information-security-manager-iso27001
ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/alirezarezvani/information-security-manager-iso27001What This Skill Does
The Information Security Manager - ISO 27001 skill acts as a comprehensive governance tool for HealthTech and MedTech organizations seeking to establish or maintain an Information Security Management System (ISMS). It automates the complex alignment process between the ISO 27001:2022 standard and specific healthcare regulatory frameworks. The skill provides automated risk assessment capabilities, enabling users to perform asset-based threat modeling, vulnerability analysis, and residual risk calculation using standardized methodologies. Additionally, it streamlines compliance verification by auditing control effectiveness across specified domains, offering clear gap analysis reporting, and suggesting remediation strategies tailored to sensitive medical environments.
Installation
To integrate this skill into your environment, run the following command in your terminal:
clawhub install openclaw/skills/skills/alirezarezvani/information-security-manager-iso27001
Ensure you have the necessary environment variables configured for file access if you intend to run assessments against local asset inventories or control CSVs.
Use Cases
- ISMS Design: Structuring organizational policies and procedures to meet ISO 27001 requirements.
- Risk Assessments: Conducting Clause 6.1.2 risk assessments for cloud-based EHR systems.
- Compliance Audits: Validating control implementation prior to certification audits.
- Healthcare Compliance: Ensuring medical device cybersecurity protocols align with international security standards.
- Incident Response Planning: Drafting and testing organizational response strategies for data breaches involving PHI (Protected Health Information).
Example Prompts
- "Perform a security risk assessment for our new patient data repository using the healthcare template and output the results as a JSON file."
- "Generate a gap analysis report for our ISO 27001 compliance regarding access control and cryptography domains."
- "Draft an incident response plan procedure for potential data leakage in our connected medical device network."
Tips & Limitations
- Data Accuracy: The tool is as effective as the input data; ensure your
assets.csvis up-to-date for accurate risk scoring. - Periodic Review: Automated tools supplement human auditors; always have security documentation signed off by an authorized DPO or CISO.
- Scope: This tool focuses on ISO 27001; for HIPAA or SOC2 specific reporting, additional mappings may be required. Always review the generated outputs against your organization's specific technical environment before implementation.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-alirezarezvani-information-security-manager-iso27001": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, file-write, code-execution
Related Skills
intl-expansion
International market expansion strategy. Market selection, entry modes, localization, regulatory compliance, and go-to-market by region. Use when expanding to new countries, evaluating international markets, planning localization, or building regional teams.
marketing-strategy-pmm
Product marketing skill for positioning, GTM strategy, competitive intelligence, and product launches. Use when the user asks about product positioning, go-to-market planning, competitive analysis, target audience definition, ICP definition, market research, launch plans, or sales enablement. Covers April Dunford positioning, ICP definition, competitive battlecards, launch playbooks, and international market entry. Produces deliverables including positioning statements, battlecard documents, launch plans, and go-to-market strategies.
paid-ads
When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when the user mentions 'PPC,' 'paid media,' 'ad copy,' 'ad creative,' 'ROAS,' 'CPA,' 'ad campaign,' 'retargeting,' or 'audience targeting.' This skill covers campaign strategy, ad creation, audience targeting, and optimization.
qms-audit-expert
ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.
code-reviewer
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.