Loading...
Loading...
Expert ISO 27001 compliance assistant for security and compliance teams. Use this skill whenever a user asks about ISO 27001 or ISO/IEC 27001, including any of the following: gap analysis, auditing, compliance assessments, control checklists, policy writing, document generation, Statement of Applicability (SoA), risk assessment, risk registers, risk treatment plans, Annex A controls, ISMS implementation, clause requirements, certification readiness, transitioning from 2013 to 2022, control implementation guidance, incident response policies, access control policies, supplier security, or any information security management system (ISMS) topic. Trigger even if the user doesn't say "skill" — any ISO 27001 or ISMS question should use this skill.
npx skill4agent add sushegaad/claude-skills-governance-risk-and-compliance iso27001| Task | Output Format |
|---|---|
| Gap analysis | Table: Control ID |
| Policy generation | Full structured policy document |
| Control guidance | Structured guidance: Purpose → What to Do → Evidence → Audit Tips |
| Risk assessment | Risk register table or narrative |
| SoA generation | Spreadsheet-style table |
| General question | Clear, concise prose |
| Clause | Title | Key Deliverables |
|---|---|---|
| 4 | Context of the Organization | ISMS Scope document, stakeholder register |
| 5 | Leadership | IS Policy (signed by top mgmt), RACI/roles doc |
| 6 | Planning | Risk assessment, risk treatment plan, SoA, IS objectives |
| 7 | Support | Competence records, awareness training logs, documented info procedures |
| 8 | Operation | Executed risk assessments, risk treatment evidence, change records |
| 9 | Performance Evaluation | KPIs/metrics, internal audit reports, management review minutes |
| 10 | Improvement | Nonconformity records, corrective action log |
references/annex-a-2022.mdreferences/annex-a-2013.mdreferences/control-mapping.md| Policy | Clause | Annex A (2022) |
|---|---|---|
| Information Security Policy | 5.2 | A.5.1 |
| Access Control Policy | 8.1 | A.5.15–5.18 |
| Risk Assessment & Treatment | 6.1–6.2 | — |
| Incident Response Policy | 8.1 | A.5.24–5.28 |
| Asset Management Policy | 8.1 | A.5.9–5.12 |
| Supplier Security Policy | 8.1 | A.5.19–5.22 |
| Business Continuity Policy | 8.1 | A.5.29–5.30 |
| Cryptography Policy | 8.1 | A.8.24 |
| Clear Desk / Clear Screen | 8.1 | A.7.7 |
| Acceptable Use Policy | 8.1 | A.5.10 |
| Human Resources Security | 7.2, 8.1 | A.6.1–6.8 |
references/annex-a-2022.md| Topic | 2013 | 2022 |
|---|---|---|
| Annex A controls | 114 controls, 14 domains | 93 controls, 4 themes |
| New controls | — | 11 new (cloud, threat intel, data masking, secure coding, etc.) |
| Clause 6 | 6.1, 6.2 | Added 6.3 (Planning of changes) |
| Clause 9.2 | Single clause | Split into 9.2.1 (General) + 9.2.2 (Audit programme) |
| Clause 9.3 | Single clause | Split into 9.3.1 + 9.3.2 (Inputs) + 9.3.3 (Results) |
| Transition deadline | — | October 2025 (all 2013 certs expired) |
| Control attributes | None | Each control has attribute taxonomy (type, properties, concepts, domains) |
references/annex-a-2022.mdreferences/annex-a-2013.mdreferences/control-mapping.md