Isms Audit Expert
Guide an agent through an ISMS-oriented security management audit when you need structured compliance evidence before shipping or renewing certifications.
Overview
ISMS Audit Expert is an agent skill for the Ship phase that supports structured Information Security Management System audits for solo builders preparing compliance evidence.
Install
npx skills add https://github.com/davila7/claude-code-templates --skill isms-audit-expertWhat is this skill?
- Named for ISMS (Information Security Management System) audit expertise in the claude-code-templates catalog
- Intended as a security/compliance checker skill alongside other template skills
- Shipped as a template skill package—assets and reference docs are placeholders in the published readme
- Fits builders formalizing policies, controls, and evidence trails with agent assistance
- Pair with your own ISMS scope statement and control library—the skill does not replace a qualified auditor
Adoption & trust: 1 installs on skills.sh; 27.9k GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).
What problem does it solve?
You must demonstrate ISMS-style controls and evidence for customers or certification but lack a repeatable audit script your coding agent can follow.
Who is it for?
Indie SaaS teams bootstrapping ISO 27001-aligned practices who want agent-facilitated audit interviews and evidence checklists once the skill content is completed.
Skip if: Builders who only need dependency CVE scanning or a one-off penetration test with no management-system scope.
When should I use this skill?
When you are in a Ship/security window and need ISMS-oriented audit questioning once substantive SKILL.md content replaces placeholders.
What do I get? / Deliverables
You get an agent-guided audit narrative mapped to management-system controls and gaps to remediate before release or customer review.
- Gap findings aligned to ISMS control themes
- Remediation-oriented audit notes for policies and evidence
Recommended Skills
Journey fit
Ship/security is the canonical shelf for pre-release and ongoing ISMS audit workflows—where solo builders validate controls before customers or auditors see the system. Security subphase covers management-system audits (ISO 27001-style ISMS), not single CVE scans.
How it compares
Skill-guided compliance questioning—not a substitute for certified ISMS lead auditors or automated GRC platforms.
Common Questions / FAQ
Who is isms-audit-expert for?
Solo and small-team builders pursuing enterprise readiness who need ISMS-themed audit structure in Claude Code templates.
When should I use isms-audit-expert?
Use it in Ship/security while preparing for customer security questionnaires, internal audits, or certification readiness reviews.
Is isms-audit-expert safe to install?
Treat it like any third-party template: review the Security Audits panel on this Prism page and inspect the repo for real procedures before running against production secrets.
SKILL.md
READMESKILL.md - Isms Audit Expert
# Example Asset File This placeholder represents where asset files would be stored. Replace with actual asset files (templates, images, fonts, etc.) or delete if not needed. Asset files are NOT intended to be loaded into context, but rather used within the output Claude produces. Example asset files from other skills: - Brand guidelines: logo.png, slides_template.pptx - Frontend builder: hello-world/ directory with HTML/React boilerplate - Typography: custom-font.ttf, font-family.woff2 - Data: sample_data.csv, test_dataset.json ## Common Asset Types - Templates: .pptx, .docx, boilerplate directories - Images: .png, .jpg, .svg, .gif - Fonts: .ttf, .otf, .woff, .woff2 - Boilerplate code: Project directories, starter files - Icons: .ico, .svg - Data files: .csv, .json, .xml, .yaml Note: This is a text placeholder. Actual assets can be any file type. # Reference Documentation for Isms Audit Expert This is a placeholder for detailed reference documentation. Replace with actual reference content or delete if not needed. Example real reference docs from other skills: - product-management/references/communication.md - Comprehensive guide for status updates - product-management/references/context_building.md - Deep-dive on gathering context - bigquery/references/ - API references and query examples ## When Reference Docs Are Useful Reference docs are ideal for: - Comprehensive API documentation - Detailed workflow guides - Complex multi-step processes - Information too lengthy for main SKILL.md - Content that's only needed for specific use cases ## Structure Suggestions ### API Reference Example - Overview - Authentication - Endpoints with examples - Error codes - Rate limits ### Workflow Guide Example - Prerequisites - Step-by-step instructions - Common patterns - Troubleshooting - Best practices #!/usr/bin/env python3 """ Example helper script for isms-audit-expert This is a placeholder script that can be executed directly. Replace with actual implementation or delete if not needed. Example real scripts from other skills: - pdf/scripts/fill_fillable_fields.py - Fills PDF form fields - pdf/scripts/convert_pdf_to_images.py - Converts PDF pages to images """ def main(): print("This is an example script for isms-audit-expert") # TODO: Add actual script logic here # This could be data processing, file conversion, API calls, etc. if __name__ == "__main__": main() --- name: isms-audit-expert description: Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support. --- # Senior ISMS Audit Expert Expert-level Information Security Management System (ISMS) auditing with comprehensive knowledge of ISO 27001, security audit methodologies, security control assessment, and cybersecurity compliance verification. ## Core ISMS Auditing Competencies ### 1. ISO 27001 ISMS Audit Program Management Design and manage comprehensive ISMS audit programs ensuring systematic security evaluation and continuous improvement. **ISMS Audit Program Framework:** ``` ISMS AUDIT PROGRAM MANAGEMENT ├── Security Audit Planning │ ├── Risk-based audit scheduling │ ├── Security domain scope definition │ ├── Technical auditor competency │ └── Security testing resource allocation ├── Audit Execution Coordination │ ├── Technical security assessment │ ├── Administrative control evaluation │ ├── Physical security verification │ └── Security documentation review ├── Security Finding Management │ ├── Security gap identification │ ├── Vulnerability assessment integration │ ├── Risk-based finding prioritization │ └── Security improvement recommendations └── ISMS Audit Performance ├── Security audit effectiveness ├── Technic