How does the automated risk assessment work?

The skill includes a 'risk_assessment.py' script that automates asset identification, threat and vulnerability mapping, and risk scoring (Likelihood x Impact) to generate a professional risk register.

Can I use this for HIPAA compliance as well?

While primarily focused on ISO 27001, the compliance checker tool includes parameters for HIPAA, making it highly effective for organizations needing to align with both international standards and US healthcare regulations.

Does this skill support the 2022 update of ISO 27001?

Yes, it is fully updated to support the ISO 27001:2022 revision, including the restructured Annex A themes (Organizational, People, Physical, and Technological controls).

Is this skill specific to medical device manufacturers?

Yes, it contains specialized templates for medical device cybersecurity, covering device-specific threats and the unique security requirements of healthcare integration.

ISO 27001 Information Security Manager

Name: ISO 27001 Information Security Manager
Author: borghei

byborghei

•

Security & Testing

Implements and manages Information Security Management Systems (ISMS) aligned with ISO 27001:2022 and healthcare regulatory requirements.

This skill provides specialized guidance and automated tools for designing, implementing, and auditing an ISO 27001-compliant ISMS, specifically tailored for the high-stakes environments of HealthTech and MedTech. It enables users to conduct automated security risk assessments following Clause 6.1.2 methodology, perform detailed gap analyses against the latest 2022 control themes, and manage structured incident response workflows. By combining domain-specific expertise in healthcare data security with actionable Python-based compliance tools, it streamlines the path to certification and ensures robust cybersecurity governance.

Key Features

01Healthcare-specific security templates for EHR systems and medical devices

0250 GitHub stars

03Structured incident response workflows with severity-based triage and escalation

04Automated security risk assessment following ISO 27001 Clause 6.1.2 methodology

05Compliance checking and gap analysis for ISO 27001:2022 and ISO 27002

06Automated generation of Statement of Applicability (SoA) and audit readiness reports

Use Cases

01Conducting mandatory risk assessments for new medical device software or patient data systems

02Preparing a HealthTech startup for ISO 27001 Stage 1 and Stage 2 certification audits

03Establishing a standardized cybersecurity governance framework for distributed engineering teams

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add borghei/claude-skills information-security-manager-iso27001

For use in Claude.ai and ChatGPT

Download Skill