{ "schemaVersion": "1.0", "item": { "slug": "information-security-manager-iso27001", "name": "Information Security Manager Iso27001", "source": "tencent", "type": "skill", "category": "其他", "sourceUrl": "https://clawhub.ai/alirezarezvani/information-security-manager-iso27001", "canonicalUrl": "https://clawhub.ai/alirezarezvani/information-security-manager-iso27001", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/information-security-manager-iso27001", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=information-security-manager-iso27001", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/incident-response.md", "references/iso27001-controls.md", "references/risk-assessment-guide.md", "scripts/compliance_checker.py", "scripts/risk_assessment.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/information-security-manager-iso27001" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/information-security-manager-iso27001", "agentPageUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001/agent", "manifestUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001/agent.json", "briefUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Information Security Manager - ISO 27001", "body": "Implement and manage Information Security Management Systems (ISMS) aligned with ISO 27001:2022 and healthcare regulatory requirements." }, { "title": "Table of Contents", "body": "Trigger Phrases\nQuick Start\nTools\nWorkflows\nReference Guides\nValidation Checkpoints" }, { "title": "Trigger Phrases", "body": "Use this skill when you hear:\n\n\"implement ISO 27001\"\n\"ISMS implementation\"\n\"security risk assessment\"\n\"information security policy\"\n\"ISO 27001 certification\"\n\"security controls implementation\"\n\"incident response plan\"\n\"healthcare data security\"\n\"medical device cybersecurity\"\n\"security compliance audit\"" }, { "title": "Run Security Risk Assessment", "body": "python scripts/risk_assessment.py --scope \"patient-data-system\" --output risk_register.json" }, { "title": "Check Compliance Status", "body": "python scripts/compliance_checker.py --standard iso27001 --controls-file controls.csv" }, { "title": "Generate Gap Analysis Report", "body": "python scripts/compliance_checker.py --standard iso27001 --gap-analysis --output gaps.md" }, { "title": "risk_assessment.py", "body": "Automated security risk assessment following ISO 27001 Clause 6.1.2 methodology.\n\nUsage:\n\n# Full risk assessment\npython scripts/risk_assessment.py --scope \"cloud-infrastructure\" --output risks.json\n\n# Healthcare-specific assessment\npython scripts/risk_assessment.py --scope \"ehr-system\" --template healthcare --output risks.json\n\n# Quick asset-based assessment\npython scripts/risk_assessment.py --assets assets.csv --output risks.json\n\nParameters:\n\nParameterRequiredDescription--scopeYesSystem or area to assess--templateNoAssessment template: general, healthcare, cloud--assetsNoCSV file with asset inventory--outputNoOutput file (default: stdout)--formatNoOutput format: json, csv, markdown\n\nOutput:\n\nAsset inventory with classification\nThreat and vulnerability mapping\nRisk scores (likelihood × impact)\nTreatment recommendations\nResidual risk calculations" }, { "title": "compliance_checker.py", "body": "Verify ISO 27001/27002 control implementation status.\n\nUsage:\n\n# Check all ISO 27001 controls\npython scripts/compliance_checker.py --standard iso27001\n\n# Gap analysis with recommendations\npython scripts/compliance_checker.py --standard iso27001 --gap-analysis\n\n# Check specific control domains\npython scripts/compliance_checker.py --standard iso27001 --domains \"access-control,cryptography\"\n\n# Export compliance report\npython scripts/compliance_checker.py --standard iso27001 --output compliance_report.md\n\nParameters:\n\nParameterRequiredDescription--standardYesStandard to check: iso27001, iso27002, hipaa--controls-fileNoCSV with current control status--gap-analysisNoInclude remediation recommendations--domainsNoSpecific control domains to check--outputNoOutput file path\n\nOutput:\n\nControl implementation status\nCompliance percentage by domain\nGap analysis with priorities\nRemediation recommendations" }, { "title": "Workflow 1: ISMS Implementation", "body": "Step 1: Define Scope and Context\n\nDocument organizational context and ISMS boundaries:\n\nIdentify interested parties and requirements\nDefine ISMS scope and boundaries\nDocument internal/external issues\n\nValidation: Scope statement reviewed and approved by management.