Skillzwave Logo
Skillzwave

information-security-manager-iso27001

0.0
F

Senior Information Security Manager specializing in ISO 27001 and ISO 27002 implementation for HealthTech and MedTech companies. Provides ISMS implementation, cybersecurity risk assessment, security controls management, and compliance oversight. Use for ISMS design, security risk assessments, control implementation, and ISO 27001 certification activities.

Commands Agents Marketplace
#risk assessment#risk#claude-ai#Security#claudecode-subagents#claude-ai-skills#Information Security#Security incident

Third-Party Agent Skill: Review the code before installing. Agent skills execute in your AI assistant's environment and can access your files. Learn more about security

Installation for Agentic Skill

View all platforms →
skilz install alirezarezvani/claude-skills/information-security-manager-iso27001
skilz install alirezarezvani/claude-skills/information-security-manager-iso27001 --agent opencode
skilz install alirezarezvani/claude-skills/information-security-manager-iso27001 --agent codex
skilz install alirezarezvani/claude-skills/information-security-manager-iso27001 --agent gemini

First time? Install Skilz: pip install skilz

Works with 22+ AI coding agents

Cursor, Aider, Copilot, Windsurf, Qwen, Kimi, and more...

View All Agents
Download Agent Skill ZIP

Extract and copy to ~/.claude/skills/ then restart Claude Desktop

1. Clone the repository:
git clone https://github.com/alirezarezvani/claude-skills
2. Copy the agent skill directory:
cp -r claude-skills/ra-qm-team/information-security-manager-iso27001 ~/.claude/skills/
View on GitHub

Need detailed installation help? Check our platform-specific guides:

Claude Desktop Guide Claude Code Guide Troubleshooting

Related Agentic Skills

automating-mail

by SpillwaveSolutions

Automates Apple Mail via JXA with AppleScript dictionary discovery. Use when asked to "automate email", "send mail via script", "JXA Mail automation",...

100
A
general
Marketplace
#excel#Mail.OutgoingMessage#Status

automating-reminders

by SpillwaveSolutions

Automates Apple Reminders using JavaScript for Automation (JXA). Use when asked to "create reminders programmatically", "automate reminder lists", "JX...

100
A
general
Marketplace
#app.lists.byName#excel#notes

mastering-postgresql

by SpillwaveSolutions

PostgreSQL development for Python with full-text search (tsvector, tsquery, BM25 via pg_search), vector similarity (pgvector with HNSW/IVFFlat), JSONB...

100
A
general
Marketplace
#references#search#vector

automating-contacts

by SpillwaveSolutions

Automates macOS Contacts via JXA with AppleScript dictionary discovery. Use when asked to "automate contacts", "JXA contacts automation", "macOS addre...

99
A
general
Marketplace
#excel#notes#Contacts.Person

Agentic Skill Details

Owner
alirezarezvani (GitHub)
Repository
claude-skills
Type
Other
Meta-Domain
N/A
Primary Domain
N/A
Market Score
0.0
Agentic Skill Grades →

Agent Skill Grade

F
Score: 58/100 Click to see breakdown

Score Breakdown

Spec Compliance
12/15
PDA Architecture
12/30
Ease of Use
17/25
Writing Style
6/10
Utility
10/20
Modifiers: +1

Areas to Improve

  • All reference files contain placeholder content with no actual implementation; SKILL.md references non-existent files like healthcare-threat-modeling.md, device-security-assessment.md, cloud-security-evaluation.md
  • ASCII art frameworks and hierarchical lists consume tokens without providing actionable guidance; these could be condensed to bullet lists or moved to references
  • No run→check→fix patterns or validation steps; lacks concrete feedback mechanisms for verifying ISMS implementation success

Recommendations

  • Focus on improving Pda (currently 12/30)
  • Focus on improving Utility (currently 10/20)
  • Address 3 high-severity issues first

Graded: 1/23/2026

Developer Feedback

Looking at this ISO 27001 implementation, I'm curious how you're handling the tension between compliance rigor and practical usability—the 58 score suggests there's a disconnect somewhere in how the controls are being communicated or structured.

Links:

The TL;DR

You're at 58/100, solidly in F territory. This is based on Anthropic's best practices for progressive disclosure architecture and practical utility. Your strongest area is Spec Compliance (12/15)—the frontmatter is clean and follows conventions. But Progressive Disclosure Architecture (12/30) is dragging you down hard. You've got good structural bones, but the skill feels more like a framework reference than an executable guide.

What's Working Well

  • Metadata is solid — Your description nails the trigger phrases (ISMS, ISO 27001, security risk assessment) and would activate appropriately for real security tasks
  • Spec compliance is tight — Valid YAML frontmatter with required fields and proper naming conventions (hyphen-case)
  • Coverage breadth — You're touching real compliance domains (healthcare, cloud, device security, third-party risk) that users actually need

The Big One: Placeholder References Kill Your Utility

Here's the blocker: your references directory contains skeleton files (api_reference.md, example scripts) with zero actual content. Worse, SKILL.md references five non-existent files: healthcare-threat-modeling.md, device-security-assessment.md, cloud-security-evaluation.md, etc.

This is death by a thousand cuts for Utility (10/20) and Progressive Disclosure (12/30). You're promising depth you haven't delivered.

Fix this: Either implement the actual reference content (real assessment checklists, concrete control mappings, example risk registers) or strip those references from SKILL.md. If you go the reference route, create five focused .md files with actionable templates—not placeholder text. This alone could push you up +8 points.

Other Things Worth Fixing

  1. ASCII art frameworks are token waste (lines 16-38, 66-91) — Those hierarchical trees consume 40+ lines for visual flair without instructional density. Replace with concise bullet lists. Move detailed frameworks to references if needed. Impact: +5 points

  2. No validation loops anywhere — You describe ISMS workflows but never tell users how to verify their implementation worked. Add "Validate by checking..." steps after each major workflow. Security people need confirmation mechanisms. Impact: +3 points

  3. Marketing language creeping in — "Expert-level," "comprehensive knowledge," "robust" reads like a job posting, not instructions. Strip superlatives and use pure imperative voice: "Implement ISO 27001 ISMS..." instead of "Design and implement comprehensive..." Impact: +2 points

  4. No concrete examples — You list script locations and templates but provide zero input/output samples. Security decisions need context. Add 2-3 worked examples showing how to handle a specific risk assessment or control evaluation. Impact: +2 points

Quick Wins

  • Implement or remove the five referenced .md files (healthcare threat modeling, device security, cloud evaluation, etc.)
  • Replace ASCII frameworks with bullet lists; compress verbose sections
  • Add "Validate by..." checkpoints after each workflow section
  • Strip marketing language; convert all headers to imperative form
  • Include one worked example showing risk assessment → control mapping → implementation verification

Checkout your skill here: SkillzWave.ai | SpillWave We have an agentic skill installer that install skills in 14+ coding agent platforms. Check out this guide on how to improve your agentic skills.

AI-Detected Topics

Extracted using NLP analysis

risk assessment risk claude-ai Security claudecode-subagents claude-ai-skills Information Security Security incident claude-skills claude-code management security controls Security awareness anthropic-claude claude-code-skills ISMS implementation agentic-ai agentic-coding security risk

Report Security Issue

Found a security vulnerability in this agent skill?