Isms
Skill packages tagged with “Isms”
HR & Personnel Security
Draft and validate HR security documents covering the full employment lifecycle: pre-employment screening, employment contract security clauses, management security responsibilities, disciplinary process framework, and termination/exit security procedures aligned with ISO 27001:2022 Annex A controls A.6.1, A.6.2, A.6.4, A.6.5, and A.5.4.
Information Security Policy (ISO 27001)
Draft and validate an Information Security Policy aligned with ISO 27001:2022. Builds a complete Statement of Applicability covering all 93 Annex A controls, validates enforceability of policy language, and maps every policy section to the relevant controls. Includes SoA cross-referencing and jargon-simplification tools.
ISMS Internal Audit Report (Clause 9.2)
Plan and execute ISO 27001 internal audits: create audit plans with sampling strategies, draft structured audit reports with findings mapped to clauses, validate finding completeness (severity, evidence, clause, CAPA), classify finding severity, and verify auditor impartiality.
ISMS Scope Statement (ISO 27001 Clause 4.3)
Define and validate the ISMS scope boundaries (physical, organizational, technical) with justified exclusions and no Shadow IT gaps. Includes boundary integrity checker and exclusion logic validator for audit-ready scope statements.
ISO 27001 Asset Inventory & Classification Register
Build and validate an Asset Inventory & Classification Register for ISO 27001:2022 Control A.5.9. Catalog information assets with Ownership and Classification (Public, Internal, Confidential, Restricted), suggest classification from sensitivity descriptions, and verify that every asset has a named Information Owner and that Confidential/Restricted assets have handling procedures.
ISO 27001 Awareness and Training Plan
Create, validate, and maintain the ISO 27001:2022 awareness and training plan per Clauses 7.2 (Competence), 7.3 (Awareness), and Annex A control A.6.3. Defines target audiences with role-based training requirements, training modules, delivery methods, annual schedule with quarterly phishing simulations, and effectiveness evaluation metrics. Validates section completeness, audience coverage, and schedule gaps. Produces a standalone audit-ready training plan document.
ISO 27001 Business Continuity & Disaster Recovery Plan
Create operationally detailed Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) with BIA-driven recovery sequences, RTO/RPO validation, failover procedures, and exercise records per ISO 27001 Controls A.5.29/A.5.30.
ISO 27001 Confidentiality & NDA Agreements
Create and manage confidentiality and non-disclosure agreement templates with a tracking register per ISO 27001 Control A.6.6. Covers both employee and third-party scenarios.
ISO 27001 Critical Supplier Register
Operational register of critical suppliers with data access, SLA thresholds, BCP dependencies, security assessment history, and internal ownership. The auditor-expected evidence document that proves supply chain operational knowledge per Clause 7.5.1(b) and Controls A.5.19–A.5.22.
ISO 27001 Gap Assessment
Perform a structured gap assessment against ISO 27001:2022 clauses 4-10 and 93 Annex A controls. Mandatory artifact detector scans for missing ISMS documents; maturity rating tool suggests 0-5 maturity levels per clause area. Produces findings register and remediation roadmap.
ISO 27001 ISMS Annual Maintenance & Surveillance Audit Prep
Prepare for annual ISO 27001 surveillance audits by reviewing and updating existing ISMS documents. Scans documents for freshness, assesses organizational changes, performs delta risk re-assessment, updates SoA, reconciles CAPAs from prior audits, assembles surveillance audit evidence pack, scores audit readiness across 10 dimensions, and produces a year-over-year ISMS health report. Designed for certified organizations maintaining their ISMS between recertification cycles.
ISO 27001 Legal & Regulatory Requirements Register
Identify, document, and track all legal, statutory, regulatory, and contractual requirements relevant to information security per ISO 27001 Control A.5.31.
ISO 27001 Management Review
Prepare, validate, and document the ISO 27001:2022 management review per Clause 9.3. Compiles input pack from workspace ISMS artifacts, validates all 10 mandatory input categories (Clause 9.3.2) and 3 required output decisions (Clause 9.3.3), and checks that every action has an owner, due date, and expected outcome. Produces review agenda, input pack, minutes, and action tracker.