\n\nStep 2: Conduct Risk Assessment\n\npython scripts/risk_assessment.py --scope \"full-organization\" --template general --output initial_risks.json\n\nIdentify information assets\nAssess threats and vulnerabilities\nCalculate risk levels\nDetermine risk treatment options\n\nValidation: Risk register contains all critical assets with assigned owners.\n\nStep 3: Select and Implement Controls\n\nMap risks to ISO 27002 controls:\n\npython scripts/compliance_checker.py --standard iso27002 --gap-analysis --output control_gaps.md\n\nControl categories:\n\nOrganizational (policies, roles, responsibilities)\nPeople (screening, awareness, training)\nPhysical (perimeters, equipment, media)\nTechnological (access, crypto, network, application)\n\nValidation: Statement of Applicability (SoA) documents all controls with justification.\n\nStep 4: Establish Monitoring\n\nDefine security metrics:\n\nIncident count and severity trends\nControl effectiveness scores\nTraining completion rates\nAudit findings closure rate\n\nValidation: Dashboard shows real-time compliance status." }, { "title": "Workflow 2: Security Risk Assessment", "body": "Step 1: Asset Identification\n\nCreate asset inventory:\n\nAsset TypeExamplesClassificationInformationPatient records, source codeConfidentialSoftwareEHR system, APIsCriticalHardwareServers, medical devicesHighServicesCloud hosting, backupHighPeopleAdmin accounts, developersVaries\n\nValidation: All assets have assigned owners and classifications.\n\nStep 2: Threat Analysis\n\nIdentify threats per asset category:\n\nAssetThreatsLikelihoodPatient dataUnauthorized access, breachHighMedical devicesMalware, tamperingMediumCloud servicesMisconfiguration, outageMediumCredentialsPhishing, brute forceHigh\n\nValidation: Threat model covers top-10 industry threats.\n\nStep 3: Vulnerability Assessment\n\npython scripts/risk_assessment.py --scope \"network-infrastructure\" --output vuln_risks.json\n\nDocument vulnerabilities:\n\nTechnical (unpatched systems, weak configs)\nProcess (missing procedures, gaps)\nPeople (lack of training, insider risk)\n\nValidation: Vulnerability scan results mapped to risk register.\n\nStep 4: Risk Evaluation and Treatment\n\nCalculate risk: Risk = Likelihood × Impact\n\nRisk LevelScoreTreatmentCritical20-25Immediate action requiredHigh15-19Treatment plan within 30 daysMedium10-14Treatment plan within 90 daysLow5-9Accept or monitorMinimal1-4Accept\n\nValidation: All high/critical risks have approved treatment plans." }, { "title": "Workflow 3: Incident Response", "body": "Step 1: Detection and Reporting\n\nIncident categories:\n\nSecurity breach (unauthorized access)\nMalware infection\nData leakage\nSystem compromise\nPolicy violation\n\nValidation: Incident logged within 15 minutes of detection.\n\nStep 2: Triage and Classification\n\nSeverityCriteriaResponse TimeCriticalData breach, system downImmediateHighActive threat, significant risk1 hourMediumContained threat, limited impact4 hoursLowMinor violation, no impact24 hours\n\nValidation: Severity assigned and escalation triggered if needed.\n\nStep 3: Containment and Eradication\n\nImmediate actions:\n\nIsolate affected systems\nPreserve evidence\nBlock threat vectors\nRemove malicious artifacts\n\nValidation: Containment confirmed, no ongoing compromise.