ISO 27001
Skill packages tagged with “ISO 27001”
BCP Audit Evidence Pack
Create a consolidated Business Continuity Evidence Pack for SOC 2, ISO 22301, or ISO 27001 audits. Combines BIA summary, RTO/RPO targets, recovery plans, DR test matrix, and auditor checklist into a single audit-ready document with cross-validation.
Information Security Policy (ISO 27001)
Draft and validate an Information Security Policy aligned with ISO 27001:2022. Builds a complete Statement of Applicability covering all 93 Annex A controls, validates enforceability of policy language, and maps every policy section to the relevant controls. Includes SoA cross-referencing and jargon-simplification tools.
ISMS Internal Audit Report (Clause 9.2)
Plan and execute ISO 27001 internal audits: create audit plans with sampling strategies, draft structured audit reports with findings mapped to clauses, validate finding completeness (severity, evidence, clause, CAPA), classify finding severity, and verify auditor impartiality.
ISMS Scope Statement (ISO 27001 Clause 4.3)
Define and validate the ISMS scope boundaries (physical, organizational, technical) with justified exclusions and no Shadow IT gaps. Includes boundary integrity checker and exclusion logic validator for audit-ready scope statements.
ISO 27001 Asset Inventory & Classification Register
Build and validate an Asset Inventory & Classification Register for ISO 27001:2022 Control A.5.9. Catalog information assets with Ownership and Classification (Public, Internal, Confidential, Restricted), suggest classification from sensitivity descriptions, and verify that every asset has a named Information Owner and that Confidential/Restricted assets have handling procedures.
ISO 27001 Gap Assessment
Perform a structured gap assessment against ISO 27001:2022 clauses 4-10 and 93 Annex A controls. Mandatory artifact detector scans for missing ISMS documents; maturity rating tool suggests 0-5 maturity levels per clause area. Produces findings register and remediation roadmap.
ISO 27001 Management Review
Prepare, validate, and document the ISO 27001:2022 management review per Clause 9.3. Compiles input pack from workspace ISMS artifacts, validates all 10 mandatory input categories (Clause 9.3.2) and 3 required output decisions (Clause 9.3.3), and checks that every action has an owner, due date, and expected outcome. Produces review agenda, input pack, minutes, and action tracker.
ISO 27001 Monitoring, Measurement & Evaluation
Draft and validate the Clause 9.1 report (PDCA 'Check'): KPIs that measure control effectiveness, executive insight from raw data, CAPA linkage for every failed control, and CAPA field completeness validation (root cause, corrective action, owner, date, effectiveness review).
ISO 27001 Organization Profile
Build and validate a shared organization profile for ISO 27001 certification. Captures organizational facts (industry, locations, technology stack, regulations, suppliers) that feed into scope, risk assessment, SoA, and policy generation. Technology stack normalizer classifies systems; profile completeness checker validates all required sections.
ISO 27001 Policy Generator
Generate, validate, and maintain the core ISMS policy and procedure set for ISO 27001:2022 certification. Produces 10 document types (information security policy, ISMS manual, risk management, access control, incident management, asset management, change management, business continuity, document control, corrective action) with clause-aware templates and organization-specific tailoring.
ISO 27001 Risk Assessment
Complete ISO 27001:2022 risk assessment workflow covering methodology definition, risk identification using a 12-category threat taxonomy, risk analysis with 5×5 matrix scoring, treatment planning with Annex A control mapping, and residual risk validation. Produces auditor-ready risk methodology, risk register, treatment plan, and acceptance forms per Clause 6.1.2 and 6.1.3.
ISO 27001 Statement of Applicability
Build and validate the SoA (Clause 6.1.3): map 93 Annex A controls to In/Out with justification and implementation evidence. SoA mapping engine suggests inclusions from risk assessment; control justification audit ensures excluded controls have valid reasons and included controls link to active policies.
ISO 27001 Supplier Information Security Policy
Draft and validate supplier security requirements and annexes for ISO 27001:2022 Control 5.21. Tier-based Minimum Security Baseline (Cloud vs Janitorial), Right to Audit and Breach Notification validation.
Mobile Device & Teleworking Policy (ISO 27001)
Draft and validate a Mobile Device & Teleworking Policy for ISO 27001:2022 (A.5.17, A.6.7, A.8.1). Covers BYOD, VPN, disk encryption, remote wipe consent, endpoint leakage risk, and compliance with Right to Disconnect (France, Brazil, Ireland). Includes labor-law overlap check.
Physical Security Perimeter (ISO 27001)
Define and document physical security perimeters and physical entry controls for ISO 27001:2022 Annex A 7.1 and 7.2. Structures the Defense in Depth narrative for offices, data centers, and secure areas: entry controls, visitor management, anti-tailgating, and environmental protection. Validation tool checks for anti-passback and visual badge identification steps.
Resource Capacity Forecaster (ISO 27001 A.8.6)
Draft and validate the Capacity Management Plan for ISO 27001 A.8.6. Documents monitoring and adjustment of CPU, RAM, disk and network to ensure availability and prevent denial of service from resource exhaustion. Supports threshold alerts, expansion triggers and LaTeX formula validation for auditor-ready living documents.
SDLC Control Drafter (ISO 27001 A.8.28)
Draft and maintain ISO 27001-aligned Secure Development Lifecycle (SDLC) policy: Security by Design, Security by Default, and security gates (SAST/DAST, peer review, threat modeling). Includes OWASP Top 10 alignment check for web and API risks.