CtrlK
BlogDocsLog inGet started
Tessl Logo

isms-audit-expert

Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control assessment, and certification support. Use when the user mentions ISO 27001, ISMS audit, Annex A controls, Statement of Applicability (SOA), gap analysis, nonconformity management, internal audit, surveillance audit, or security certification preparation. Helps review control implementation evidence, document audit findings, classify nonconformities, generate risk-based audit plans, map controls to Annex A requirements, prepare Stage 1 and Stage 2 audit documentation, and support corrective action workflows.

98

1.25x
Quality

100%

Does it follow best practices?

Impact

97%

1.25x

Average score across 6 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Evaluation results

100%

Annual ISMS Audit Plan

Risk-based audit scheduling

Criteria
Without context
With context

Script used for JSON

100%

100%

Script used for Markdown

100%

100%

Critical quarterly frequency

100%

100%

High semi-annual frequency

100%

100%

Medium annual frequency

100%

100%

Year 2026 plan

100%

100%

Correct script invocation pattern

100%

100%

Planning workflow documented

100%

100%

Risk frequency table present

100%

100%

JSON structure valid

100%

100%

Markdown format complete

100%

100%

94%

59%

ISMS Internal Audit — Finding Documentation

Finding documentation and classification

Criteria
Without context
With context

Finding ID format

0%

100%

Control Reference format

60%

100%

Finding template structure

60%

100%

Major nonconformity classification

0%

100%

30-day response for Major

0%

100%

90-day response for Minor

0%

100%

Observation category used

0%

0%

10-day RCA deadline

0%

100%

Corrective action log fields

62%

100%

Severity count summary

50%

100%

All four findings documented

100%

100%

No duplicate IDs

100%

100%

100%

30%

ISO 27001 Certification Readiness Assessment

Certification readiness and control testing

Criteria
Without context
With context

Management review gap identified

100%

100%

Stage 1 document list complete

100%

100%

3-month operational minimum applied

10%

100%

Sampling guideline: user accounts

100%

100%

Sampling guideline: background checks

100%

100%

Sampling guideline: training records

100%

100%

Surveillance Year 1 Q2 focus

37%

100%

Surveillance Year 1 Q4 focus

14%

100%

Surveillance Year 2 schedule

42%

100%

No major NC at surveillance

28%

100%

Stage 2 operational evidence

100%

100%

Internal audit past 12 months

80%

100%

Policy signed by management

100%

100%

96%

Cloud Infrastructure Security Audit for FinTech Startup

Cloud security audit assessment

Criteria
Without context
With context

Shared responsibility scope

100%

100%

Cloud provider cert verification

87%

100%

AWS IAM root account checks

100%

100%

AWS IAM least privilege

100%

100%

VPC management port exposure

100%

100%

VPC flow logs check

100%

100%

S3 public bucket check

100%

100%

CloudTrail all-regions check

100%

100%

CloudTrail KMS encryption

100%

100%

TLS 1.2+ in-transit requirement

87%

75%

CMK for sensitive data

100%

100%

Key rotation and logging

71%

71%

API keys not in code

100%

100%

API rate limiting check

100%

100%

94%

27%

Technical Security Control Assessment for Healthcare Platform

Technical control testing and evidence

Criteria
Without context
With context

Testing method selection: inquiry

0%

100%

Testing method selection: inspection

16%

100%

Testing method selection: re-performance

0%

100%

Sampling: population 251+ → 25

75%

100%

Sampling: population 11-50 → 10

0%

25%

Sampling: population 1-10 → all

100%

100%

A.8.2 privileged account justification

100%

100%

A.8.2 admin/user account separation

100%

100%

A.8.2 MFA for privileged access

100%

100%

A.8.5 account lockout test

100%

100%

A.8.5 no plaintext protocols

42%

100%

A.8.24 TLS version and ciphers

100%

100%

A.8.24 certificate expiration tracking

100%

100%

Control objective from ISO 27002

100%

100%

Evidence requirements documented

66%

100%

100%

4%

ISMS Internal Audit Engagement Package

Audit preparation and interview protocol

Criteria
Without context
With context

Pre-audit doc review step

100%

100%

Previous findings analysis

100%

100%

Auditee notification step

100%

100%

Auditor independence: no operational role

100%

100%

Auditor independence: 12-month rule

70%

100%

Audit plan template format

100%

100%

Opening meeting agenda items

100%

100%

Closing meeting agenda items

100%

100%

Interview protocol: introduce purpose

100%

100%

Interview protocol: open-ended questions

100%

100%

Interview protocol: evidence requests

100%

100%

Interview protocol: summarize closing

100%

100%

Checklist preparation step

100%

100%

Documentation validation check

80%

100%

Repository
alirezarezvani/claude-skills
Commit

967fe01

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Annual ISMS Audit PlanISMS Internal Audit — Finding DocumentationISO 27001 Certification Readiness AssessmentCloud Infrastructure Security Audit for FinTech StartupTechnical Security Control Assessment for Healthcare PlatformISMS Internal Audit Engagement Package

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill