Iso27001 Mcp
Run an ISO 27001-aligned ISMS inside Claude with risks, policies, Statement of Applicability, evidence, and audit prep in one encrypted local workspace.
Overview
io.github.Sushegaad/iso27001-mcp is a MCP server for the Ship phase that manages ISO 27001 risks, policies, SoA, evidence, and audit workflows in an encrypted local database via Claude.
What is this MCP server?
- Local encrypted SQLite ISMS store with init-generated DB_ENCRYPTION_KEY and HMAC_SECRET
- MCP tool surface for risks, policies, SoA, evidence collection, and audit-oriented workflows
- stdio npm package iso27001-mcp v0.8.4 with MCP_API_KEY–authenticated tool calls
- DB_PATH override for where the encrypted database file lives on disk
- Designed as a Claude compliance workspace rather than a passive document checker
- Server version 0.8.4 on npm identifier iso27001-mcp
- 3 required secret environment variables plus optional DB_PATH
- AES-256 SQLite encryption per schema documentation
Community signal: 9 GitHub stars.
What problem does it solve?
You need ISO 27001 traceability across risks and evidence, but spreadsheets and ad-hoc docs fall apart the moment an auditor or enterprise buyer asks for a current SoA.
Who is it for?
Indie SaaS founders or consultants building toward ISO 27001 or customer security questionnaires who want MCP-native ISMS maintenance on their machine.
Skip if: Teams that only need a one-off policy PDF, have no appetite for local secrets management, or require a hosted multi-tenant GRC suite with certified assessors built in.
What do I get? / Deliverables
After install and init, Claude can read and update structured ISMS records locally so security narratives, controls, and evidence stay aligned through ship and ongoing operate cycles.
- Encrypted local SQLite ISMS database at DB_PATH
- Agent-updatable risk, policy, SoA, and evidence records
- Authenticated MCP tool calls for audit-oriented workflows
Recommended MCP Servers
Journey fit
How it compares
MCP compliance workspace with encrypted local ISMS data, not a generic markdown policy-writing skill.
Common Questions / FAQ
Who is io.github.Sushegaad/iso27001-mcp for?
Solo builders, bootstrapped SaaS founders, and security-conscious freelancers who want Claude to work directly against ISO 27001 registers instead of loose files.
When should I use io.github.Sushegaad/iso27001-mcp?
Use it during ship security hardening and before audits or enterprise sales cycles when you need living risk, policy, SoA, and evidence records.
How do I add io.github.Sushegaad/iso27001-mcp to my agent?
Install the npm package iso27001-mcp, run init and keygen to set DB_ENCRYPTION_KEY, HMAC_SECRET, and MCP_API_KEY, point DB_PATH if needed, then register the stdio server in Claude Code or your MCP host.