\n\nStep 4: Recovery and Lessons Learned\n\nPost-incident activities:\n\nRestore systems from clean backups\nVerify integrity before reconnection\nDocument timeline and actions\nConduct post-incident review\nUpdate controls and procedures\n\nValidation: Post-incident report completed within 5 business days." }, { "title": "When to Use Each Reference", "body": "references/iso27001-controls.md\n\nControl selection for SoA\nImplementation guidance\nEvidence requirements\nAudit preparation\n\nreferences/risk-assessment-guide.md\n\nRisk methodology selection\nAsset classification criteria\nThreat modeling approaches\nRisk calculation methods\n\nreferences/incident-response.md\n\nResponse procedures\nEscalation matrices\nCommunication templates\nRecovery checklists" }, { "title": "ISMS Implementation Validation", "body": "PhaseCheckpointEvidence RequiredScopeScope approvedSigned scope documentRiskRegister completeRisk register with ownersControlsSoA approvedStatement of ApplicabilityOperationMetrics activeDashboard screenshotsAuditInternal audit doneAudit report" }, { "title": "Certification Readiness", "body": "Before Stage 1 audit:\n\nISMS scope documented and approved\n Information security policy published\n Risk assessment completed\n Statement of Applicability finalized\n Internal audit conducted\n Management review completed\n Nonconformities addressed\n\nBefore Stage 2 audit:\n\nControls implemented and operational\n Evidence of effectiveness available\n Staff trained and aware\n Incidents logged and managed\n Metrics collected for 3+ months" }, { "title": "Compliance Verification", "body": "Run periodic checks:\n\n# Monthly compliance check\npython scripts/compliance_checker.py --standard iso27001 --output monthly_$(date +%Y%m).md\n\n# Quarterly gap analysis\npython scripts/compliance_checker.py --standard iso27001 --gap-analysis --output quarterly_gaps.md" }, { "title": "Worked Example: Healthcare Risk Assessment", "body": "Scenario: Assess security risks for a patient data management system." }, { "title": "Step 1: Define Assets", "body": "python scripts/risk_assessment.py --scope \"patient-data-system\" --template healthcare\n\nAsset inventory output:\n\nAsset IDAssetTypeOwnerClassificationA001Patient databaseInformationDBA TeamConfidentialA002EHR applicationSoftwareApp TeamCriticalA003Database serverHardwareInfra TeamHighA004Admin credentialsAccessSecurityCritical" }, { "title": "Step 2: Identify Risks", "body": "Risk register output:\n\nRisk IDAssetThreatVulnerabilityLIScoreR001A001Data breachWeak encryption3515R002A002SQL injectionInput validation4416R003A004Credential theftNo MFA4520" }, { "title": "Step 3: Determine Treatment", "body": "RiskTreatmentControlTimelineR001MitigateImplement AES-256 encryption30 daysR002MitigateAdd input validation, WAF14 daysR003MitigateEnforce MFA for all admins7 days" }, { "title": "Step 4: Verify Implementation", "body": "python scripts/compliance_checker.py --controls-file implemented_controls.csv\n\nVerification output:\n\nControl Implementation Status\n=============================\nCryptography (A.8.24): IMPLEMENTED\n - AES-256 at rest: YES\n - TLS 1.3 in transit: YES\n\nAccess Control (A.8.5): IMPLEMENTED\n - MFA enabled: YES\n - Admin accounts: 100% coverage\n\nApplication Security (A.8.26): PARTIAL\n - Input validation: YES\n - WAF deployed: PENDING\n\nOverall Compliance: 87%" } ], "body": "Information Security Manager - ISO 27001\n\nImplement and manage Information Security Management Systems (ISMS) aligned with ISO 27001:2022 and healthcare regulatory requirements.\n\nTable of Contents\nTrigger Phrases\nQuick Start\nTools\nWorkflows\nReference Guides\nValidation Checkpoints\nTrigger Phrases\n\nUse this skill when you hear:\n\n\"implement ISO 27001\"\n\"ISMS implementation\"\n\"security risk assessment\"\n\"information security policy\"\n\"ISO 27001 certification\"\n\"security controls implementation\"\n\"incident response plan\"\n\"healthcare data security\"\n\"medical device cybersecurity\"\n\"security compliance audit\"\nQuick Start\nRun Security Risk Assessment\npython scripts/risk_assessment.py --scope \"patient-data-system\" --output risk_register.json\n\nCheck Compliance Status\npython scripts/compliance_checker.py --standard iso27001 --controls-file controls.csv\n\nGenerate Gap Analysis Report\npython scripts/compliance_checker.py --standard iso27001 --gap-analysis --output gaps.md\n\nTools\nrisk_assessment.py\n\nAutomated security risk assessment following ISO 27001 Clause 6.1.2 methodology.