appreciation rate [%] over past [10 years], projected: conservative annual appreciation [2-4%], future value: current value × (1 + appreciation)^years, total return: cash flow + appreciation, equity buildup: mortgage paydown over time, forced appreciation: value-add improvements), 11) Tax benefits (depreciation: residential 27.5 years, commercial 39 years, annual deduction: building value / depreciation period, depreciation recapture: 25% on sale, cost segregation: accelerate depreciation, bonus depreciation: 100% for certain improvements, mortgage interest: deductible against rental income, property tax: deductible, operating expenses: all deductible, passive losses: offset passive income, real estate professional: if qualifies, 1031 exchange: defer capital gains, QBI deduction: 20% of qualified business income if applicable), 12) After-tax cash flow (taxable income: rental income - expenses - depreciation - interest, tax: taxable income × marginal tax rate [%], after-tax cash flow: before-tax cash flow - tax, tax benefit: if loss offsets other income, effective tax rate: total tax / total income), 13) Sale proceeds calculation (future value: current value × (1 + appreciation)^years, selling costs: 6-8% for commissions, costs, loan balance: remaining mortgage balance, capital gain: sale price - original cost basis - selling costs, depreciation recapture: tax at 25%, capital gains tax: long-term rate on remaining gain [15-20%], 1031 exchange: defer if reinvesting, net proceeds: after all costs and taxes), 14) Sensitivity analysis (rent variations: ±10% rental income impact, vacancy: test 5%, 10%, 15% vacancy, expenses: +20% operating expenses, appreciation: 0%, 2%, 4%, 6% scenarios, interest rate: if refinancing, impact of rate changes, holding period: 5, 10, 15, 20+ years, exit cap rate: impact on terminal value), 15) Risk assessment (market risk: local market conditions and trends, vacancy risk: time to find tenants, problem tenants, maintenance risk: major repairs or deferred maintenance, interest rate risk: if ARM or refinancing, liquidity risk: illiquid asset, can't sell quickly, leverage risk: higher risk with more leverage, concentration risk: too much in one property or market, economic risk: recession, job losses in area). Deliverables: complete pro forma, year-by-year cash flows, NPV and IRR calculations, after-tax returns, sensitivity analysis, comparison to alternative investments, go/no-go recommendation with reasoning. ``` #### Complex asset valuation and analysis **Use case:** Alternative asset valuation for portfolio and estate planning **For:** Valuation Analyst, Business Appraiser, Financial Planner, Wealth Manager, CFA, Estate Planning Attorney ``` Value complex or alternative asset. Asset type: [private business, rental property portfolio, collectibles, cryptocurrency, private equity stake, intellectual property]. Asset details: [specific information]. Valuation purpose: [portfolio diversification, estate planning, insurance, sale/purchase decision]. Valuation framework: 1) Income approach (DCF valuation: discount cash flows, cash flow projection: next [5-10] years, terminal value: perpetuity growth or exit multiple, discount rate: WACC or required return reflecting risk, WACC: if business: cost of equity and debt weighted, sensitivity: vary growth and discount rate assumptions, comparables: sanity check vs similar assets), 2) Market approach (comparable transactions: recent sales of similar assets, transaction multiples: Price/Revenue, EV/EBITDA, Price/Book, liquidity discount: for illiquid assets [20-40%], control premium: if buying control [20-30%], marketability: public vs private discount, adjustments: for differences vs comparables), 3) Asset-based approach (book value: accounting balance sheet value, adjusted book value: fair market value of assets, liquidation value: distressed sale value, replacement cost: cost to recreate, intangible assets: goodwill, IP, brand value, liabilities: all liabilities at fair value, net asset value: assets minus liabilities), 4) Business valuation (revenue multiple: [0.5-5×] revenue depending on industry and growth, EBITDA multiple: [4-12×] EBITDA typical range, SDE multiple: for small businesses, seller's discretionary earnings, industry comps: specific multiples for industry, normalized earnings: adjust for owner compensation, one-time items, growth rate: revenue and earnings growth trajectory, customer concentration: risk if few large customers, recurring revenue: higher value for subscription/recurring), 5) Real estate portfolio (individual valuations: value each property, portfolio premium: diversification may add [5-10%], economies of scale: management efficiencies, cross-collateralization: financing advantages, geographic diversity: reduces local market risk, management: in-place management adds value, aggregate: sum vs portfolio approach), 6) Collectibles and art (replacement cost: current market for similar items, recent sales: auction results for comparable pieces, condition: impact on value, provenance: history and authenticity documentation, appraisal: certified appraiser opinion, insurance: insured value, liquidity: time and cost to sell, trends: market trends in collectibles category), 7) Cryptocurrency and digital assets (market price: current exchange price for liquid assets, custody: security and storage considerations, volatility: extreme price volatility, regulatory: uncertain regulatory environment, liquidity: trading volume and market depth, staking yield: if applicable, valuation uncertainty: high risk and speculation, portfolio role: small allocation if any [<5%]), 8) Private equity stake (ownership %: [%] of company, rights: voting, dividends, liquidation preference, restrictions: transfer restrictions, drag-along, tag-along, discounts: lack of control [20-30%], lack of marketability [20-40%], method: DCF or comparable transactions, exit timeline: expected holding period and exit event), 9) Intellectual property (patents: remaining life and market potential, trademarks: brand value and recognition, copyrights: revenue stream and licensing, trade secrets: competitive advantage, relief from royalty: what would cost to license, income: actual or projected income from IP, legal protection: strength of IP protection, infringement: ongoing or potential disputes), 10) Discounts and premiums (marketability discount: illiquid assets [20-40%], control premium: controlling interest [20-30%], minority discount: lack of control [20-30%], key person: dependence on individual(s), size: small company discount, strategic value: to specific buyer, portfolio discount: holding company discount [10-20%]), 11) Risk assessment (business risk: operational and competitive risks, financial risk: leverage and cash flow stability, market risk: economic and industry conditions, liquidity risk: time and cost to sell, valuation risk: wide range of reasonable values, concentration risk: lack of diversification, regulatory risk: changes in laws or regulations), 12) Tax considerations (cost basis: original cost for gain calculation, holding period: short vs long-term treatment, depreciation recapture: if applicable, ordinary vs capital: income characterization, AMT: alternative minimum tax considerations, estate tax: inclusion in estate, step-up basis: at death for heirs, 1031 exchange: if real estate, installment sale: spread gain over time), 13) Sensitivity analysis (revenue growth: ±20% impact on value, EBITDA margin: ±5% margin impact, discount rate: ±2% WACC impact, exit multiple: ±2× terminal multiple, holding period: vary by ±2-3 years, synergies: with or without, market conditions: bull vs bear case), 14) Scenario analysis (base case: most likely scenario and value, best case: optimistic assumptions [90th percentile], worst case: pessimistic assumptions [10th percentile], probability-weighted: expected value across scenarios, stress test: extreme scenarios, value range: from low to high cases), 15) Reporting and documentation (valuation report: comprehensive written report, methodology: detailed explanation of approach, assumptions: all key assumptions documented, limiting conditions: caveats and limitations, certification: appraiser certification if applicable, support: comparable data and sources, date: valuation as of specific date, update: frequency of revaluation). Deliverable: detailed valuation report, value range (not just point estimate), methodology and assumptions, comparable analysis, risk assessment, recommendations for monitoring or liquidation. ``` ### Tax Strategy & Optimization Advanced tax planning, optimization strategies, and compliance research frameworks. #### Comprehensive tax optimization strategy **Use case:** Holistic tax reduction and planning across all income sources **For:** CPA, Tax Advisor, Financial Planner, CFP, Wealth Manager, Tax Attorney, Enrolled Agent ``` Develop tax minimization strategy. Client profile: Income: W-2 $[amount], Self-employment $[amount], Investment income $[amount], Filing status: [status], State: [state], Current tax bracket: [%]. Assets: Taxable account $[amount], Tax-deferred $[amount], Roth $[amount], Real estate $[amount], Business ownership: [% of business]. Goals: [reduce current taxes, defer taxes, estate planning, charitable giving]. Tax optimization framework: 1) Income characterization (ordinary income: wages, short-term gains, interest, qualified dividends: preferential 0/15/20% rates, long-term capital gains: assets held 1+ year, preferential rates, tax-exempt: municipal bonds, Roth withdrawals, passive income: rental real estate, K-1 distributions, QBI deduction: 20% deduction for qualified business income, net investment income tax: 3.8% on investment income if MAGI > $200k/$250k), 2) Deduction optimization (standard deduction: $[29,200 married, $14,600 single] for 2024, itemized: itemize if total exceeds standard, SALT cap: $10k state and local tax deduction limit, mortgage interest: on up to $750k mortgage, charitable: cash limit 60% AGI, appreciated assets 30% AGI, medical: deductible if exceeds 7.5% AGI, bunching: accelerate deductions to exceed standard in alternating years), 3) Capital gains management (tax-loss harvesting: sell losses to offset gains up to $3k ordinary income, wash sale: avoid repurchasing within 30 days, long-term holding: hold assets 1+ year for preferential rates, 0% bracket: if income allows, realize gains at 0% rate, concentrated position: diversify while managing tax, gifting: appreciated assets for charitable or family, NUA: net unrealized appreciation strategy for company stock), 4) Retirement account strategies (traditional contributions: pre-tax, reduce current taxable income, Roth contributions: post-tax, tax-free growth and withdrawals, backdoor Roth: for high earners, contribute to traditional then convert, mega backdoor: after-tax 401k contributions then convert, pro-rata rule: applies to IRA conversions if have pre-tax IRAs, employer match: maximize free money, contribution limits: $23k 401k, $7k IRA for 2024, catch-up: additional if 50+), 5) Roth conversion analysis (conversion amount: optimal to convert annually, tax cost: pay tax now at current rate, future benefit: tax-free withdrawals in retirement, bracket management: convert up to top of desired bracket, timing: low-income years, down market for assets, Medicare: avoid IRMAA income thresholds, long-term: benefits heirs with tax-free inheritance, 5-year rule: each conversion has 5-year holding for penalty-free withdrawal), 6) Qualified Business Income deduction (QBI deduction: 20% of qualified business income, phase-out: begins at $191k single, $383k married for 2024, specified service: SSTB limitations for high earners, aggregation: combine multiple businesses, W-2 limit: greater of 50% W-2 wages or 25% W-2 + 2.5% assets, optimization: strategies to maximize deduction, entity choice: S-corp, partnership, sole proprietor), 7) Business entity optimization (sole proprietor: simplest, all income on Schedule C, S-corporation: reasonable salary, distributions save self-employment tax, C-corporation: 21% flat rate, double taxation on dividends, LLC: flexibility, choose tax treatment, reasonable compensation: IRS scrutiny on low S-corp salaries, retirement plans: solo 401k, SEP IRA for self-employed, health insurance: self-employed deduction), 8) Real estate tax strategies (depreciation: 27.5 years residential, deductible expense, cost segregation: accelerate depreciation, shorter lives, bonus depreciation: 100% first year for certain property, passive loss: offset passive income, or $25k active participation allowance, real estate professional: if qualifies, losses not limited, 1031 exchange: defer capital gains, strict timing rules, QOZ: opportunity zones, defer and reduce gains, vacation home: rental vs personal use rules, substantiation: contemporaneous records required), 9) Charitable giving strategies (cash donations: deduct up to 60% of AGI, appreciated securities: deduct FMV, no capital gains, 30% AGI limit, DAF: donor-advised fund, immediate deduction, grant over time, private foundation: more control, lower AGI limits, bunching: concentrate donations in one year, QCD: qualified charitable distribution from IRA, age 70.5+, CRT: charitable remainder trust, income and estate benefits, life insurance: donate policy or death benefit), 10) Alternative Minimum Tax (AMT: parallel tax system, higher rates 26-28%, AMTI: add back certain deductions, ISO: incentive stock options trigger AMT, private activity bonds: interest included in AMTI, projection: calculate AMT exposure, avoidance: strategies to stay below AMT, depreciation: MACRS vs ADS, planning: time income and deductions), 11) Net Investment Income Tax (NIIT: 3.8% surtax on investment income, threshold: $200k single, $250k married, $125k MFS, investment income: interest, dividends, capital gains, rental, MAGI: modified adjusted gross income, strategies: municipal bonds, Roth, active participation in real estate, business income: not subject to NIIT, QBI: coordination with QBI deduction), 12) State and local tax (SALT deduction: capped at $10k, high-tax states: significant impact, state income tax: rates vary widely by state, property tax: deductible within SALT cap, strategic residence: establish residency in low/no tax state, snowbird: domicile rules, 183-day test, business income: apportionment and nexus, sales tax: use tax obligations, planning: timing of payments, bunching within cap), 13) Medicare tax planning (IRMAA: Income-Related Monthly Adjustment Amount, thresholds: $103k/$206k for 2024, surcharges: up to $419 individual/$838 couple additional per month, look-back: based on tax return 2 years prior, strategies: manage income below thresholds, Roth conversions: avoid in high-income years near 65, life-changing event: can appeal IRMAA within 7 months, provisional income: AGI + tax-exempt interest + 50% SS benefits), 14) Estate and gift tax planning (lifetime exemption: $13.61M per person for 2024, annual exclusion: $18k per person, unlimited recipients, portability: unused exemption to surviving spouse, step-up basis: heirs receive stepped-up basis at death, GRAT: grantor retained annuity trust, freeze estate, QPRT: qualified personal residence trust, family LLC: valuation discounts, life insurance: ILIT to keep outside estate, clawback: concern for gifts before sunset), 15) Tax compliance and planning (quarterly estimated: if self-employed or investment income, safe harbor: 90% current year or 110% prior year, extensions: file if need more time, doesn't extend payment, recordkeeping: contemporaneous documentation, substantiation: receipts, logs, written records, software: tax software or CPA, amendment: 3 years to amend return, audit risk: red flags to avoid, professional: when to hire CPA or tax attorney). Deliver: current year tax projection, multi-year tax plan, specific action items with deadlines, estimated tax savings, sensitivity analysis for key decisions, checklist for implementation. ``` #### IRS tax research and compliance outline **Use case:** Tax research, compliance guidance, and position analysis **For:** CPA, Tax Attorney, Enrolled Agent, Tax Researcher, Tax Advisor, Tax Consultant, Financial Planner ``` Research tax treatment and compliance requirements. Tax issue: [describe specific tax question or situation]. Facts: [relevant facts and circumstances]. Jurisdiction: Federal, State: [state if applicable]. Tax year: [year]. Research framework: 1) Issue identification (precise tax question: narrow and specific issue statement, relevant transactions: describe all relevant transactions, parties involved: taxpayer, related parties, timing: when transactions occurred, amounts: dollar amounts involved, prior treatment: how previously handled if applicable, goal: desired tax outcome, controversy: IRS challenge risk), 2) Authoritative sources (Internal Revenue Code: specific IRC sections, Treasury Regulations: final, temporary, proposed, Revenue Rulings: IRS official position, Revenue Procedures: procedural guidance, Private Letter Rulings: precedent for similar situations but not binding, Technical Advice Memoranda: IRS guidance to agents, Chief Counsel Advice: internal IRS legal guidance, court cases: Tax Court, District Court, Claims Court, Circuit Courts, Supreme Court, precedential value: circuit, jurisdiction, binding vs persuasive), 3) IRC analysis (primary code section: [IRC § __], statutory language: exact text and interpretation, definitions: defined terms in statute, exceptions: carve-outs and special rules, cross-references: related code sections, effective date: when provision applies, sunset: if provision expires, legislative history: Congressional intent, committee reports), 4) Regulation analysis (Treas. Reg. § __: specific regulation, interpretation: how reg interprets statute, examples: regulations often include examples, applicability: who and what covered, effective date: when regulations apply, proposed vs final: status of regulations, challenge: Chevron deference, can regs be challenged), 5) Case law research (leading cases: key Tax Court or higher court cases, facts: similar to current situation?, holding: court's decision and reasoning, distinguishing: how facts differ from current situation, circuit: which circuit has jurisdiction, splits: are there circuit splits on issue, precedent: binding or persuasive, recent cases: latest developments), 6) IRS guidance (Revenue Ruling: applicable ruling, facts: IRS ruling on similar facts, analysis: IRS reasoning, conclusion: IRS position, revenue procedure: if procedural issue, notices: IRS notices on issue, FAQs: informal IRS guidance on website, IRS publications: educational materials), 7) Private letter rulings (similar PLRs: rulings on similar facts, analysis: how IRS analyzed issue, conclusion: favorable or unfavorable, facts: key facts in ruling, distinguishing: how current facts differ, request own: consider requesting PLR if needed, no precedent: PLRs not precedent for others but show IRS thinking), 8) Tax court memorandum (TCM: Tax Court Memorandum decisions, summary: summary judgment or regular decision, pro se: taxpayer represented?, holding: court's decision, reasoning: legal reasoning, appealed?: was decision appealed, circuit precedent: does TC decision follow circuit precedent in jurisdiction), 9) Positions and arguments (taxpayer-favorable: arguments supporting desired treatment, IRS position: likely IRS challenge arguments, substantial authority: is there substantial authority for position, more likely than not: >50% confidence in position, reasonable basis: minimum standard for return position, disclosure: Form 8275 if required to avoid penalty, penalty risk: accuracy-related penalty 20%, reportable transaction: listed or reportable transaction disclosure), 10) Penalty analysis (accuracy-related: 20% penalty for substantial understatement, substantial: understatement > of $5k or 10% of tax, negligence: lack of reasonable basis, substantial authority: exception to penalty, reasonable cause: good faith exception, disclosure: Form 8275 to avoid penalty, willfulness: 75% fraud penalty, listed transaction: penalty for failing to disclose, preparer: preparer penalties for unreasonable positions), 11) Statute of limitations (assessment: generally 3 years from filing, extended: 6 years if substantial omission >25% of income, no limit: fraud or no return filed, protective claim: file if statute expiring, amendment: 3 years to amend, mitigation: carrybacks and adjustments, foreign: FBAR and foreign account penalties), 12) Compliance procedures (filing requirements: forms required, due date: when due, extension: extension available?, payment: payment required with filing or extension, estimated tax: quarterly estimates if applicable, penalties: late filing, late payment, accuracy penalties, interest: IRS interest compounds daily, amended return: Form 1040-X if amending), 13) Disclosure requirements (Form 8275: disclosure statement for non-conforming positions, Form 8275-R: disclosure for positions contrary to regulations, listed transaction: Form 8886 for reportable transactions, FBAR: FinCEN Form 114 for foreign accounts, FATCA: Form 8938 for foreign financial assets, foreign entities: Form 5471, 8865, 8621, etc., penalties: severe penalties for nondisclosure), 14) State tax considerations (state conformity: does state follow federal treatment, state modifications: additions or subtractions to federal income, apportionment: multi-state income allocation, nexus: sufficient connection for state to tax, throwback: unsourced income allocation, combined reporting: unitary business groups, credits: state credits and reciprocity), 15) Documentation and memo (tax research memo: formal written conclusion, facts: recite all relevant facts, issue: precise issue statement, analysis: application of authorities to facts, conclusion: answer to issue, confidence level: likelihood of success, disclosure: whether disclosure required, authority: cite all relied-upon authorities, appendix: attach key authorities). Deliverable: tax research memorandum, analysis of applicable law, conclusion with confidence level, recommended return position, disclosure requirements, risk assessment, supporting authority citations. ``` #### Stock option and RSU tax analysis **Use case:** Equity compensation tax optimization for employees and executives **For:** Financial Planner, Tax Advisor, CPA, Wealth Manager, CFP, Tax Attorney, Equity Compensation Specialist ``` Analyze tax treatment of equity compensation. Grant details: ISOs: [number] shares at $[strike price], NQSOs: [number] shares at $[strike price], RSUs: [number] units, vesting schedule: [schedule], Current stock price: $[price]. Employee info: Income: $[amount], Tax bracket: [%], State: [state], AMT: [subject to AMT?], Liquidity: [cash available]. Tax strategy: 1) ISO tax treatment (grant: no tax at grant, exercise: no ordinary income tax at exercise, AMT: spread (FMV - strike) is AMT income, AMT rate: 26-28% on AMT income over exemption, holding period: 2 years from grant, 1 year from exercise for qualifying disposition, qualifying disposition: long-term capital gain only, disqualifying disposition: ordinary income on spread, then capital gain/loss, $100k limit: only $100k vesting per year gets ISO treatment), 2) NQSO tax treatment (grant: no tax at grant, exercise: ordinary income on spread (FMV - strike), withholding: employer withholds at supplemental rate 22% or 37%, sale: capital gain/loss from exercise price to sale price, short-term: if sold within 1 year of exercise, long-term: if held 1+ year after exercise, tax rate: ordinary rates up to 37%, capital gains 0/15/20%), 3) RSU tax treatment (grant: no tax at grant, vesting: ordinary income on full FMV at vest, withholding: employer withholds at supplemental rate, stock receipt: receive shares net of withholding, sale: capital gain/loss from vest price to sale price, holding period: begins at vest, double taxation: common confusion, only gain after vest is additional income), 4) ISO exercise strategies (early exercise: exercise ISOs early when FMV = strike price to start holding period, no AMT if exercise at strike, disqualifying disposition: if need cash, sell within 1 year, ordinary income, AMT planning: stay under AMT exemption, exercise amount: FMV - strike under ~$100k, cashless exercise: not recommended for ISOs, defeats purpose, charitable donation: donate ISO shares after qualifying disposition), 5) AMT calculation (regular tax: regular taxable income and tax, AMT income: add back AMT adjustments including ISO spread, AMT exemption: $85k single, $133k married for 2024, phase-out: exemption phases out at higher income, tentative minimum tax: 26-28% on AMT income above exemption, AMT: pay higher of regular tax or TMT, AMT credit: carry forward to future years when regular > AMT, planning: avoid large ISO exercises in one year), 6) 83(b) election (early exercise: if available, exercise unvested shares, 83(b) election: elect to pay tax at exercise, not vesting, deadline: file within 30 days of grant, irrevocable: cannot undo, benefit: if stock appreciates, all gain is capital gain, risk: if forfeit shares, no refund of tax paid, strategy: use for startups with low current FMV), 7) Cashless exercise (simultaneous: exercise and sell same day, no capital gain: sell price = exercise price typically, ordinary income: on spread for NQSOs, proceeds: FMV × shares - strike price × shares - taxes - fees, convenience: don't need cash to exercise, downside: miss out on potential appreciation, ISO: not recommended, becomes disqualifying disposition), 8) Exercise and hold (exercise: pay strike price, hold shares, capital gain: all appreciation after exercise is capital gain, long-term: hold 1+ year after exercise for LTCG, risk: concentration risk in company stock, liquidity: need cash to exercise and pay taxes, diversification: consider vs diversified portfolio), 9) Diversification vs concentration (concentration: company stock is likely large % of net worth, risk: company-specific risk, diversification: sell shares to diversify, tax cost: balance diversification benefit vs tax cost, phased: sell over time to average tax cost, collar: protective puts and covered calls to reduce risk), 10) Tax withholding (supplemental wage: 22% or 37% withholding rate, true-up: withholding may be more or less than actual tax, estimate: calculate actual tax liability, additional shares sold: to cover taxes, cash payment: pay taxes out of pocket to keep more shares, state withholding: varies by state), 11) State tax (state rates: California, NY, etc. with high rates, FMV: ordinary income at vest or exercise, sourcing: based on where services performed, no reciprocity: unlike retirement plan rollovers, move states: establishing new domicile, timing: when income recognized), 12) Estimated tax payments (quarterly: if have substantial equity income, safe harbor: 90% current year or 110% prior year, underpayment penalty: if insufficient estimates, form: Form 1040-ES, dates: April 15, June 15, Sept 15, Jan 15, calculate: based on expected income including equity), 13) Scenarios and modeling (scenario A: exercise and hold ISOs, calculate AMT, LTCG potential, scenario B: exercise and sell ISOs, disqualifying, ordinary income, scenario C: cashless NQSO, ordinary income only, scenario D: RSU vest and hold, potential LTCG, scenario E: RSU vest and sell, minimize concentration, comparison: net after-tax proceeds in each scenario), 14) Optimization strategies (ISO spread: stay under AMT exemption, Roth conversion: coordinate with equity income, timing: exercise in low-income years, bunching: concentrate in high-income years if NQSO, early exercise: 83(b) election if available, charitable donation: donate appreciated shares after qualifying period, estimated taxes: avoid underpayment penalties, year-end: planning in November-December), 15) Concentrated stock management (rule of thumb: limit to 10-15% of portfolio, programmatic selling: establish 10b5-1 plan, collars: protective options to limit risk, exchange funds: swap for diversified portfolio, derivatives: options strategies to hedge, charitable: donate appreciated shares, CRT: charitable remainder trust with stock, monitoring: regular review of concentration). Output: tax liability calculation by scenario, optimal exercise and sale strategy, cashless vs hold comparison, AMT impact analysis, estimated tax requirements, diversification recommendations, timeline and action plan. ``` #### Cryptocurrency tax compliance strategy **Use case:** Cryptocurrency tax compliance and optimization **For:** CPA, Crypto Tax Specialist, Tax Advisor, Financial Planner, Enrolled Agent, Tax Attorney, Wealth Manager ``` Navigate cryptocurrency tax reporting and compliance. Holdings: [list cryptocurrencies and amounts], Transactions: Trading: [number] trades, Mining: [income], Staking: [income], DeFi: [lending, liquidity pools, yield farming], NFTs: [purchases and sales], Cost basis: [known/unknown/partial]. Tax challenges: 1) Capital gain/loss recognition (property: crypto treated as property, not currency, capital gain: on sale or disposition, holding period: <1 year short-term, 1+ year long-term, rates: ordinary income vs preferential capital gains, basis: cost basis is purchase price plus fees, like-kind: no like-kind exchange for crypto post-2017, wash sale: IRS position unclear, likely applies, hard fork: IRS treats as income), 2) Cost basis tracking (FIFO: first in first out default, LIFO: last in first out allowed, specific ID: identify specific units sold, highest in first out: minimize gain if increasing basis, accounting method: must consistently apply, multiple wallets: track basis per wallet/exchange, fees: add to basis when buying, subtract from proceeds when selling, gifts: carryover basis from donor, fair market value at time of gift), 3) Transaction identification (taxable: crypto to fiat, crypto to crypto, using crypto to buy goods, non-taxable: buying crypto with fiat, transferring between own wallets, gifting below annual exclusion, small transactions: de minimis exception (proposed but not enacted), each trade: separate transaction, staking rewards: income when received), 4) Mining income (ordinary income: FMV on receipt date, self-employment: if in business, subject to SE tax, hobby: if not in business, hobby loss limits, expenses: deductible if business, electricity, hardware depreciation, pool: allocate income based on pool share, basis: FMV on receipt date becomes basis for later sale), 5) Staking rewards (income: ordinary income when received, FMV: fair market value on receipt date, when received: when gain dominion and control, not when staked, basis: income amount becomes basis for later sale, deductions: limited unless business, Rev Rul 2023-14: recent guidance), 6) DeFi transactions (liquidity pools: complex, entry and exit are taxable, impermanent loss: realized loss, but tracking difficult, yield farming: rewards are income, wrapped tokens: taxable exchange?, interest income: lending interest is ordinary income, governance tokens: likely income on receipt, unsettled: IRS guidance sparse), 7) NFTs (purchase: no immediate tax, establish basis, sale: capital gain/loss on sale, holding period: collectible vs capital asset, collectible: if determined collectible, max 28% rate, basis: cost including gas fees, royalties: ordinary income if creator, like-kind: definitely not like-kind, fractional: NFT fractionalization creates complexity), 8) Forks and airdrops (hard fork: new coin from chain split, income: FMV when receive dominion and control, Rev Rul 2019-24: IRS guidance, airdrops: likely income on receipt, basis: amount of income becomes basis, when received: can you sell/transfer it?, unsolicited: still likely income), 9) Lost or stolen crypto (theft loss: casualty loss deduction eliminated for personal property 2018-2025, if business: deductible, worthless: can claim loss if truly worthless, no value, proof: burden on taxpayer, unlikely to get, future: may recover, don't rush to claim loss), 10) Gifting and inheritance (gift: no tax to donor if under $18k annual exclusion, recipient: carryover basis from donor, donee pays tax on later sale, inheritance: step-up in basis to FMV at date of death, charitable: donate appreciated crypto, deduct FMV, no capital gains, family: gifting to family in lower brackets), 11) International considerations (FBAR: foreign exchange accounts if over $10k aggregate, FATCA: Form 8938 if foreign financial assets, foreign exchange: based on location of exchange, not you, traveling: use of crypto abroad, sourcing: income sourcing for foreign earned income), 12) Reporting requirements (Form 8949: report every transaction, Schedule D: summary of gains and losses, Schedule 1: additional income for mining/staking, Schedule C: if crypto business, self-employment, FBAR: if foreign accounts, Form 8938: FATCA reporting, question: 1040 question about virtual currency must be answered), 13) Records and substantiation (transaction history: download from every exchange/wallet, cost basis: purchase price, date, fees, wallets: addresses and transfers, personal use: keep records showing purpose, software: crypto tax software to track, duration: keep indefinitely, or at least 6 years, third-party: 1099s from exchanges if over $20k gross), 14) Penalties and enforcement (John Doe summons: IRS summons to exchanges, audits: increased enforcement, willfulness: penalties if willful noncompliance, FBAR: penalties up to $10k per violation, criminal: tax evasion if severe, voluntary disclosure: before IRS contacts you, reasonable cause: good faith exception), 15) Planning strategies (tax-loss harvesting: sell losers to offset gains, wash sale: be careful with repurchases, hodl: hold for long-term gains, donate: appreciated crypto to charity, spend: use crypto for purchases, taxable but may have benefits, accounting method: optimize FIFO vs specific ID, estimated taxes: make quarterly payments, software: use crypto tax software like CoinTracker, Koinly, ZenLedger). Deliverable: comprehensive transaction list with gain/loss, completed Form 8949 and Schedule D, income summary, estimated tax liability, compliance checklist, recommended tax strategies, software recommendations. ``` ### Estate Planning & Wealth Transfer Sophisticated estate planning strategies for wealth preservation and tax-efficient transfers. #### Comprehensive estate plan design **Use case:** Comprehensive estate tax reduction and wealth transfer planning **For:** Estate Planning Attorney, Wealth Manager, CFP, Trust Officer, CPA, Financial Planner, Tax Advisor ``` Design estate plan for wealth preservation and transfer. Estate profile: Net worth: $[amount], Composition: Liquid assets $[amount], Real estate $[amount], Business interests $[amount], Retirement accounts $[amount]. Family: Marital status: [status], Children: [number and ages], Grandchildren: [number], Special needs: [yes/no], Blended family: [yes/no]. Goals: Minimize estate tax, Provide for spouse, Leave legacy to children, Charitable intentions: [amount or %], Business succession: [if applicable], Special concerns: [spendthrift, substance abuse, disability]. Estate planning framework: 1) Estate tax analysis (federal exemption: $13.61M per person 2024, married couple: $27.22M with portability, sunset: exemption drops to ~$7M in 2026, state estate tax: [state] exemption and rates, calculation: gross estate minus deductions and exemptions, rate: 40% federal above exemption, lifetime gifting: reduces estate, uses exemption, portability: unused exemption to surviving spouse), 2) Will and trust structure (will: pour-over will to fund trust, testamentary wishes, revocable living trust: avoid probate, privacy, manage during incapacity, benefits: no probate, privacy, ease of management, marital trust: QTIP or AB trust for spouse, bypass trust: use both exemptions in married couple, dynasty trust: multi-generational wealth preservation, testamentary trust: created by will, only after death, special needs trust: for disabled beneficiary), 3) Marital deduction planning (unlimited marital deduction: no tax on transfers to spouse, portability election: Form 706 to transfer unused exemption, AB trust: bypass and marital trust, use both exemptions, QTIP: qualified terminable interest property trust, control: who gets assets after spouse dies, state: some states don't allow portability, credit shelter: bypass trust up to exemption amount), 4) Lifetime gifting strategy (annual exclusion: $18k per person per year 2024, unlimited recipients: gift to as many as want, use it or lose: doesn't accumulate, direct payments: tuition and medical unlimited, pay direct to institution, lifetime exemption: $13.61M for 2024, gift tax: on gifts above annual exclusion, uses lifetime exemption, Form 709: gift tax return, valuation: FMV at time of gift, basis: carryover to recipient), 5) Trust types and purposes (irrevocable life insurance trust: life insurance outside estate, grantor retained annuity trust: freeze estate value, transfer appreciation, qualified personal residence trust: gift home at reduced value, charitable remainder trust: income for life, remainder to charity, intentionally defective grantor trust: grantor pays tax, trust grows, special needs: supplemental, not displace government benefits, spendthrift: protect from creditors and beneficiary), 6) Business succession planning (buy-sell agreement: cross-purchase or redemption, valuation: formula or appraisal, funding: life insurance, installment sale, ESOP: employee stock ownership plan, benefits, gift program: gift interests to children over time, GRAT: zero-out GRAT with business interests, FLP: family limited partnership, valuation discounts, voting vs non-voting: retain control), 7) Retirement account beneficiary planning (beneficiary designation: trumps will, takes precedence, spouse: rollover or inherited IRA, non-spouse: inherited IRA, 10-year rule, inherited IRA: SECURE Act 10-year distribution, exceptions: eligible designated beneficiaries, longer payout, conduit trust: pass-through to beneficiaries, accumulation trust: trust can accumulate, Roth conversion: eliminate income tax for heirs, strategy: maximize tax-free inheritance), 8) Charitable planning (charitable deduction: income and estate tax deductions, outright bequest: % or specific amount to charity, charitable remainder trust: CRT, income for life or years, donor-advised fund: immediate deduction, grant over time, private foundation: more control, lower limits, charitable lead trust: income to charity, remainder to heirs, CLT reduces gift/estate tax, IRA: charitable beneficiary, or QCD after 70.5), 9) Generation-skipping transfer tax (GST tax: 40% tax on transfers to grandchildren, GST exemption: $13.61M per person 2024, direct skip: gift/bequest directly to grandchild, taxable termination: trust termination distributes to skip person, dynasty trust: long-term GST planning, allocation: allocate GST exemption to transfers, automatic: automatic allocation rules), 10) Asset protection (irrevocable trust: assets outside of personal estate, LLC or FLP: protection and valuation discounts, tenancy by entirety: in some states for married couples, homestead: homestead exemption in some states, retirement accounts: creditor protection in bankruptcy, life insurance: cash value protected in many states, prenuptial: for second marriage, blended family, fraudulent transfer: not to avoid existing creditors), 11) Incapacity planning (financial POA: manage finances if incapacitated, healthcare POA: make medical decisions, living will: end-of-life wishes, HIPAA: authorization to access medical records, revocable trust: successor trustee takes over, springing POA: becomes effective upon incapacity), 12) State considerations (domicile: establish in favorable state, no state estate tax: avoid state death tax, income tax: state income tax differences, property tax: ongoing costs, community property: vs common law states, ancillary probate: if property in multiple states, trust: out-of-state trust for planning), 13) Valuation discounts (lack of control: minority interest discount 20-40%, lack of marketability: illiquid asset discount 20-40%, FLP: family limited partnership for discounts, qualified appraisal: required for discounts, IRS scrutiny: aggressive discounts challenged, case law: evolving standards), 14) Life insurance planning (estate liquidity: to pay estate taxes, business: fund buy-sell agreement, ILIT: irrevocable life insurance trust keeps outside estate, Crummey powers: annual exclusion gifts to ILIT, premium gifts: need liquidity to pay premiums, second-to-die: survivorship policy for married couples, review: regular review of insurance adequacy), 15) Ongoing administration (trustee: select appropriate trustee, individual, bank, or both, trust protector: can change terms or trustee, distributions: standard or discretionary, accounting: annual accountings to beneficiaries, tax returns: trust tax returns 1041, investment: prudent investor rule, review: regular review and updates every 3-5 years or after major life events). Deliverables: estate plan outline, trust documents needed, gift program recommendation, estate tax projection, asset titling guidance, timeline for implementation. ``` #### Generation-skipping trust analysis **Use case:** Multigenerational wealth preservation and dynasty planning **For:** Estate Planning Attorney, Wealth Manager, Trust and Estate Planner, Tax Attorney, Dynasty Trust Specialist, Family Office Advisor ``` Design generation-skipping trust structure. Trust purpose: [preserve wealth for grandchildren, avoid estate tax at children's level]. Assets: [amount and type to fund trust]. Family: Children: [number], Grandchildren: [number and ages], Great-grandchildren: [anticipated]. State: [state of trust]. Dynasty trust planning: 1) GST tax overview (GST tax: 40% tax on transfers skipping a generation, exemption: $13.61M per person for 2024, allocation: allocate GST exemption to trust, inclusion ratio: 0 if fully exempt, 1 if not exempt, generation assignment: grandchildren and more remote descendants, predeceased parent exception: grandchild takes parent's place), 2) Trust structure (grantor: person creating and funding trust, beneficiaries: children, grandchildren, further descendants, skip persons: grandchildren and beyond, non-skip: children are non-skip persons, sprinkling: discretionary distributions among beneficiaries, mandatory: required distributions vs discretionary, duration: perpetual if allowed in state, or rule against perpetuities), 3) GST exemption allocation (automatic allocation: to lifetime direct skips and indirect skips to GST trusts, election out: can elect out of automatic allocation, retroactive: 15-month window to allocate to prior year gifts, leveraging: allocate to assets likely to appreciate, late allocation: can allocate later but loss of appreciation, inclusion ratio: must be 0 or 1 after allocation, optimization: use exemption on highest value assets), 4) State dynasty trust options (perpetuities: rule against perpetuities abolished in some states, Delaware: popular dynasty trust state, Nevada: another popular state, Alaska: for asset protection as well, South Dakota: favorable trust laws, home state: may use home state or favorable state, directed trust: separate investment and distribution trustees), 5) Distribution provisions (sprinkle and spray: discretionary to any beneficiary, ascertainable standard: HEMS - health, education, maintenance, support, independent trustee: for discretionary distributions beyond HEMS, per stirpes: to descendants equally, per capita: to individuals equally, mandatory: required distributions at ages or events, protective: spendthrift, substance abuse protection), 6) Trustee selection (individual: family member as trustee, corporate: bank or trust company, combination: individual and corporate co-trustees, distribution trustee: makes distribution decisions, directed trustee: takes direction for investments, trust protector: can change terms, remove trustee, succession: plan for trustee succession, independent: if distributions beyond HEMS), 7) Tax considerations (income tax: trust pays tax on accumulated income, 37% rate over $15.2k for 2024, distributable net income: beneficiary taxed on distributions, grantor trust: if intentionally defective grantor trust, IDGT, estate inclusion: avoid estate inclusion for spouse, basis: carryover basis, no step-up at death, state income tax: some states follow federal, some don't), 8) Funding the trust (gift: lifetime gift to trust, allocation: allocate GST exemption, valuation: at FMV at time of gift, discounts: use valuation discounts if applicable, installment sale: sell assets to trust for note, avoid gift tax, life insurance: life insurance in trust, outside estate), 9) Dynasty trust vs alternatives (outright bequest: control vs protection trade-off, trust for children: not dynasty, taxable at children's death, crummey trust: annual exclusion gifts with withdrawal rights, UTMA: custodial account, simple, less control, per stirpes outright: distribute outright to each generation, comparison: tax, control, protection), 10) Asset protection benefits (spendthrift: protection from beneficiary creditors, discretionary: no right to demand, protects from creditors, exceptions: alimony, child support, may not protect, federal tax liens: IRS can reach trust assets in some cases, offshore: enhanced protection but complexity, domestic: good protection in right state), 11) Investment management (prudent investor: trust must invest prudently, diversification: avoid excessive concentration, delegation: can delegate to investment advisor, directed: separate investment trustee, long-term: invest for long-term growth, generations, tax efficiency: minimize income tax where possible, modern portfolio: MPT principles apply), 12) Flexibility and adaptability (trust protector: can modify terms, change situs, decanting: pour into new trust with better terms, allowed in many states, distribution standard: flexibility in distributions, modification: courts can modify in changed circumstances, severance: split into separate trusts), 13) Regulatory compliance (Form 709: gift tax return to allocate GST exemption, Form 1041: annual trust income tax return, state: state trust income tax return if required, records: maintain records of basis, distributions, notice: notice to beneficiaries if required by state, accounting: annual accountings), 14) Creditor protection analysis (spendthrift: prevents voluntary transfers, mandatory: required distributions may be attachable, discretionary: no right, better protection, exceptions: child support, alimony, domestic: domestic asset protection trust, offshore: foreign asset protection trust, maximum protection, self-settled: some states allow self-settled domestic trusts), 15) Multi-generational planning (100+ years: plan for multiple generations, skip children: consider skipping children's generation, dynasty: perpetual dynasty if state allows, insurance: second-to-die or dynasty life insurance, family bank: trust as family bank for education, homes, business, governance: family meetings, teach next generation). Deliverable: trust document outline, GST allocation strategy, funding recommendation, comparative analysis vs alternatives, asset protection assessment, administrative roadmap. ``` --- ## AI for GRC: Governance, Risk & Compliance Professionals **Category:** Governance, Risk & Compliance **Prompts:** 11 **Description:** Comprehensive compliance prompts for security engineers, compliance officers, and legal counsel covering NIST, ISO 27001, GDPR, CCPA, SOX, PCI DSS, control mapping, audit preparation, risk assessments, and regulatory frameworks with specific citations and evidence requirements. **Tags:** Compliance, GRC, Security, Legal, Audit, Compliance Professionals ### Security Framework Compliance & Control Mapping Map security controls across NIST, ISO 27001, CIS, and other frameworks with gap analysis. #### NIST Cybersecurity Framework implementation **Use case:** NIST Cybersecurity Framework adoption and maturity improvement **For:** CISO, Security Architect, Compliance Officer, Risk Manager, Information Security Manager, GRC Analyst ``` Implement NIST CSF for organization. Organization: [industry, size, regulatory requirements]. Current maturity: [tier level 1-4]. Target: [tier level]. Scope: [entire organization, specific business units, systems]. NIST CSF implementation: 1) Framework core structure (five functions: Identify, Protect, Detect, Respond, Recover, 23 categories: organizational level outcomes, 108 subcategories: specific technical/management activities, informative references: map to standards NIST 800-53, ISO 27001, CIS Controls, tiers: Partial (1), Risk Informed (2), Repeatable (3), Adaptive (4), profile: current state and target state profiles), 2) Identify function (ID.AM: Asset Management - inventory of hardware, software, data, ID.BE: Business Environment - mission, objectives, stakeholders, supply chain, ID.GV: Governance - policies, legal/regulatory requirements, ID.RA: Risk Assessment - identify and document risks, ID.RM: Risk Management Strategy - priorities, constraints, risk tolerance, ID.SC: Supply Chain Risk Management - third-party risks, evidence: asset inventory, risk register, policies, third-party assessments), 3) Protect function (PR.AC: Identity Management and Access Control - credentials managed, MFA, least privilege, PR.AT: Awareness and Training - security awareness program, role-based training, PR.DS: Data Security - protect confidentiality and integrity, encryption, DLP, PR.IP: Information Protection Processes - baseline configs, change control, secure SDLC, PR.MA: Maintenance - maintain and log maintenance activities, PR.PT: Protective Technology - communications protected, audit logs, evidence: access reviews, training records, encryption configs, change logs), 4) Detect function (DE.AE: Anomalies and Events - detect anomalous activity, establish baseline, DE.CM: Security Continuous Monitoring - network monitored, personnel activity monitored, DE.DP: Detection Processes - detection processes tested, roles and responsibilities defined, evidence: SIEM logs, IDS/IPS configs, detection testing results, monitoring procedures), 5) Respond function (RS.RP: Response Planning - execute response plan, RS.CO: Communications - coordinate with stakeholders, share information, RS.AN: Analysis - investigate notifications, understand impact, RS.MI: Mitigation - contain incidents, mitigate newly identified vulnerabilities, RS.IM: Improvements - incorporate lessons learned, evidence: incident response plan, communication logs, post-incident reviews), 6) Recover function (RC.RP: Recovery Planning - execute recovery plan, RC.IM: Improvements - incorporate recovery lessons learned, RC.CO: Communications - manage public relations and reputation, evidence: disaster recovery plan, recovery test results, restoration documentation), 7) Current state assessment (interview: stakeholders across departments, review: existing policies, procedures, technical controls, testing: vulnerability scans, penetration tests, gap analysis: compare current vs target profile, scoring: score each subcategory 0-4 (not implemented to fully implemented), prioritization: based on risk and business impact, quick wins: identify easy wins for momentum), 8) Target profile development (business drivers: based on risk appetite and business objectives, regulatory: map to regulatory requirements, industry benchmarks: compare to peers, risk-based: focus on highest risk areas, resources: consider available resources and timeline, achievable: realistic given constraints, stakeholder approval: get buy-in from leadership), 9) Gap analysis and roadmap (gaps: list gaps between current and target, severity: critical, high, medium, low, dependencies: identify prerequisite activities, quick wins: low-effort, high-impact items first, phases: organize into phases 6-12-18-24 months, resources: estimate resources needed per gap, budget: cost estimate for closing gaps, timeline: realistic timeline with milestones), 10) Control implementation (policies: develop or update information security policies, procedures: standard operating procedures for each control, technical controls: implement firewalls, IDS/IPS, SIEM, encryption, administrative controls: access reviews, background checks, training, physical controls: badges, cameras, secure areas, documentation: document control implementation and evidence), 11) Integration with other frameworks (NIST 800-53: detailed control catalog, 325 controls, ISO 27001: Annex A controls mapping, CIS Controls: 18 critical security controls, PCI DSS: if applicable, payment card security, HIPAA: if applicable, healthcare data, GDPR: if applicable, personal data protection, mapping: maintain crosswalk matrix between frameworks), 12) Metrics and measurement (implementation status: % of subcategories implemented, maturity level: tier rating by function or overall, key performance indicators: mean time to detect/respond, number of incidents, key risk indicators: % systems patched, % employees trained, risk metrics: open vulnerabilities, residual risk, dashboard: executive dashboard with key metrics, trend: track improvement over time), 13) Continuous improvement (annual review: reassess profile and maturity, threat landscape: update based on emerging threats, lessons learned: from incidents and near-misses, technology changes: new systems and technologies, regulatory: changes in regulations, benchmarking: compare to industry peers, adaptive: move toward tier 4 adaptive maturity), 14) Governance and oversight (steering committee: executive oversight of CSF program, working groups: technical implementation teams, RACI: responsibility assignment matrix, reporting: regular reports to board/executives, metrics: report on metrics and progress, escalation: process for escalating issues, audit: periodic audits of CSF implementation), 15) Third-party risk management (supplier assessment: assess critical suppliers against CSF, contracts: include security requirements in contracts, monitoring: ongoing monitoring of third-party security, incidents: third-party incident response, supply chain: map supply chain dependencies, evidence: supplier security assessments, contracts, monitoring results). Deliverables: current state profile, target state profile, gap analysis with prioritized roadmap, control implementation plan, policy and procedure templates, crosswalk to other frameworks, metrics dashboard, executive summary with recommendations. ``` #### ISO 27001 control mapping and gap analysis **Use case:** ISO 27001 ISMS implementation and certification preparation **For:** ISO 27001 Lead Implementer, CISO, Information Security Manager, Compliance Officer, Risk Manager, Internal Auditor, GRC Manager ``` Map organization to ISO 27001:2022 controls. Organization: [industry, size, scope]. Current state: [describe existing controls]. Certification goal: [seeking certification yes/no, timeline]. ISO 27001 implementation: 1) Standard structure (Clause 4: Context of organization - internal/external issues, interested parties, scope, Clause 5: Leadership - commitment, policy, roles, Clause 6: Planning - risk assessment, risk treatment, Clause 7: Support - resources, competence, awareness, documented information, Clause 8: Operation - planning, risk assessment/treatment, Clause 9: Performance evaluation - monitoring, internal audit, management review, Clause 10: Improvement - nonconformity, corrective action, continual improvement, Annex A: 93 controls in 4 themes), 2) Annex A control themes (Organizational controls: 37 controls - policies, roles, HR security, asset management, access control, supplier relationships, People controls: 8 controls - before, during, after employment, awareness, disciplinary, Physical controls: 14 controls - secure areas, entry controls, working in secure areas, equipment security, Technological controls: 34 controls - user endpoints, privileged access, information access, encryption, key management, secure development, configuration, vulnerability management, logging, monitoring, incident management, business continuity), 3) Detailed control mapping (A.5.1: Policies - information security policy suite, A.5.7: Threat intelligence - gather and analyze threat intelligence, A.5.23: Information security for cloud services - secure cloud service use, A.8.1: User endpoint devices - manage information on user endpoints, A.8.2: Privileged access rights - restrict and manage privileged access, A.8.3: Information access restriction - restrict access per access control policy, A.8.5: Secure authentication - secure authentication technologies and procedures, A.8.8: Management of technical vulnerabilities - awareness and address vulnerabilities, for each control: control objective, implementation guidance, evidence required, responsible party), 4) Information Security Management System (ISMS scope: boundaries and applicability, explicitly state what's in and out, policy: top-level information security policy, approved by leadership, risk assessment methodology: how risks are identified, analyzed, evaluated, criteria: likelihood and impact scales, risk acceptance criteria, risk treatment: options - modify, retain, avoid, share, Statement of Applicability: document all 93 controls, applicability, justification if excluded), 5) Risk assessment process (asset identification: information assets, systems, services, threat identification: threat sources and types, vulnerability identification: weaknesses that can be exploited, existing controls: controls currently in place, likelihood: probability of threat exploiting vulnerability, impact: consequence if risk materializes, inherent risk: risk before controls, residual risk: risk after controls, risk register: document all identified risks, risk owners: assign ownership of each risk), 6) Risk treatment plan (risk treatment options: accept, mitigate, transfer, avoid, treatment selection: based on cost-benefit and risk tolerance, control selection: select applicable Annex A controls, additional controls: may implement controls not in Annex A, implementation plan: who, what, when for each control, residual risk acceptance: document acceptance of residual risks, Statement of Applicability: final SoA with all decisions), 7) Documented information (mandatory documents: scope, policy, risk