Is this useful for internal or external audits?

It is designed for both, providing tools for internal gap analysis as well as coordination support for external certification body audits.

Can it help with technical security testing?

Yes, it integrates technical vulnerability assessment and penetration testing coordination into the broader ISMS audit framework.

Does this skill support frameworks other than ISO 27001?

While centered on ISO 27001, it includes methodologies for HIPAA, PCI DSS, NIST CSF, and sector-specific cybersecurity requirements.

How does it handle cloud security environments?

It includes a dedicated approach for assessing cloud configurations, data residency, and verifying the shared responsibility model across major CSPs.

ISMS Audit Expert

Name: ISMS Audit Expert
Author: alirezarezvani

byalirezarezvani

•

1,039

安全与测试

Conducts comprehensive Information Security Management System (ISMS) audits and ensures ISO 27001 compliance with expert-level methodologies.

关于

This skill transforms Claude into a senior ISMS audit consultant, providing deep expertise in ISO 27001 and ISO 27002 frameworks. It assists with the entire audit lifecycle—from risk-based program planning and security control assessment to technical vulnerability integration and external certification preparation. Whether you are conducting internal audits, preparing for regulatory inspections like HIPAA or PCI DSS, or managing cloud security compliance, this skill provides the structured workflows, documentation templates, and technical testing guidance needed to maintain a robust and compliant security posture.

主要功能

1,039 GitHub stars
Preparation support for external certification and regulatory compliance inspections
ISO 27001/27002 audit program management and risk-based planning
Integration of vulnerability assessments and penetration testing into audit workflows
Technical security control assessment across organizational, physical, and operational domains
Cloud security auditing for shared responsibility models and CSP configurations

使用场景

Preparing an organization for an upcoming ISO 27001 Stage 1 or Stage 2 certification audit
Developing a risk-based security audit schedule and automated compliance reporting
Conducting periodic internal ISMS audits to identify security gaps and prioritize remediation

关于

主要功能

1,039 GitHub stars
Preparation support for external certification and regulatory compliance inspections
ISO 27001/27002 audit program management and risk-based planning
Integration of vulnerability assessments and penetration testing into audit workflows
Technical security control assessment across organizational, physical, and operational domains
Cloud security auditing for shared responsibility models and CSP configurations

使用场景

Preparing an organization for an upcoming ISO 27001 Stage 1 or Stage 2 certification audit
Developing a risk-based security audit schedule and automated compliance reporting
Conducting periodic internal ISMS audits to identify security gaps and prioritize remediation