information-security-manager-iso27001_skill

This skill helps establish and audit ISO 27001 ISMS for HealthTech, guiding risk assessments, control mapping, and certification readiness.
  • Python

4.6k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill alirezarezvani/claude-skills --skill information-security-manager-iso27001

  • SKILL.md11.4 KB

Overview

This skill implements and manages an ISO 27001-aligned Information Security Management System (ISMS) tailored for HealthTech and MedTech organizations. It provides automated risk assessments, control gap analysis, incident response workflows, and evidence-generation to support certification and regulatory compliance. Use it to design an ISMS, map controls to ISO 27001/27002, and verify implementation across clinical and medical device environments.

How this skill works

The skill runs scripted assessments to discover assets, map threats and vulnerabilities, calculate risk scores, and produce a risk register and treatment recommendations. It verifies control implementation against ISO 27001/27002 (and healthcare-specific templates) and generates gap-analysis and compliance reports. Incident response workflows guide detection, triage, containment, recovery, and post-incident review with measurable validation checkpoints.

When to use it

  • Starting or redesigning an ISMS for healthcare or medical device operations
  • Preparing for ISO 27001 certification (Stage 1 or Stage 2 readiness)
  • Performing recurring security risk assessments and gap analyses
  • Planning or validating medical device cybersecurity controls
  • Responding to or documenting security incidents for regulated environments

Best practices

  • Define and document ISMS scope and interested parties before assessment
  • Maintain an asset inventory with owners and classifications and update it regularly
  • Prioritize and treat high/critical risks with concrete timelines and owners
  • Map treatments to ISO 27002 controls and record justification in the Statement of Applicability (SoA)
  • Collect metrics (incidents, control effectiveness, training) and review them in management meetings

Example use cases

  • Run a healthcare-focused risk assessment for an EHR or patient data system and produce a prioritized risk register
  • Generate a gap-analysis report to identify missing ISO 27001 controls prior to external audit
  • Validate implementation of cryptography, access control, and application security controls across cloud and on-prem systems
  • Execute an incident response workflow for a suspected data breach, produce a post-incident report, and update controls
  • Quarterly compliance checks and automated evidence collection for internal auditors and certification bodies

FAQ

Yes. It generates risk registers, a Statement of Applicability, control implementation reports, and audit-ready outputs that document ownership, timelines, and remediation status.

Does it cover medical device cybersecurity requirements?

Yes. The templates and control mappings include healthcare and medical device considerations such as device integrity, secure update mechanisms, and clinical data protection.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
information-security-manager-iso27001 skill by alirezarezvani/claude-skills | VeilStrat