I2
ISO 27001 ISMS
🔵 Stable🕐 updated 2026-06-24
🔷 SkillSpec L3
⚙ ships an executable helper
pm-compliance
Scope an ISO 27001 ISMS and build the Statement of Applicability across Annex A controls. Use when asked to implement ISO 27001, scope an ISMS, build a Statement of Applicability (SoA), or prepare for ISO 27001 certification. Produces an ISMS plan — scope & context, risk-treatment approach, an Annex A control applicability table (the SoA), and a prioritised implementation roadmap.
📚 Based on ISO/IEC 27001 (ISMS + Annex A + Statement of Applicability)
What to give it
▸ISMS scope — the products, locations, and information assets in scope (and what's deliberately out).
▸Context & interested parties — the business, its regulatory/customer security obligations, and key risks.
▸Risk approach — how you identify, assess, and treat information-security risk (the SoA flows from the risk assessment, not the other way round).
▸Current controls — what's already implemented across the Annex A domains.
✅ The bar it holds itself to
Every skill in this library self-verifies — these are this skill's own quality checks, straight from its definition.
✓The ISMS scope is explicit, including deliberate exclusions
✓The SoA covers every Annex A control with an applicable/excluded decision
✓Every excluded control carries a justification (the most common audit finding)
✓The SoA traces to the risk assessment — controls exist to treat identified risks, not for show
✓Mandatory management-system clauses (4–10) are addressed, not just the Annex A controls
⚠️ What it refuses to do
Do not exclude a control without a written justification — silent exclusions are audit findings
Do not build the SoA before the risk assessment — applicability is *derived* from risk, not guessed
Do not treat Annex A as the whole standard — clauses 4–10 (the management system) are mandatory and where many fail
Do not mark controls "implemented" without evidence of operation — certification audits sample evidence
Do not present this as certification — only an accredited body certifies; this prepares the ISMS
Install
npx pm-claude-skills add --agent claude # or codex · cursor · gemini · hermes
# or one-line MCP (every skill, any client):
claude mcp add pm-skills -- npx -y pm-claude-skills-mcp
Related skills
🔌 Embed this skill
Drop this on your blog, docs, or site — it renders a "Run this skill" card:
<div data-pm-skill="iso-27001-isms"></div>
<script src="https://mohitagw15856.github.io/pm-claude-skills/embed.js" async></script>
💬 Discussion
ISO 27001 ISMS is one of 630 open-source professional AI agent skills — all SkillSpec L3.
Try them all in the browser · ⭐ Star on GitHub · Browse the full catalog