\n\nUsage:\n\n# Full risk assessment\npython scripts/risk_assessment.py --scope \"cloud-infrastructure\" --output risks.json\n\n# Healthcare-specific assessment\npython scripts/risk_assessment.py --scope \"ehr-system\" --template healthcare --output risks.json\n\n# Quick asset-based assessment\npython scripts/risk_assessment.py --assets assets.csv --output risks.json\n\n\nParameters:\n\nParameter\tRequired\tDescription\n--scope\tYes\tSystem or area to assess\n--template\tNo\tAssessment template: general, healthcare, cloud\n--assets\tNo\tCSV file with asset inventory\n--output\tNo\tOutput file (default: stdout)\n--format\tNo\tOutput format: json, csv, markdown\n\nOutput:\n\nAsset inventory with classification\nThreat and vulnerability mapping\nRisk scores (likelihood × impact)\nTreatment recommendations\nResidual risk calculations\ncompliance_checker.py\n\nVerify ISO 27001/27002 control implementation status.\n\nUsage:\n\n# Check all ISO 27001 controls\npython scripts/compliance_checker.py --standard iso27001\n\n# Gap analysis with recommendations\npython scripts/compliance_checker.py --standard iso27001 --gap-analysis\n\n# Check specific control domains\npython scripts/compliance_checker.py --standard iso27001 --domains \"access-control,cryptography\"\n\n# Export compliance report\npython scripts/compliance_checker.py --standard iso27001 --output compliance_report.md\n\n\nParameters:\n\nParameter\tRequired\tDescription\n--standard\tYes\tStandard to check: iso27001, iso27002, hipaa\n--controls-file\tNo\tCSV with current control status\n--gap-analysis\tNo\tInclude remediation recommendations\n--domains\tNo\tSpecific control domains to check\n--output\tNo\tOutput file path\n\nOutput:\n\nControl implementation status\nCompliance percentage by domain\nGap analysis with priorities\nRemediation recommendations\nWorkflows\nWorkflow 1: ISMS Implementation\n\nStep 1: Define Scope and Context\n\nDocument organizational context and ISMS boundaries:\n\nIdentify interested parties and requirements\nDefine ISMS scope and boundaries\nDocument internal/external issues\n\nValidation: Scope statement reviewed and approved by management.\n\nStep 2: Conduct Risk Assessment\n\npython scripts/risk_assessment.py --scope \"full-organization\" --template general --output initial_risks.json\n\nIdentify information assets\nAssess threats and vulnerabilities\nCalculate risk levels\nDetermine risk treatment options\n\nValidation: Risk register contains all critical assets with assigned owners.\n\nStep 3: Select and Implement Controls\n\nMap risks to ISO 27002 controls:\n\npython scripts/compliance_checker.py --standard iso27002 --gap-analysis --output control_gaps.md\n\n\nControl categories:\n\nOrganizational (policies, roles, responsibilities)\nPeople (screening, awareness, training)\nPhysical (perimeters, equipment, media)\nTechnological (access, crypto, network, application)\n\nValidation: Statement of Applicability (SoA) documents all controls with justification.\n\nStep 4: Establish Monitoring\n\nDefine security metrics:\n\nIncident count and severity trends\nControl effectiveness scores\nTraining completion rates\nAudit findings closure rate\n\nValidation: Dashboard shows real-time compliance status.\n\nWorkflow 2: Security Risk Assessment\n\nStep 1: Asset Identification\n\nCreate asset inventory:\n\nAsset Type\tExamples\tClassification\nInformation\tPatient records, source code\tConfidential\nSoftware\tEHR system, APIs\tCritical\nHardware\tServers, medical devices\tHigh\nServices\tCloud hosting, backup\tHigh\nPeople\tAdmin accounts, developers\tVaries\n\nValidation: All assets have assigned owners and classifications.\n\nStep 2: Threat Analysis\n\nIdentify threats per asset category:\n\nAsset\tThreats\tLikelihood\nPatient data\tUnauthorized access, breach\tHigh\nMedical devices\tMalware, tampering\tMedium\nCloud services\tMisconfiguration, outage\tMedium\nCredentials\tPhishing, brute force\tHigh\n\nValidation: Threat model covers top-10 industry threats.