A

information-security-manager-iso27001

by alirezarezvani

The information-security-manager-iso27001 skill helps AI agents perform ISO 27001:2022 ISMS work for HealthTech, MedTech, and regulated software teams. Use it for risk assessment, Annex A control mapping, compliance review, evidence checklists, incident response planning, and audit gap analysis with included references and scripts.

Stars22.2k
Favorites0
Comments0
AddedJul 11, 2026
CategoryCompliance Review
Install Command
npx skills add alirezarezvani/claude-skills --skill information-security-manager-iso27001
Curation Score

This skill scores 78/100, which means it is a solid listing candidate for directory users who want an agent-ready ISO 27001 and healthcare security workflow. The repository provides clear triggers, quick-start commands, workflow-oriented documentation, reference guides, and runnable scripts for risk assessment and compliance checking, so it should help an agent execute with less guesswork than a generic prompt. Users should still treat it as an implementation aid rather than a complete certification system.

78/100
Strengths
  • Clear trigger coverage for ISO 27001 implementation, ISMS work, security risk assessment, certification preparation, audits, incident response, healthcare data security, and medical device cybersecurity.
  • Includes practical support files: two scripts for risk assessment and compliance checking plus reference guides for incident response, ISO 27001 controls, and risk assessment methodology.
  • Operational content is substantial, with quick-start command examples, workflows, validation checkpoints, control guidance, evidence expectations, and incident severity procedures.
Cautions
  • The compliance checker excerpt describes the ISO 27001 controls as simplified, so users should not assume it fully covers all certification evidence or auditor expectations.
  • No install command or README is present in the skill path, which may add setup friction for directory users unfamiliar with running the included Python scripts.
Overview

Overview of information-security-manager-iso27001 skill

What this skill is for

The information-security-manager-iso27001 skill helps an AI agent support ISO 27001:2022 ISMS work, especially for HealthTech, MedTech, patient-data systems, and regulated software teams. It is built for practical compliance review tasks: risk assessment, Annex A control mapping, evidence planning, incident response preparation, certification readiness, and audit gap analysis.

Best-fit users and jobs

Use this skill if you are a security manager, compliance lead, quality/regulatory professional, founder, or engineering leader who needs structured ISO 27001 output without starting from a blank prompt. It is most useful when you already have a target system, business scope, assets, controls, incidents, or audit question and want the agent to turn that context into a risk register, remediation plan, Statement of Applicability support, or incident response workflow.

What makes it different

Unlike a generic ISO 27001 prompt, this skill includes healthcare-oriented reference material and two helper scripts: scripts/risk_assessment.py for ISO 27001 Clause 6.1.2-style risk work, and scripts/compliance_checker.py for simplified control status and gap reporting. The reference files cover Annex A implementation evidence, risk assessment methodology, and incident handling with severity levels and response expectations.

Adoption considerations

This is not a substitute for an accredited auditor, legal counsel, DPO, or certification body. The included control catalog and scripts are useful accelerators, but you should validate outputs against your actual ISMS scope, ISO 27001:2022 requirements, local healthcare regulations, contractual obligations, and auditor expectations.

How to Use information-security-manager-iso27001 skill

information-security-manager-iso27001 install

Install the skill from the GitHub repository with:

npx skills add alirezarezvani/claude-skills --skill information-security-manager-iso27001

After installation, inspect the skill directory before relying on it in a live compliance workflow. Start with SKILL.md, then read:

  • references/risk-assessment-guide.md
  • references/iso27001-controls.md
  • references/incident-response.md
  • scripts/risk_assessment.py
  • scripts/compliance_checker.py

The source path is ra-qm-team/skills/information-security-manager-iso27001 in alirezarezvani/claude-skills.

Inputs that produce better results

The skill performs best when your prompt includes concrete ISMS context. Provide:

  • Organization type: HealthTech SaaS, MedTech manufacturer, clinic platform, cloud service, etc.
  • Scope: product, department, cloud environment, data flow, or system boundary
  • Assets: patient records, medical device telemetry, source code, cloud infrastructure, backups
  • Current controls: IAM, logging, encryption, vulnerability management, supplier review
  • Compliance objective: certification readiness, internal audit, control gap review, incident response
  • Constraints: team size, cloud provider, deadline, risk tolerance, available evidence

Weak prompt:

Help with ISO 27001 compliance.

