Skills

iso-27001

Installation
SKILL.md

ISO 27001 Compliance Skill

Purpose

Ensures systems and processes comply with ISO 27001:2022 Information Security Management System (ISMS) requirements.

Rules

Key Controls for Web Applications

A.8.24 Use of Cryptography:

  • TLS 1.2+ for all communications
  • AES-256 for data at rest
  • Secure key management

A.8.25 Secure Development Life Cycle:

  • Security requirements in design
  • Code review processes
  • Security testing (SAST/DAST)

A.8.26 Application Security Requirements:

  • Input validation
  • Output encoding
  • Authentication and authorization
  • Session management

A.8.16 Monitoring Activities:

  • Security event logging
  • Log retention (90 days minimum)
  • Monitoring for anomalies

A.5.7 Threat Intelligence:

  • Vulnerability scanning
  • Threat intelligence feeds
  • Incident tracking

Documentation Requirements

MUST MAINTAIN:

  • Information Security Policy
  • Risk Assessment and Treatment Plan
  • Statement of Applicability (SoA)
  • Access Control Policy
  • Cryptographic Controls Policy
  • Incident Response Plan
  • Business Continuity Plan
  • Acceptable Use Policy
  • Data Classification Policy

Audit Preparation

MUST PROVIDE:

  • Evidence of control implementation
  • Logs and monitoring records
  • Incident records
  • Change management records
  • Risk assessments
  • Management review minutes

Related Policies

All ISMS policies at: https://github.com/Hack23/ISMS-PUBLIC

Related skills

More from hack23/homepage

Installs
21
Repository
hack23/homepage
GitHub Stars
6
First Seen
Mar 1, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass