- Home
- Skills
- Alirezarezvani
- Claude Skills
- Information Security Manager Iso27001
information-security-manager-iso27001_skill
- Python
4.6k
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
3 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill alirezarezvani/claude-skills --skill information-security-manager-iso27001- SKILL.md11.4 KB
Overview
This skill implements and manages an ISO 27001-aligned Information Security Management System (ISMS) tailored for HealthTech and MedTech organizations. It provides automated risk assessments, control gap analysis, incident response workflows, and evidence-generation to support certification and regulatory compliance. Use it to design an ISMS, map controls to ISO 27001/27002, and verify implementation across clinical and medical device environments.
How this skill works
The skill runs scripted assessments to discover assets, map threats and vulnerabilities, calculate risk scores, and produce a risk register and treatment recommendations. It verifies control implementation against ISO 27001/27002 (and healthcare-specific templates) and generates gap-analysis and compliance reports. Incident response workflows guide detection, triage, containment, recovery, and post-incident review with measurable validation checkpoints.
When to use it
- Starting or redesigning an ISMS for healthcare or medical device operations
- Preparing for ISO 27001 certification (Stage 1 or Stage 2 readiness)
- Performing recurring security risk assessments and gap analyses
- Planning or validating medical device cybersecurity controls
- Responding to or documenting security incidents for regulated environments
Best practices
- Define and document ISMS scope and interested parties before assessment
- Maintain an asset inventory with owners and classifications and update it regularly
- Prioritize and treat high/critical risks with concrete timelines and owners
- Map treatments to ISO 27002 controls and record justification in the Statement of Applicability (SoA)
- Collect metrics (incidents, control effectiveness, training) and review them in management meetings
Example use cases
- Run a healthcare-focused risk assessment for an EHR or patient data system and produce a prioritized risk register
- Generate a gap-analysis report to identify missing ISO 27001 controls prior to external audit
- Validate implementation of cryptography, access control, and application security controls across cloud and on-prem systems
- Execute an incident response workflow for a suspected data breach, produce a post-incident report, and update controls
- Quarterly compliance checks and automated evidence collection for internal auditors and certification bodies
FAQ
Yes. It generates risk registers, a Statement of Applicability, control implementation reports, and audit-ready outputs that document ownership, timelines, and remediation status.
Does it cover medical device cybersecurity requirements?
Yes. The templates and control mappings include healthcare and medical device considerations such as device integrity, secure update mechanisms, and clinical data protection.