information-security-manager-iso27001
ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.
87
73%
Does it follow best practices?
Impact
95%
1.33xAverage score across 6 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./ra-qm-team/information-security-manager-iso27001/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its domain (ISO 27001 ISMS for HealthTech/MedTech), lists specific concrete actions, and includes explicit trigger guidance via the 'Use for...' clause. It uses appropriate third-person voice and contains rich, natural trigger terms that users in cybersecurity governance would actually use. The narrow domain focus on healthcare/medical device cybersecurity combined with ISO standards makes it highly distinctive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. These are clearly defined activities rather than vague abstractions. | 3 / 3 |
Completeness | Clearly answers both 'what' (ISMS implementation and cybersecurity governance for HealthTech/MedTech) and 'when' with explicit triggers via the 'Use for...' clause listing specific scenarios like ISMS design, certification, audits, and compliance verification. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'ISO 27001', 'ISMS', 'security risk assessment', 'certification', 'security audits', 'incident response', 'compliance', 'healthcare security', 'medical device cybersecurity', 'ISO 27002', 'HealthTech', 'MedTech'. Good coverage of domain-specific terms users in this field would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: ISO 27001 specifically for HealthTech and MedTech companies. The combination of ISO 27001/27002 standards with healthcare and medical device cybersecurity creates a very specific domain unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
47%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill demonstrates strong workflow clarity with well-structured multi-step processes and explicit validation checkpoints, which is its primary strength. However, it is significantly over-verbose, including extensive tables and explanations of domain concepts Claude already knows, and the referenced CLI tools appear hypothetical rather than real. The content would benefit greatly from aggressive trimming and moving detailed reference material to separate files.
Suggestions
Reduce the main file by 50-60% by moving detailed tables (threat examples, asset classifications, severity criteria) into the referenced guide files, keeping only the essential workflow steps and commands in SKILL.md.
Remove the 'Trigger Phrases' section entirely—Claude doesn't need explicit trigger phrases to know when to apply a skill.
Clarify whether the referenced scripts (risk_assessment.py, compliance_checker.py) are real tools that exist in the project or conceptual examples; if conceptual, reframe the guidance around actual actionable steps rather than hypothetical CLI commands.
Eliminate explanatory content Claude already knows (e.g., what incident categories are, what asset types exist, basic risk calculation formulas) and focus only on project-specific conventions and configurations.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300+ lines. It includes extensive tables, trigger phrases Claude doesn't need, explanations of basic concepts (what asset types are, what incident categories mean), and redundant validation checkpoints repeated across sections. Much of this content (e.g., threat examples, asset classification tables, severity criteria) is domain knowledge Claude already possesses. | 1 / 3 |
Actionability | The skill provides concrete CLI commands with parameters and worked examples, which is good. However, the scripts referenced (risk_assessment.py, compliance_checker.py) appear to be hypothetical tools with no indication they actually exist, and the 'output' shown is fabricated example output rather than real executable guidance. Many steps are procedural descriptions rather than executable instructions. | 2 / 3 |
Workflow Clarity | The workflows are well-sequenced with clear step numbering, explicit validation checkpoints at each step, and specific criteria for passing each checkpoint. The incident response workflow includes feedback loops (containment confirmed before recovery), and the ISMS implementation workflow has clear gates between phases. The certification readiness checklists are particularly well-structured. | 3 / 3 |
Progressive Disclosure | The skill references external files (references/iso27001-controls.md, references/risk-assessment-guide.md, references/incident-response.md) with clear descriptions of when to use each, which is good. However, the main file itself is monolithic with extensive inline content (full worked examples, detailed parameter tables, complete workflow descriptions) that could be split into separate reference files, making the overview much leaner. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- alirezarezvani/claude-skills
- Commit
a96cc20
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.