assessment methodology, risk assessment results, risk treatment plan, Statement of Applicability, competence records, monitoring results, internal audit program and results, management review results, nonconformities and corrective actions, procedures: may be required depending on organization, work instructions: detailed technical procedures, records: evidence of control operation, retention: define retention periods), 8) Organizational controls implementation (A.5 series: policies for information security, roles and responsibilities, segregation of duties, management responsibilities, contact with authorities, contact with special interest groups, threat intelligence, information security in project management, inventory of information and assets, acceptable use, return of assets, classification, labeling, information transfer, access control, identity management, authentication, access rights, supplier information security, managing information security in supplier relationships, ICT supply chain, monitoring and review of supplier services, managing changes to supplier services, information security for use of cloud services, incident management planning and preparation, assessment and decision on information security events, response to incidents, learning from incidents, collection of evidence, information security during disruption, ICT redundancy, evidence: policy documents, procedures, asset inventory, contracts, incident logs), 9) People controls implementation (A.6 series: screening, terms and conditions of employment, information security awareness education and training, disciplinary process, responsibilities after termination, confidentiality or non-disclosure agreements, remote working, information security event reporting, evidence: background check records, employment contracts, training records, NDAs, remote work policies, incident reports), 10) Physical controls implementation (A.7 series: physical security perimeters, physical entry, securing offices rooms and facilities, physical security monitoring, protecting against physical and environmental threats, working in secure areas, clear desk and clear screen, equipment siting and protection, security of assets off-premises, storage media, supporting utilities, cabling security, equipment maintenance, secure disposal or re-use of equipment, evidence: badge system logs, CCTV footage, environmental monitoring, visitor logs, asset disposal certificates), 11) Technological controls implementation (A.8 series: user endpoint devices, privileged access rights, information access restriction, access to source code, secure authentication, capacity management, protection against malware, management of technical vulnerabilities, configuration management, information deletion, data masking, data leakage prevention, information backup, redundancy of information processing facilities, logging, monitoring activities, clock synchronization, use of privileged utility programs, installation of software on operational systems, networks security, security of network services, segregation of networks, web filtering, use of cryptography, secure development life cycle, application security requirements, secure system architecture and engineering, secure coding, security testing in development and acceptance, outsourced development, separation of development test and production environments, change management, test information, protection of information systems during audit testing, evidence: access control lists, authentication configs, vulnerability scans, patch management logs, backup test results, SIEM logs, network diagrams, encryption policies, SDLC documentation, code reviews, pen test reports), 12) Gap analysis methodology (assess each control: not implemented, partially implemented, largely implemented, fully implemented, evidence: request and review evidence of implementation, interviews: interview control owners, observations: observe controls in operation, testing: test control effectiveness, document gaps: list gaps and severity, root cause: identify why gaps exist, prioritization: risk-based prioritization of gaps), 13) Implementation roadmap (phase 1: critical gaps and quick wins, 0-6 months, phase 2: high-priority gaps, 6-12 months, phase 3: medium-priority gaps, 12-18 months, phase 4: continuous improvement, ongoing, resources: staffing and budget requirements, dependencies: identify prerequisites, milestones: key deliverables and dates, reporting: progress reporting to leadership, risk: implementation risks and mitigation), 14) Internal audit program (audit scope: full ISMS or specific areas, audit criteria: ISO 27001 clauses and Annex A controls, audit frequency: annual full audit, more frequent for critical areas, auditor competence: trained internal auditors, independence: auditors independent of area being audited, audit plan: schedule of audits for the year, audit execution: opening meeting, interviews, evidence review, observations, closing meeting, audit report: findings, nonconformities, observations, follow-up: verify corrective actions implemented), 15) Certification preparation (pre-assessment: gap analysis against standard, remediation: close identified gaps, documentation: ensure all required documentation, internal audit: conduct full internal audit, management review: management review of ISMS, certification body: select accredited certification body, stage 1 audit: documentation review, stage 2 audit: on-site implementation audit, corrective actions: address any nonconformities, certification: if successful, receive certificate, surveillance: annual surveillance audits, recertification: every 3 years). Deliverables: full control gap analysis, Statement of Applicability, risk assessment and treatment plan, implementation roadmap, policy and procedure suite, internal audit program, certification readiness assessment, remediation tracking. ``` #### Multi-framework control mapping matrix **Use case:** Unified compliance program reducing duplicate efforts across frameworks **For:** GRC Manager, Compliance Director, CISO, Internal Audit Manager, Risk and Compliance Analyst, Information Security Manager ``` Create unified control mapping across frameworks. Frameworks: NIST CSF, NIST 800-53, ISO 27001, CIS Controls, PCI DSS, SOC 2, HIPAA Security Rule, [industry-specific frameworks]. Organization: [industry, regulatory environment]. Use case: [reduce duplicate efforts, unified compliance, audit preparation]. Control mapping framework: 1) Unified Control Library (UCL master list: comprehensive list of unique security controls, control domains: organize into logical domains - access control, encryption, monitoring, network security, control ID: unique identifier for each master control, control description: technology and process-agnostic description, control objective: what the control achieves, implementation guidance: how to implement, avoid framework-specific language), 2) NIST CSF mapping (106 subcategories: map each to UCL, function: Identify, Protect, Detect, Respond, Recover, category: 23 categories, subcategory: specific outcome, example: PR.AC-1 Identities and credentials managed → UCL-AC-001 Identity and Access Management, informative references: NIST CSF already maps to 800-53, ISO 27001, use those, maintain: bidirectional mapping UCL ↔ NIST CSF), 3) NIST 800-53 mapping (325 controls: map security and privacy controls, control families: AC Access Control, AU Audit and Accountability, IA Identification and Authentication, SC System and Communications Protection, 20 families total, control enhancements: some controls have enhancements (e.g., AC-2(1)), baselines: Low, Moderate, High impact baselines, example: AC-2 Account Management → UCL-AC-001 Identity and Access Management, overlays: industry-specific overlays), 4) ISO 27001:2022 Annex A mapping (93 controls: map all controls, 4 themes: Organizational, People, Physical, Technological, control format: A.X.Y where X is section, Y is control number, example: A.8.2 Privileged access rights → UCL-AC-005 Privileged Access Management, applicability: some controls may not apply to all organizations, Statement of Applicability: reference in SoA), 5) CIS Controls v8 mapping (18 controls: 153 safeguards total, Implementation Groups: IG1, IG2, IG3 based on organization size/sophistication, safeguards: specific technical and procedural activities, example: CIS Control 6 Access Control Management → UCL-AC-001, UCL-AC-003, UCL-AC-005, prioritization: focus on IG1 for basic security hygiene, asset type: which assets each safeguard applies to), 6) PCI DSS 4.0 mapping (12 requirements: payment card data security, 64 sub-requirements: detailed requirements, testing procedures: specific tests for each requirement, example: Requirement 8 Identify users and authenticate access → UCL-AC-001, UCL-AC-002, cardholder data environment: only in-scope systems, self-assessment: SAQ or full assessment, compensating controls: if cannot meet requirement exactly), 7) SOC 2 Trust Service Criteria mapping (5 categories: Security (all engagements), Availability, Processing Integrity, Confidentiality, Privacy (optional), common criteria: CC controls common to all categories, example: CC6.1 Logical and physical access controls → UCL-AC-001, UCL-PHY-001, control points: specific control activities, testing: auditor tests control operation, Type I vs Type II: point in time vs operating effectiveness over time), 8) HIPAA Security Rule mapping (3 safeguard categories: Administrative, Physical, Technical, standards: 18 standards total, implementation specifications: Required or Addressable, example: 164.312(a)(1) Access Control → UCL-AC-001, addressable: can implement equivalent alternative if documented, documentation: must document decisions, privacy rule: separate from security rule but related), 9) Industry-specific frameworks (NERC CIP: for bulk electric system, CMMC: for defense contractors, Levels 1-3, FISMA: for federal agencies, FedRAMP: for federal cloud, HITRUST CSF: for healthcare, synthesize, PCI PIN: for PINs and point-of-interaction devices, state laws: CCPA, NYCRR 500 (NY financial services), others, international: GDPR (EU), PIPEDA (Canada), PDPA (Singapore)), 10) Control mapping matrix (rows: UCL master controls, columns: framework-specific control IDs, cells: map each framework control to UCL, many-to-many: one UCL may map to multiple framework controls and vice versa, bidirectional: can view by UCL or by framework, color coding: implementation status by control, filterable: filter by framework, domain, status), 11) Gap analysis across frameworks (assess once: assess each UCL control once, applies to all: assessment applies to all mapped frameworks, gaps: identify gaps per framework, common gaps: gaps affecting multiple frameworks, prioritize, framework-specific: gaps unique to one framework, efficiency: avoid duplicate assessments, evidence: single evidence repository mapped to multiple controls), 12) Unified evidence collection (evidence types: policies, procedures, screenshots, logs, test results, attestations, evidence library: centralized repository, metadata: tag evidence with applicable controls and frameworks, reuse: same evidence for multiple frameworks/audits, version control: maintain evidence versions, retention: retain per longest requirement), 13) Compliance dashboard (overall status: % compliance across all frameworks, by framework: compliance % per framework, by domain: access control, encryption, incident response, trend: improvement over time, risk: risk level of open gaps, upcoming audits: upcoming compliance activities, responsible parties: ownership of gaps), 14) Integrated audit approach (single assessment: one assessment process, multiple outputs: generate framework-specific outputs, audit plan: cover all frameworks in scope, auditors: may need multiple auditors with different expertise, efficiency: significantly reduce audit burden, continuous: ongoing monitoring vs point-in-time, automation: use GRC tools to automate mapping), 15) Maintenance and updates (framework updates: monitor for framework changes, ISO 27001:2022: example of major update, mapping updates: update mapping when frameworks change, new frameworks: add new frameworks to matrix, control additions: add new controls as organization matures, annual review: review mapping accuracy annually, stakeholder input: get feedback from auditors and assessors). Deliverables: unified control library, comprehensive mapping matrix (Excel or GRC tool), gap analysis across all frameworks, consolidated evidence library, compliance dashboard, integrated audit plan, framework update tracking process. ``` #### CIS Controls implementation prioritization **Use case:** CIS Controls deployment for foundational cybersecurity **For:** Security Engineer, CISO, IT Security Manager, Compliance Officer, System Administrator, Network Security Engineer ``` Implement CIS Critical Security Controls v8. Organization profile: Size: [small <1000, medium 1000-10000, large >10000 employees], Industry: [industry], Maturity: [starting, intermediate, advanced]. Assets: [describe IT environment]. Implementation Groups: 1) Implementation Group selection (IG1: small organizations, limited IT/security expertise, commercial off-the-shelf (COTS) software, 56 safeguards, foundational cyber hygiene, IG2: medium organizations, dedicated IT/security staff, manage some custom software, 74 additional safeguards (130 total), heightened risk, IG3: large organizations, significant IT/security resources, custom applications, sensitive data, 23 additional safeguards (153 total), mature security programs), 2) CIS Control 1: Inventory and Control of Enterprise Assets (1.1: Establish and maintain detailed enterprise asset inventory, 1.2: Address unauthorized assets, 1.3: Utilize an active discovery tool, 1.4: Use dynamic host configuration protocol (DHCP) logging, 1.5: Use a passive asset discovery tool, asset types: devices, servers, network equipment, IoT, tools: asset management platforms, CMDB, automated discovery, evidence: asset inventory report, discovery tool screenshots, update frequency), 3) CIS Control 2: Inventory and Control of Software Assets (2.1: Establish and maintain software inventory, 2.2: Ensure authorized software is currently supported, 2.3: Address unauthorized software, 2.4: Utilize automated software inventory tools, 2.5: Allowlist authorized software, 2.6: Allowlist authorized libraries, 2.7: Allowlist authorized scripts, tools: software asset management, application control, evidence: software inventory, allowlist, update process), 4) CIS Control 3: Data Protection (3.1: Establish and maintain data management process, 3.2: Establish and maintain data inventory, 3.3: Configure data access control lists, 3.4: Enforce data retention, 3.5: Securely dispose of data, 3.6: Encrypt data on end-user devices, 3.7: Establish and maintain data classification scheme, 3.8: Document data flows, 3.9: Encrypt data on removable media, 3.10: Encrypt sensitive data in transit, 3.11: Encrypt sensitive data at rest, 3.12: Segment data processing and storage, 3.13: Deploy a data loss prevention solution, 3.14: Log sensitive data access, data types: PII, PHI, payment card, IP, tools: DLP, encryption, evidence: data inventory, classification, encryption configs), 5) CIS Control 4: Secure Configuration of Enterprise Assets and Software (4.1: Establish and maintain secure configuration process, 4.2: Establish and maintain secure configuration for enterprise assets, 4.3: Configure automatic session locking, 4.4: Implement and manage firewall on end-user devices, 4.5: Implement and manage firewall on servers, 4.6: Securely manage enterprise assets and software, 4.7: Manage default accounts, 4.8: Uninstall or disable unnecessary services, 4.9: Configure trusted DNS servers, 4.10: Enforce automatic device lockout on portable devices, 4.11: Enforce remote wipe capability, 4.12: Separate enterprise workspaces on mobile devices, baselines: CIS Benchmarks, DISA STIGs, vendor hardening guides, tools: configuration management, evidence: baseline configs, compliance scans), 6) CIS Control 5: Account Management (5.1: Establish and maintain an inventory of accounts, 5.2: Use unique passwords, 5.3: Disable dormant accounts, 5.4: Restrict administrator privileges, 5.5: Establish and maintain MFA, 5.6: Centralize account management, tools: identity governance, PAM, evidence: account reviews, MFA enrollment, privileged access reports), 7) CIS Control 6: Access Control Management (6.1: Establish access granting process, 6.2: Establish access revoking process, 6.3: Require MFA for externally-exposed applications, 6.4: Require MFA for remote network access, 6.5: Require MFA for administrative access, 6.6: Establish and maintain an inventory of authentication systems, 6.7: Centralize access control, 6.8: Define and maintain role-based access control, tools: IAM, SSO, MFA, evidence: access request process, RBAC documentation, MFA configs), 8) CIS Control 7: Continuous Vulnerability Management (7.1: Establish and maintain vulnerability management process, 7.2: Establish and maintain remediation process, 7.3: Perform automated operating system patch management, 7.4: Perform automated application patch management, 7.5: Perform automated vulnerability scans, 7.6: Perform automated vulnerability scans of internal networks, 7.7: Remediate detected vulnerabilities, tools: vulnerability scanners, patch management, evidence: scan reports, patch levels, remediation SLAs), 9) CIS Control 8: Audit Log Management (8.1: Establish and maintain audit log management process, 8.2: Collect audit logs, 8.3: Ensure adequate storage for logs, 8.4: Standardize time synchronization, 8.5: Collect detailed audit logs, 8.6: Collect DNS query logs, 8.7: Collect URL request logs, 8.8: Collect command-line audit logs, 8.9: Centralize audit logs, 8.10: Retain audit logs, 8.11: Conduct reviews of audit logs, 8.12: Collect service provider logs, tools: SIEM, log management, evidence: logging configs, log retention policy, log review records), 10) CIS Control 9: Email and Web Browser Protections (9.1: Ensure use of only fully supported browsers and email clients, 9.2: Use DNS filtering services, 9.3: Maintain and enforce network-based URL filters, 9.4: Restrict unnecessary or unauthorized browser and email client extensions, 9.5: Implement DMARC, 9.6: Block unnecessary file types, 9.7: Deploy and maintain email server anti-malware protections, tools: email security gateway, web proxy, DNS filtering, evidence: filter policies, DMARC records, anti-malware configs), 11) CIS Control 10: Malware Defenses (10.1: Deploy and maintain anti-malware software, 10.2: Configure automatic anti-malware signature updates, 10.3: Disable autorun and autoplay for removable media, 10.4: Configure automatic anti-malware scanning of removable media, 10.5: Enable anti-exploitation features, 10.6: Centrally manage anti-malware software, 10.7: Use behavior-based anti-malware software, tools: endpoint protection, EDR, evidence: anti-malware deployment, signature updates, detection reports), 12) CIS Control 11: Data Recovery (11.1: Establish and maintain data recovery process, 11.2: Perform automated backups, 11.3: Protect recovery data, 11.4: Establish and maintain an isolated instance of recovery data, 11.5: Test data recovery, tools: backup solutions, immutable backups, evidence: backup schedules, encryption, recovery test results), 13) CIS Control 12: Network Infrastructure Management (12.1-12.8: network device inventory, secure configuration, infrastructure device config backup, secure network configuration, centralized network authentication, encrypted network traffic, establish and maintain dedicated computing for all admin work, ensure remote devices utilize VPN, tools: network management, evidence: network diagrams, configuration backups, VPN logs), 14) Implementation prioritization (IG1 first: implement all 56 IG1 safeguards before moving to IG2, quick wins: identify quick wins within IG1, risk-based: prioritize based on organizational risk, dependencies: consider technical dependencies, resources: realistic based on resources, phases: 6-12-18 month phases, measurement: metrics for each control), 15) Metrics and monitoring (implementation metrics: % safeguards implemented per control, compliance metrics: compliance with each safeguard, effectiveness metrics: did safeguards prevent/detect attacks, maturity scoring: score 0-5 for each control, dashboard: executive dashboard, trend: improvement over time, benchmarking: compare to peer organizations). Deliverables: IG assessment and selection, control implementation roadmap, prioritized safeguard list, implementation procedures per safeguard, metrics dashboard, gap analysis with current state, resource and budget estimate. ``` ### Data Privacy & Protection Compliance GDPR, CCPA, and privacy regulation compliance with DPAs, PIAs, and data mapping. #### GDPR compliance program and DPA generation **Use case:** GDPR compliance program and data processing agreement development **For:** Data Protection Officer, Privacy Counsel, Compliance Officer, Privacy Manager, Legal Counsel, CISO, GRC Manager ``` Implement GDPR compliance program. Organization: [data controller or processor], Operations: [where process EU personal data], Data types: [personal data categories], Legal basis: [consent, contract, legitimate interest, legal obligation]. GDPR compliance framework: 1) GDPR scope and applicability (territorial scope: Article 3, EU establishment processing personal data, or targeting EU data subjects, personal data: Article 4(1) any information relating to identified or identifiable natural person, special categories: Article 9 sensitive data - health, biometric, genetic, racial, religious, trade union, sex life, criminal: Article 10 criminal convictions and offenses, data subject: identified or identifiable living person), 2) Principles relating to processing (Article 5: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, accountability, demonstrate compliance: controller must demonstrate), 3) Lawful basis for processing (Article 6: consent explicit freely given, contract performance or pre-contractual steps, legal obligation compliance, vital interests protection, public task performance, legitimate interests except where overridden by data subject interests, special categories: Article 9(2) requires additional condition, hierarchy: determine and document legal basis before processing), 4) Data subject rights (Article 15: Right of access copy of personal data, Article 16: Right to rectification correct inaccurate data, Article 17: Right to erasure right to be forgotten, Article 18: Right to restriction of processing, Article 20: Right to data portability machine-readable format, Article 21: Right to object to processing, Article 22: Automated decision-making including profiling, response time: one month, extendable by two months), 5) Controller obligations (Article 24: Responsibility of controller implement appropriate measures, Article 25: Data protection by design and by default, Article 30: Records of processing activities (ROPA) required for >250 employees or regular processing of special categories, Article 32: Security of processing appropriate technical and organizational measures, Article 33: Breach notification to supervisory authority within 72 hours, Article 34: Breach notification to data subjects without undue delay if high risk, Article 35: Data Protection Impact Assessment for high-risk processing, Article 37-39: Data Protection Officer if public authority, large scale monitoring, or large scale special categories), 6) Data Processing Agreement (DPA) (Article 28: controller must have written contract with processor, required clauses: subject matter and duration, nature and purpose of processing, type of personal data, categories of data subjects, obligations and rights of controller, processor obligations: process only on documented instructions, ensure confidentiality of persons authorized to process, implement Article 32 security measures, engage sub-processors only with controller authorization, assist controller with data subject rights requests, assist with Articles 32-36 security and DPIAs, delete or return personal data after end of services, make available all information necessary to demonstrate compliance, sub-processors: same obligations as processor, liability: processor liable for sub-processor, Standard Contractual Clauses: for transfers outside EEA), 7) International data transfers (Article 44: transfers only if controller/processor complies with conditions, adequacy decision: Article 45 EU Commission adequacy decision for country, appropriate safeguards: Article 46 standard contractual clauses, binding corporate rules, UK: UK ICO international data transfer agreement and addendum, SCCs: Schengen decision 2021/914, Module 1-4 depending on C2C, C2P, P2P, P2C, Transfer Impact Assessment: assess country laws and practices, US: EU-US Data Privacy Framework adequacy decision July 2023), 8) Records of Processing Activities (ROPA) (Article 30: maintain ROPA if >250 employees or certain processing, controller ROPA: name and contact of controller and DPO, purposes of processing, categories of data subjects and personal data, categories of recipients, international transfers, retention periods, security measures, processor ROPA: name and contact of processor and DPO, categories of processing on behalf of each controller, international transfers, security measures, format: spreadsheet or privacy management tool, review: annually or when processing changes), 9) Data Protection Impact Assessment (DPIA) (Article 35: required for high risk processing, triggers: large-scale profiling, large-scale special categories, systematic monitoring of publicly accessible area, new technologies, automated decision making with legal/similar effects, content: description of processing and purposes, assessment of necessity and proportionality, assessment of risks to data subjects, measures to address risks including safeguards, consultation: with DPO if appointed, supervisory authority: consult if residual high risk), 10) Data Protection Officer (DPO) (Article 37: appoint if public authority, core activities regular systematic monitoring large scale, core activities large scale special categories, position: expert knowledge of data privacy law, independent: report to highest management, resources: necessary resources to carry out tasks, tasks: inform and advise, monitor GDPR compliance, advise on DPIAs, cooperate with supervisory authority, point of contact for data subjects and authority, contact: publish contact details), 11) Data breach response (Article 33: notify supervisory authority within 72 hours unless unlikely to result in risk, Article 34: notify data subjects without undue delay if high risk, notification content: nature of breach, name and contact of DPO, likely consequences, measures taken or proposed, documentation: document all breaches even if not notified, assessment: assess likelihood and severity of risk, ICO UK: report via ICO website, other EU: each member state authority), 12) Data subject request handling (process: authenticate data subject, verify if personal data held, respond within one month, free of charge unless manifestly unfounded or excessive, format: commonly used electronic form unless otherwise requested, access: provide copy of data undergoing processing, rectification: correct inaccurate data, erasure: delete if no legal basis to retain, restriction: mark data so not processed, portability: provide in structured machine-readable format, object: assess if legitimate grounds override, log: document all requests and responses), 13) Privacy notices and transparency (Article 13-14: provide information to data subjects, identity and contact: of controller, contact of DPO if applicable, purposes and legal basis: why processing, legitimate interests: if applicable, recipients: who receives data, international transfers: if applicable, retention: or criteria for determining, rights: access, rectification, erasure, restriction, portability, object, withdraw consent, complain to supervisory authority, automated decision-making: existence and logic, source: if not collected from data subject, timing: at collection or within one month if not from subject, method: privacy notice, layered approach), 14) Vendor management and sub-processors (list: maintain list of sub-processors, authorization: general or specific authorization by controller, notification: inform controller of new sub-processors, objection: controller can object, contract: same DPA obligations, UK: UK ICO approved international data transfer addendum if needed, monitoring: periodic review of sub-processor compliance, right to audit: include audit rights in DPA), 15) Supervisory authority engagement (lead authority: Article 56 lead supervisory authority for cross-border processing, national: or national authority if single-country, complaints: data subjects can complain to authority, investigations: authority can investigate, enforcement: warnings, reprimands, fines up to €20M or 4% global revenue, cooperation: cooperate with authority investigations, one-stop-shop: deal with lead