information-security-manager-iso27001
tessl i github:alirezarezvani/claude-skills --skill information-security-manager-iso27001Senior Information Security Manager specializing in ISO 27001 and ISO 27002 implementation for HealthTech and MedTech companies. Provides ISMS implementation, cybersecurity risk assessment, security controls management, and compliance oversight. Use for ISMS design, security risk assessments, control implementation, and ISO 27001 certification activities.
Validation
75%| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs | Warning |
Total | 12 / 16 Passed | |
Implementation
20%This skill content functions more as a comprehensive ISO 27001 reference document than actionable guidance for Claude. It extensively explains security frameworks and concepts that Claude already understands, while failing to provide concrete, executable instructions. The content would benefit from dramatic reduction in explanatory text and addition of specific, actionable examples with actual code.
Suggestions
Replace abstract framework descriptions with concrete, executable examples - show actual Python code from the referenced scripts rather than just listing script names
Remove explanations of well-known concepts (what ISO 27001 is, HIPAA basics, security control categories) and focus only on project-specific implementation details
Add explicit validation checkpoints to workflows, especially for risk assessments and incident response processes (e.g., 'Verify risk score calculation: expected output format is...')
Move the extensive framework diagrams and category listings to reference files, keeping only quick-start actionable guidance in the main skill
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with extensive explanations of concepts Claude already knows (ISO 27001 structure, what HIPAA is, basic security concepts). The content reads like a textbook rather than actionable guidance, with significant padding and organizational charts that don't add operational value. | 1 / 3 |
Actionability | Despite listing Python scripts in resources, no actual executable code is provided. The content describes frameworks and categories abstractly but lacks concrete commands, specific examples, or copy-paste ready guidance. Phrases like 'Implement comprehensive security controls' are vague directives. | 1 / 3 |
Workflow Clarity | Some numbered steps exist (e.g., Risk Assessment Methodology, Incident Management Process) with decision points mentioned, but validation checkpoints are missing. The workflows describe what to do conceptually but lack explicit verification steps or feedback loops for error recovery. | 2 / 3 |
Progressive Disclosure | References to external files (references/healthcare-threat-modeling.md, scripts/) are present and one-level deep, but the main content is a monolithic wall of text with excessive inline detail that should be split into separate reference documents. The structure exists but content organization is poor. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
100%This is a strong skill description that clearly defines its specialized domain (ISO 27001/27002 for HealthTech/MedTech), lists concrete capabilities, and provides explicit trigger guidance. The description uses appropriate third-person voice and includes industry-specific terminology that users in this domain would naturally use. Minor improvement could include adding file type triggers if applicable.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'ISMS implementation', 'cybersecurity risk assessment', 'security controls management', 'compliance oversight', 'ISMS design', 'control implementation', and 'ISO 27001 certification activities'. | 3 / 3 |
Completeness | Clearly answers both what ('ISMS implementation, cybersecurity risk assessment, security controls management, compliance oversight') AND when ('Use for ISMS design, security risk assessments, control implementation, and ISO 27001 certification activities'). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'ISO 27001', 'ISO 27002', 'ISMS', 'cybersecurity risk assessment', 'security controls', 'compliance', 'HealthTech', 'MedTech', 'certification'. These are terms professionals in this domain would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear niche: specifically targets ISO 27001/27002 standards for HealthTech/MedTech companies. The combination of specific standards, industry vertical, and activities makes it unlikely to conflict with general security or compliance skills. | 3 / 3 |
Total | 12 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.