Stronger prompt:

Use information-security-manager-iso27001 for Compliance Review. Assess ISO 27001 readiness for a HealthTech SaaS handling patient records in AWS. Scope includes web app, PostgreSQL database, S3 document storage, CI/CD, and support team access. Current controls include MFA, encryption at rest, basic logging, vendor DPAs, and quarterly vulnerability scans. Produce a risk register, Annex A control gaps, evidence checklist, and 90-day remediation plan.

Practical workflow for usage

A reliable information-security-manager-iso27001 usage flow is:

  1. Define ISMS scope and assets.
  2. Run or ask the agent to simulate a risk assessment using the methodology in references/risk-assessment-guide.md.
  3. Map major risks to Annex A controls using references/iso27001-controls.md.
  4. Generate a gap analysis and evidence checklist.
  5. Review incident response readiness using references/incident-response.md.
  6. Convert recommendations into owners, deadlines, evidence artifacts, and audit-ready records.

If using the scripts directly, try:

python scripts/risk_assessment.py --scope "patient-data-system" --output risk_register.json
python scripts/compliance_checker.py --standard iso27001 --gap-analysis --output gaps.md

Check script arguments and expected file formats in the source before integrating them into your compliance pipeline.

Prompt patterns that trigger the skill well

Use direct task language so the agent knows to apply the skill:

  • “Use information-security-manager-iso27001 to create an ISO 27001 risk assessment for…”
  • “Perform an Annex A control gap analysis for…”
  • “Prepare an ISO 27001 audit evidence checklist for…”
  • “Review our incident response plan against ISO 27001 expectations…”
  • “Create a Statement of Applicability draft based on these implemented controls…”

For best results, ask for structured outputs such as tables with Control, Current State, Gap, Risk, Evidence, Owner, and Priority.

information-security-manager-iso27001 skill FAQ

Is this skill only for healthcare companies?

No, but its strongest fit is healthcare, HealthTech, and MedTech because the references include examples around patient data, medical device cybersecurity, incident response, and regulated environments. General SaaS teams can still use the ISO 27001 risk and control structure, but may need to remove healthcare-specific assumptions.

How is it better than a normal ISO 27001 prompt?

A normal prompt may produce broad advice. The information-security-manager-iso27001 skill gives the agent a defined operating frame: ISO 27001:2022 ISMS work, Annex A control evidence, risk assessment methodology, incident classifications, and helper scripts. That reduces guesswork and makes outputs more consistent across reviews.

Can beginners use this skill?

Yes, if they provide enough context and treat the output as guided drafting rather than final compliance authority. Beginners should start with narrow requests: one system, one control area, one risk register, or one evidence checklist. Avoid asking for a complete ISMS in one pass unless you can review and validate the assumptions.

When should I not use it?

Do not use this skill as the sole basis for certification decisions, legal claims, medical device regulatory submissions, or breach notification obligations. It is also a poor fit if you need deep implementation engineering, penetration testing, cloud configuration validation, or jurisdiction-specific privacy advice without expert review.

How to Improve information-security-manager-iso27001 skill

Make prompts evidence-first

The most common failure mode is output that sounds compliant but is not tied to evidence. Improve results by giving the agent real artifacts or summaries: policy names, access control exports, risk register rows, vendor lists, incident logs, backup test records, vulnerability reports, and previous audit findings. Ask it to distinguish implemented, partially implemented, not implemented, and unknown.

Tune outputs for compliance review

For information-security-manager-iso27001 for Compliance Review, request an auditor-friendly structure:

  • ISO 27001 clause or Annex A control
  • Requirement summary
  • Current implementation
  • Evidence available
  • Evidence missing
  • Risk or audit impact
  • Recommended remediation
  • Owner and target date

This format makes it easier to turn AI output into a working audit tracker instead of a narrative report.

Iterate after the first result

Use the first output to expose missing information, then feed corrections back into the skill. For example: “Revise the gap analysis assuming MFA is enforced for workforce users but not for third-party support accounts,” or “Re-rank risks using high impact for patient data confidentiality and medium likelihood for cloud misconfiguration.” Iteration improves accuracy more than asking for a larger initial answer.

Extend the skill for your organization

To improve the information-security-manager-iso27001 skill locally, add organization-specific templates and examples: your ISMS scope statement, risk matrix, control ownership model, evidence naming convention, supplier risk tiers, incident escalation contacts, and audit calendar. Keep custom material separate from upstream files so you can update the GitHub skill without losing internal compliance context.

Ratings & Reviews

No ratings yet
Share your review
Sign in to leave a rating and comment for this skill.
G
0/10000
Latest reviews
Saving...