authority if cross-border). Deliverables: comprehensive DPA template, ROPA template and guidance, DPIA template and process, privacy notice templates, data subject request process, breach notification procedure, vendor assessment questionnaire, international transfer mechanism, training materials, compliance checklist. ``` #### CCPA privacy impact assessment and compliance **Use case:** CCPA/CPRA compliance and privacy impact assessment **For:** Privacy Counsel, Compliance Officer, Privacy Manager, Data Protection Officer, Legal Counsel, GRC Manager, Chief Privacy Officer ``` Implement California Consumer Privacy Act (CCPA) compliance. Business scope: Revenue: [>$25M, or >50k consumers, or >50% revenue from selling personal information], Operations: [sell personal information yes/no], Personal information: [categories collected]. CCPA compliance framework: 1) CCPA/CPRA applicability (California Consumer Privacy Act: effective January 2020, California Privacy Rights Act: amendments effective January 2023, business: for-profit entity doing business in California meeting thresholds, personal information: information that identifies, relates to, describes, capable of being associated with particular consumer or household, sensitive personal information: CPRA added sensitive PI - SSN, drivers license, precise geolocation, racial/ethnic origin, religious beliefs, union membership, genetic data, biometric, health, sex life, contents of mail), 2) Consumer rights (Right to Know: categories and specific pieces of PI collected, Right to Delete: delete PI subject to exceptions, Right to Opt-Out: of sale or sharing of PI, Right to Correct: inaccurate PI (CPRA), Right to Limit: use and disclosure of sensitive PI (CPRA), Non-Discrimination: cannot discriminate for exercising rights, authorized agent: can designate agent to submit requests, minors: opt-in required for under 16), 3) Business obligations (Privacy policy: describe categories of PI collected, sources, purposes, categories shared, right to opt-out if sell/share, updating: update at least annually, notice at collection: inform consumers at/before collection, methods: two or more methods to submit requests, verify: verify identity before responding, timing: respond within 45 days, extensible by 45 days, free: do not charge fee unless excessive), 4) Disclosure requirements (privacy policy content: categories of PI collected in preceding 12 months, sources from which collected, business or commercial purposes, categories of third parties shared with, categories sold or shared, retention period or criteria, rights and how to exercise, contact information for questions, effective date and changes, do not sell link: if sell PI, clear Do Not Sell or Share My Personal Information link, financial incentives: if offer incentives, explain, update: at least every 12 months), 5) Consumer request handling (request methods: toll-free number and website at minimum, authentication: verify identity reasonably, known consumer: if has account, password-protected account, unknown consumer: match 2-3 data points, response timing: 45 days, extend 45 days if reasonably necessary with notice, denial: if cannot verify, explain and provide contact, free: first two requests free, can charge reasonable fee for excessive requests, right to know: disclose categories and specific pieces separately, right to delete: delete and direct service providers to delete), 6) Do Not Sell/Share (sell: selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating, monetary or other valuable consideration, exceptions: to service providers, for CCPA exempt purposes, share: for cross-context behavioral advertising, opt-out: Do Not Sell or Share My Personal Information link on homepage, opt-out signal: CPRA Global Privacy Control browser signal, service provider: instruct service providers not to sell, maintain list: businesses who sold to, 12-month record: maintain 12-month sales records), 7) Service provider and contractor contracts (contract required: written contract, restrictions: service provider can only use PI for specific purpose, prohibition: cannot sell PI or retain, use, disclose outside business relationship, certification: certify understands restrictions, CPRA: distinguish service provider from contractor, contractor: limited to providing services specified in contract, subcontractors: same obligations), 8) Sensitive personal information (CPRA categories: SSN, license, passport, account with password, precise geolocation, racial/ethnic origin, religious/philosophical beliefs, union membership, mail/email/text contents, genetic data, biometric for unique identification, health information, sex life/orientation, right to limit: consumers can limit use to necessary purposes, notice: provide notice of right to limit use at collection, purposes: only use for permitted purposes unless consumer provided consent), 9) Risk assessment (data inventory: identify all PI collected, data flow mapping: sources, uses, disclosures, sensitive PI: identify sensitive PI, high-risk processing: large-scale, sensitive categories, automated decision-making, risk to consumers: assess risks of processing, security: existing security controls, data minimization: collect only necessary PI, retention: delete when no longer needed), 10) Privacy impact assessment template (processing description: describe processing activities, legal basis: contract, legitimate interest, consent, necessity assessment: is processing necessary for purpose, proportionality: is processing proportionate to purpose, consumer expectations: reasonable expectations of consumers, data types: categories of PI including sensitive, data subjects: consumers, children, employees, third-party sharing: categories of recipients, international transfers: if transferring outside US, automated decisions: any automated decision-making, security measures: technical and organizational measures, retention: retention period and deletion process, data subject rights: how consumers can exercise rights, risks: risks to consumer privacy, mitigation: measures to mitigate risks), 11) Children's privacy (COPPA: applies to under 13, CCPA: opt-in for under 16, parental consent: for under 13, consumer consent: 13-15 can provide own consent, age verification: reasonable method to verify age, K-12: students covered by different CA law - SOPIPA), 12) Employee and B2B exemptions (exemptions: CCPA had temporary exemptions for employee and B2B PI, CPRA: exemptions expired January 1, 2023, now covered: employees, job applicants, contractors, B2B contacts all covered, limited: some requirements limited for employee data - right to know, right to delete), 13) Enforcement and penalties (California AG: enforces CCPA, California Privacy Protection Agency: new agency enforces CPRA effective July 2023, violations: $2,500 per violation, $7,500 per intentional violation, data breach: private right of action $100-750 per consumer per incident or actual damages, 30-day cure: for non-breach violations, CPRA: higher penalties, more enforcement), 14) Record-keeping requirements (requests log: log all consumer requests and responses, opt-outs: maintain list of opted-out consumers, sales: 12-month record of sales of PI, audits: maintain records for audit purposes, retention: retain records for 24 months minimum, annual: compile statistics on requests for privacy policy), 15) Training and documentation (employee training: train all who handle consumer requests, annual: at least annually, privacy policy: publish and maintain, procedures: document procedures for handling requests, vendor contracts: update contracts, security: document security measures, review: annual compliance review). Deliverables: privacy impact assessment, updated privacy policy with CCPA disclosures, consumer request handling procedures, Do Not Sell web page, service provider contract template, training materials, request tracking log, compliance checklist, annual report preparation. ``` #### Data mapping and personal data inventory **Use case:** Personal data discovery and privacy compliance foundation **For:** Privacy Manager, Data Protection Officer, Compliance Officer, Privacy Counsel, Information Security Manager, Data Governance Manager, GRC Analyst ``` Create comprehensive data map and personal data inventory. Organization: [describe], Systems: [list major systems and applications], Regulations: [GDPR, CCPA, HIPAA, others]. Data mapping framework: 1) Data inventory objectives (compliance: required for GDPR ROPA, CCPA, understand: what personal data held and where, risks: identify high-risk processing, rights: enable data subject rights responses, breaches: facilitate breach notification, third-parties: understand third-party data sharing, retention: identify data for deletion, security: focus security controls), 2) Personal data categories (contact information: name, email, phone, postal address, identification: government ID, passport, license, account, demographic: age, gender, date of birth, race, ethnicity, financial: bank account, credit card, payment info, online identifiers: IP address, cookie ID, device ID, geolocation: precise or general location data, biometric: fingerprints, facial recognition, voice, health: medical records, health insurance, prescriptions, genetic, genetic: DNA data, genetic test results, behavioral: browsing history, purchase history, app usage, professional: employment, job title, work history, education: education records, transcripts, degrees, special categories: GDPR Article 9 sensitive data, sensitive PI: CCPA/CPRA sensitive categories), 3) Data mapping methodology (discovery: automated scanning and manual documentation, systems: identify all systems storing PI, data flows: document flows from collection to deletion, interviews: interview business process owners, technical review: review databases, file shares, applications, third-party: identify all third-party processors, classification: classify data by sensitivity, documentation: document in inventory tool or spreadsheet, validation: validate with data owners, update: establish process for ongoing updates), 4) Data inventory template (data element: specific field or data point, data category: high-level category, sensitivity: public, internal, confidential, restricted, personal data: yes/no, special category: yes/no if GDPR, sensitive PI: yes/no if CCPA, system: where stored, database/table: specific location, data owner: business owner responsible, IT owner: technical owner, purpose: why collected and used, legal basis: GDPR legal basis if applicable, source: where obtained from, collection method: web form, API, purchase, third-party sharing: who data shared with, retention period: how long kept, deletion process: how deleted, security controls: encryption, access controls, international transfers: if transferred outside country, volume: approximate number of records), 5) Data flow mapping (process flows: map business processes involving PI, data sources: where data enters organization, collection points: websites, apps, in-person, stores, processing: what happens to data, enrichment: data combined or enriched, recipients: internal and external recipients, storage: where and how long stored, deletion: when and how deleted, transfers: to third parties or internationally, visualization: flowchart or data flow diagram, high-risk: identify high-risk flows), 6) System inventory (systems list: all systems processing PI, system name: official name, system owner: business and technical owners, description: what system does, PI categories: which PI categories processed, data subjects: types of data subjects, volume: number of records or data subjects, hosting: on-prem, cloud, SaaS, provider: if cloud/SaaS, location: geographic location, purpose: business purpose, legal basis: if GDPR, security: security controls in place, third-party access: if vendor has access, international: if data transferred internationally), 7) Third-party data sharing (recipients: identify all third-party recipients, name and contact: of recipient, relationship: customer, vendor, partner, service provider: processor or controller, purpose: why data shared, PI categories: what categories shared, data subjects: which types of subjects, volume: approximate volume, contract: DPA or contract in place, security: recipient's security measures, location: recipient's location, international transfer mechanism: if outside country, duration: how long relationship, audit rights: rights to audit recipient), 8) Data subject categories (customers: current and prospective, employees: current, former, applicants, contractors: independent contractors, consultants, vendors: vendor contacts, B2B: business contacts, website visitors: tracked visitors, app users: mobile app users, children: if applicable, special: any special categories, volume: approximate count per category), 9) Legal basis analysis (GDPR Article 6: identify legal basis for each processing activity, consent: where relying on consent, contract: performance or pre-contractual, legal obligation: compliance with law, vital interests: life or death situations, public task: public authority functions, legitimate interests: balancing test required, assessment: legitimate interest assessment if applicable, special categories: Article 9 additional basis if special category data, documentation: document basis in ROPA), 10) International data transfer inventory (transfers: identify all transfers outside country, GDPR: if EEA, transfers outside EEA, CCPA: no restriction but document, recipient country: where data transferred to, adequacy: adequacy decision if GDPR, mechanism: SCCs, BCRs, DPF if GDPR, assessment: Transfer Impact Assessment for GDPR, necessity: is transfer necessary, alternatives: can processing be done without transfer, security: additional security for transfer), 11) Retention and deletion (retention schedule: establish retention periods by data category, legal requirements: comply with legal requirements, business need: retain only as long as needed, automated deletion: implement automated deletion where possible, manual processes: for manual deletion, data subject requests: deletion upon request subject to exceptions, backup: deletion from backups, documentation: document retention decisions, review: annual review of retention), 12) High-risk processing identification (large-scale: processing of large scale, profiling: systematic profiling and automated decisions, special categories: large-scale special category data, monitoring: systematic monitoring public areas, vulnerable: children or other vulnerable groups, innovative: new technology or processes, decisions: automated decisions with legal/similar effects, matching: matching or combining datasets, DPIA: requires DPIA if high-risk), 13) Data minimization opportunities (necessity: is all data necessary for purpose, alternatives: can purpose be achieved with less data, pseudonymization: can data be pseudonymized, aggregation: can use aggregate data instead, deletion: can data be deleted sooner, collection: stop collecting unnecessary data, request: only request necessary data from data subjects), 14) Security control mapping (encryption: data encrypted at rest and in transit, access controls: who has access, role-based, MFA: multi-factor authentication, monitoring: logging and monitoring of access, DLP: data loss prevention controls, backup: backup and recovery procedures, incident response: breach response plan, testing: security testing and audits, physical: physical security controls, disposal: secure disposal procedures, pseudonymization: where applicable, separate: separation of environments), 15) Data inventory maintenance (owner: assign inventory owner, updates: when add new systems or processes, frequency: review quarterly or semi-annually, trigger: new system, new processing, breach, change: change management integration, tool: use privacy management tool if available, training: train team on maintaining inventory, audit: periodic audits of accuracy, version control: maintain version history). Deliverables: comprehensive personal data inventory, data flow diagrams, Records of Processing Activities (ROPA), third-party data sharing inventory, data retention schedule, high-risk processing list, data minimization recommendations, system inventory, international transfer documentation, ongoing maintenance process. ``` ### Financial & Industry-Specific Compliance SOX, PCI DSS, HIPAA audit preparation with detailed evidence collection and controls. #### SOX IT general controls and audit prep **Use case:** SOX IT general controls compliance and audit preparation **For:** IT Audit Manager, SOX Compliance Manager, Internal Auditor, IT Controls Specialist, Compliance Officer, CFO, Controller ``` Prepare for SOX (Sarbanes-Oxley) IT audit. Company: Public company, fiscal year end: [date], Auditor: [external auditor]. Systems: [financial reporting systems]. SOX compliance framework: 1) SOX overview and scope (Section 302: CEO/CFO certification of financial reports, Section 404: management assessment of internal controls over financial reporting (ICFR), Section 409: real-time disclosure, PCAOB AS 2201: auditing standard for ICFR audits, COSO framework: Committee of Sponsoring Organizations framework for internal controls, SOX scope: controls that could impact financial reporting, in-scope systems: financial reporting systems - ERP, consolidation, reporting tools, ITGC: IT general controls underlie application controls), 2) IT general controls (ITGCs) (access to programs and data: logical access controls, program changes: change management, computer operations: job scheduling, backups, program development: SDLC controls, these underlie: application controls and financial reporting, ITGC failures: can lead to material weakness, complementary controls: manual controls can't compensate for ITGC deficiencies), 3) Access controls (AC-1 User access management: user provisioning, changes, terminations, AC-2 Privileged access: elevated access restricted and monitored, AC-3 Access reviews: periodic review of user access rights, AC-4 Password controls: password policies and enforcement, AC-5 Remote access: VPN, multi-factor authentication, AC-6 Segregation of duties: incompatible access separated, evidence: new hire requests, termination confirmations, access review sign-offs, password policy config, VPN logs, SoD matrix and violation reports), 4) Program change management (CM-1 Change management policy: documented process for changes, CM-2 Change approval: changes approved before implementation, CM-3 Change testing: testing before production, CM-4 Emergency changes: process for emergency changes, CM-5 Code migration: segregation of duties dev to prod, CM-6 Version control: source code version control, evidence: change tickets, approval emails, test results, production logs, code repository access), 5) Computer operations (CO-1 Job scheduling: automated jobs scheduled and monitored, CO-2 Backup and recovery: regular backups, tested restores, CO-3 Monitoring: system monitoring and alerting, CO-4 Incident management: incidents logged and resolved, CO-5 Problem management: root cause analysis, evidence: job schedules, backup logs, restoration test results, monitoring alerts, incident tickets), 6) System development (SD-1 SDLC policy: documented system development lifecycle, SD-2 Requirements: requirements documented and approved, SD-3 Design: design documents and reviews, SD-4 Testing: unit, integration, user acceptance testing, SD-5 Implementation: controlled implementation, SD-6 Post-implementation review: verify operating as intended, evidence: SDLC policy, requirements docs, design docs, test plans and results, UAT sign-off, post-implementation review), 7) Scoping in-scope applications (identify: applications involved in financial reporting, direct: ERP, G/L, consolidation, billing, inventory, indirect: AD, databases, networks supporting financial apps, business process: order-to-cash, procure-to-pay, financial close, risk assessment: risk of material misstatement, document: maintain application inventory with SOX designation), 8) Application controls (automated controls: within applications that prevent/detect errors, input controls: validation, authorization, processing controls: calculations, interfaces, reconciliations, output controls: report accuracy, distribution, completeness, accuracy, validity: controls ensure data quality, application owner: business owner responsible, ITGC dependency: ITGCs must be effective for application control reliance), 9) Risk and control matrix (RCM: document financial reporting risks and controls, risks: what could go wrong, controls: prevent or detect the risk, ITGC: map ITGCs to risks, application controls: map to risks, test: testing procedures for each control, frequency: how often control operates, documentation: evidence to substantiate control operation, deficiencies: document any control deficiencies, remediation: action plans for deficiencies), 10) Control testing (test design: is control designed effectively, test effectiveness: is control operating effectively, walkthroughs: understand process and identify controls, samples: select sample transactions for testing, inspect: inspect evidence of control operation, reperform: reperform control, inquiry: ask control owner about operation, observation: observe control execution, population: define population and sample size, judgmental: for small populations, statistical: for large populations, 25-60 samples: typical, exception: any exception is deficiency, evaluate: evaluate whether deficiency is significant or material weakness), 11) Audit evidence requirements (access management: new hire forms, termination notices, access request tickets, approval emails, access reviews: spreadsheets with reviewer sign-off, system screenshots, dates, change management: change tickets, approvals, test cases, test results, migration logs, backups: backup schedules, backup logs, restoration test results, segregation of duties: SoD matrix, incompatible access report, exception analysis, job scheduling: job schedule configurations, execution logs, failed job reports, password: password policy configuration, last password change dates, attempted/failed logins, MFA: MFA enrollment report, MFA authentication logs, security training: training materials, completion records, dates), 12) Segregation of duties (incompatible functions: certain combinations of access create risk, financial: initiate transactions + approve, record + reconcile, custody + record, IT: developer + production, change requester + approver, security admin + user admin, security admin + audit reviewer, SoD matrix: list incompatible combinations, reports: run SoD conflict reports, mitigating controls: if SoD violation unavoidable, detective control, privileged access: monitor privileged access activity), 13) Management review controls (MRC: compensating controls for automated controls, examples: reconciliations, data analytics, variance analysis, financial statement review, characteristics: performed by management, competent reviewer, right level of precision, evidence: reconciliation with sign-off and date, variance analysis with follow-up, review checklists), 14) Deficiency evaluation (control deficiency: control not designed or operating effectively, significant deficiency: less than material weakness but important enough to merit audit committee attention, material weakness: reasonable possibility of material misstatement not prevented or detected timely, evaluation: depends on magnitude and likelihood, compensating controls: consider if other controls compensate, aggregation: aggregate deficiencies, remediation: immediate remediation plan for material weaknesses, disclosure: material weaknesses disclosed in 10-K), 15) Remediation and corrective action (root cause: identify root cause of deficiency, remediate: implement corrective action, test: test remediated control, document: document remediation actions and evidence, retest: auditors will retest, interim: may need interim testing if found mid-year, status updates: regular updates to audit committee, persistent: if not remediated by year-end, likely reportable deficiency). Deliverables: SOX scoping document, ITGC risk and control matrix, test plan and schedule, evidence package organized by control, deficiency log and remediation tracker, management representation letters, audit committee presentation, ICFR effectiveness memo. ``` #### PCI DSS compliance and evidence collection **Use case:** PCI DSS payment card data security compliance **For:** PCI Compliance Manager, QSA, Security Engineer, Compliance Officer, CISO, IT Security Manager, Internal Auditor ``` Achieve PCI DSS compliance. Organization: [merchant, service provider], Level: [merchant level 1-4, service provider level 1-2], Card volume: [annual transactions], Environment: [describe cardholder data environment]. PCI DSS 4.0 framework: 1) PCI DSS structure (12 requirements: organized into 6 goals, Build and Maintain: Req 1-2 firewalls and secure configs, Protect Account Data: Req 3-4 protect stored data, encrypt transmissions, Maintain Vulnerability Management: Req 5-6 malware protection, secure systems, Implement Strong Access Control: Req 7-9 need-to-know, unique IDs, physical access, Monitor and Test Networks: Req 10-11 logs, testing, Maintain Information Security Policy: Req 12 policy, sub-requirements: detailed requirements, testing procedures: specific tests, version 4.0: effective March 2024, v3.2.1 retired March 2025, compliance validation: self-assessment (SAQ) or audit (ROC)), 2) Requirement 1: Install and maintain network security controls (1.1: Processes and mechanisms for network security controls documented, 1.2: Network security controls (NSC) configured and maintained, 1.3: Network access to/from CDE restricted, 1.4: Network connections between trusted and untrusted networks controlled, 1.5: Risks to CDE from computing devices able to connect to untrusted networks mitigated, firewalls: stateful inspection at network perimeter, DMZ: place web servers in DMZ, CDE: cardholder data environment, segmentation: segment CDE from other networks, inbound/outbound: restrict both, deny all: default deny, allow exceptions, evidence: firewall rules, rule review sign-off, network diagrams, segmentation testing), 3) Requirement 2: Apply secure configurations (2.1: Processes and mechanisms for secure configurations documented, 2.2: System and network configurations implemented to minimize vulnerabilities, 2.3: Wireless access is configured and managed securely, hardening: CIS Benchmarks, vendor hardening guides, change defaults: change default passwords, disable: unnecessary services, protocols, daemons, one function: one primary function per server, inventory: maintain inventory of system components, wireless: strong encryption, change default SSID and passwords, evidence: hardening standards, system configs, config reviews, inventory, wireless configs), 4) Requirement 3: Protect stored account data (3.1: Processes and mechanisms for protecting stored account data documented, 3.2: Storage of account data is kept to minimum, 3.3: Sensitive authentication data (SAD) is not stored after authorization, 3.4: Access to displays of full PAN and ability to copy PAN is restricted, 3.5: Primary account number (PAN) is secured wherever stored, 3.6: Cryptographic keys used to protect stored account data are secured, 3.7: Where cryptography is used to protect stored account data, key management processes and procedures are defined and implemented, data retention: delete data no longer needed, SAD: never store CVV2, PIN, track data, truncation: mask PAN, display only first 6 last 4, encryption: encrypt stored PAN, strong crypto, key management: keys protected, rotated, separated, evidence: data retention policy, system configs, encryption verification, key management procedures), 5) Requirement 4: Protect cardholder data with strong cryptography during transmission (4.1: Processes and mechanisms for protecting cardholder data with strong cryptography during transmission documented, 4.2: PAN is protected with strong cryptography whenever transmitted over open, public networks, strong crypto: TLS 1.2 or 1.3, certificates: valid certificates, no self-signed in production, wireless: WPA2/WPA3 for wireless, end-user messaging: encrypted email or secure portal, evidence: TLS configs, certificate validity, vulnerability scans showing strong crypto), 6) Requirement 5: Protect all systems and networks from malicious software (5.1: Processes and mechanisms for protecting systems and networks from malicious software documented, 5.2: Malicious software is prevented, detected, and addressed, 5.3: Anti-malware mechanisms and processes are active, maintained and monitored, 5.4: Anti-phishing mechanisms protect users against phishing attacks, anti-malware: deploy on all systems (except those not commonly affected), updates: automatic signature updates, scans: regular scans, quarantine: isolate infected systems, phishing: anti-phishing controls, evidence: anti-malware deployment, signature update logs, scan results, phishing training), 7) Requirement 6: Develop and maintain secure systems and software (6.1: Processes and