ClawHub

Isms Audit Expert

Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control assessment, and certification support. Use...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.2k · 6 current installs · 6 all-time installs
byAlireza Rezvani@alirezarezvani
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided materials: SKILL.md and reference guides describe audit methodology and procedures; the single script generates risk-based audit schedules from a local CSV and formats output. All artifacts are coherent with an ISMS audit helper.
Instruction Scope
Runtime instructions focus on audit planning, evidence collection, control testing and finding management. They do not instruct the agent to read unrelated system files, access environment secrets, or transmit data to external endpoints. The script accepts a local CSV and writes a local file or stdout — consistent with documented functionality.
Install Mechanism
No install spec is provided and this is effectively an instruction+utils bundle. No network download/extract or package installs are requested, so there is low install risk.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The included script operates on local files provided by the user (CSV) and does not reference secrets or external services.
Persistence & Privilege
always is false and model invocation is normal (agent-autonomy allowed by default). The skill does not request persistent system modification or access to other skills' configs.
Assessment
This skill appears coherent and low-risk: it provides audit guidance and a local scheduler script that reads a CSV and writes JSON/markdown. Before using: (1) review the provided script yourself if you allow the agent to execute it; it reads local CSVs and writes output but does not contact external endpoints. (2) Do not upload sensitive credentials or production data in CSVs used with the script. (3) Treat the guidance as advisory — verify it against your organisation's policies and current standards. (4) If you are concerned about autonomous invocation, limit the agent's ability to execute code or access files until you have reviewed the script in your environment.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.1.1
Download zip
latestvk97a68h8vnwa5bh0vb7mps44qx82kbk0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

ISMS Audit Expert

Internal and external ISMS audit management for ISO 27001 compliance verification, security control assessment, and certification support.

Table of Contents

Audit Program Management

Risk-Based Audit Schedule

Risk LevelAudit FrequencyExamples
CriticalQuarterlyPrivileged access, vulnerability management, logging
HighSemi-annualAccess control, incident response, encryption
MediumAnnualPolicies, awareness training, physical security
LowAnnualDocumentation, asset inventory

Annual Audit Planning Workflow

  1. Review previous audit findings and risk assessment results
  2. Identify high-risk controls and recent security incidents
  3. Determine audit scope based on ISMS boundaries
  4. Assign auditors ensuring independence from audited areas
  5. Create audit schedule with resource allocation
  6. Obtain management approval for audit plan
  7. Validation: Audit plan covers all Annex A controls within certification cycle

Auditor Competency Requirements

  • ISO 27001 Lead Auditor certification (preferred)
  • No operational responsibility for audited processes
  • Understanding of technical security controls
  • Knowledge of applicable regulations (GDPR, HIPAA)

Audit Execution

Pre-Audit Preparation

  1. Review ISMS documentation (policies, SoA, risk assessment)
  2. Analyze previous audit reports and open findings
  3. Prepare audit plan with interview schedule
  4. Notify auditees of audit scope and timing
  5. Prepare checklists for controls in scope
  6. Validation: All documentation received and reviewed before opening meeting

Audit Conduct Steps

  1. Opening Meeting

    • Confirm audit scope and objectives
    • Introduce audit team and methodology
    • Agree on communication channels and logistics

  2. Evidence Collection

    • Interview control owners and operators
    • Review documentation and records
    • Observe processes in operation
    • Inspect technical configurations

  3. Control Verification

    • Test control design (does it address the risk?)
    • Test control operation (is it working as intended?)
    • Sample transactions and records
    • Document all evidence collected

  4. Closing Meeting

    • Present preliminary findings
    • Clarify any factual inaccuracies
    • Agree on finding classification
    • Confirm corrective action timelines

  5. Validation: All controls in scope assessed with documented evidence

Control Assessment

Control Testing Approach

  1. Identify control objective from ISO 27002
  2. Determine testing method (inquiry, observation, inspection, re-performance)
  3. Define sample size based on population and risk
  4. Execute test and document results
  5. Evaluate control effectiveness
  6. Validation: Evidence supports conclusion about control status

For detailed technical verification procedures by Annex A control, see security-control-testing.md.

Finding Management

Finding Classification

SeverityDefinitionResponse Time
Major NonconformityControl failure creating significant risk30 days
Minor NonconformityIsolated deviation with limited impact90 days
ObservationImprovement opportunityNext audit cycle

Finding Documentation Template

Finding ID: ISMS-[YEAR]-[NUMBER]
Control Reference: A.X.X - [Control Name]
Severity: [Major/Minor/Observation]

Evidence:
- [Specific evidence observed]
- [Records reviewed]
- [Interview statements]

Risk Impact:
- [Potential consequences if not addressed]

Root Cause:
- [Why the nonconformity occurred]

Recommendation:
- [Specific corrective action steps]

Corrective Action Workflow

  1. Auditee acknowledges finding and severity
  2. Root cause analysis completed within 10 days
  3. Corrective action plan submitted with target dates
  4. Actions implemented by responsible parties
  5. Auditor verifies effectiveness of corrections
  6. Finding closed with evidence of resolution
  7. Validation: Root cause addressed, recurrence prevented

Certification Support

Stage 1 Audit Preparation

Ensure documentation is complete:

  • ISMS scope statement
  • Information security policy (management signed)
  • Statement of Applicability
  • Risk assessment methodology and results
  • Risk treatment plan
  • Internal audit results (past 12 months)
  • Management review minutes

Stage 2 Audit Preparation

Verify operational readiness:

  • All Stage 1 findings addressed
  • ISMS operational for minimum 3 months
  • Evidence of control implementation
  • Security awareness training records
  • Incident response evidence (if applicable)
  • Access review documentation

Surveillance Audit Cycle

PeriodFocus
Year 1, Q2High-risk controls, Stage 2 findings follow-up
Year 1, Q4Continual improvement, control sample
Year 2, Q2Full surveillance
Year 2, Q4Re-certification preparation

Validation: No major nonconformities at surveillance audits.

Tools

scripts/

ScriptPurposeUsage
isms_audit_scheduler.pyGenerate risk-based audit planspython scripts/isms_audit_scheduler.py --year 2025 --format markdown

Audit Planning Example

# Generate annual audit plan
python scripts/isms_audit_scheduler.py --year 2025 --output audit_plan.json

# With custom control risk ratings
python scripts/isms_audit_scheduler.py --controls controls.csv --format markdown

References

FileContent
iso27001-audit-methodology.mdAudit program structure, pre-audit phase, certification support
security-control-testing.mdTechnical verification procedures for ISO 27002 controls
cloud-security-audit.mdCloud provider assessment, configuration security, IAM review

Audit Performance Metrics

KPITargetMeasurement
Audit plan completion100%Audits completed vs. planned
Finding closure rate>90% within SLAClosed on time vs. total
Major nonconformities0 at certificationCount per certification cycle
Audit effectivenessIncidents preventedSecurity improvements implemented

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…