Can I use this for internal audits?

Yes, it provides specific workflows for internal audit planning, auditor independence verification, and evidence collection methods like inquiry and inspection.

How does the audit scheduler work?

It includes a Python utility that generates risk-based audit plans in Markdown or JSON, prioritizing controls based on criticality and previous audit results.

Does it support finding management?

Absolutely. It features templates for classifying findings as Major or Minor nonconformities, performing root cause analysis, and tracking corrective actions to closure.

How does this skill help with ISO 27001:2022 updates?

It aligns with the updated four-theme structure (Organizational, People, Physical, Technological) and provides testing procedures for the 93 Annex A controls.

ISMS Audit Expert

Name: ISMS Audit Expert
Author: borghei

byborghei

•

보안 및 테스팅

Manage ISO 27001 compliance audits and security control assessments with standardized workflows and risk-based scheduling.

The ISMS Audit Expert skill provides a comprehensive framework for planning, executing, and managing Information Security Management System (ISMS) audits aligned with ISO 27001 standards. It assists users in creating risk-based audit programs, performing technical control testing across Annex A controls, and managing the lifecycle of audit findings from identification to corrective action verification. This skill is ideal for organizations preparing for Stage 1 or Stage 2 certification, maintaining surveillance cycles, or conducting internal security assessments to ensure robust governance and risk management.

주요 기능

01Standardized workflows for audit execution and evidence collection

02Structured finding classification and root cause analysis templates

0350 GitHub stars

04Risk-based audit program management and automated scheduling

05Detailed testing procedures for ISO 27002 Annex A control categories

06Certification support checklists for Stage 1, Stage 2, and surveillance audits

사용 사례

01Executing annual internal ISO 27001 audit cycles to maintain compliance

02Performing technical security control assessments for cloud and on-premise infrastructure

03Preparing evidence and documentation for external certification or surveillance audits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add borghei/claude-skills isms-audit-expert

For use in Claude.ai and ChatGPT

Download Skill