mechanisms for developing and maintaining secure systems and software documented, 6.2: Bespoke and custom software are developed securely, 6.3: Security vulnerabilities are identified and addressed, 6.4: Public-facing web applications are protected against attacks, 6.5: Changes to all system components are managed securely, SDLC: secure development lifecycle, training: developer security training, code review: or automated tools, testing: test before production, vulnerability management: patch critical within 30 days, high within 90 days, WAF: on public web apps, change control: approval, testing, rollback, evidence: SDLC policy, training records, code review or tool results, test results, patch management, WAF configs, change tickets), 8) Requirement 7: Restrict access by business need to know (7.1: Processes and mechanisms for restricting access documented, 7.2: User access is restricted based on business need to know, 7.3: Access to system components and data is managed via an access control system(s), least privilege: minimum necessary, roles: role-based access control, access rights: defined per role, reviews: semi-annual access reviews, approvals: access approved before granted, evidence: RBAC matrix, access provisioning process, access review sign-offs), 9) Requirement 8: Identify users and authenticate access (8.1: Processes and mechanisms for identifying and authenticating users documented, 8.2: User identification and authentication are managed for all users, 8.3: Strong authentication for users is established and managed, 8.4: Multi-factor authentication is implemented, 8.5: Multi-factor authentication systems are configured to prevent misuse, 8.6: Use of application and system accounts and associated authentication factors is managed, unique IDs: each user has unique ID, MFA: for all access to CDE and any remote access, authentication: strong passwords or passphrases, passwordless: biometric, PKI, privileged: separate authentication for privileged, service accounts: managed and monitored, evidence: user list, MFA enrollment, password policy, authentication logs), 10) Requirement 9: Restrict physical access (9.1: Processes and mechanisms for restricting physical access documented, 9.2: Physical access controls are implemented for personnel and visitors, 9.3: Physical access is controlled for onsite personnel, 9.4: Media with cardholder data is securely stored, accessed, distributed, and destroyed, 9.5: Point of interaction (POI) devices are protected from tampering and unauthorized substitution, badge system: control access to CDE, visitor log: escort visitors, media: secure and destroy media, POI: inspect devices, tamper-evident, evidence: badge system logs, visitor logs, media destruction certificates, POI inspection logs), 11) Requirement 10: Log and monitor all access (10.1: Processes and mechanisms for logging and monitoring access documented, 10.2: Audit logs are implemented to support detection of anomalies and suspicious activity, 10.3: Audit logs are protected from destruction and unauthorized modification, 10.4: Audit logs are reviewed, 10.5: Audit log history is retained and available for analysis, logging: log all access to CDE and cardholder data, log content: user, timestamp, event, outcome, object, protection: logs protected from modification, deletion, retention: one year, three months immediately available, review: daily log review or automated alerting, SIEM: centralized logging, evidence: logging configs, log protection, log reviews, log retention), 12) Requirement 11: Test security (11.1: Processes and mechanisms for testing security documented, 11.2: Wireless access points are identified and monitored, 11.3: Vulnerabilities are identified and addressed, 11.4: External and internal penetration testing is performed, 11.5: Network intrusions and unexpected file changes are detected and responded to, 11.6: Unauthorized changes on payment pages are detected and reported, wireless: quarterly wireless scans, vulnerability: quarterly scans by ASV (external), quarterly internal scans, penetration testing: annual external, annual internal (after significant changes), segmentation: penetration test segmentation, IDS/IPS: or equivalent, file integrity: monitor critical files, change detection: on payment pages, evidence: wireless scan results, vulnerability scan reports, penetration test reports, IDS/IPS alerts, FIM logs, payment page monitoring), 13) Requirement 12: Support information security (12.1: Comprehensive information security policy is established and maintained, 12.2: Acceptable use policies are established and maintained, 12.3: Risks are formally identified, evaluated, and managed, 12.4: PCI DSS compliance is managed, 12.5: PCI DSS scope is documented, 12.6: Security awareness education is performed, 12.7: Personnel are screened to reduce risks, 12.8: Risk to information assets from third-party service providers is managed, 12.9: Third-party service providers support customers' PCI DSS compliance, 12.10: Suspected and confirmed security incidents are responded to, policy: annual review, acceptable use: acceptable use policy, risk assessment: annual risk assessment, scope: maintain scope document, training: annual security awareness training, background checks: for employees with access, vendor management: due diligence on service providers, incident response: documented and tested IR plan, evidence: policy with review date, AUP, risk assessment, scope document, training completion, background checks, vendor assessments, IR plan and tests), 14) Compliance validation (SAQ: Self-Assessment Questionnaire for lower levels, AOC: Attestation of Compliance, ROC: Report on Compliance for Level 1 merchants, QSA: Qualified Security Assessor conducts ROC, ASV: Approved Scanning Vendor for quarterly scans, validation: annually, evidence: all evidence from 12 requirements, submit: to acquiring banks or payment brands), 15) Customized approach (v4.0 new: customized approach option, outcome-based: define customized controls that achieve objective, document: extensive documentation required, risk analysis: risk analysis for customized controls, at least equivalent: must be at least equivalent to defined approach, validate: QSA validation, approval: additional approval may be required). Deliverables: PCI DSS scoping document, network diagram with CDE highlighted, SAQ or ROC with all requirements, evidence binder organized by requirement, vulnerability scan reports, penetration test reports, policies and procedures, AOC, remediation plan for any gaps. ``` #### HIPAA Security Rule compliance audit **Use case:** HIPAA Security Rule compliance for healthcare organizations **For:** HIPAA Compliance Officer, Healthcare Compliance Manager, Privacy Officer, Security Officer, CISO, Health IT Manager, Risk Manager ``` Prepare for HIPAA Security Rule compliance audit. Covered entity: [healthcare provider, health plan, healthcare clearinghouse, or business associate]. ePHI: [describe electronic protected health information]. Systems: [list systems with ePHI]. HIPAA Security Rule framework: 1) Security Rule overview (45 CFR Parts 160, 162, 164: HIPAA regulations, Security Rule: 45 CFR §164.302-318, ePHI: electronic protected health information, 3 safeguard categories: Administrative, Physical, Technical, implementation specifications: Required (R) or Addressable (A), scalability: requirements scalable based on size and complexity, risk-based: implement based on risk assessment, HITECH Act: breach notification, increased penalties, OCR: Office for Civil Rights enforces), 2) Administrative safeguards (§164.308: 9 standards, 164.308(a)(1) Security Management: risk analysis (R), risk management (R), sanction policy (R), information system activity review (R), 164.308(a)(2) Assigned Security Responsibility: designate security official (R), 164.308(a)(3) Workforce Security: authorization/supervision (A), workforce clearance (A), termination procedures (A), 164.308(a)(4) Information Access Management: isolate clearinghouse (R), access authorization (A), access establishment/modification (A), 164.308(a)(5) Security Awareness and Training: security reminders (A), protection from malware (A), log-in monitoring (A), password management (A), 164.308(a)(6) Security Incident Procedures: response and reporting (R), 164.308(a)(7) Contingency Plan: data backup (R), disaster recovery (R), emergency mode (R), testing/revision (A), applications and data criticality analysis (A), 164.308(a)(8) Evaluation: periodic evaluation (R), 164.308(b) Business Associate Contracts: written contract required (R), evidence: risk assessment, policies, workforce training records, BAAs, incident reports, contingency plan and tests, evaluation documentation), 3) Physical safeguards (§164.310: 4 standards, 164.310(a)(1) Facility Access Controls: contingency operations (A), facility security plan (A), access control and validation (A), maintenance records (A), 164.310(b) Workstation Use: policies and procedures (R), 164.310(c) Workstation Security: physical safeguards (R), 164.310(d)(1) Device and Media Controls: disposal (R), media re-use (R), accountability (A), data backup and storage (A), evidence: facility access logs, visitor logs, workstation use policy, device inventory, media destruction certificates), 4) Technical safeguards (§164.312: 5 standards, 164.312(a)(1) Access Control: unique user identification (R), emergency access procedure (R), automatic logoff (A), encryption and decryption (A), 164.312(b) Audit Controls: hardware, software, procedural mechanisms to record and examine access (R), 164.312(c)(1) Integrity: mechanisms to authenticate ePHI (A), 164.312(d) Person or Entity Authentication: verify person/entity is who they claim (R), 164.312(e)(1) Transmission Security: integrity controls (A), encryption (A), evidence: access control configs, authentication mechanisms, audit logs, encryption configs, transmission security), 5) Risk analysis (required: §164.308(a)(1)(ii)(A), scope: all ePHI, threats and vulnerabilities: identify potential risks, likelihood: probability of threat occurrence, impact: magnitude of harm if occurs, existing controls: current security measures, residual risk: risk remaining after controls, prioritization: prioritize risks for treatment, documentation: document entire process, review: periodic review and update, methodology: NIST, OCTAVE, or custom), 6) Risk management (required: §164.308(a)(1)(ii)(B), risk treatment: accept, mitigate, transfer, avoid, security measures: implement appropriate measures, cost-benefit: reasonable and appropriate based on cost, reasonableness: size, complexity, capabilities, costs, probability and criticality, safeguards: administrative, physical, technical, monitoring: ongoing monitoring of effectiveness, update: update as environment changes), 7) Breach notification (HITECH: breach notification rule, breach: unauthorized acquisition, access, use, disclosure, harm threshold: low probability of compromise (removed in 2013), risk assessment: 4-factor assessment, notification: to individuals within 60 days, to HHS: if affects 500+ immediately, if <500 annually, to media: if affects 500+ in state/jurisdiction, business associate: BA notifies covered entity, BA breaches: covered entity still responsible for notification, documentation: maintain breach documentation 6 years, evidence: breach assessment, notification letters, submission to HHS), 8) Business associate agreements (required: §164.308(b)(1) and 164.314, business associate: creates, receives, maintains, transmits ePHI on behalf of covered entity, contract: written contract required, required provisions: permitted uses, safeguards, subcontractor flow-down, reporting breaches and security incidents, return or destruction of ePHI at termination, authorization for disclosures, termination for violation, subcontractors: BA must have BAA with subcontractors, examples: billing companies, practice management, IT vendors, cloud providers, consultants, evidence: signed BAAs with all business associates), 9) Workforce training (required: §164.308(a)(5), security awareness: appropriate for workforce, periodic: when appropriate, role-based: based on job functions, new hire: before access to ePHI, updates: when policies or threats change, topics: password management, malware, physical security, privacy, incident reporting, phishing, social engineering, remote access, mobile devices, documentation: training materials, completion records, dates, annual: at least annually, evidence: training records with completion dates), 10) Access controls (unique user ID: required §164.312(a)(2)(i), role-based: based on job functions, principle of least privilege: minimum necessary, authorization: documented authorization, reviews: periodic access reviews, termination: immediate access removal upon termination, emergency access: procedure for emergency access, technical: authentication, authorization, audit, physical: badge systems, locks, logical: usernames, passwords, MFA, evidence: user lists with roles, access reviews, termination procedures, MFA configs), 11) Audit controls (required: §164.312(b), logging: record and examine activity, what to log: access, modifications, deletions, who: user identification, when: date and timestamp, what: resources accessed, outcome: success or failure, protection: protect logs from alteration and deletion, review: regular review of audit logs, retention: six years, centralized: SIEM for centralized logging, evidence: logging configurations, log samples, log review documentation, log retention), 12) Encryption (addressable: §164.312(a)(2)(iv) and §164.312(e)(2)(ii), at rest: encrypt stored ePHI, in transit: encrypt ePHI during transmission, addressable: if not implemented, document why and alternative, alternative: equivalent measure, reasonable and appropriate: based on risk assessment, mobile devices: encrypt mobile devices and media, email: secure email or patient portals, removal: encrypt or destroy before disposal, evidence: encryption configuration, risk assessment documenting decision, alternative measures if not encrypted), 13) Incident response (required: §164.308(a)(6), identify: detect security incidents, respond: appropriate response, mitigate: mitigate harmful effects, document: document incidents and response, improve: incorporate lessons learned, report: report to appropriate parties, investigation: investigate cause and extent, sanctions: sanction workforce for violations, breach: follow breach notification rule if breach, evidence: incident response plan, incident logs, investigation reports, sanctions documentation), 14) Contingency planning (required: §164.308(a)(7), data backup: regular backups (R), disaster recovery: plan to restore operations (R), emergency mode: continue critical operations (R), testing: test and revise plan (A), criticality analysis: identify critical systems (A), backups: encrypted, off-site, tested restores, RTO/RPO: recovery time and point objectives, alternate site: if primary site unavailable, communication: emergency contacts and communication plan, evidence: contingency plan, backup logs, restoration test results, criticality analysis), 15) Policies and procedures (required: implement policies and procedures per Security Rule, documentation: written policies required, review: review and update as needed (at least annually), workforce: make available to workforce, sanctions: enforce through workforce sanctions, changes: document changes to environment or risk, retention: retain six years from creation or last effective date, approvals: policies approved by appropriate officials, evidence: policy manual with dates, approval signatures, distribution to workforce). Deliverables: comprehensive risk analysis, risk management plan, policy and procedure manual, BAA templates and executed BAAs, workforce training program and records, technical configuration documentation, audit controls documentation, incident response plan, contingency plan with test results, breach notification procedures, evaluation documentation, remediation plan for gaps. ``` ### Third-Party Risk & Vendor Management Vendor assessment, due diligence, and ongoing third-party risk monitoring programs. #### Vendor security assessment questionnaire **Use case:** Vendor security assessment and third-party risk management **For:** Third-Party Risk Manager, Vendor Management, Procurement, Compliance Officer, Security Architect, CISO, Risk Manager, GRC Analyst ``` Conduct vendor security assessment. Vendor: [vendor name], Service: [describe services], Data access: [what data vendor will access], Criticality: [critical/high/medium/low], Regulatory: [any specific compliance requirements]. Vendor assessment framework: 1) Vendor risk classification (tier 1 critical: access to sensitive data or critical systems, high risk, comprehensive assessment, tier 2 high: moderate data access or important services, medium risk, standard assessment, tier 3 medium: limited data access, lower risk, streamlined assessment, tier 4 low: no data access, minimal risk, basic assessment, classification criteria: data sensitivity, system criticality, financial impact, regulatory applicability, operational dependence, assessment frequency: annual for critical, bi-annual for high, as-needed for lower), 2) Security questionnaire (general information: company info, service description, ownership structure, financials, locations, certifications: SOC 2, ISO 27001, PCI DSS, HIPAA, industry-specific, information security program: ISMS, security policies, security team, risk management: risk assessment process, treatment, audit logs: logging, monitoring, retention, review, access control: authentication, authorization, MFA, privileged access, encryption: at rest and in transit, key management, network security: firewalls, segmentation, intrusion detection, endpoint security: anti-malware, patching, MDM, vulnerability management: scanning, patching, penetration testing, incident response: IR plan, breach notification, past incidents, business continuity: BCP, DR, backup and recovery, testing, physical security: data center security, environmental controls, access controls, HR security: background checks, training, termination, change management: process for changes, testing, approvals, secure development: SDLC, code review, testing, subcontractors: use of subcontractors, flow-down requirements, compliance: regulatory compliance, privacy, data protection, insurance: cyber insurance coverage), 3) Data protection and privacy (data location: where data stored and processed, data retention: how long data retained, deletion: process for data deletion at contract end, data protection: encryption, access controls, pseudonymization, data transfers: international transfers, mechanisms, privacy: GDPR, CCPA, other privacy law compliance, DPA: data processing agreement in place, subprocessors: list of subprocessors, changes, data breach: breach notification process and timing, data return: return or destroy data at termination, privacy impact: has vendor done DPIA, right to audit: audit rights for data protection), 4) Due diligence documentation (questionnaire: vendor completes security questionnaire, certifications: request copies of certifications, SOC 2 Type II report: if available, review, penetration test: recent penetration test results, vulnerability scans: recent scan results, insurance: certificate of insurance, references: customer references, financial: financial stability information, policies: key information security policies, site visit: if critical vendor, on-site assessment, legal: contract review for security terms), 5) Risk assessment scoring (evaluate responses: score questionnaire responses, inherent risk: risk before considering controls, control effectiveness: evaluate vendor's controls, residual risk: risk after considering controls, scoring rubric: 1-5 scale per domain, weighting: weight domains by importance, total score: calculate weighted total score, risk rating: high (70-100), medium (40-69), low (0-39), gaps: identify control gaps, requirements: additional requirements if gaps), 6) Contract requirements (security exhibit: detailed security requirements, data protection: data protection obligations, encryption: encryption requirements, incident notification: breach notification within X hours, audit rights: right to audit vendor security, compliance: maintain relevant compliance, insurance: minimum cyber insurance, indemnification: indemnification for breaches, termination: termination rights for security failures, subcontracting: approval required for subcontractors, data ownership: customer owns data, data return: at termination, SLA: security-related SLAs, right to pentest: right to conduct penetration tests), 7) Ongoing monitoring (annual assessment: repeat assessment annually, continuous monitoring: alerts for changes, news monitoring: monitor for breaches or negative news, certificate expiration: track certification expiration, relationship review: quarterly business reviews with security component, performance: track security incidents, escalations, changes: notification of material changes, audits: periodic audits of vendor, reports: require security reports, threat intelligence: share threat intel, incident: vendor must report incidents immediately, update: update risk assessment based on monitoring), 8) Vendor lifecycle management (procurement: assessment before contract, onboarding: security requirements communicated, training: vendor personnel trained on requirements, monitoring: ongoing monitoring during contract, changes: assess changes to service or risk, offboarding: secure data destruction, archive: retain assessment documentation, renewal: reassess at renewal, termination: secure offboarding process), 9) Fourth-party risk (subcontractors: vendor's vendors, flow-down: require same security in subcontractor agreements, notification: vendor must notify of subcontractors, approval: right to approve or disapprove, assessment: assess critical subcontractors, monitoring: vendor monitors subcontractors, liability: vendor liable for subcontractors, supply chain: map supply chain dependencies), 10) Vendor tiering and prioritization (tier 1: quarterly monitoring, annual comprehensive assessment, detailed SLA, tier 2: semi-annual monitoring, annual standard assessment, tier 3: annual monitoring, every 2 years assessment, tier 4: minimal monitoring, assessment at significant changes, limited vs extensive: focus resources on high-risk vendors, dynamic: re-tier as risk changes), 11) Remediation and exceptions (findings: document gaps and findings, remediation plan: vendor develops plan, timeline: set timeline for remediation, verification: verify remediation, exceptions: if cannot remediate, document exception, compensating controls: implement compensating controls, acceptance: risk acceptance by appropriate authority, escalation: escalate if not remediated, termination: consider termination if critical gaps not remediated), 12) Vendor risk reporting (dashboard: vendor risk dashboard for management, key metrics: number of vendors by tier, average risk score, open findings, trend: track risk over time, high-risk: list of high-risk vendors, reporting: quarterly to risk committee or board, heatmap: risk heatmap by vendor and domain, action: required actions and owners), 13) Regulatory requirements (financial: FFIEC, OCC, SOX for financial services, healthcare: HIPAA BAA requirements, payment: PCI DSS for service providers, privacy: GDPR processor requirements, CCPA service provider requirements, industry: industry-specific requirements, government: FedRAMP, DFARS, CMMC for government contractors, international: requirements for international vendors, mapping: map requirements to assessment), 14) Specialized assessments (cloud: specific for cloud service providers, SaaS: software as a service specific risks, critical infrastructure: for critical infrastructure providers, AI/ML: if using AI or ML services, open source: if vendor uses open-source components, offshore: additional for offshore vendors, merger: reassess if vendor acquired or merged, incident: reassess if vendor has incident), 15) Technology solutions (vendor risk platforms: ServiceNow, Archer, OneTrust, ProcessUnity, questionnaires: SIG, CAIQ, custom, automation: automate request and tracking, integration: integrate with procurement, continuous monitoring: UpGuard, BitSight, SecurityScorecard, repository: centralized vendor repository, workflow: approval workflows). Deliverables: comprehensive vendor assessment questionnaire, risk assessment scoring rubric, vendor risk rating, findings and gaps analysis, remediation plan, contract security exhibit, ongoing monitoring plan, vendor risk register, escalation procedures, reporting dashboard. ``` --- ## AI for Creative Professionals & Designers **Category:** Creative & Design **Prompts:** 22 **Description:** Comprehensive creative prompts covering visual design, UX/UI, content creation, branding, and creative strategy to accelerate your design process and boost creativity. **Tags:** Design, Creative, Content Creation, Branding, UX/UI, Work Users ### Visual Design & Branding Create stunning visual designs and build cohesive brand identities. #### Brand identity concept generator **Use case:** Brand development and identity creation **For:** Brand Designer, Creative Director, Graphic Designer, Marketing Manager ``` Create a comprehensive brand identity concept for [company/product name] in the [industry] space. Target audience: [describe audience]. Brand values: [list 3-5 values]. Include: 1) Brand positioning statement, 2) Visual style direction (colors, typography, imagery), 3) Tone of voice guidelines, 4) Key brand differentiators, 5) Mood board suggestions with color hex codes. ``` #### Logo design concept brief **Use case:** Logo exploration and concept development **For:** Brand Designer, Graphic Designer, Creative Director ``` Generate 5 distinct logo concept directions for [company name] which [what they do]. Industry: [industry]. Style preferences: [modern/classic/minimal/bold/playful]. For each concept provide: 1) Design direction name, 2) Visual description, 3) Symbolism and meaning, 4) Color palette with hex codes, 5) Typography style, 6) Why it works for the brand. ``` #### Color palette generator **Use case:** Design system development and color theory application **For:** Brand Designer, UX Designer, UI Designer, Graphic Designer ``` Create 3 unique color palettes for [project type] targeting [audience]. Brand personality: [adjectives]. Each palette should include: 1) 5-6 colors with hex codes and names, 2) Primary and accent color assignments, 3) Use case for each color, 4) Emotional impact and psychology, 5) Accessibility considerations (contrast ratios), 6) Complementary typography suggestions. ``` #### Typography pairing suggestions **Use case:** Typography system creation and font selection **For:** Brand Designer, UI Designer, Web Designer, Graphic Designer ``` Recommend 5 font pairings for [project type] with [desired mood/feeling]. For each pairing provide: 1) Heading font name and characteristics, 2) Body font name and characteristics, 3) Why they work together, 4) Recommended sizes and weights, 5) Use cases (headings, subheadings, body, captions), 6) Web-safe alternatives and Google Fonts equivalents. ``` #### Design critique framework **Use case:** Design review and quality assurance **For:** Creative Director, Senior Designer, Art Director, UX Designer ``` Provide a structured critique of this [design type] for [project]. Evaluate on: 1) Visual hierarchy and composition, 2) Color usage and contrast, 3) Typography and readability, 4) Brand alignment and consistency, 5) User experience considerations, 6) Accessibility compliance, 7) What's working well (3 points), 8) Areas for improvement (3 specific suggestions). ``` ### UX/UI Design & Research Design user-centered interfaces and conduct effective UX research. #### User persona generator **Use case:** User research and audience understanding **For:** UX Researcher, UX Designer, Product Designer, Product Manager ``` Create 3 detailed user personas for [product/app]. Target market: [description]. Include for each persona: 1) Name, age, occupation, location, 2) Goals and motivations, 3) Pain points and frustrations, 4) Technology comfort level, 5) User journey touchpoints, 6) Quote that captures their mindset, 7) Preferred communication channels, 8) Success metrics. Make them realistic and based on research. ``` #### User flow mapper **Use case:** UX flow design and journey mapping **For:** UX Designer, Product Designer, UX Researcher, Product Manager ``` Map out the complete user flow for [specific task/feature] in [product/app]. Include: 1) Entry points (how users arrive), 2) Step-by-step actions users take, 3) Decision points and branching paths, 4) Error states and edge cases, 5) Success criteria and exit points, 6) Pain points or friction areas, 7) Opportunities for improvement. Format as a numbered list with sub-steps. ``` #### Wireframe annotation guide **Use case:** Design documentation and developer handoff **For:** UX Designer, Product Designer, UI Designer, Design Lead ``` Create detailed annotations for this [page/screen] wireframe for [product feature]. Include: 1) Component descriptions and functionality, 2) Interaction behaviors (clicks, hovers, swipes), 3) Content requirements and character limits, 4) Responsive behavior across devices, 5) Accessibility requirements (ARIA labels, keyboard nav), 6) Edge cases and error states, 7) Business rules and logic, 8) Developer handoff notes. ``` #### Usability testing script **Use case:** User testing and research validation **For:** UX Researcher, UX Designer, Product Manager, User Researcher ``` Create a usability testing script for [feature/product] with [target users]. Session length: [30/60/90 minutes]. Include: 1) Introduction and warm-up questions (5 min), 2) 5-7 task scenarios with success criteria, 3) Follow-up questions for each task, 4) Think-aloud prompts, 5) Post-task satisfaction questions, 6) Closing questions, 7) Key metrics to track, 8) Observer notes section. ``` #### Accessibility audit checklist **Use case:** Accessibility compliance and inclusive design **For:** UX Designer, UI Designer, Accessibility Specialist, Front-end Developer ``` Generate an accessibility audit checklist for [website/app feature]. Cover: 1) WCAG 2.1 Level AA compliance points, 2) Keyboard navigation requirements, 3) Screen reader compatibility checks, 4) Color contrast requirements (with tool suggestions), 5) Form and input accessibility, 6) Mobile accessibility considerations, 7) Common violations to look for, 8) Testing tools and methods, 9) Priority levels for fixes. ``` #### Design system component spec **Use case:** Design system documentation and consistency **For:** UI Designer, Design Systems Designer, UX Designer, Front-end Developer ``` Create comprehensive specifications for a [component name] component in our design system. Include: 1) Component purpose and when to use it, 2) Anatomy (all parts labeled), 3) Variants and states (default, hover, active, disabled, error), 4) Spacing and sizing (desktop, tablet, mobile), 5) Typography specs, 6) Color tokens and theming, 7) Interaction behavior, 8) Accessibility requirements, 9) Do's and don'ts with examples, 10) Code component name reference. ``` ### Content Creation & Copywriting Craft compelling content and copy that engages and converts. #### Content calendar planner **Use case:** Content strategy and planning **For:** Content Creator, Social Media Manager, Content Strategist, Marketing Manager ``` Create a 30-day content calendar for [brand/company] targeting [audience]. Platform: [social media/blog/email]. Goals: [awareness/engagement/conversion]. For each week provide: 1) 4-5 content ideas with topics, 2) Content format (video, blog, infographic, etc.), 3) Key message and angle, 4) Relevant hashtags or keywords, 5) Call-to-action, 6) Tie-in to current events or trends, 7) Content pillar category. ``` #### Headline and hook generator **Use case:** Content marketing and engagement optimization **For:** Content Writer, Copywriter, Content Creator, Marketing Manager ``` Generate 10 compelling headlines for [content type] about [topic]. Target audience: [description]. Desired emotion: [curiosity/urgency/inspiration/etc.]