PlaygroundCatalog › ISO 27001 ISMS
I2

ISO 27001 ISMS

🔵 Stable🕐 updated 2026-06-24 🔷 SkillSpec L3 ⚙ ships an executable helper pm-compliance

Scope an ISO 27001 ISMS and build the Statement of Applicability across Annex A controls. Use when asked to implement ISO 27001, scope an ISMS, build a Statement of Applicability (SoA), or prepare for ISO 27001 certification. Produces an ISMS plan — scope & context, risk-treatment approach, an Annex A control applicability table (the SoA), and a prioritised implementation roadmap.

📚 Based on ISO/IEC 27001 (ISMS + Annex A + Statement of Applicability)

▶ Run it free — no key needed 📝 Grade your existing draft View SKILL.md ↗

What to give it

ISMS scope — the products, locations, and information assets in scope (and what's deliberately out).
Context & interested parties — the business, its regulatory/customer security obligations, and key risks.
Risk approach — how you identify, assess, and treat information-security risk (the SoA flows from the risk assessment, not the other way round).
Current controls — what's already implemented across the Annex A domains.

✅ The bar it holds itself to

Every skill in this library self-verifies — these are this skill's own quality checks, straight from its definition.

The ISMS scope is explicit, including deliberate exclusions
The SoA covers every Annex A control with an applicable/excluded decision
Every excluded control carries a justification (the most common audit finding)
The SoA traces to the risk assessment — controls exist to treat identified risks, not for show
Mandatory management-system clauses (4–10) are addressed, not just the Annex A controls

⚠️ What it refuses to do

Do not exclude a control without a written justification — silent exclusions are audit findings
Do not build the SoA before the risk assessment — applicability is *derived* from risk, not guessed
Do not treat Annex A as the whole standard — clauses 4–10 (the management system) are mandatory and where many fail
Do not mark controls "implemented" without evidence of operation — certification audits sample evidence
Do not present this as certification — only an accredited body certifies; this prepares the ISMS

Install

npx pm-claude-skills add --agent claude   # or codex · cursor · gemini · hermes
# or one-line MCP (every skill, any client):
claude mcp add pm-skills -- npx -y pm-claude-skills-mcp

Related skills

🔌 Embed this skill

Drop this on your blog, docs, or site — it renders a "Run this skill" card:

<div data-pm-skill="iso-27001-isms"></div>
<script src="https://mohitagw15856.github.io/pm-claude-skills/embed.js" async></script>

💬 Discussion

ISO 27001 ISMS is one of 630 open-source professional AI agent skills — all SkillSpec L3. Try them all in the browser · ⭐ Star on GitHub · Browse the full catalog