isms-audit-expert
tessl i github:alirezarezvani/claude-skills --skill isms-audit-expertSenior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.
Validation
75%| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs | Warning |
Total | 12 / 16 Passed | |
Implementation
20%This skill reads like a comprehensive reference document or training syllabus rather than actionable guidance for Claude. It extensively describes ISMS audit concepts, frameworks, and organizational structures that Claude already understands, while failing to provide concrete, executable procedures. The content would benefit from dramatic reduction and replacement of abstract frameworks with specific, copy-paste-ready audit procedures and commands.
Suggestions
Replace ASCII framework diagrams with concrete, executable audit procedures - show actual checklist items, specific questions to ask, or exact commands to run rather than hierarchical category lists
Provide actual code content for referenced scripts (e.g., security-audit-prep.py) or at minimum show example usage with expected inputs/outputs
Add explicit validation checkpoints with concrete pass/fail criteria - e.g., 'Before proceeding to Stage 2, verify: [ ] All Annex A controls documented, [ ] Risk treatment plan approved'
Reduce content by 70%+ by removing explanations of standard audit concepts and focusing only on project-specific procedures, templates, and decision criteria
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with extensive ASCII diagrams and hierarchical lists that explain concepts Claude already knows (what ISO 27001 controls are, basic audit processes). The content is heavily padded with organizational frameworks that don't provide actionable guidance. | 1 / 3 |
Actionability | Almost entirely abstract and descriptive rather than instructive. References scripts like 'scripts/security-audit-prep.py' without showing actual code or commands. No executable examples, no concrete audit procedures, just high-level frameworks and categories. | 1 / 3 |
Workflow Clarity | Some numbered steps exist (e.g., Security Audit Preparation, Certification Audit Preparation) with decision points mentioned, but lacks explicit validation checkpoints and feedback loops. Steps are vague ('Follow scripts/security-audit-prep.py') rather than concrete verification procedures. | 2 / 3 |
Progressive Disclosure | References external files appropriately (references/, scripts/, assets/) with clear organization, but the main content is a monolithic wall of frameworks and lists. The overview itself is too long and detailed rather than being a concise entry point to detailed materials. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
90%This is a well-structured description with explicit 'Use for' guidance and good trigger term coverage for the ISMS/ISO 27001 audit domain. The main weakness is that the capabilities listed are somewhat abstract (e.g., 'security audit program management') rather than concrete actions. Overall, it provides sufficient detail for Claude to select this skill appropriately.
Suggestions
Replace abstract capabilities with more concrete actions, e.g., 'Develops audit checklists, reviews security control evidence, generates audit findings reports, tracks corrective actions'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (ISMS/ISO 27001) and lists several actions (audit program management, control assessment, compliance verification), but these are somewhat abstract rather than concrete specific actions like 'review access control logs' or 'generate audit findings reports'. | 2 / 3 |
Completeness | Clearly answers both what (ISMS audit expertise, security audit program management, control assessment, compliance verification) AND when ('Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support'). | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms users would say: 'ISMS', 'ISO 27001', 'security audit', 'internal audit', 'external audit', 'certification', 'compliance', 'security control testing'. These are terms practitioners would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on ISMS and ISO 27001 auditing. The combination of 'ISMS', 'ISO 27001', and 'audit' creates distinct triggers unlikely to conflict with general security or compliance skills. | 3 / 3 |
Total | 11 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.