. Include mix of: 1) Question-based headlines, 2) Number/list headlines, 3) How-to headlines, 4) Benefit-driven headlines, 5) Controversial/contrarian angles. For each headline, note which psychological trigger it uses and expected click-through appeal. ``` #### Social media caption writer **Use case:** Social media content and community engagement **For:** Social Media Manager, Content Creator, Community Manager, Brand Manager ``` Write 5 engaging social media captions for [platform] promoting [product/content/event]. Brand voice: [description]. Length: [short/medium/long]. Each caption should include: 1) Attention-grabbing opening line, 2) Value proposition or key message, 3) Call-to-action, 4) Relevant hashtags (5-10), 5) Emoji usage (if appropriate), 6) Question or engagement prompt. Vary the approaches and hooks. ``` #### Blog post outline creator **Use case:** Blog writing and SEO content strategy **For:** Content Writer, Content Strategist, SEO Specialist, Blogger ``` Create a detailed outline for a blog post titled '[working title]' targeting [audience]. Keyword: [primary keyword]. Word count goal: [1000/1500/2000]. Include: 1) SEO-optimized title (with character count), 2) Meta description (155 chars), 3) Introduction hook and thesis, 4) 5-7 H2 section headings with 2-3 H3 subheadings each, 5) Key points to cover in each section, 6) Internal linking opportunities, 7) Conclusion and CTA, 8) Related keywords to incorporate. ``` #### Video script template **Use case:** Video content creation and scripting **For:** Video Content Creator, Content Creator, Social Media Manager, YouTuber ``` Write a video script for [video type] about [topic]. Length: [30 sec/1 min/3 min/5 min]. Platform: [YouTube/Instagram/TikTok/LinkedIn]. Include: 1) Hook (first 3-5 seconds), 2) Problem/situation setup, 3) Main content with 3-5 key points, 4) Visual and audio cues, 5) B-roll suggestions, 6) Text overlay suggestions, 7) Call-to-action and outro, 8) Estimated time stamps. Write in spoken language, not written language. ``` #### Email newsletter template **Use case:** Email marketing and subscriber engagement **For:** Email Marketer, Content Creator, Marketing Manager, Content Strategist ``` Create an email newsletter template for [company/brand] targeting [audience]. Frequency: [weekly/biweekly/monthly]. Include: 1) Subject line (with A/B test variant), 2) Preheader text, 3) Personal greeting, 4) Main story/feature (100-150 words), 5) 2-3 secondary content blocks, 6) Quick links or curated content section, 7) Call-to-action, 8) Social links and footer, 9) Tone and voice guidelines. Make it scannable. ``` ### Creative Strategy & Ideation Generate innovative ideas and develop creative strategies. #### Brainstorming facilitator **Use case:** Creative ideation and innovation workshops **For:** Creative Director, Art Director, Brand Strategist, Innovation Manager ``` Facilitate a brainstorming session for [project/problem]. Context: [background]. Constraints: [budget/time/technical limitations]. Generate: 1) 10 conventional ideas (proven approaches), 2) 10 unconventional ideas (creative risks), 3) 5 'what if' scenarios pushing boundaries, 4) Combination ideas merging concepts, 5) For top 5 ideas: pros, cons, feasibility score (1-10), resources needed. Use creative thinking techniques: SCAMPER, reverse thinking, analogies. ``` #### Campaign concept developer **Use case:** Marketing campaign development and creative pitches **For:** Creative Director, Brand Strategist, Marketing Manager, Art Director ``` Develop 3 distinct creative campaign concepts for [product/brand] targeting [audience]. Campaign goal: [awareness/consideration/conversion]. Each concept should include: 1) Big idea/creative concept in one sentence, 2) Campaign name, 3) Visual direction and aesthetics, 4) Key message and tagline, 5) Channel strategy (where it lives), 6) 3 execution examples, 7) Why it will resonate with audience, 8) Budget tier estimate (low/medium/high). ``` #### Competitive creative analysis **Use case:** Competitive analysis and market positioning **For:** Brand Strategist, Creative Director, Marketing Director, Brand Manager ``` Analyze the creative strategies of [3 competitors] in [industry]. For each competitor evaluate: 1) Brand positioning and messaging, 2) Visual identity strengths and weaknesses, 3) Content strategy and themes, 4) Unique creative elements, 5) Target audience appeal, 6) Gaps and opportunities they're missing. Then provide: 7) White space opportunities for our brand, 8) Creative differentiation strategies, 9) What to avoid based on their mistakes. ``` #### Trend analysis and application **Use case:** Trend forecasting and strategic planning **For:** Brand Strategist, Creative Director, Trend Analyst, Marketing Director ``` Analyze current [design/marketing/content] trends in [industry/2025]. Identify: 1) 5 emerging trends with examples, 2) Why each trend is gaining traction, 3) Longevity prediction (fad vs. lasting), 4) How [our brand/project] could authentically adopt each trend, 5) Risks of trend adoption, 6) Recommendations: which trends to embrace, adapt, or avoid, 7) Counter-trend opportunities (zigging while others zag). ``` #### Creative brief generator **Use case:** Project kickoff and creative alignment **For:** Creative Director, Account Manager, Brand Manager, Project Manager ``` Create a comprehensive creative brief for [project type]. Client/Brand: [name]. Include: 1) Project overview and background, 2) Business objectives and KPIs, 3) Target audience (demographics and psychographics), 4) Key message and supporting points, 5) Tone and brand voice, 6) Mandatories (must-haves), 7) Deliverables and specifications, 8) Timeline and milestones, 9) Budget parameters, 10) Success criteria, 11) Inspirational references, 12) What to avoid. ``` --- ## AI for Educators & Training Professionals **Category:** Education & Training **Prompts:** 25 **Description:** Comprehensive education prompts covering curriculum design, lesson planning, assessment creation, student engagement, and educational technology to enhance teaching effectiveness. **Tags:** Education, Teaching, Training, Curriculum Design, Learning & Development, Work Users ### Curriculum Design & Planning Design effective curricula and learning programs aligned with educational goals. #### Curriculum framework builder **Use case:** Course design and curriculum development **For:** Curriculum Designer, Instructional Designer, Department Head, Education Director ``` Design a comprehensive curriculum framework for [subject/course] for [grade level/learner type]. Duration: [semester/year/program length]. Include: 1) Learning goals and objectives (using Bloom's taxonomy), 2) Unit breakdown with themes and topics, 3) Scope and sequence chart, 4) Key concepts and skills per unit, 5) Assessment strategy, 6) Prerequisites and progression pathway, 7) Integration with standards [list relevant standards], 8) Estimated time allocation per unit. ``` #### Learning objectives writer **Use case:** Learning outcome definition and objective setting **For:** Teacher, Instructional Designer, Curriculum Designer, Professor ``` Write clear, measurable learning objectives for [lesson/unit/course] on [topic]. Target learners: [description]. Use Bloom's taxonomy to create: 1) 3 knowledge/comprehension objectives (remember, understand), 2) 3 application/analysis objectives (apply, analyze), 3) 2 synthesis/evaluation objectives (create, evaluate). Format each as: 'By the end of this [lesson/unit], students will be able to [action verb] [what] [how/under what conditions].' ``` #### Differentiated instruction planner **Use case:** Inclusive teaching and personalized learning **For:** Teacher, Special Education Teacher, Instructional Coach, Curriculum Specialist ``` Create differentiated instruction strategies for teaching [topic] to [grade/level]. Consider learner variability: 1) Content differentiation (what students learn), 2) Process differentiation (how students learn), 3) Product differentiation (how students demonstrate learning), 4) Strategies for advanced learners, 5) Support for struggling learners, 6) Accommodations for special needs, 7) Multiple means of representation, engagement, and expression (UDL framework), 8) Assessment variations. ``` #### Interdisciplinary unit designer **Use case:** Cross-curricular teaching and thematic integration **For:** Teacher, Curriculum Designer, Department Head, Education Coordinator ``` Design an interdisciplinary unit connecting [subject 1] and [subject 2] around the theme of [central theme/question]. Grade level: [specify]. Include: 1) Essential question or driving problem, 2) Learning objectives for each discipline, 3) Real-world connections and relevance, 4) Project-based learning activity, 5) How each subject supports the others, 6) Assessment that integrates both disciplines, 7) Resources and materials, 8) Timeline and lesson sequence, 9) Collaboration opportunities. ``` #### Backward design template **Use case:** Instructional design using Understanding by Design framework **For:** Instructional Designer, Curriculum Designer, Teacher, Professor ``` Use backward design to plan instruction for [topic/unit]. Stage 1 - Identify desired results: 1) Transfer goals (real-world application), 2) Understandings (big ideas), 3) Essential questions. Stage 2 - Determine acceptable evidence: 4) Performance tasks, 5) Other evidence (quizzes, observations, homework). Stage 3 - Plan learning experiences: 6) Learning activities sequence (WHERETO elements), 7) Resources and materials, 8) Differentiation strategies, 9) Time allocation. ``` ### Lesson Planning & Delivery Create engaging lesson plans and deliver effective instruction. #### Detailed lesson plan creator **Use case:** Daily lesson planning and instructional delivery **For:** Teacher, Substitute Teacher, Student Teacher, Tutor ``` Create a detailed lesson plan for teaching [topic] to [grade/level]. Duration: [time]. Include: 1) Learning objectives (specific, measurable), 2) Materials and resources needed, 3) Warm-up/hook (5-10 min) to activate prior knowledge, 4) Direct instruction with teacher modeling (10-15 min), 5) Guided practice with scaffolding (15-20 min), 6) Independent practice/application (10-15 min), 7) Closure and exit ticket (5 min), 8) Differentiation strategies, 9) Formative assessment checkpoints, 10) Extension activities. ``` #### Engaging activity generator **Use case:** Student engagement and active learning **For:** Teacher, Instructional Coach, Education Specialist, Tutor ``` Generate 8 diverse, engaging activities for teaching [concept/skill] to [grade/age]. Mix of: 1) Hands-on/kinesthetic activity, 2) Collaborative group activity, 3) Technology-integrated activity, 4) Game-based learning activity, 5) Creative/artistic activity, 6) Discussion/Socratic seminar activity, 7) Real-world application activity, 8) Reflection/metacognitive activity. For each: objective, materials, step-by-step instructions, time needed, and learning style addressed. ``` #### Discussion question creator **Use case:** Class discussions and Socratic seminars **For:** Teacher, Professor, Discussion Leader, Facilitator ``` Create thought-provoking discussion questions for [text/topic/concept]. Level: [grade/course]. Generate: 1) 3 factual/recall questions (knowledge check), 2) 3 interpretive questions (deeper understanding), 3) 3 analytical questions (critical thinking), 4) 2 evaluative questions (judgment and opinion), 5) 2 creative/hypothetical questions (application and innovation). Include possible student responses and follow-up probes for each question. ``` #### Virtual/hybrid lesson adapter **Use case:** Online teaching and remote learning **For:** Teacher, Online Instructor, Instructional Designer, Education Technology Specialist ``` Adapt this [in-person lesson/activity] for virtual or hybrid learning. Original lesson: [brief description]. Include: 1) Technology tools needed (with free alternatives), 2) Synchronous components (live video session), 3) Asynchronous components (independent work), 4) Engagement strategies for online environment, 5) How to maintain interaction and participation, 6) Virtual assessment methods, 7) Troubleshooting common tech issues, 8) Accessibility considerations, 9) Time management in virtual setting. ``` #### Classroom management strategy **Use case:** Behavior management and classroom culture **For:** Teacher, Classroom Teacher, Student Teacher, Education Administrator ``` Develop a classroom management plan for [grade level/subject] addressing [specific challenge/behavior]. Include: 1) Positive behavior expectations (3-5 clear rules), 2) Proactive prevention strategies, 3) Attention-getting techniques, 4) Transition routines between activities, 5) Response to minor disruptions, 6) Consequences for major behaviors (progressive discipline), 7) Positive reinforcement system, 8) Parent communication plan, 9) Self-reflection and de-escalation strategies for students. ``` ### Assessment & Evaluation Design effective assessments and provide meaningful feedback. #### Comprehensive assessment creator **Use case:** Summative assessment and student evaluation **For:** Teacher, Assessment Specialist, Curriculum Designer, Professor ``` Create a comprehensive assessment for [unit/topic]. Grade level: [specify]. Include: 1) Multiple choice questions (10) testing recall and comprehension, 2) Short answer questions (5) testing understanding, 3) Essay/extended response (2) testing analysis and synthesis, 4) Performance task or practical application, 5) Answer key with point allocation, 6) Rubric for open-ended responses, 7) Alignment to learning objectives, 8) Estimated completion time, 9) Accommodations for diverse learners. ``` #### Rubric generator **Use case:** Objective grading and clear expectations **For:** Teacher, Professor, Instructional Designer, Assessment Coordinator ``` Create a detailed rubric for assessing [assignment/project type]. Include: 1) 4-6 criteria aligned to learning objectives, 2) 4 performance levels (Exemplary, Proficient, Developing, Beginning), 3) Clear descriptors for each criterion at each level, 4) Point values or percentage weights, 5) Total points possible, 6) Examples of student work at different levels (if applicable), 7) How to use rubric for self-assessment. Make criteria specific and observable. ``` #### Formative assessment strategies **Use case:** Real-time learning checks and instructional adjustments **For:** Teacher, Instructional Coach, Education Specialist, Professor ``` Design 10 quick formative assessment techniques for checking understanding of [concept/skill] during instruction. Include mix of: 1) Exit tickets (3 variations), 2) Think-pair-share prompts, 3) Quick polls or hand signals, 4) One-minute papers, 5) Concept maps or graphic organizers, 6) Digital tool options (Kahoot, Padlet, Poll Everywhere), 7) Observation checklists. For each: purpose, when to use, how to implement, time needed, and how to respond to data. ``` #### Feedback template generator **Use case:** Student feedback and growth communication **For:** Teacher, Professor, Mentor, Writing Instructor ``` Create constructive feedback templates for [assignment type]. Include templates for: 1) Exceeding expectations (what's strong + challenge), 2) Meeting expectations (affirming + growth area), 3) Approaching expectations (specific improvements needed), 4) Below expectations (support plan). Each template should: Use growth mindset language, Be specific and actionable, Connect to learning objectives, Include next steps, Maintain encouraging tone, Offer resources for improvement. Provide 3 examples for each level. ``` #### Self-assessment guide creator **Use case:** Student ownership and metacognition **For:** Teacher, Instructional Coach, Student Success Coach, Education Coordinator ``` Design a self-assessment tool for students to evaluate their [skill/project/learning]. Include: 1) 8-10 reflection questions about their process and product, 2) Checklist of success criteria, 3) Rating scale for key components, 4) Goal-setting section (strengths to build on, areas to improve), 5) Evidence collection prompts, 6) Metacognitive questions (What did you learn? What was challenging? What strategies worked?), 7) Action plan for continued growth. Appropriate for [grade level]. ``` ### Student Engagement & Support Boost student motivation, engagement, and academic support. #### Parent communication template **Use case:** Family engagement and home-school connection **For:** Teacher, School Counselor, Administrator, Special Education Teacher ``` Draft a parent communication about [topic/situation]. Tone: [positive/informative/concerning]. Include: 1) Warm, professional greeting, 2) Purpose of communication (clear and direct), 3) Specific observations or information, 4) Context or background if needed, 5) Action items or requests (if any), 6) How parent can support at home, 7) Next steps or follow-up plan, 8) Invitation for questions or meeting, 9) Appreciative closing. Keep tone collaborative and solution-focused. Provide versions for email, phone call notes, and parent conference. ``` #### Student motivation strategy **Use case:** Student engagement and academic persistence **For:** Teacher, School Counselor, Academic Coach, Mentor ``` Create motivation strategies for [student profile/challenge]. Context: [describe situation]. Generate: 1) 3 intrinsic motivation approaches (autonomy, mastery, purpose), 2) 3 extrinsic motivation approaches (rewards, recognition, feedback), 3) Goal-setting framework (SMART goals for students), 4) Progress tracking methods, 5) Celebration of small wins, 6) Connection to student interests and strengths, 7) Growth mindset messaging, 8) Peer support structures. Balance short-term wins with long-term development. ``` #### Intervention plan designer **Use case:** Response to Intervention (RTI) and student support **For:** Teacher, Special Education Teacher, Intervention Specialist, School Psychologist ``` Design a tiered intervention plan for a student struggling with [specific academic or behavioral challenge]. Include: 1) Current performance data and concerns, 2) Tier 1 (classroom-level supports) - universal strategies, 3) Tier 2 (targeted interventions) - small group or additional support, 4) Tier 3 (intensive interventions) - individualized strategies, 5) Evidence-based intervention strategies for each tier, 6) Progress monitoring tools and frequency, 7) Success criteria for moving between tiers, 8) Timeline for review, 9) Collaboration with specialists and parents. ``` #### Social-emotional learning activity **Use case:** SEL integration and whole-child development **For:** Teacher, School Counselor, SEL Coach, Youth Development Specialist ``` Create a social-emotional learning (SEL) lesson or activity focused on [SEL competency: self-awareness, self-management, social awareness, relationship skills, or responsible decision-making]. Grade: [level]. Duration: [time]. Include: 1) Learning objective tied to SEL framework, 2) Opening mindfulness or grounding activity (5 min), 3) Teaching content with examples and modeling, 4) Interactive activity or role-play, 5) Reflection questions, 6) Real-world application, 7) Take-home practice, 8) Connection to academic learning. ``` #### Culturally responsive teaching strategy **Use case:** Equity and inclusive education practices **For:** Teacher, Diversity Coordinator, Instructional Coach, Curriculum Designer ``` Develop culturally responsive teaching strategies for [lesson/unit] that honors diverse backgrounds. Include: 1) Ways to activate students' cultural knowledge and experiences, 2) Diverse perspectives and voices in content, 3) Representation in examples and materials, 4) Connections to students' communities, 5) Opportunities for students to share their cultures, 6) Inclusive classroom norms and language, 7) Examination of bias in curriculum, 8) Family and community engagement, 9) Critical consciousness development. Specific to teaching [subject]. ``` ### Professional Development & Training Design effective professional learning and adult training programs. #### Workshop design template **Use case:** Teacher professional development and staff training **For:** Instructional Coach, Professional Development Coordinator, Department Head, Training Specialist ``` Design a [duration] professional development workshop on [topic] for [audience: teachers/staff/leaders]. Include: 1) Learning objectives for participants, 2) Pre-work or readings, 3) Agenda with time blocks, 4) Opening activity to activate prior knowledge, 5) Content delivery methods (presentation, demo, discussion), 6) Active learning components (practice, collaboration, application), 7) Resources and handouts, 8) Action planning for implementation, 9) Follow-up support plan, 10) Evaluation method. Use adult learning principles. ``` #### Instructional coaching conversation guide **Use case:** Instructional coaching and peer mentoring **For:** Instructional Coach, Mentor Teacher, Department Chair, Peer Coach ``` Create a coaching conversation protocol for [coaching focus: planning, reflection, problem-solving, goal-setting]. Include: 1) Opening to establish trust and purpose, 2) 5-7 powerful coaching questions (open-ended, non-judgmental), 3) Active listening stems and paraphrasing, 4) Probing questions for deeper thinking, 5) Framework for analyzing practice (e.g., plan-teach-reflect), 6) Goal-setting template (SMART), 7) Action steps and accountability, 8) Resources to offer, 9) Closing and next steps. Maintain coaching stance, not evaluative. ``` #### Training needs assessment **Use case:** Professional learning planning and resource allocation **For:** Professional Development Director, Department Head, Training Manager, HR Learning Specialist ``` Design a needs assessment to identify professional learning priorities for [group/department]. Include: 1) Survey questions about current knowledge/skills, 2) Questions about challenges and pain points, 3) Preferred learning formats and timing, 4) Interest inventory of topics, 5) Self-rating scales on key competencies, 6) Open-ended feedback opportunities, 7) Data analysis plan (how to synthesize results), 8) How to prioritize needs, 9) Communication of findings and next steps. Balance individual and organizational needs. ``` #### Learning community facilitator guide **Use case:** Teacher collaboration and collective efficacy **For:** PLC Facilitator, Department Head, Instructional Coach, Teacher Leader ``` Create a facilitator guide for a [frequency] professional learning community (PLC) focused on [focus area]. Include: 1) PLC norms and agreements, 2) Meeting agenda template, 3) Protocols for examining student work, 4) Protocols for analyzing data, 5) Discussion prompts for collaborative inquiry, 6) Documentation templates (notes, action items), 7) Time management strategies, 8) How to handle challenging dynamics, 9) Resources for continuous learning, 10) Reflection and celebration practices. Emphasize collaborative culture and shared accountability. ``` #### E-learning course outline **Use case:** Online professional learning and certification programs **For:** Instructional Designer, E-learning Developer, Training Manager, Professional Development Coordinator ``` Design an online course outline for [topic] targeting [adult learners/professionals]. Course length: [hours/weeks]. Include: 1) Course description and outcomes, 2) Module breakdown (5-8 modules) with learning objectives, 3) Content delivery formats (video, reading, interactive), 4) Engagement strategies (discussions, peer review, reflection), 5) Assessments and application activities, 6) Resources and job aids, 7) Estimated time per module, 8) Technology requirements, 9) Support and facilitation plan, 10) Completion criteria and recognition. Apply instructional design principles. ``` --- ## AI for Founders & Startup Teams **Category:** Startup & Entrepreneurship **Prompts:** 25 **Description:** Comprehensive startup prompts covering business planning, fundraising, product development, growth strategy, and operations to accelerate your entrepreneurial journey. **Tags:** Startups, Entrepreneurship, Business Development, Fundraising, Product Management, Growth, Work Users ### Business Planning & Strategy Develop solid business foundations and strategic direction. #### Business model canvas generator **Use case:** Business model development and validation **For:** Founder, CEO, Startup Strategist, Business Development ``` Create a comprehensive Business Model Canvas for [startup idea/company]. Include detailed descriptions for: 1) Customer Segments (who are you serving?), 2) Value Propositions (what problems do you solve?), 3) Channels (how do you reach customers?), 4) Customer Relationships (how do you engage?), 5) Revenue Streams (how do you make money?), 6) Key Resources (what do you need?), 7) Key Activities (what do you do?), 8) Key Partnerships (who helps you?), 9) Cost Structure (what are your costs?). For each section, provide 3-5 specific examples. ``` #### Value proposition crafter **Use case:** Product positioning and messaging **For:** Founder, Product Manager, Marketing Lead, CEO ``` Craft a compelling value proposition for [product/service] targeting [customer segment]. Include: 1) Customer jobs (what are they trying to accomplish?), 2) Pains (obstacles, risks, frustrations), 3) Gains (desired outcomes and benefits), 4) Pain relievers (how you alleviate pains), 5) Gain creators (how you create gains), 6) Products & services offered, 7) One-sentence value proposition statement, 8) Unique differentiation from competitors, 9) Proof points or validation. Use Value Proposition Canvas framework. ``` #### Competitive analysis framework **Use case:** Market analysis and competitive strategy **For:** Founder, CEO, Strategy Lead, Product Manager ``` Conduct a competitive analysis for [your startup] in the [industry/market]. Identify 5-7 direct and indirect competitors. For each competitor analyze: 1) Company overview and positioning, 2) Products/services and pricing, 3) Target customers, 4) Strengths and competitive advantages, 5) Weaknesses and vulnerabilities, 6) Market share estimate, 7) Recent news and funding. Then provide: 8) Competitive positioning map, 9) Your differentiation strategy, 10) Threats and opportunities, 11) Competitive moat recommendations. ``` #### Market sizing calculator **Use case:** Market opportunity assessment and investor presentations **For:** Founder, CEO, Finance Lead, Strategy Lead ``` Calculate Total Addressable Market (TAM), Serviceable Addressable Market (SAM), and Serviceable Obtainable Market (SOM) for [product/service] in [geography/market]. Include: 1) TAM calculation (top-down and bottom-up approaches), 2) SAM definition and calculation, 3) SOM estimate with market share assumptions, 4) Market growth rate and trends, 5) Market segmentation breakdown, 6) Assumptions and data sources used, 7) Year 1-5 revenue projections, 8) Key market drivers, 9) Market risks and constraints. Show calculations clearly. ``` #### Go-to-market strategy planner **Use case:** Product launch and market entry planning **For:** Founder, CEO, Marketing Lead, Sales Lead ``` Develop a go-to-market (GTM) strategy for launching [product/service]. Target market: [description]. Include: 1) Market segmentation and ideal customer profile, 2) Positioning and messaging framework, 3) Pricing strategy and model, 4) Distribution channels and partnerships, 5) Sales strategy (inbound/outbound/hybrid), 6) Marketing channels and tactics, 7) Customer acquisition plan, 8) Launch timeline and milestones, 9) Success metrics and KPIs, 10) Budget allocation across channels, 11) First 90 days action plan. ``` ### Fundraising & Pitch Development Craft compelling pitches and navigate the fundraising process. #### Pitch deck outline creator **Use case:** Investor presentations and fundraising **For:** Founder, CEO, Startup Fundraiser, CFO ``` Create a comprehensive pitch deck outline for [startup name] raising [round type and amount]. Include slide-by-slide breakdown: 1) Cover slide (company name, tagline, contact), 2) Problem (the pain you're solving), 3) Solution (your product/service), 4) Why Now (market timing and urgency), 5) Market Opportunity (TAM/SAM/SOM), 6) Product Demo (how it works), 7) Business Model (how you make money), 8) Traction (metrics and milestones), 9) Competition (why you'll win), 10) Team (why you're the right founders), 11) Financials (projections), 12) Ask (what you're raising and use of funds). Include key points and talking points for each slide. ``` #### Investor email template **Use case:** Investor outreach and networking **For:** Founder, CEO, Fundraising Lead ``` Write a cold outreach email to [investor type: VC/angel/seed fund] for [your startup]. Context: [how you found them, why they're relevant]. Include: 1) Compelling subject line (under 50 chars), 2) Personal connection or warm intro mention if applicable, 3) One-sentence company description, 4) The problem and your solution (2-3 sentences), 5) Impressive traction or unique insight, 6) Why this investor specifically, 7) Clear ask (intro call, meeting, coffee), 8) Social proof or credibility markers. Keep under 150 words total. Professional but personable tone. ``` #### Financial model builder **Use case:** Financial planning and investor due diligence **For:** Founder, CFO, Finance Lead, CEO ``` Create a 5-year financial projection model for [startup]. Business model: [SaaS/marketplace/e-commerce/etc.]