ISO 27001 Monitoring, Measurement & Evaluation
Draft and validate the Clause 9.1 report (PDCA 'Check') and Clause 6.2 objectives register: six validation tools covering KPI effectiveness, CAPA linkage for every failed control, CAPA field completeness (root cause, corrective action, owner, date, effectiveness review), cross-document audit NC reconciliation, and objectives completeness (including Clause 6.2(c) risk register linkage and Clause 6.2(h) resources).
ISO 27001 Operating Procedures (SOPs)
Create, validate, and index standard operating procedures (SOPs) for information processing facilities per ISO 27001 Control A.5.37. Produces step-by-step procedures with traceability to Annex A controls.
ISO 27001 Organization Profile
Build and validate a shared organization profile for ISO 27001 certification. Captures organizational facts (industry, locations, technology stack, regulations, suppliers) that feed into scope, risk assessment, SoA, and policy generation. Technology stack normalizer classifies systems; profile completeness checker validates all required sections.
ISO 27001 Policy Generator
Generate, validate, and maintain the core ISMS policy and procedure set for ISO 27001:2022 certification. Produces 22 document types (information security policy, ISMS manual, risk management, access control, incident management, asset management, change management, business continuity, document control, corrective action, classification and handling, cryptography, secure development, vulnerability management, remote working, backup, management responsibilities, intellectual property, data leakage prevention, network security, secure disposal, cabling security) with clause-aware templates and organization-specific tailoring.
ISO 27001 Risk Assessment
Complete ISO 27001:2022 risk assessment workflow covering methodology definition, risk identification using a 12-category threat taxonomy, risk analysis with 5×5 matrix scoring, treatment planning with Annex A control mapping, and residual risk validation. Produces auditor-ready risk methodology, risk register, treatment plan, and acceptance forms per Clause 6.1.2 and 6.1.3.
ISO 27001 Secure Architecture Principles
Document secure system architecture and engineering principles per ISO 27001 Control A.8.27. Produces a principles catalog with rationale, implementation guidance, and technology-stack applicability for development and infrastructure teams.
ISO 27001 Statement of Applicability
Build and validate the SoA (Clause 6.1.3): map 93 Annex A controls to In/Out with justification and implementation evidence. SoA mapping engine suggests inclusions from risk assessment; control justification audit ensures excluded controls have valid reasons and included controls link to active policies.
ISO 27001 Supplier Information Security Policy
Draft and validate supplier security requirements and annexes for ISO 27001:2022 Control 5.21. Tier-based Minimum Security Baseline (Cloud vs Janitorial), Right to Audit and Breach Notification validation.
Mobile Device & Teleworking Policy (ISO 27001)
Draft and validate a Mobile Device & Teleworking Policy for ISO 27001:2022 (A.5.17, A.6.7, A.8.1). Covers BYOD, VPN, disk encryption, remote wipe consent, endpoint leakage risk, and compliance with Right to Disconnect (France, Brazil, Ireland). Includes labor-law overlap check.
Physical Security Perimeter (ISO 27001)
Define and document physical security perimeters and physical entry controls for ISO 27001:2022 Annex A 7.1 and 7.2. Structures the Defense in Depth narrative for offices, data centers, and secure areas: entry controls, visitor management, anti-tailgating, environmental protection, and off-site asset security (A.7.9). Validation tools check for anti-passback, visual badge identification, and off-site security steps.
Privacy & PII Protection Program
Build a comprehensive privacy program aligned with ISO 27001:2022 A.5.34 and major privacy regulations (GDPR, LGPD, CCPA). Produces five core privacy documents: external-facing privacy policy, Record of Processing Activities (ROPA), Data Protection Impact Assessment (DPIA) template, data subject rights procedure, and data breach notification procedure with jurisdiction-specific regulatory timelines.
Resource Capacity Forecaster (ISO 27001 A.8.6)
Draft and validate the Capacity Management Plan for ISO 27001 A.8.6. Documents monitoring and adjustment of CPU, RAM, disk and network to ensure availability and prevent denial of service from resource exhaustion. Supports threshold alerts, expansion triggers and LaTeX formula validation for auditor-ready living documents.
SDLC Control Drafter (ISO 27001 A.8.28)
Draft and maintain ISO 27001-aligned Secure Development Lifecycle (SDLC) policy: Security by Design, Security by Default, and security gates (SAST/DAST, peer review, threat modeling). Includes OWASP Top 10 alignment check for web and API risks.