Get the FREE Ultimate OpenClaw Setup Guide →

iso27001-compliance

Scanned
npx machina-cli add skill BagelHole/DevOps-Security-Agent-Skills/iso27001-compliance --openclaw
Files (1)
SKILL.md
1.6 KB

ISO 27001 Compliance

Implement ISO 27001 Information Security Management System.

ISMS Framework

plan_do_check_act:
  plan:
    - Define scope
    - Risk assessment
    - Risk treatment plan
    - Statement of Applicability
    
  do:
    - Implement controls
    - Security awareness
    - Document procedures
    
  check:
    - Internal audits
    - Management review
    - Performance measurement
    
  act:
    - Corrective actions
    - Continual improvement

Annex A Controls

control_domains:
  A.5: Information security policies
  A.6: Organization of information security
  A.7: Human resource security
  A.8: Asset management
  A.9: Access control
  A.10: Cryptography
  A.11: Physical security
  A.12: Operations security
  A.13: Communications security
  A.14: System acquisition/development
  A.15: Supplier relationships
  A.16: Incident management
  A.17: Business continuity
  A.18: Compliance

Risk Assessment

risk_assessment:
  identify:
    - Asset inventory
    - Threat identification
    - Vulnerability assessment
    
  analyze:
    - Likelihood rating
    - Impact rating
    - Risk calculation
    
  evaluate:
    - Risk acceptance criteria
    - Prioritization
    - Treatment options

Best Practices

  • Management commitment
  • Risk-based approach
  • Document everything
  • Regular internal audits
  • Continuous improvement

Source

git clone https://github.com/BagelHole/DevOps-Security-Agent-Skills/blob/main/compliance/frameworks/iso27001-compliance/SKILL.mdView on GitHub

Overview

This skill guides building and maintaining an ISO 27001 Information Security Management System (ISMS). It covers scoping, risk assessment, risk treatment planning, the Statement of Applicability, control selection via Annex A, and continual improvement to meet enterprise security requirements.

How This Skill Works

ISMS activities follow the Plan-Do-Check-Act cycle: plan the scope, risk assessment, and risk treatment; do by implementing controls and procedures; check via internal audits, management reviews, and performance measurement; and act on corrective actions for continual improvement. The framework references Annex A control domains and a formal risk assessment with identify, analyze, and evaluate stages.

When to Use It

  • When implementing an enterprise security program that must meet ISO 27001.
  • When defining ISMS scope and performing risk assessment.
  • When selecting and implementing Annex A controls (A.5–A.18).
  • When preparing for internal audits, management reviews, and certification readiness.
  • When establishing a framework for continual improvement and compliance reporting.

Quick Start

  1. Step 1: Define ISMS scope, identify assets, and perform a risk assessment.
  2. Step 2: Select controls from Annex A, implement procedures, and document them.
  3. Step 3: Establish an internal audit program and implement continual improvement actions.

Best Practices

  • Secure management commitment and sponsorship.
  • Apply a risk-based approach to control selection.
  • Document everything: scope, risk assessments, decisions, and procedures.
  • Run regular internal audits and management reviews.
  • Pursue continual improvement with corrective actions and metrics.

Example Use Cases

  • Defining scope for a multinational organization and completing a risk assessment.
  • Producing a Statement of Applicability (SoA) and mapping controls.
  • Implementing controls across access, asset, incident, and supplier relationships.
  • Conducting an internal ISMS audit and management review.
  • Closing nonconformities with corrective actions and monitoring results.

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers