💬 Isms Audit Expert
Isms Audit Expert エキスパート相当の知見を提供するSkill。メール・Slack等のやりとりをする人向け。
📺 まず動画で見る(YouTube)
▶ 【最新版】Claude(クロード)完全解説!20以上の便利機能をこの動画1本で全て解説 ↗
※ jpskill.com 編集部が参考用に選んだ動画です。動画の内容と Skill の挙動は厳密には一致しないことがあります。
📜 元の英語説明(参考)
Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control assessment, and certification support. Use when the user mentions ISO 27001, ISMS audit, Annex A controls, Statement of Applicability (SOA), gap analysis, nonconformity management, internal audit, surveillance audit, or security certification preparation. Helps review control implementation evidence, document audit findings, classify nonconformities, generate risk-based audit plans, map controls to Annex A requirements, prepare Stage 1 and Stage 2 audit documentation, and support corrective action workflows.
🇯🇵 日本人クリエイター向け解説
Isms Audit Expert エキスパート相当の知見を提供するSkill。メール・Slack等のやりとりをする人向け。
※ jpskill.com 編集部が日本のビジネス現場向けに補足した解説です。Skill本体の挙動とは独立した参考情報です。
⚠️ ダウンロード・利用は自己責任でお願いします。当サイトは内容・動作・安全性について責任を負いません。
🎯 このSkillでできること
下記の説明文を読むと、このSkillがあなたに何をしてくれるかが分かります。Claudeにこの分野の依頼をすると、自動で発動します。
📦 インストール方法 (3ステップ)
- 1. 上の「ダウンロード」ボタンを押して .skill ファイルを取得
- 2. ファイル名の拡張子を .skill から .zip に変えて展開(macは自動展開可)
- 3. 展開してできたフォルダを、ホームフォルダの
.claude/skills/に置く- · macOS / Linux:
~/.claude/skills/ - · Windows:
%USERPROFILE%\.claude\skills\
- · macOS / Linux:
Claude Code を再起動すれば完了。「このSkillを使って…」と話しかけなくても、関連する依頼で自動的に呼び出されます。
詳しい使い方ガイドを見る →- 最終更新
- 2026-05-17
- 取得日時
- 2026-05-17
- 同梱ファイル
- 5
💬 こう話しかけるだけ — サンプルプロンプト
- › Isms Audit Expert で、お客様への返信文を作って
- › Isms Audit Expert を使って、社内向けアナウンスを書いて
- › Isms Audit Expert で、メールテンプレートを整備して
これをClaude Code に貼るだけで、このSkillが自動発動します。
📖 Claude が読む原文 SKILL.md(中身を展開)
この本文は AI(Claude)が読むための原文(英語または中国語)です。日本語訳は順次追加中。
ISMS Audit Expert
Internal and external ISMS audit management for ISO 27001 compliance verification, security control assessment, and certification support.
Table of Contents
- Audit Program Management
- Audit Execution
- Control Assessment
- Finding Management
- Certification Support
- Tools
- References
Audit Program Management
Risk-Based Audit Schedule
| Risk Level | Audit Frequency | Examples |
|---|---|---|
| Critical | Quarterly | Privileged access, vulnerability management, logging |
| High | Semi-annual | Access control, incident response, encryption |
| Medium | Annual | Policies, awareness training, physical security |
| Low | Annual | Documentation, asset inventory |
Annual Audit Planning Workflow
- Review previous audit findings and risk assessment results
- Identify high-risk controls and recent security incidents
- Determine audit scope based on ISMS boundaries
- Assign auditors ensuring independence from audited areas
- Create audit schedule with resource allocation
- Obtain management approval for audit plan
- Validation: Audit plan covers all Annex A controls within certification cycle
Auditor Competency Requirements
- ISO 27001 Lead Auditor certification (preferred)
- No operational responsibility for audited processes
- Understanding of technical security controls
- Knowledge of applicable regulations (GDPR, HIPAA)
Audit Execution
Pre-Audit Preparation
- Review ISMS documentation (policies, SoA, risk assessment)
- Analyze previous audit reports and open findings
- Prepare audit plan with interview schedule
- Notify auditees of audit scope and timing
- Prepare checklists for controls in scope
- Validation: All documentation received and reviewed before opening meeting
Audit Conduct Steps
-
Opening Meeting
- Confirm audit scope and objectives
- Introduce audit team and methodology
- Agree on communication channels and logistics
-
Evidence Collection
- Interview control owners and operators
- Review documentation and records
- Observe processes in operation
- Inspect technical configurations
-
Control Verification
- Test control design (does it address the risk?)
- Test control operation (is it working as intended?)
- Sample transactions and records
- Document all evidence collected
-
Closing Meeting
- Present preliminary findings
- Clarify any factual inaccuracies
- Agree on finding classification
- Confirm corrective action timelines
-
Validation: All controls in scope assessed with documented evidence
Control Assessment
Control Testing Approach
- Identify control objective from ISO 27002
- Determine testing method (inquiry, observation, inspection, re-performance)
- Define sample size based on population and risk
- Execute test and document results
- Evaluate control effectiveness
- Validation: Evidence supports conclusion about control status
For detailed technical verification procedures by Annex A control, see security-control-testing.md.
Finding Management
Finding Classification
| Severity | Definition | Response Time |
|---|---|---|
| Major Nonconformity | Control failure creating significant risk | 30 days |
| Minor Nonconformity | Isolated deviation with limited impact | 90 days |
| Observation | Improvement opportunity | Next audit cycle |
Finding Documentation Template
Finding ID: ISMS-[YEAR]-[NUMBER]
Control Reference: A.X.X - [Control Name]
Severity: [Major/Minor/Observation]
Evidence:
- [Specific evidence observed]
- [Records reviewed]
- [Interview statements]
Risk Impact:
- [Potential consequences if not addressed]
Root Cause:
- [Why the nonconformity occurred]
Recommendation:
- [Specific corrective action steps]Corrective Action Workflow
- Auditee acknowledges finding and severity
- Root cause analysis completed within 10 days
- Corrective action plan submitted with target dates
- Actions implemented by responsible parties
- Auditor verifies effectiveness of corrections
- Finding closed with evidence of resolution
- Validation: Root cause addressed, recurrence prevented
Certification Support
Stage 1 Audit Preparation
Ensure documentation is complete:
- [ ] ISMS scope statement
- [ ] Information security policy (management signed)
- [ ] Statement of Applicability
- [ ] Risk assessment methodology and results
- [ ] Risk treatment plan
- [ ] Internal audit results (past 12 months)
- [ ] Management review minutes
Stage 2 Audit Preparation
Verify operational readiness:
- [ ] All Stage 1 findings addressed
- [ ] ISMS operational for minimum 3 months
- [ ] Evidence of control implementation
- [ ] Security awareness training records
- [ ] Incident response evidence (if applicable)
- [ ] Access review documentation
Surveillance Audit Cycle
| Period | Focus |
|---|---|
| Year 1, Q2 | High-risk controls, Stage 2 findings follow-up |
| Year 1, Q4 | Continual improvement, control sample |
| Year 2, Q2 | Full surveillance |
| Year 2, Q4 | Re-certification preparation |
Validation: No major nonconformities at surveillance audits.
Tools
scripts/
| Script | Purpose | Usage |
|---|---|---|
isms_audit_scheduler.py |
Generate risk-based audit plans | python scripts/isms_audit_scheduler.py --year 2025 --format markdown |
Audit Planning Example
# Generate annual audit plan
python scripts/isms_audit_scheduler.py --year 2025 --output audit_plan.json
# With custom control risk ratings
python scripts/isms_audit_scheduler.py --controls controls.csv --format markdownReferences
| File | Content |
|---|---|
| iso27001-audit-methodology.md | Audit program structure, pre-audit phase, certification support |
| security-control-testing.md | Technical verification procedures for ISO 27002 controls |
| cloud-security-audit.md | Cloud provider assessment, configuration security, IAM review |
Audit Performance Metrics
| KPI | Target | Measurement |
|---|---|---|
| Audit plan completion | 100% | Audits completed vs. planned |
| Finding closure rate | >90% within SLA | Closed on time vs. total |
| Major nonconformities | 0 at certification | Count per certification cycle |
| Audit effectiveness | Incidents prevented | Security improvements implemented |
同梱ファイル
※ ZIPに含まれるファイル一覧。`SKILL.md` 本体に加え、参考資料・サンプル・スクリプトが入っている場合があります。
- 📄 SKILL.md (7,687 bytes)
- 📎 references/cloud-security-audit.md (6,289 bytes)
- 📎 references/iso27001-audit-methodology.md (6,794 bytes)
- 📎 references/security-control-testing.md (7,137 bytes)
- 📎 scripts/isms_audit_scheduler.py (9,150 bytes)