information-security-manager-iso27001
ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.
91
85%
Does it follow best practices?
Impact
95%
1.33xAverage score across 6 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines a specific domain (ISO 27001 ISMS for HealthTech/MedTech), lists concrete actions, and includes explicit trigger guidance via the 'Use for...' clause. It contains rich, natural trigger terms that users in cybersecurity governance would actually use, and its narrow domain focus makes it highly distinctive among potential competing skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. These are clearly defined activities rather than vague abstractions. | 3 / 3 |
Completeness | Clearly answers both 'what' (ISMS implementation and cybersecurity governance for HealthTech/MedTech) and 'when' with explicit triggers via the 'Use for...' clause listing specific scenarios like ISMS design, certification, audits, and compliance verification. | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'ISO 27001', 'ISMS', 'security risk assessment', 'certification', 'security audits', 'incident response', 'compliance', 'healthcare security', 'medical device cybersecurity', 'ISO 27002', 'HealthTech', 'MedTech'. Good coverage of domain-specific terms users in this field would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining ISO 27001/27002 with HealthTech and MedTech domains. The intersection of ISMS implementation and healthcare/medical device cybersecurity is very specific and unlikely to conflict with generic security or compliance skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured skill with excellent workflow clarity and progressive disclosure, featuring explicit validation checkpoints throughout and clear references to supporting documents. Its main weaknesses are moderate verbosity (trigger phrases section, some redundant tables) and questionable actionability since the CLI tools appear hypothetical rather than real executables Claude can invoke. The worked example at the end is a strong addition that grounds the abstract workflows in a concrete scenario.
Suggestions
Remove the 'Trigger Phrases' section entirely—Claude doesn't need explicit trigger phrases to know when to apply a skill.
Clarify whether the referenced scripts (risk_assessment.py, compliance_checker.py) are real tools in the project or templates to be created; if they don't exist, provide the actual Python code or replace with actionable steps Claude can directly perform (e.g., generating risk register templates, writing policy documents).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is fairly long with some sections that could be tightened—the trigger phrases section is unnecessary for Claude, and some tables repeat information that could be consolidated. However, most content is substantive and domain-specific rather than explaining basic concepts. | 2 / 3 |
Actionability | The skill references specific CLI tools with concrete parameters and provides worked examples with expected outputs, which is good. However, the scripts (risk_assessment.py, compliance_checker.py) appear to be hypothetical/non-existent tools rather than real executable commands, and much of the guidance is procedural checklists rather than truly executable steps Claude can perform. | 2 / 3 |
Workflow Clarity | Each workflow has clearly sequenced steps with explicit validation checkpoints at every stage. The incident response workflow includes feedback loops (containment confirmed before recovery), and the ISMS implementation workflow has a comprehensive certification readiness checklist with clear go/no-go criteria. | 3 / 3 |
Progressive Disclosure | The skill has a clear table of contents, well-organized sections progressing from quick start to detailed workflows, and references to external files (iso27001-controls.md, risk-assessment-guide.md, incident-response.md) that are one level deep with clear descriptions of when to use each reference. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- alirezarezvani/claude-skills
- Commit
f567c61
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.