Isms Audit Expert

Name: Isms Audit Expert
Author: alirezarezvani

alirezarezvani/claude-skills

Run structured cloud security assessments using shared-responsibility checklists before launch or during production compliance reviews.

Overview

isms-audit-expert is an agent skill most often used in Ship (also Operate) that applies a cloud shared-responsibility audit framework for configuration and compliance checks.

Install

npx skills add https://github.com/alirezarezvani/claude-skills --skill isms-audit-expert

What is this skill?

Shared responsibility matrix across IaaS, PaaS, and SaaS with audit focus per model
Cloud provider certification verification checklist (ISO 27001 and related)
Configuration security, data protection, and IAM assessment sections
Layered audit targets from VMs and App Service through M365-style SaaS integrations
Table-of-contents driven framework for repeatable verification runs

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 723 installs on skills.sh; 17.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You deploy on cloud or SaaS but lack a repeatable checklist for who secures what and which controls to verify.

Who is it for?

Indie SaaS founders doing launch-readiness or annual cloud posture reviews with ISO-oriented expectations.

Skip if: Pure on-prem monoliths with no cloud surface or teams needing automated penetration testing instead of assessment playbooks.

When should I use this skill?

User asks for cloud security audit, ISMS-style assessment, shared responsibility review, or ISO 27001 provider verification.

What do I get? / Deliverables

You produce a structured audit pass across provider certs, IAM, data protection, and model-specific configuration gaps.

Completed responsibility-matrix-oriented audit checklist
Prioritized configuration and data-protection gap notes

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Pre-launch and ongoing ship gates are where cloud configuration and ISMS-style audits prevent customer data incidents. Content is an assessment framework—provider certs, IAM, encryption, and model-specific controls—aligned with security review subphase.

Also useful

OperateInfrastructure & cost

Where it fits

Example use

ShipSecurity

Walk IaaS VM and VNet controls before first customer data lands in production.

Example use

OperateInfrastructure & cost

Re-verify PaaS logging and encryption settings after migrating to a new App Service plan.

How it compares

Assessment checklist skill, not a live CSPM scanner or secrets-detection integration.

Common Questions / FAQ

Who is isms-audit-expert for?

Solo builders and small teams responsible for cloud and SaaS security reviews without a dedicated GRC department.

When should I use isms-audit-expert?

In Ship security before launch, and in Operate when re-auditing IAM and data handling after major infra or vendor changes.

Is isms-audit-expert safe to install?

Review the Security Audits panel on this Prism page; treat any cloud credentials used during reviews as highly sensitive.

SKILL.md

READMESKILL.md - Isms Audit Expert

# Cloud Security Audit Guide

Assessment framework for cloud service security verification.

---

## Table of Contents

- [Shared Responsibility Model](#shared-responsibility-model)
- [Cloud Provider Assessment](#cloud-provider-assessment)
- [Configuration Security](#configuration-security)
- [Data Protection](#data-protection)
- [Identity and Access Management](#identity-and-access-management)

---

## Shared Responsibility Model

### Responsibility Matrix

| Layer | IaaS | PaaS | SaaS |
|-------|------|------|------|
| Data classification | Customer | Customer | Customer |
| Identity management | Customer | Customer | Shared |
| Application security | Customer | Shared | Provider |
| Network controls | Shared | Provider | Provider |
| Host infrastructure | Provider | Provider | Provider |
| Physical security | Provider | Provider | Provider |

### Audit Focus by Model

**IaaS (AWS EC2, Azure VMs):**
- Virtual network configuration
- OS hardening and patching
- Application deployment security
- Data encryption implementation

**PaaS (Azure App Service, AWS Lambda):**
- Application code security
- Data handling and encryption
- Identity integration
- Logging configuration

**SaaS (Microsoft 365, Salesforce):**
- User access management
- Data classification and handling
- Security configuration settings
- Integration security

---

## Cloud Provider Assessment

### Certification Verification

Check for current certifications:
- [ ] ISO 27001 (Information Security)
- [ ] ISO 27017 (Cloud Security)
- [ ] ISO 27018 (Cloud Privacy)
- [ ] SOC 2 Type II
- [ ] CSA STAR certification

**Verification Steps:**
1. Request current certificates from provider
2. Verify certificate scope includes services used
3. Check certification expiration dates
4. Review SOC 2 report for relevant controls
5. Document any scope exclusions

### Data Residency Compliance

| Requirement | Verification |
|-------------|--------------|
| GDPR (EU data) | Confirm EU region availability |
| Data sovereignty | Verify no cross-border transfer |
| Backup location | Confirm backup region |
| Disaster recovery | Document DR site location |

### Provider Security Documentation

Request and review:
- Shared responsibility documentation
- Security whitepapers
- Incident notification procedures
- SLA for security incidents
- Vulnerability disclosure policy

---

## Configuration Security

### AWS Security Assessment

**Identity and Access (IAM):**
- [ ] Root account has MFA enabled
- [ ] No access keys for root account
- [ ] IAM policies follow least privilege
- [ ] No wildcard (*) permissions on sensitive resources
- [ ] Password policy meets requirements

**Network Configuration (VPC):**
- [ ] Default VPCs removed or secured
- [ ] Security groups follow least privilege
- [ ] No 0.0.0.0/0 ingress on management ports
- [ ] VPC flow logs enabled
- [ ] Network ACLs configured appropriately

**Storage (S3):**
- [ ] No public buckets (unless intended)
- [ ] Bucket policies restrict access
- [ ] Encryption at rest enabled
- [ ] Versioning enabled for critical data
- [ ] Access logging enabled

**Logging (CloudTrail):**
- [ ] CloudTrail enabled in all regions
- [ ] Log file validation enabled
- [ ] Logs encrypted with KMS
- [ ] S3 bucket for logs is secured
- [ ] CloudWatch alarms configured

### Azure Security Assessment

**Identity (Azure AD):**
- [ ] MFA enabled for all users
- [ ] Privileged Identity Management (PIM) configured
- [ ] Conditional Access policies defined
- [ ] Guest access restricted
- [ ] Password protection enabled

**Network (Virtual Networks):**
- [ ] NSG rules follow least privilege
- [ ] No open management ports to internet
- [ ] Network Watcher enabled
- [ ] DDoS protection configured
- [ ] Private endpoints for PaaS services

**Storage:**
- [ ] No anonymous access to blob storage
- [ ] Encryption at rest enabled
- [ ] Shared access signatures time-limited
- [ ] Storage analytics logging enabled
- [ ] Soft delete enabled

**Monitoring:**
- [ ] Azure M

What is this skill?

