CtrlK
BlogDocsLog inGet started
Tessl Logo

information-security-manager-iso27001

ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.

87

1.33x
Quality

73%

Does it follow best practices?

Impact

95%

1.33x

Average score across 6 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./ra-qm-team/information-security-manager-iso27001/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

87%

48%

Security Risk Assessment for MediVault Patient Data Platform

Healthcare risk assessment using prescribed tooling and scoring methodology

Criteria
Without context
With context

risk_assessment.py used

0%

100%

Healthcare template flag

0%

100%

Scope parameter used

0%

100%

Likelihood × Impact formula

100%

100%

1-5 scoring scales

100%

100%

Risk level thresholds

0%

100%

Asset inventory fields

60%

60%

STRIDE threat model

0%

0%

Residual risk calculated

20%

90%

Report structure

100%

100%

Treatment timelines

50%

100%

Output saved to file

0%

100%

91%

46%

ISO 27001 Certification Preparation for CardioFlow Medical Devices

ISMS implementation workflow, SoA structure, and compliance monitoring schedule

Criteria
Without context
With context

compliance_checker.py used

0%

100%

--standard iso27001 flag

0%

100%

--gap-analysis flag used

0%

100%

ISMS four-step sequence

60%

70%

SoA Control ID field

100%

80%

SoA Applicable and Justification

100%

100%

SoA Implementation Status

100%

100%

SoA Evidence Reference

0%

100%

Monthly compliance command

100%

100%

Quarterly gap analysis command

0%

100%

AES-256 at rest

100%

100%

TLS 1.3 in transit

62%

100%

MFA for all users

0%

100%

Hardware token for admins

0%

0%

iso27002 for control mapping

0%

100%

99%

34%

Incident Response Program Documentation for HealthBridge

Incident response procedures, severity classification, and regulatory notification timelines

Criteria
Without context
With context

15-minute logging target

50%

100%

Critical = Immediate response

100%

100%

High = 1-hour response

62%

100%

Medium = 4-hour response

62%

100%

Post-incident review timing

40%

100%

GDPR 72-hour notification

100%

100%

HIPAA 60-day notification

100%

100%

Preserve evidence before changes

100%

87%

Isolation as containment action

100%

100%

MTTD target < 1 hour

0%

100%

MTTR target < 4 hours

0%

100%

MTTC target < 2 hours

0%

100%

Repeat incidents target 0

0%

100%

Incident categories covered

100%

100%

96%

-4%

Security Governance Framework for HealthTech Startup

Security governance documentation: policy lifecycle, RACI, training program, remote working

Criteria
Without context
With context

Policy approval step

100%

100%

Policy communication step

100%

100%

Annual policy review

100%

100%

RACI matrix present

100%

100%

Information Security Manager role

100%

100%

Annual training program

100%

100%

Role-specific training

100%

100%

Phishing simulations

100%

100%

Training effectiveness tracking

100%

100%

VPN requirement

100%

100%

Endpoint protection requirement

100%

100%

Job descriptions with security duties

100%

0%

100%

3%

Technical Security Controls for CloudEHR Platform

Technical security controls: backup policy, SIEM logging, vulnerability management, privileged access

Criteria
Without context
With context

Backup encryption

100%

100%

Automated backups

100%

100%

Restoration testing

100%

100%

Centralized log management (SIEM)

100%

100%

Log retention period

100%

100%

Log integrity protection

100%

100%

CVSS-aligned vulnerability scoring

100%

100%

Named vulnerability tool categories

100%

100%

Remediation SLAs by severity

100%

100%

PAM solution

87%

100%

Separate admin accounts

75%

100%

MFA for privileged access

100%

100%

Privileged activity logging

100%

100%

100%

19%

ISO 27001 Certification Preparation and Incident Response Procedures

Certification readiness, evidence retention, post-incident report, and containment by incident type

Criteria
Without context
With context

Stage 1: SoA in checklist

100%

100%

Stage 1: Internal audit item

100%

100%

Stage 1: Management review item

100%

100%

Stage 2: 3+ months metrics

0%

100%

Stage 2: Controls operational

100%

100%

Account compromise containment

100%

100%

Malware containment: isolate + C2 block

100%

100%

Data breach: DLP action

50%

100%

DDoS: traffic scrubbing

100%

100%

Audit reports retention: 3 years

100%

100%

Training records retention

25%

100%

Policy versions retention

100%

100%

Post-incident report: RCA section

100%

100%

Post-incident report: Impact Assessment

66%

100%

Post-incident report: Timeline section

100%

100%

Post-incident report: Recommendations table

100%

100%

Repository
alirezarezvani/claude-skills
Commit

a96cc20

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Security Risk Assessment for MediVault Patient Data PlatformISO 27001 Certification Preparation for CardioFlow Medical DevicesIncident Response Program Documentation for HealthBridgeSecurity Governance Framework for HealthTech StartupTechnical Security Controls for CloudEHR PlatformISO 27001 Certification Preparation and Incident Response Procedures

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill