runbookify
← All plans
Compliance, Quality & Risk / Regulatory Change & Compliance Calendar

Regulatory Change Intake & Impact Assessment

Capture every new or changed regulation, let AI draft a plain-language summary and likely impact areas, route an impact assessment to the right owners, and turn the change into owned, tracked actions you finish before the effective date.

IntermediateA weekendBuilds onNext.js (App Router) on VercelSupabase (Postgres, Auth, Storage, RLS)Resend (email reminders + digests)
What you'll build

A private, login-protected web app where you log a regulatory change, get an AI-drafted summary and candidate impact areas, route an assessment to affected owners, approve the applicability decision and action plan, then track every action to its effective date with automatic email reminders - plus a clean CSV export of the change register and its actions.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • Free Vercel, Supabase, and Resend accounts (the plan walks you through each)
  • A list of where your regulatory alerts come from today (counsel, associations, regulator emails)
  • A sample of how you currently track changes - a spreadsheet, an email folder, or even a notebook

The problem this kills

A new regulation lands in your inbox. Maybe it's a forward from outside counsel, a bulletin from an industry association, or a regulator's alert email. You skim it, think "we should probably look at that," and drop it in a folder. Three weeks later nobody remembers who was supposed to act on it, the effective date is closing in, and you can't prove to an auditor that you assessed it at all.

The real work isn't reading the regulation - it's the part after: figuring out whether it even applies to you, who owns the change, what concretely has to change in your processes, and getting it all done before the deadline. That work usually lives in scattered emails, a few spreadsheets, and people's heads. When an auditor asks "show me how you handled this change," you're stuck reconstructing a story instead of pulling a record.

This tool turns that messy, ad-hoc scramble into a tracked, provable workflow - without you writing a line of code.

What you'll build

A small private web app, just for your team, that runs your regulatory change process end to end:

  • Log a change - source, summary, effective date, and a link - or import a backlog from a spreadsheet.
  • AI drafts the hard part - a plain-language summary of what changed and a first list of likely impact areas (which processes, departments, or controls this probably touches). It's a draft for a human to confirm, never a legal opinion.
  • Route an impact assessment to the affected owners so each one answers "does this apply to my area, and what do we need to do?"
  • A compliance owner approves the applicability decision and the resulting action plan - nothing becomes a committed action until a person signs off.
  • Track actions to the effective date, with the app flagging anything at risk of slipping past the deadline and Resend sending reminders.
  • Export the full change register and its actions to CSV any time - for auditors, for management, or for your system of record.

What's inside the Implementation Plan

A complete, copy-paste runbook you hand to an AI coding agent (Claude Code). It's written for a smart non-developer, in plain language, one pasteable step at a time.

The plan opens by interviewing you about your business - where your alerts come from, who your owners are, how you name and code your records today, your typical and peak change volumes, your exact approval rules, and your messy edge cases. It then reflects a short tailored spec back to you for a thumbs-up before it builds anything. That's the difference between a tool shaped around how you actually work and a generic template you have to bend yourself around.

From there it walks the agent through standing up the database, the intake form, the AI summary draft, the assessment routing, the approval gate, the action tracker with deadline flags, the email reminders, and the CSV export - each step ending in a prompt you simply paste.

The governance it includes (this is the point)

This isn't a toy. Governance is built in from the first step, because in compliance work that's the whole job:

  • Login so only your team can open it.
  • Row-level security so people only ever see their own organization's data.
  • A complete audit trail - who logged the change, who assessed it, who approved, and exactly when.
  • A hard human approval gate - the AI drafts and owners assess, but a compliance owner must approve the applicability decision and the action plan before anything is committed as an action.
  • Duplicate guards keyed on the change ID so the same regulation can't be logged or processed twice.

Who it's for

Compliance officers and quality managers who have to keep up with a steady stream of regulatory change and prove they acted on each one. If you're the person who gets the alert, has to decide whether it applies, chase the right owners, and stand behind the record in an audit - this builds you the tool you've been keeping in your head and your inbox.

You don't need to be technical. You need to know your own process - and you do.

You've got this. Open the Implementation Plan and paste the first prompt.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.