. Include: 1) Revenue model and pricing assumptions, 2) Customer acquisition cost (CAC) and lifetime value (LTV), 3) Unit economics breakdown, 4) Monthly recurring revenue (MRR) growth, 5) Operating expenses by category (salaries, marketing, R&D, G&A), 6) Headcount plan by function, 7) Cash flow statement, 8) Key metrics (burn rate, runway, break-even), 9) Funding requirements and use of funds, 10) Sensitivity analysis on key assumptions. Format in yearly and quarterly views. ``` #### One-pager / executive summary **Use case:** Investor meetings and quick introductions **For:** Founder, CEO, Fundraising Lead ``` Write a compelling one-pager for [startup name]. Length: 1 page max. Include: 1) Header (company name, tagline, logo placement, contact info), 2) The Opportunity (problem and market size) - 2-3 sentences, 3) The Solution (what you've built and how it works) - 3-4 sentences, 4) Traction & Milestones (key metrics and achievements) - bullet points, 5) Business Model (how you make money) - 2 sentences, 6) Competitive Advantage (your moat) - 2 sentences, 7) Team Highlights (founder backgrounds) - 1-2 sentences, 8) The Ask (funding amount, use of funds) - 2 sentences. Designed to be left behind after meetings or sent as PDF. ``` #### Due diligence preparation checklist **Use case:** Investor due diligence and deal closing **For:** Founder, CEO, CFO, Legal Counsel ``` Create a due diligence preparation checklist for [funding round]. Organize documents needed in: 1) Corporate (incorporation docs, cap table, contracts), 2) Financial (bank statements, tax returns, financial models), 3) Legal (IP assignments, employment agreements, NDAs), 4) Product/Technology (product roadmap, tech stack, security), 5) Market & Customers (customer contracts, case studies, pipeline), 6) Team (org chart, advisor agreements, HR policies), 7) Metrics (KPI dashboards, user analytics). For each category: specific documents needed, who's responsible for gathering, current status, location/storage. ``` ### Product Development & MVP Build and validate your minimum viable product efficiently. #### MVP feature prioritization **Use case:** Product roadmap and scope definition **For:** Founder, Product Manager, CTO, Technical Lead ``` Prioritize features for the minimum viable product (MVP) of [product idea]. List [10-15 potential features]. For each feature evaluate: 1) User value (1-10 scale), 2) Business value (1-10 scale), 3) Development effort (1-10 scale, 10=highest effort), 4) Risk/uncertainty (high/medium/low), 5) Dependencies on other features. Then: 6) Calculate priority score (value/effort), 7) Recommend Must-Have (for MVP), Should-Have (next iteration), and Nice-to-Have (future), 8) Justify why Must-Have features are essential, 9) Define success criteria for MVP launch. ``` #### User story generator **Use case:** Agile development and engineering handoff **For:** Product Manager, Founder, Engineering Lead, Scrum Master ``` Write comprehensive user stories for [feature/product area]. Format each as: 'As a [user type], I want to [action], so that [benefit].' For [5-7 user stories] include: 1) User story statement, 2) Acceptance criteria (3-5 specific, testable conditions), 3) Priority (P0/P1/P2), 4) Estimated effort (story points or t-shirt size), 5) Dependencies and blockers, 6) UI/UX notes or mockup references, 7) Technical considerations, 8) Edge cases to handle. Organize by user flow or feature area. ``` #### Customer validation interview guide **Use case:** Customer development and problem validation **For:** Founder, Product Manager, Customer Research Lead, UX Researcher ``` Create a customer discovery interview guide for validating [problem/solution hypothesis]. Target interviewees: [customer segment]. Include: 1) Introduction and rapport building (3 min), 2) Background questions about their current situation (5 min), 3) Problem exploration questions (10 min) - understand pain points, 4) Current solution questions (how they solve it today), 5) Solution presentation and feedback (10 min), 6) Pricing discussion (willingness to pay), 7) Closing questions (referrals, follow-up), 8) Post-interview notes template. 40-45 min total. Focus on learning, not selling. ``` #### Product requirements document (PRD) **Use case:** Product specification and team alignment **For:** Product Manager, Founder, Engineering Manager, Designer ``` Write a comprehensive PRD for [feature/product]. Include: 1) Overview and objectives (what and why), 2) Success metrics and KPIs, 3) User personas and use cases, 4) User stories and acceptance criteria, 5) Functional requirements (what it must do), 6) Non-functional requirements (performance, security, scalability), 7) Design and UX considerations, 8) Technical architecture overview, 9) Dependencies and integrations, 10) Out of scope (what we're NOT building), 11) Launch plan and rollout strategy, 12) Open questions and decisions needed. ``` #### Beta program launcher **Use case:** Product testing and user feedback **For:** Product Manager, Founder, Growth Lead, Customer Success ``` Design a beta testing program for [product/feature]. Include: 1) Beta program goals and what you're testing, 2) Ideal beta user profile and recruitment strategy, 3) Number of beta users needed, 4) Application/screening process, 5) Onboarding process for beta users, 6) What access/features they get, 7) Feedback collection methods (surveys, interviews, in-app), 8) Communication plan (kickoff, updates, wrap-up), 9) Incentives or benefits for participants, 10) Timeline and milestones, 11) Success criteria for moving to general availability, 12) Risk mitigation plan. ``` ### Growth & Marketing Scale customer acquisition and drive sustainable growth. #### Growth experiment framework **Use case:** Growth hacking and data-driven optimization **For:** Growth Lead, Founder, Product Manager, Marketing Lead ``` Design a growth experiment to test [hypothesis] for improving [metric]. Include: 1) Hypothesis statement (If we [change], then [expected outcome], because [reasoning]), 2) Success metric and target (e.g., +15% conversion), 3) Experiment design (A/B test, cohort analysis, etc.), 4) What you'll change (treatment), 5) Sample size needed and duration, 6) How you'll measure results, 7) Resources and effort required, 8) Potential risks, 9) Learning goals (what you'll learn if it fails), 10) Next steps if successful, 11) ICE score (Impact, Confidence, Ease). Use scientific method approach. ``` #### Customer acquisition channel strategy **Use case:** Marketing strategy and channel planning **For:** Growth Lead, Marketing Lead, Founder, CEO ``` Evaluate and prioritize customer acquisition channels for [startup] targeting [customer segment]. Analyze these channels: [list 8-10 channels: content marketing, paid social, SEO, partnerships, etc.]. For each channel rate: 1) Potential volume/reach (1-10), 2) Cost efficiency (CAC estimate), 3) Speed to results (immediate to 6+ months), 4) Competitive intensity, 5) Fit with target customer, 6) Resource requirements. Then recommend: 7) Top 3 channels to focus on, 8) Channel mix and budget allocation, 9) First 90-day action plan, 10) Key metrics to track per channel. ``` #### Landing page copy optimizer **Use case:** Conversion optimization and acquisition **For:** Growth Lead, Marketing Lead, Copywriter, Founder ``` Write high-converting landing page copy for [product/offer] targeting [audience]. Include: 1) Headline (clear value prop, under 10 words), 2) Subheadline (supporting detail, under 20 words), 3) Hero section copy (pain point + solution, 2-3 sentences), 4) Social proof section (testimonials, logos, stats), 5) Features/benefits (3-5 key points with icons), 6) How it works (3-step process), 7) Objection handling (FAQ or key concerns), 8) Pricing or plan comparison (if applicable), 9) Call-to-action (primary CTA copy, 2-4 words), 10) Urgency/scarcity element. Use persuasive copywriting frameworks (PAS, AIDA). ``` #### Referral program designer **Use case:** Viral growth and customer acquisition **For:** Growth Lead, Founder, Product Manager, Marketing Lead ``` Design a referral program for [product/service]. Include: 1) Program goals and success metrics, 2) Referral incentive structure (what referrer gets, what referred gets), 3) Reward options (discount, credit, cash, features), 4) Eligibility and rules, 5) How referrals are tracked, 6) Referral flow/user experience, 7) Marketing messaging (why refer?), 8) Promotional plan (email, in-app, social), 9) Fraud prevention measures, 10) Budget and cost modeling, 11) Legal/compliance considerations, 12) Comparison to 3 successful referral programs in similar industries. ``` #### Content marketing calendar **Use case:** Content strategy and SEO **For:** Content Lead, Marketing Lead, Founder, Growth Lead ``` Create a 90-day content marketing calendar for [startup] targeting [buyer personas]. Content goals: [awareness/education/conversion]. For each week include: 1) Primary content piece (blog post, video, podcast topic), 2) Content title and angle, 3) Target keywords and SEO focus, 4) Distribution channels (where to publish/promote), 5) Supporting content pieces (social posts, emails, repurposing), 6) Content format (guide, case study, how-to, thought leadership), 7) Calls-to-action, 8) Resources needed and owner. Balance educational, thought leadership, and promotional content. Align to customer journey stages. ``` ### Operations & Team Building Build efficient operations and high-performing teams. #### OKR framework builder **Use case:** Goal setting and strategic alignment **For:** Founder, CEO, COO, Team Lead ``` Create quarterly OKRs (Objectives and Key Results) for [team/company]. Time period: [Q# YEAR]. Include: 1) 3-5 company-level Objectives (inspirational, qualitative goals), 2) For each Objective, 3-4 Key Results (measurable, time-bound outcomes with targets), 3) Department/team-level OKRs aligned to company OKRs, 4) Confidence level (1-10) for achieving each KR, 5) Owner for each Objective, 6) Dependencies between OKRs, 7) How you'll track progress (weekly/biweekly), 8) Success criteria (what does 70% vs 100% achievement look like?). Follow OKR best practices. ``` #### Hiring plan and job description **Use case:** Talent acquisition and team building **For:** Founder, CEO, Head of People, Hiring Manager ``` Create a comprehensive job description for [role] at [startup stage]. Include: 1) Role title and level, 2) Why this role matters (mission and impact), 3) What you'll do (5-7 key responsibilities), 4) What we're looking for (must-have qualifications), 5) Nice-to-haves (preferred skills), 6) What success looks like in first 30/60/90 days, 7) Team structure and reporting relationship, 8) Perks and culture highlights, 9) Compensation range (if including), 10) How to apply. Also include: 11) Interview process outline, 12) Scorecard for evaluating candidates, 13) Ideal candidate profile. ``` #### Startup runbook creator **Use case:** Process documentation and operational efficiency **For:** COO, Founder, Operations Manager, Team Lead ``` Create a runbook/playbook for [process/function] at [startup]. Examples: sales process, customer onboarding, crisis management. Include: 1) Overview and purpose, 2) When to use this runbook, 3) Step-by-step process (numbered, detailed), 4) Roles and responsibilities (RACI), 5) Tools and systems needed, 6) Templates and resources, 7) Decision trees for common scenarios, 8) Metrics and KPIs to track, 9) Common mistakes to avoid, 10) Escalation procedures, 11) FAQ section, 12) Version control and update process. Make it easily shareable and actionable. ``` #### Startup culture and values definer **Use case:** Company culture and team alignment **For:** Founder, CEO, Head of People, Culture Lead ``` Define company culture and core values for [startup name]. Include: 1) 4-6 core values (one-word or short phrase each), 2) Detailed description of what each value means, 3) Behaviors that exemplify each value, 4) Behaviors that violate each value, 5) How values guide decision-making (examples), 6) How to assess values fit in hiring, 7) How to reinforce values in daily operations, 8) Recognition and reward systems tied to values, 9) Culture 'anti-patterns' to avoid, 10) How culture evolves as you scale. Make values authentic to your team, not generic. ``` #### Investor update template **Use case:** Investor relations and stakeholder communication **For:** Founder, CEO, CFO ``` Create a monthly/quarterly investor update for [startup]. Include sections: 1) TL;DR (3 bullet highlights), 2) Key Metrics Dashboard (MRR, users, growth rates, burn, runway), 3) Progress since last update (wins and milestones), 4) Challenges and learnings (transparency on what's hard), 5) Product updates (shipped features, roadmap), 6) Team updates (hires, departures), 7) Fundraising status (if applicable), 8) Key priorities for next period, 9) Asks (how investors can help: intros, advice, etc.). Tone: honest, data-driven, concise. Target length: 500-800 words or 2-3 pages. ``` --- ## AI for Policy, Ethics & Governance Professionals **Category:** Policy & Public Sector **Prompts:** 20 **Description:** Comprehensive prompts for AI ethicists, policy analysts, and governance professionals covering responsible AI, regulatory frameworks, policy development, and ethical impact assessment. **Tags:** AI Ethics, Policy, Governance, Compliance, Public Sector, Regulatory, Work Users ### AI Ethics & Responsible AI Assess ethical implications, identify biases, and ensure responsible AI deployment. #### AI bias assessment framework **Use case:** Bias auditing and fairness assessment **For:** AI Ethicist, AI Safety Researcher, Responsible AI Program Manager, AI Governance Manager, Data Ethics Officer ``` Analyze [AI system/model name] for potential biases. Context: [describe system purpose and application]. Provide: 1) Data bias assessment (training data sources, representation gaps, historical biases), 2) Algorithmic bias analysis (decision-making patterns, protected characteristics impact), 3) Output bias evaluation (disparate outcomes across demographics), 4) Mitigation strategies with specific technical recommendations, 5) Ongoing monitoring metrics and thresholds, 6) Stakeholder communication plan for findings. ``` #### Ethical impact assessment template **Use case:** Pre-deployment ethical review and risk assessment **For:** AI Ethicist, Policy Analyst, Responsible AI Program Manager, Technology Ethics Consultant, Digital Rights Advocate ``` Create an ethical impact assessment for [AI application/system] in [sector/domain]. Target population: [describe affected groups]. Include: 1) Stakeholder mapping and rights analysis, 2) Potential benefits and risks by stakeholder group, 3) Autonomy and consent considerations, 4) Privacy and data protection implications, 5) Fairness and non-discrimination evaluation, 6) Transparency and explainability requirements, 7) Accountability mechanisms and redress options, 8) Mitigation strategies prioritized by severity and likelihood. ``` #### Algorithmic transparency report **Use case:** Public accountability and regulatory compliance **For:** AI Ethicist, AI Governance Manager, Policy Analyst, Regulatory Affairs Manager, Government Technology Advisor ``` Draft an algorithmic transparency report for [AI system name] used for [purpose]. Audience: [public/regulators/stakeholders]. Include: 1) System overview and intended use cases, 2) Data sources and training methodology, 3) Model architecture and decision-making logic (in accessible language), 4) Performance metrics and accuracy rates across demographics, 5) Known limitations and failure modes, 6) Human oversight and intervention points, 7) Appeals and redress processes, 8) Regular audit and update schedule. Use plain language suitable for non-technical readers. ``` #### Responsible AI principles framework **Use case:** Organizational AI ethics framework development **For:** AI Ethicist, Responsible AI Program Manager, Chief Ethics Officer, AI Governance Manager, Policy Director ``` Develop responsible AI principles for [organization/jurisdiction]. Context: [sector, size, risk profile]. Create: 1) 5-7 core principles with clear definitions, 2) Principle-to-practice guidelines for each, 3) Measurable success criteria and KPIs, 4) Governance structure and accountability assignments, 5) Implementation roadmap with phases, 6) Training and capacity building requirements, 7) Monitoring and reporting mechanisms, 8) Stakeholder engagement process. Align with international frameworks (EU AI Act, OECD AI Principles, UNESCO Recommendation). ``` #### AI fairness metrics selector **Use case:** Fairness measurement and monitoring design **For:** AI Ethicist, AI Safety Researcher, Data Scientist, Responsible AI Program Manager, Regulatory Affairs Manager ``` Recommend appropriate fairness metrics for [AI application] in [context]. Protected characteristics: [list relevant attributes]. Use case requirements: [describe]. Provide: 1) Analysis of applicable fairness definitions (demographic parity, equalized odds, individual fairness, etc.), 2) Recommended primary and secondary metrics with justification, 3) Trade-offs and tensions between metrics, 4) Measurement methodology and data requirements, 5) Baseline and target thresholds, 6) Continuous monitoring strategy, 7) Stakeholder communication of results. Consider legal requirements and sector-specific standards. ``` ### Policy Development & Analysis Draft policies, analyze regulations, and develop evidence-based recommendations. #### AI policy brief generator **Use case:** Evidence-based policy development and advocacy **For:** Policy Analyst, Tech Policy Researcher, Government Technology Advisor, Legislative Counsel, Policy Director ``` Create a policy brief on [AI policy issue] for [target audience: legislators/executives/public]. Context: [jurisdiction, current situation]. Include: 1) Executive summary (1 paragraph), 2) Problem statement with evidence and data, 3) Policy landscape analysis (existing regulations, gaps), 4) Stakeholder positions and interests, 5) 3-5 policy options with pros/cons/feasibility, 6) Recommended approach with implementation steps, 7) Expected impacts and evaluation metrics, 8) Fiscal implications and resource requirements, 9) Timeline and key milestones. Maximum 4 pages, use clear headings and data visualizations suggestions. ``` #### Regulatory impact analysis **Use case:** Regulatory analysis and stakeholder impact assessment **For:** Policy Analyst, Regulatory Affairs Manager, Tech Policy Researcher, Government Technology Advisor, Industry Association Director ``` Analyze the impact of [proposed AI regulation/law] on [sector/industry/stakeholders]. Jurisdiction: [location]. Provide: 1) Regulatory requirements summary, 2) Affected stakeholders and compliance obligations, 3) Implementation costs and resource needs (by stakeholder type), 4) Operational impacts and process changes required, 5) Competitive effects and market implications, 6) Innovation impacts (positive and negative), 7) Compliance timeline and readiness assessment, 8) Unintended consequences and mitigation strategies, 9) Recommendations for policymakers. Include quantitative estimates where possible. ``` #### Comparative policy analysis **Use case:** Cross-jurisdictional policy learning and benchmarking **For:** Policy Analyst, Tech Policy Researcher, Government Technology Advisor, International Policy Advisor, Legislative Counsel ``` Compare AI policies across [list 3-5 jurisdictions] on [specific issue: data governance/algorithmic accountability/high-risk AI/etc.]. Provide: 1) Policy summary table with key provisions, 2) Regulatory approaches and philosophies, 3) Scope and definitions comparison, 4) Enforcement mechanisms and penalties, 5) Compliance requirements and timelines, 6) Strengths and weaknesses of each approach, 7) Best practices and lessons learned, 8) Harmonization opportunities and barriers, 9) Recommendations for [target jurisdiction]. Include regulatory text citations. ``` #### Stakeholder consultation framework **Use case:** Inclusive policy development and public engagement **For:** Policy Analyst, Government Technology Advisor, Public Engagement Officer, Digital Rights Advocate, Policy Director ``` Design a stakeholder consultation process for [AI policy initiative]. Policy scope: [describe]. Stakeholders: [list key groups]. Create: 1) Consultation objectives and key questions, 2) Stakeholder mapping with engagement strategy per group, 3) Consultation methods (surveys, workshops, hearings, submissions), 4) Timeline and phases, 5) Communication and outreach plan, 6) Accessibility and inclusion measures, 7) Data collection and analysis methodology, 8) Feedback synthesis and reporting approach, 9) How input will inform final policy. Ensure diverse voices and marginalized communities are included. ``` #### AI legislation drafting guide **Use case:** AI law and regulation drafting **For:** Legislative Counsel, Policy Analyst, Government Technology Advisor, Tech Policy Researcher, Parliamentary Legal Advisor ``` Draft legislative language for [AI regulation objective] in [jurisdiction]. Legal system: [common law/civil law]. Include: 1) Preamble and legislative intent, 2) Definitions section (AI system, high-risk, provider, deployer, etc.), 3) Scope and applicability, 4) Core obligations and requirements, 5) Enforcement authority and mechanisms, 6) Penalties and sanctions, 7) Rights of affected persons, 8) Transition and implementation provisions, 9) Review and sunset clauses. Use clear, enforceable language. Flag potential constitutional or legal conflicts. ``` ### Governance & Compliance Build governance frameworks, ensure compliance, and manage AI-related risks. #### AI governance framework builder **Use case:** Enterprise AI governance design and implementation **For:** AI Governance Manager, Chief AI Officer, Responsible AI Program Manager, Chief Risk Officer, Compliance Officer ``` Design an AI governance framework for [organization/government agency]. Size: [small/medium/large]. Risk profile: [low/medium/high]. AI use cases: [list 3-5 applications]. Include: 1) Governance structure (committees, roles, reporting lines), 2) AI lifecycle governance (development, deployment, monitoring, retirement), 3) Risk assessment and classification methodology, 4) Review and approval processes by risk tier, 5) Documentation and record-keeping requirements, 6) Accountability and oversight mechanisms, 7) Stakeholder engagement protocols, 8) Incident response and escalation procedures, 9) Training and capability development, 10) Performance metrics and reporting. Align with ISO 42001 or similar standards. ``` #### AI regulatory compliance mapper **Use case:** Multi-jurisdiction regulatory compliance planning **For:** Compliance Officer, Regulatory Affairs Manager, AI Governance Manager, Legal Counsel, Chief Risk Officer ``` Map compliance requirements for [organization] across [list applicable regulations: GDPR, EU AI Act, state AI laws, sector regulations]. AI applications: [describe]. Create: 1) Regulation applicability matrix by AI system, 2) Compliance obligations checklist per regulation, 3) Documentation and evidence requirements, 4) Gap analysis against current practices, 5) Remediation priorities and action plan, 6) Roles and responsibilities for compliance, 7) Compliance verification and audit strategy, 8) Timeline and milestones, 9) Budget and resource estimates. Highlight overlaps and conflicts between regulations. ``` #### AI risk assessment template **Use case:** AI risk management and mitigation **For:** AI Governance Manager, Chief Risk Officer, AI Safety Researcher, Responsible AI Program Manager, Compliance Officer ``` Conduct a comprehensive risk assessment for [AI system] in [application domain]. Deployment context: [describe]. Provide: 1) Risk identification across dimensions (safety, rights, discrimination, privacy, security), 2) Likelihood and severity rating for each risk, 3) Risk prioritization matrix, 4) Existing controls and residual risk, 5) Risk mitigation strategies (preventive and detective), 6) Monitoring and early warning indicators, 7) Contingency and incident response plans, 8) Risk ownership and accountability, 9) Review and reassessment schedule. Use standard risk frameworks (ISO 31000, NIST AI RMF). ``` #### AI vendor due diligence checklist **Use case:** AI vendor evaluation and procurement **For:** AI Governance Manager, Procurement Officer, Compliance Officer, Chief Technology Officer, Legal Counsel ``` Create a due diligence checklist for procuring AI systems from [vendor/type of vendor]. Use case: [describe application]. Include: 1) Technical capabilities and performance validation, 2) Data governance and privacy practices, 3) Bias and fairness testing evidence, 4) Transparency and explainability provisions, 5) Security and reliability measures, 6) Compliance certifications and attestations, 7) Contractual protections (warranties, liability, audit rights), 8) Ongoing monitoring and reporting commitments, 9) Exit and data portability provisions, 10) Vendor financial stability and support capability. Provide red flags and must-have requirements. ``` #### AI audit protocol designer **Use case:** AI system auditing and assurance **For:** AI Governance Manager, Internal Auditor, Compliance Officer, AI Ethicist, Third-Party Auditor ``` Design an audit protocol for [AI system/AI program]. Audit scope: [technical/ethical/compliance/operational]. Frequency: [one-time/annual/continuous]. Create: 1) Audit objectives and success criteria, 2) Audit scope and boundaries, 3) Documentation and evidence to review, 4) Testing and validation procedures, 5) Stakeholder interviews and survey questions, 6) Audit criteria and benchmarks, 7) Findings classification (critical/major/minor), 8) Reporting format and audience, 