ISMS
Skill packages tagged with “ISMS”
Information Security Policy (ISO 27001)
Draft and validate an Information Security Policy aligned with ISO 27001:2022. Builds a complete Statement of Applicability covering all 93 Annex A controls, validates enforceability of policy language, and maps every policy section to the relevant controls. Includes SoA cross-referencing and jargon-simplification tools.
ISMS Internal Audit Report (Clause 9.2)
Draft and validate the ISO 27001 internal audit report: map findings to clauses, document NCs and OFIs, and ensure auditor impartiality so auditors do not audit their own work.
ISMS Scope Statement (ISO 27001 Clause 4.3)
Define and validate the ISMS scope boundaries (physical, organizational, technical) with justified exclusions and no Shadow IT gaps. Includes boundary integrity checker and exclusion logic validator for audit-ready scope statements.
ISMS SoA & Risk Treatment Author
Guided elaboration of ISMS documentation for ISO/IEC 27001: context, risk assessment, risk treatment plan, Statement of Applicability (SoA), and security policies. Ensures every Annex A control has status and justification and flags missing risk treatment for unacceptable risks.
ISO 27001 Asset Inventory & Classification Register
Build and validate an Asset Inventory & Classification Register for ISO 27001:2022 Control A.5.9. Catalog information assets with Ownership and Classification (Public, Internal, Confidential, Restricted), suggest classification from sensitivity descriptions, and verify that every asset has a named Information Owner and that Confidential/Restricted assets have handling procedures.
ISO 27001 Monitoring, Measurement & Evaluation
Draft and validate the Clause 9.1 report (PDCA 'Check'): KPIs that measure control effectiveness, executive insight from raw data, and CAPA linkage for every failed control.
ISO 27001 Statement of Applicability
Build and validate the SoA (Clause 6.1.3): map 93 Annex A controls to In/Out with justification and implementation evidence. SoA mapping engine suggests inclusions from risk assessment; control justification audit ensures excluded controls have valid reasons and included controls link to active policies.
ISO 27001 Supplier Information Security Policy
Draft and validate supplier security requirements and annexes for ISO 27001:2022 Control 5.21. Tier-based Minimum Security Baseline (Cloud vs Janitorial), Right to Audit and Breach Notification validation.
Mobile Device & Teleworking Policy (ISO 27001)
Draft and validate a Mobile Device & Teleworking Policy for ISO 27001:2022 (A.5.17, A.6.7, A.8.1). Covers BYOD, VPN, disk encryption, remote wipe consent, endpoint leakage risk, and compliance with Right to Disconnect (France, Brazil, Ireland). Includes labor-law overlap check.
Physical Security Perimeter (ISO 27001)
Define and document physical security perimeters and physical entry controls for ISO 27001:2022 Annex A 7.1 and 7.2. Structures the Defense in Depth narrative for offices, data centers, and secure areas: entry controls, visitor management, anti-tailgating, and environmental protection. Validation tool checks for anti-passback and visual badge identification steps.
Resource Capacity Forecaster (ISO 27001 Control 8.6)
Draft and validate the Capacity Management Plan for ISO 27001 Control 8.6. Documents monitoring and adjustment of CPU, RAM, disk and network to ensure availability and prevent denial of service from resource exhaustion. Supports threshold alerts, expansion triggers and LaTeX formula validation for auditor-ready living documents.
SDLC Control Drafter (ISO 27001 A.8.28)
Draft and maintain ISO 27001-aligned Secure Development Lifecycle (SDLC) policy: Security by Design, Security by Default, and security gates (SAST/DAST, peer review, threat modeling). Includes OWASP Top 10 alignment check for web and API risks.