Shared responsibility matrix across IaaS, PaaS, and SaaS with audit focus per model

Cloud provider certification verification checklist (ISO 27001 and related)

Configuration security, data protection, and IAM assessment sections

Layered audit targets from VMs and App Service through M365-style SaaS integrations

Table-of-contents driven framework for repeatable verification runs

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 723 installs on skills.sh; 17.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

OperateInfrastructure & cost

Where it fits

Example use

ShipSecurity

Walk IaaS VM and VNet controls before first customer data lands in production.

Example use

OperateInfrastructure & cost

Re-verify PaaS logging and encryption settings after migrating to a new App Service plan.

SKILL.md

READMESKILL.md - Isms Audit Expert

# Cloud Security Audit Guide

Assessment framework for cloud service security verification.

---

## Table of Contents

- [Shared Responsibility Model](#shared-responsibility-model)
- [Cloud Provider Assessment](#cloud-provider-assessment)
- [Configuration Security](#configuration-security)
- [Data Protection](#data-protection)
- [Identity and Access Management](#identity-and-access-management)

---

## Shared Responsibility Model

### Responsibility Matrix

| Layer | IaaS | PaaS | SaaS |
|-------|------|------|------|
| Data classification | Customer | Customer | Customer |
| Identity management | Customer | Customer | Shared |
| Application security | Customer | Shared | Provider |
| Network controls | Shared | Provider | Provider |
| Host infrastructure | Provider | Provider | Provider |
| Physical security | Provider | Provider | Provider |

### Audit Focus by Model

**IaaS (AWS EC2, Azure VMs):**
- Virtual network configuration
- OS hardening and patching
- Application deployment security
- Data encryption implementation

**PaaS (Azure App Service, AWS Lambda):**
- Application code security
- Data handling and encryption
- Identity integration
- Logging configuration

**SaaS (Microsoft 365, Salesforce):**
- User access management
- Data classification and handling
- Security configuration settings
- Integration security

---

## Cloud Provider Assessment

### Certification Verification

Check for current certifications:
- [ ] ISO 27001 (Information Security)
- [ ] ISO 27017 (Cloud Security)
- [ ] ISO 27018 (Cloud Privacy)
- [ ] SOC 2 Type II
- [ ] CSA STAR certification

**Verification Steps:**
1. Request current certificates from provider
2. Verify certificate scope includes services used
3. Check certification expiration dates
4. Review SOC 2 report for relevant controls
5. Document any scope exclusions

### Data Residency Compliance

| Requirement | Verification |
|-------------|--------------|
| GDPR (EU data) | Confirm EU region availability |
| Data sovereignty | Verify no cross-border transfer |
| Backup location | Confirm backup region |
| Disaster recovery | Document DR site location |

### Provider Security Documentation

Request and review:
- Shared responsibility documentation
- Security whitepapers
- Incident notification procedures
- SLA for security incidents
- Vulnerability disclosure policy

---

## Configuration Security

### AWS Security Assessment

**Identity and Access (IAM):**
- [ ] Root account has MFA enabled
- [ ] No access keys for root account
- [ ] IAM policies follow least privilege
- [ ] No wildcard (*) permissions on sensitive resources
- [ ] Password policy meets requirements

**Network Configuration (VPC):**
- [ ] Default VPCs removed or secured
- [ ] Security groups follow least privilege
- [ ] No 0.0.0.0/0 ingress on management ports
- [ ] VPC flow logs enabled
- [ ] Network ACLs configured appropriately

**Storage (S3):**
- [ ] No public buckets (unless intended)
- [ ] Bucket policies restrict access
- [ ] Encryption at rest enabled
- [ ] Versioning enabled for critical data
- [ ] Access logging enabled

**Logging (CloudTrail):**
- [ ] CloudTrail enabled in all regions
- [ ] Log file validation enabled
- [ ] Logs encrypted with KMS
- [ ] S3 bucket for logs is secured
- [ ] CloudWatch alarms configured

### Azure Security Assessment

**Identity (Azure AD):**
- [ ] MFA enabled for all users
- [ ] Privileged Identity Management (PIM) configured
- [ ] Conditional Access policies defined
- [ ] Guest access restricted
- [ ] Password protection enabled

**Network (Virtual Networks):**
- [ ] NSG rules follow least privilege
- [ ] No open management ports to internet
- [ ] Network Watcher enabled
- [ ] DDoS protection configured
- [ ] Private endpoints for PaaS services

**Storage:**
- [ ] No anonymous access to blob storage
- [ ] Encryption at rest enabled
- [ ] Shared access signatures time-limited
- [ ] Storage analytics logging enabled
- [ ] Soft delete enabled

**Monitoring:**
- [ ] Azure M

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is isms-audit-expert for?

When should I use isms-audit-expert?

Is isms-audit-expert safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is isms-audit-expert for?

When should I use isms-audit-expert?

Is isms-audit-expert safe to install?

SKILL.md