9) Remediation tracking and follow-up, 10) Auditor qualifications and independence requirements. Include sample audit checklist. ``` ### Public Engagement & Communication Engage stakeholders, communicate complex AI issues, and build public trust. #### Public AI consultation designer **Use case:** Democratic AI policymaking and civic engagement **For:** Public Engagement Officer, Policy Analyst, Government Technology Advisor, Digital Rights Advocate, Community Liaison ``` Design a public consultation on [AI policy/initiative] for [jurisdiction/organization]. Target participants: [general public/affected communities/experts]. Create: 1) Consultation objectives and scope, 2) Background materials in plain language (policy summary, key issues, questions), 3) Consultation questions and prompts, 4) Engagement channels (online platform, town halls, workshops, written submissions), 5) Accessibility measures (language, disability, digital divide), 6) Outreach strategy to reach underrepresented groups, 7) Timeline and milestones, 8) Analysis and synthesis methodology, 9) How feedback will be used and communicated back, 10) Budget and resource requirements. ``` #### AI policy explainer **Use case:** Policy communication and public education **For:** Policy Communications Officer, Public Engagement Officer, Policy Analyst, Government Technology Advisor, Media Relations Manager ``` Explain [complex AI policy/regulation] for [target audience: general public/small businesses/non-technical policymakers]. Topic: [describe]. Create: 1) Plain language summary (200 words max), 2) What it means for [audience] - practical implications, 3) Key requirements or changes, 4) Timeline and deadlines, 5) Common questions and answers (FAQ), 6) Where to find more information and support, 7) Real-world examples and scenarios, 8) Visual aids suggestions (infographics, flowcharts). Avoid jargon; use analogies and simple language. ``` #### AI ethics case study analyzer **Use case:** Ethics education and professional training **For:** AI Ethicist, Technology Ethics Educator, Policy Analyst, AI Safety Researcher, Professional Trainer ``` Analyze the ethical dimensions of [AI case study/incident]. Context: [describe what happened]. Provide: 1) Factual summary and timeline, 2) Stakeholders affected and harms experienced, 3) Ethical issues and principles violated, 4) Root causes (technical, organizational, policy), 5) What could have been done differently (prevention and mitigation), 6) Lessons learned and best practices, 7) Policy and governance implications, 8) Discussion questions for educational use. Present in narrative format suitable for classroom or workshop use. ``` #### Stakeholder impact report **Use case:** Accountability reporting and impact evaluation **For:** Policy Analyst, AI Governance Manager, Government Technology Advisor, Program Evaluator, Public Affairs Director ``` Create a stakeholder impact report for [AI policy/system/initiative] covering [time period]. Stakeholder groups: [list]. Include: 1) Executive summary of key impacts, 2) Impact assessment by stakeholder group (benefits, harms, distributional effects), 3) Quantitative metrics and data (with demographics), 4) Qualitative feedback and testimonials, 5) Unintended consequences identified, 6) Equity and inclusion analysis, 7) Lessons learned and recommendations, 8) Action items and accountability, 9) Future monitoring plan. Use data visualization and accessible formatting. ``` #### AI policy advocacy strategy **Use case:** Policy advocacy and influence campaigns **For:** Digital Rights Advocate, Policy Director, Civil Society Leader, Policy Analyst, Government Relations Manager ``` Develop an advocacy strategy for [policy objective] targeting [decision-makers: legislators/regulators/executives]. Issue: [describe]. Timeline: [campaign duration]. Create: 1) Advocacy goals and theory of change, 2) Target decision-makers and influence mapping, 3) Key messages and narrative framing, 4) Evidence base and supporting research, 5) Coalition partners and stakeholder allies, 6) Tactics and activities (lobbying, public campaigns, media, events), 7) Communications plan and materials needed, 8) Timeline and milestones, 9) Budget and resources, 10) Success metrics and evaluation. Include counter-arguments and responses. ``` --- ## 🎄 Holiday Special **Category:** Seasonal **Prompts:** 39 **Description:** Festive prompts for your end-of-year projects, team celebrations, and holiday content **Tags:** holiday, christmas, year-end, festive, celebration, new year, seasonal, winter ### 🎁 Year-End Reviews Prompts for annual reviews and reflections #### Annual Performance Review **Use case:** Year-end employee evaluations **For:** Manager, HR Professional ``` Help me write a comprehensive year-end performance review for [employee name]. Include: 1) Key achievements and milestones from 2025, 2) Areas of growth and improvement, 3) Goals met vs. goals set, 4) Skills developed, 5) Collaboration and team contributions, 6) Recommendations for 2026 goals, 7) Professional development opportunities. Keep the tone constructive, balanced, and forward-looking. ``` #### Year in Review Blog Post **Use case:** Annual company retrospective content **For:** Marketer, Content Creator ``` Create an engaging 'Year in Review' blog post for [company/project]. Include: 1) Major milestones and achievements, 2) Challenges overcome, 3) Key metrics and growth numbers, 4) Team highlights and celebrations, 5) Customer success stories, 6) Lessons learned, 7) Sneak peek at 2026 plans. Add a festive tone while maintaining professionalism. ``` #### Personal Reflection Template **Use case:** Personal growth and reflection **For:** Manager, Developer, Content Creator ``` Guide me through a personal year-end reflection for 2025. Include prompts for: 1) Top 10 achievements (personal & professional), 2) Biggest challenges and how I overcame them, 3) New skills or knowledge gained, 4) Relationships built or strengthened, 5) Habits formed or broken, 6) Moments of gratitude, 7) Lessons that will shape 2026, 8) Three words to describe my year. ``` ### 🎅 Holiday Communications Festive messages and announcements #### Holiday Email to Clients **Use case:** Client relationship management **For:** Manager, Marketer ``` Write a warm holiday greeting email to our clients. Include: 1) Gratitude for their partnership in 2025, 2) Brief highlight of our collaboration successes, 3) Holiday wishes for them and their teams, 4) Office closure dates if applicable, 5) Emergency contact info, 6) Excitement for continued partnership in 2026. Keep it professional yet heartfelt, around 200 words. ``` #### Team Holiday Party Invitation **Use case:** Team event planning **For:** HR Professional, Manager ``` Create a fun and engaging invitation for our team holiday party. Include: Date: [date], Time: [time], Location: [venue/virtual link], Dress code: [festive/casual], Activities planned, RSVP details, Any gift exchange info, Dietary accommodations note. Make it exciting and inclusive for all team members regardless of which holidays they celebrate. ``` #### LinkedIn Holiday Post **Use case:** Professional networking and personal brand **For:** Marketer, Content Creator, Manager ``` Craft a professional yet warm LinkedIn post for the holiday season. Include: 1) Reflection on industry/professional growth in 2025, 2) Gratitude to network and connections, 3) Key learnings or insights from the year, 4) Holiday wishes, 5) Optimistic outlook for 2026. Add relevant emojis and keep it under 300 words. Include 3-5 relevant hashtags. ``` ### 🎊 Sprint & Project Wrap-ups Technical year-end reviews and planning #### Q4 Sprint Retrospective **Use case:** Agile team retrospectives **For:** Developer, Manager ``` Facilitate a year-end sprint retrospective for our development team. Cover: 1) Q4 sprint achievements and velocity trends, 2) Technical debt addressed vs accumulated, 3) Bug resolution rates and quality metrics, 4) Team collaboration highlights, 5) Process improvements implemented, 6) Tools or technologies adopted, 7) Challenges and blockers faced, 8) Action items for Q1 2026. Format as agenda with discussion prompts. ``` #### Tech Stack Year-End Audit **Use case:** Technical planning and governance **For:** Developer, Manager ``` Conduct a comprehensive year-end audit of our tech stack. Analyze: 1) Current technologies and versions in use, 2) Performance metrics and bottlenecks identified, 3) Security vulnerabilities addressed and pending, 4) Technical debt prioritization, 5) Deprecation warnings and upgrade needs, 6) Cost analysis of tools and services, 7) Recommendations for 2026 improvements, 8) Training needs for team. Present findings in a clear, actionable format. ``` #### Holiday Code Freeze Plan **Use case:** Release management and operations **For:** Developer, Manager ``` Create a detailed holiday code freeze plan for December 23, 2025 - January 2, 2026. Include: 1) Final deployment schedule before freeze, 2) Critical bugs triage process, 3) On-call rotation schedule, 4) Emergency hotfix procedures, 5) Rollback protocols, 6) Communication plan for incidents, 7) Documentation of system states, 8) January 3rd resumption checklist. Ensure 24/7 coverage while respecting holiday time off. ``` ### 🎨 Holiday Marketing Content Festive content creation prompts #### 12 Days of Christmas Campaign **Use case:** Seasonal marketing campaigns **For:** Marketer, Content Creator ``` Design a '12 Days of [Industry/Product]' social media campaign. For each day, create: 1) Themed content idea related to our brand, 2) Visual concept description, 3) Caption with holiday pun or reference, 4) Relevant hashtags, 5) Call-to-action, 6) Cross-platform adaptation notes. Ensure inclusive language that resonates with diverse audiences. Provide all 12 days with variety in content types. ``` #### Holiday Gift Guide **Use case:** Sales enablement and content marketing **For:** Marketer, Content Creator ``` Create a holiday gift guide featuring our products/services. Structure: 1) Catchy intro about gift-giving stress, 2) Categories (by budget, by recipient type, by interest), 3) 3-5 items per category with descriptions, 4) Why each makes a perfect gift, 5) Special holiday bundles or discounts, 6) Gift wrapping or delivery options, 7) Last-minute digital gift ideas, 8) Cheerful closing with order deadlines. ``` #### New Year Resolution Content Series **Use case:** New year content planning **For:** Marketer, Content Creator ``` Develop a 5-part content series about [industry-relevant] New Year resolutions. Each part should include: 1) Catchy title with number (e.g., '5 Ways to...'), 2) Problem/pain point introduction, 3) Actionable solutions using our product/service, 4) Real example or case study, 5) Quick tip or hack, 6) Encouraging call-to-action, 7) Relevant resources or tools. Make it inspirational yet practical. ``` ### 🎯 2026 Planning Prompts Strategic planning for the new year #### Q1 2026 OKRs **Use case:** Strategic planning and goal setting **For:** Manager ``` Help me draft Q1 2026 OKRs for [team/department]. For 3-5 objectives, include: 1) Clear, inspiring objective statement, 2) 3-4 measurable key results each, 3) Alignment with company annual goals, 4) Dependencies and risks, 5) Required resources or budget, 6) Success metrics and tracking method, 7) Monthly milestone checkpoints. Ensure OKRs are ambitious yet achievable. ``` #### Team Kickoff Presentation **Use case:** Team alignment and motivation **For:** Manager ``` Create an outline for a 2026 team kickoff presentation (January). Include: 1) 2025 celebration and achievements (5 min), 2) Lessons learned and improvements (5 min), 3) 2026 vision and goals (10 min), 4) Q1 priorities and roadmap (10 min), 5) New processes or tools introduction (5 min), 6) Team member spotlights and role changes (5 min), 7) Q&A and discussion (10 min). Add speaker notes and engagement activities. ``` #### Budget Planning Assistant **Use case:** Financial planning and budgeting **For:** Manager ``` Guide me through 2026 budget planning for [department]. Address: 1) 2025 budget analysis (actual vs planned), 2) Fixed costs and commitments for 2026, 3) Growth initiatives and required investment, 4) Cost optimization opportunities, 5) Risk buffers and contingencies, 6) Quarterly allocation breakdown, 7) ROI projections for major expenses, 8) Approval process and timeline. Format as a working document with clear categories. ``` ### 📚 Education & Learning Holiday-themed prompts for educators and students #### End-of-Semester Student Feedback **Use case:** Student progress reports and feedback **For:** Teacher, Educator ``` Create a comprehensive end-of-semester feedback template for [subject/grade level]. Include: 1) Academic progress summary with specific examples, 2) Strengths demonstrated this semester, 3) Areas for growth with actionable suggestions, 4) Participation and engagement observations, 5) Social-emotional development notes, 6) Recommendations for winter break learning activities, 7) Goals for next semester, 8) Personalized encouragement message. Keep tone supportive and constructive. ``` #### Winter Break Learning Activities **Use case:** Supplemental learning and engagement **For:** Teacher, Educator, Parent ``` Design a collection of engaging winter break learning activities for [grade level/subject]. Create 10 activities that: 1) Reinforce key concepts from the semester, 2) Are fun and don't feel like homework, 3) Can be done independently or with family, 4) Require minimal materials, 5) Include both indoor and outdoor options, 6) Incorporate holiday themes naturally, 7) Take 15-30 minutes each, 8) Include a simple way for students to share what they learned. Provide clear instructions for each. ``` #### Holiday-Themed Lesson Plan **Use case:** Engaging seasonal curriculum **For:** Teacher, Educator ``` Create a holiday-themed lesson plan for [subject] targeting [grade level]. The lesson should: 1) Connect holiday traditions to curriculum objectives, 2) Include a warm-up activity (5 min), 3) Present main content with holiday examples (20 min), 4) Feature a hands-on group activity (15 min), 5) Include differentiation for various learning levels, 6) End with reflection questions, 7) List required materials, 8) Respect diverse cultural backgrounds and celebrations. Include assessment rubric. ``` #### Thank You Note to Students **Use case:** Student appreciation and relationship building **For:** Teacher, Educator ``` Write a heartfelt end-of-year thank you message to my [grade level] students. Include: 1) Appreciation for their hard work and growth, 2) Specific memorable moments from the year, 3) Recognition of challenges they overcame, 4) Excitement about their potential, 5) Encouragement for the break, 6) Wishes for a wonderful holiday, 7) Looking forward message for next semester. Keep it warm, age-appropriate, and genuine. Around 200-250 words. ``` ### 🎉 Fun & Personal Festive prompts for celebrations and personal use #### Secret Santa Questionnaire **Use case:** Gift exchange coordination **For:** HR Professional, Manager, Team Member ``` Create a fun and comprehensive Secret Santa questionnaire for office gift exchanges. Include questions about: 1) Favorite colors and styles, 2) Hobbies and interests, 3) Favorite snacks and treats (with allergy notes), 4) Coffee/tea preferences, 5) Desk/workspace style, 6) Books/movies/music tastes, 7) Something on their wishlist under $[budget], 8) Things they absolutely don't want, 9) Fun fact about themselves. Make it engaging with a mix of practical and playful questions. Format for easy distribution. ``` #### Family Holiday Newsletter **Use case:** Personal holiday communications **For:** Personal Use ``` Help me write our annual family holiday newsletter to send to friends and relatives. Our family includes [describe family members]. Key events this year: [list 3-5 highlights]. Include: 1) Warm opening greeting, 2) Updates on each family member, 3) Highlight of our best memories from 2025, 4) Any major milestones or changes, 5) Travel or adventures we had, 6) What we're looking forward to in 2026, 7) Warm closing with holiday wishes. Keep it around 400-500 words, conversational and genuine, not braggy. ``` #### New Year Party Game Ideas **Use case:** Party planning and entertainment **For:** Personal Use, Event Planner ``` Create a collection of 10 New Year's Eve party games for [group size: small/medium/large] guests, age range [kids/adults/mixed]. For each game include: 1) Catchy name, 2) Number of players, 3) Materials needed, 4) Setup instructions, 5) How to play (step-by-step), 6) Winning conditions, 7) Tips for making it more fun, 8) Time estimate. Include a mix of active games, trivia, and countdown-themed activities. Some should work for midnight countdown moment. ``` #### Holiday Movie Night Recommendations **Use case:** Entertainment planning **For:** Personal Use ``` Create a curated holiday movie night guide for [audience: family/adults/kids/couples]. Include: 1) 5 classic must-watches with brief descriptions, 2) 5 hidden gems people might have missed, 3) 3 new releases from recent years, 4) Movie marathon schedule suggestion (which order to watch), 5) Themed snack pairings for each movie, 6) Discussion questions for after, 7) Streaming platform availability. Add content warnings where appropriate and note runtime for planning. ``` ### 🎧 Customer Support Holiday-specific support and service prompts #### Holiday Hours Announcement **Use case:** Customer communication **For:** Customer Support, Manager ``` Write a clear and friendly holiday hours announcement for our customers. Our business: [type]. Holiday schedule: [dates and hours]. Include: 1) Eye-catching subject line, 2) Warm holiday greeting, 3) Clear schedule in easy-to-read format, 4) What services are available/unavailable, 5) How to reach us for emergencies, 6) Expected response times during holidays, 7) Self-service resources available, 8) Return to normal schedule date, 9) Thank you for their patience. Create versions for: email, website banner, and social media. ``` #### Holiday Out-of-Office Auto-Reply **Use case:** Professional communication management **For:** Customer Support, Manager, Professional ``` Create a professional and warm out-of-office auto-reply for the holiday period. Details: Name: [name], Role: [role], Away dates: [dates], Emergency contact: [contact]. Include: 1) Friendly holiday acknowledgment, 2) Clear dates of absence, 3) When they can expect a response, 4) Who to contact for urgent matters, 5) Alternative resources or FAQ links, 6) Warm holiday wishes. Create 3 versions: formal (for external clients), casual (for colleagues), and brief (for high-volume inboxes). Each under 100 words. ``` #### Holiday Shipping Delay Response **Use case:** Customer complaint handling **For:** Customer Support ``` Write empathetic customer service responses for holiday shipping delays. Scenario: Order placed [date], expected delivery [date], now delayed until [new date]. Create responses for: 1) Proactive delay notification email, 2) Response to angry customer complaint, 3) Live chat script for shipping inquiries, 4) Social media public response, 5) Follow-up after delivery. Each response should: acknowledge frustration, explain situation without excuses, offer solutions/compensation options, maintain brand voice, end positively. Include placeholders for order numbers and specific details. ``` #### Holiday FAQ Update **Use case:** Self-service support optimization **For:** Customer Support, Content Creator ``` Create a comprehensive holiday FAQ section for our [website/help center]. Business type: [type]. Cover these topics: 1) Holiday shipping deadlines and costs, 2) Return policy during holidays, 3) Gift wrapping options, 4) Gift receipts and exchanges, 5) Holiday hours and support availability, 6) Order tracking during high volume, 7) Last-minute gift options, 8) Payment and billing during holidays, 9) Cancellation and modification deadlines. Format with clear questions and concise answers. Include internal notes for support team. ``` ### 👥 HR & People Employee appreciation and team celebration prompts #### Holiday Bonus Announcement **Use case:** Employee compensation communication **For:** HR Professional, Manager ``` Write an announcement for our company holiday bonus. Details: Bonus amount/type: [describe], Eligibility: [criteria], Payment date: [date]. Include: 1) Exciting subject line, 2) Gratitude for employees' hard work, 3) Clear explanation of bonus details, 4) Eligibility criteria, 5) When and how it will be paid, 6) Tax implications note (consult payroll), 7) Any additional holiday perks, 8) Inspiring close about the team's achievements. Tone should be celebratory yet professional. Include manager talking points for team discussions. ``` #### Remote Team Holiday Celebration Ideas **Use case:** Remote team engagement **For:** HR Professional, Manager ``` Create a detailed plan for a virtual holiday celebration for our remote team of [size] people across [time zones]. Budget: $[amount] per person. Include: 1) 5 virtual activity options with timing, 2) Gift box contents to ship to employees, 3) Agenda for a 90-minute virtual party, 4) Ice-breaker games that work on video, 5) Recognition and awards ceremony format, 6) Music/entertainment suggestions, 7) Technical setup requirements, 8) Inclusivity considerations for diverse holidays, 9) Follow-up appreciation plan. Provide vendor suggestions where applicable. ``` #### Employee Year-End Appreciation Message **Use case:** Leadership communication **For:** HR Professional, Manager, Executive ``` Write a heartfelt year-end appreciation message from leadership to all employees. Company context: [brief description, size, industry]. Include: 1) Acknowledgment of the year's challenges and triumphs, 2) Specific company achievements to celebrate, 3) Recognition of employee contributions, 4) Personal touch from leadership, 5) Holiday wishes for employees and families, 6) Preview of exciting things ahead in 2026, 7) Reminder of time off and holiday schedule, 8) Warm sign-off. Tone should be genuine, not corporate-speak. Around 300-400 words. ``` #### Holiday PTO and Coverage Plan **Use case:** Workforce planning **For:** HR Professional, Manager ``` Create a holiday PTO coordination plan for our team of [size] in [department/function]. Critical functions that need coverage: [list]. Include: 1) Fair PTO request process and deadlines, 2) Coverage assignment template, 3) Handoff document checklist, 4) Emergency contact tree, 5) Cross-training quick reference, 6) Communication protocols during holidays, 7) On-call compensation/recognition, 8) Return-to-work sync meeting agenda. Ensure the plan respects work-life balance while maintaining business continuity. Include email templates for team communication. ``` ### 🎨 Design & Creative Visual and creative holiday content prompts #### Holiday Email Signature Design **Use case:** Brand consistency and seasonal updates **For:** Designer, Marketer ``` Design concepts for a festive holiday email signature that maintains professionalism. Brand colors: [colors]. Include specifications for: 1) Layout dimensions (standard email width), 2) Holiday graphic elements (subtle, not overwhelming), 3) Font recommendations, 4) Animation suggestions (if appropriate), 5) Mobile-friendly considerations, 6) Accessibility requirements, 7) Easy update instructions for team, 8) Version for those who don't celebrate. Provide 3 design concepts: minimal, moderate festive, and full holiday spirit. Include HTML/CSS code snippet for implementation. ``` #### Holiday Social Media Templates **Use case:** Social media content creation **For:** Designer, Marketer, Content Creator ``` Create a social media content template kit for the holiday season. Brand: [describe brand voice and colors]. Design templates for: 1) Holiday greeting post, 2) Year-in-review carousel (5 slides), 3) Holiday sale announcement, 4) Team celebration photo frame, 5) New Year countdown series (3 posts), 6) Thank you to customers post, 7) Holiday tips related to [industry], 8) User-generated content reshare template. For each, provide: dimensions for IG/FB/LinkedIn, copy suggestions, hashtag sets, and posting time recommendations. ``` #### Holiday Card Design Brief **Use case:** Holiday collateral design **For:** Designer, Marketer, Manager ``` Create a detailed design brief for our company holiday card. Company: [name and industry]. Recipients: [clients/employees/partners]. Include: 1) Creative direction and mood, 2) Key message and copy suggestions, 3) Visual style recommendations, 4) Color palette (brand + seasonal), 5) Imagery guidelines, 6) Typography specifications, 7) Format options (digital/print/both), 8) Personalization elements, 9) Inclusive language guidance, 10) Production timeline with milestones. Provide 3 concept directions: traditional elegant, modern minimal, and playful creative. ``` #### Festive Website Banner Ideas **Use case:** Website seasonal updates **For:** Designer, Developer, Marketer ``` Generate ideas for holiday website banners and decorations that won't slow down site performance. Website type: [e-commerce/corporate/blog/etc]. Include: 1) Hero banner concepts (3 variations), 2) Subtle festive accents for navigation, 3) Holiday-themed CTA buttons, 4) Product page seasonal badges, 5) Footer holiday message, 6) Pop-up designs for holiday promotions, 7) Performance optimization tips, 8) Accessibility considerations, 9) A/B testing suggestions, 10) Schedule for adding and removing decorations. Provide CSS snippets for lightweight animated effects. ``` ### 💰 Sales & Business Development Year-end sales and customer appreciation prompts #### End-of-Year Sales Email Sequence **Use case:** Seasonal sales campaigns **For:** Sales Professional, Marketer ``` Create a 5-email end-of-year sales sequence for [product/service]. Target audience: [describe]. Offer: [discount/promotion details]. Email sequence: 1) Early bird announcement (2 weeks before), 2) Main promotion launch, 3) Social proof and testimonials mid-campaign, 4) Last chance urgency, 5) Final hours countdown. For each email include: subject line (+ 2 alternatives), preview text, body copy, CTA, and optimal send time. Focus on value, not just discounts. Include segmentation suggestions. ``` #### Customer Thank You Gift Strategy **Use case:** Client retention and appreciation **For:** Sales Professional, Manager, Account Manager ``` Develop a year-end customer appreciation strategy for our top clients. Budget per client: $[amount]. Number of clients: [count]. Include: 1) Tiered gift recommendations by client value, 2) Personalization options for each tier, 3) Gift ideas that align with our brand values, 4) Accompanying thank you message templates, 5) Delivery timing and logistics, 6) Tracking and follow-up plan, 7) Social sharing opportunities, 8) Tax and compliance considerations, 9) Alternative options for clients who can't accept gifts. Provide specific vendor recommendations and cost estimates. ``` #### Year-End Deal Closing Script **Use case:** Pipeline acceleration **For:** Sales Professional, Account Executive ``` Create a consultative script for closing year-end deals. Product/service: [describe]. Typical deal size: $[range]. Include scripts for: 1) Re-engaging stalled opportunities, 2) Presenting year-end incentives without being pushy, 3) Handling 'let's wait until next year' objection, 4) Budget deadline conversations, 5) Multi-stakeholder alignment call, 6) Final negotiation and close. For each, provide: opening hook, key talking points, objection handlers, and closing techniques. Emphasize creating genuine urgency, not false pressure. Include email follow-up templates. ``` #### New Year Sales Kickoff Plan **Use case:** Sales team motivation and alignment **For:** Sales Professional, Manager, Sales Leader ``` Create a January sales kickoff plan for our team of [size] reps. Include: 1) Motivational kickoff meeting agenda (half-day), 2) 2026 territory and quota rollout approach, 3) New product/pricing training outline, 4) Pipeline review and Q1 planning session, 5) Team building activity, 6) Recognition for top 2025 performers, 7) Goal-setting workshop format, 8) Sales tool and resource updates, 9) 30-60-90 day activity expectations, 10) Accountability and check-in cadence. Include speaker notes, presentation outline, and handout templates. ``` --- ## About NerdyChefs.ai NerdyChefs.ai is a free platform providing expertly crafted AI prompt collections for professionals. Our prompts are: - **Free to use** - No purchase or account required - **Professionally crafted** - Created by domain experts - **Cross-platform** - Works with ChatGPT, Claude, Gemini, Copilot, and more - **Copy-paste ready** - Use immediately with customizable placeholders - **Regularly updated** - New prompts added weekly ## How to Use These Prompts 1. Find a prompt that matches your need 2. Copy the prompt text 3. Paste into your preferred AI assistant (ChatGPT, Claude, etc.) 4. Replace [bracketed placeholders] with your specific information 5. Get professional results instantly ## Contact - **Website:** https://www.nerdychefs.ai - **Email:** mathieu@nerdychefs.ai - **Twitter:** @Nerdychefsai