isms-audit-expert
Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control assessment, and certification support. Use when the user mentions ISO 27001, ISMS audit, Annex A controls, Statement of Applicability (SOA), gap analysis, nonconformity management, internal audit, surveillance audit, or security certification preparation. Helps review control implementation evidence, document audit findings, classify nonconformities, generate risk-based audit plans, map controls to Annex A requirements, prepare Stage 1 and Stage 2 audit documentation, and support corrective action workflows.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/alirezarezvani/isms-audit-expertWhat This Skill Does
The ISMS Audit Expert skill serves as a comprehensive management assistant for organizations aiming to achieve or maintain ISO 27001 certification. It provides a structured framework for managing internal and external audits, assessing security controls, and ensuring continuous compliance. By automating the planning, execution, and verification phases of an Information Security Management System (ISMS) audit, the skill helps organizations identify gaps, prioritize remediation efforts based on risk, and maintain documentation required for formal certification support.
Installation
To install this skill, run the following command in your terminal: clawhub install openclaw/skills/skills/alirezarezvani/isms-audit-expert
Use Cases
This skill is designed for Information Security Officers (ISOs), compliance managers, and internal auditors who need to scale their audit programs. Use it to:
- Build and maintain a risk-based audit schedule that aligns with ISO 27001 requirements.
- Conduct mock audits to prepare for official external certification assessments.
- Generate audit checklists and evidence request templates for specific security controls.
- Analyze previous audit logs and non-conformity reports to track remediation effectiveness.
- Verify that all technical and policy-driven Annex A controls are properly documented and functioning.
Example Prompts
- "Analyze my current risk assessment and generate a quarterly audit schedule focusing on privileged access and logging controls."
- "Draft an audit checklist for the Access Control policy, including questions for developers and system administrators."
- "Review these three audit findings regarding our firewall configuration and suggest a corrective action plan based on ISO 27001 best practices."
Tips & Limitations
To get the best results, ensure your ISMS documentation (SoA, policies, risk assessment) is kept current and accessible to the agent. While the ISMS Audit Expert automates the planning and tracking process, it cannot physically observe or test proprietary hardware; human verification is required for physical security inspections. Always ensure that the agent operates within a secure environment when handling sensitive internal audit data. The skill works best when supplied with specific control IDs to narrow the scope of the audit.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-alirezarezvani-isms-audit-expert": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read
Related Skills
intl-expansion
International market expansion strategy. Market selection, entry modes, localization, regulatory compliance, and go-to-market by region. Use when expanding to new countries, evaluating international markets, planning localization, or building regional teams.
marketing-strategy-pmm
Product marketing skill for positioning, GTM strategy, competitive intelligence, and product launches. Use when the user asks about product positioning, go-to-market planning, competitive analysis, target audience definition, ICP definition, market research, launch plans, or sales enablement. Covers April Dunford positioning, ICP definition, competitive battlecards, launch playbooks, and international market entry. Produces deliverables including positioning statements, battlecard documents, launch plans, and go-to-market strategies.
paid-ads
When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when the user mentions 'PPC,' 'paid media,' 'ad copy,' 'ad creative,' 'ROAS,' 'CPA,' 'ad campaign,' 'retargeting,' or 'audience targeting.' This skill covers campaign strategy, ad creation, audience targeting, and optimization.
qms-audit-expert
ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.
code-reviewer
Code review automation for TypeScript, JavaScript, Python, Go, Swift, Kotlin. Analyzes PRs for complexity and risk, checks code quality for SOLID violations and code smells, generates review reports. Use when reviewing pull requests, analyzing code quality, identifying issues, generating review checklists.