\n\nStep 3: Vulnerability Assessment\n\npython scripts/risk_assessment.py --scope \"network-infrastructure\" --output vuln_risks.json\n\n\nDocument vulnerabilities:\n\nTechnical (unpatched systems, weak configs)\nProcess (missing procedures, gaps)\nPeople (lack of training, insider risk)\n\nValidation: Vulnerability scan results mapped to risk register.\n\nStep 4: Risk Evaluation and Treatment\n\nCalculate risk: Risk = Likelihood × Impact\n\nRisk Level\tScore\tTreatment\nCritical\t20-25\tImmediate action required\nHigh\t15-19\tTreatment plan within 30 days\nMedium\t10-14\tTreatment plan within 90 days\nLow\t5-9\tAccept or monitor\nMinimal\t1-4\tAccept\n\nValidation: All high/critical risks have approved treatment plans.\n\nWorkflow 3: Incident Response\n\nStep 1: Detection and Reporting\n\nIncident categories:\n\nSecurity breach (unauthorized access)\nMalware infection\nData leakage\nSystem compromise\nPolicy violation\n\nValidation: Incident logged within 15 minutes of detection.\n\nStep 2: Triage and Classification\n\nSeverity\tCriteria\tResponse Time\nCritical\tData breach, system down\tImmediate\nHigh\tActive threat, significant risk\t1 hour\nMedium\tContained threat, limited impact\t4 hours\nLow\tMinor violation, no impact\t24 hours\n\nValidation: Severity assigned and escalation triggered if needed.\n\nStep 3: Containment and Eradication\n\nImmediate actions:\n\nIsolate affected systems\nPreserve evidence\nBlock threat vectors\nRemove malicious artifacts\n\nValidation: Containment confirmed, no ongoing compromise.\n\nStep 4: Recovery and Lessons Learned\n\nPost-incident activities:\n\nRestore systems from clean backups\nVerify integrity before reconnection\nDocument timeline and actions\nConduct post-incident review\nUpdate controls and procedures\n\nValidation: Post-incident report completed within 5 business days.\n\nReference Guides\nWhen to Use Each Reference\n\nreferences/iso27001-controls.md\n\nControl selection for SoA\nImplementation guidance\nEvidence requirements\nAudit preparation\n\nreferences/risk-assessment-guide.md\n\nRisk methodology selection\nAsset classification criteria\nThreat modeling approaches\nRisk calculation methods\n\nreferences/incident-response.md\n\nResponse procedures\nEscalation matrices\nCommunication templates\nRecovery checklists\nValidation Checkpoints\nISMS Implementation Validation\nPhase\tCheckpoint\tEvidence Required\nScope\tScope approved\tSigned scope document\nRisk\tRegister complete\tRisk register with owners\nControls\tSoA approved\tStatement of Applicability\nOperation\tMetrics active\tDashboard screenshots\nAudit\tInternal audit done\tAudit report\nCertification Readiness\n\nBefore Stage 1 audit:\n\n ISMS scope documented and approved\n Information security policy published\n Risk assessment completed\n Statement of Applicability finalized\n Internal audit conducted\n Management review completed\n Nonconformities addressed\n\nBefore Stage 2 audit:\n\n Controls implemented and operational\n Evidence of effectiveness available\n Staff trained and aware\n Incidents logged and managed\n Metrics collected for 3+ months\nCompliance Verification\n\nRun periodic checks:\n\n# Monthly compliance check\npython scripts/compliance_checker.py --standard iso27001 --output monthly_$(date +%Y%m).md\n\n# Quarterly gap analysis\npython scripts/compliance_checker.py --standard iso27001 --gap-analysis --output quarterly_gaps.md\n\nWorked Example: Healthcare Risk Assessment\n\nScenario: Assess security risks for a patient data management system.\n\nStep 1: Define Assets\npython scripts/risk_assessment.py --scope \"patient-data-system\" --template healthcare\n\n\nAsset inventory output:\n\nAsset ID\tAsset\tType\tOwner\tClassification\nA001\tPatient database\tInformation\tDBA Team\tConfidential\nA002\tEHR application\tSoftware\tApp Team\tCritical\nA003\tDatabase server\tHardware\tInfra Team\tHigh\nA004\tAdmin credentials\tAccess\tSecurity\tCritical\nStep 2: Identify Risks\n\nRisk register output:\n\nRisk ID\tAsset\tThreat\tVulnerability\tL\tI\tScore\nR001\tA001\tData breach\tWeak encryption\t3\t5\t15\nR002\tA002\tSQL injection\tInput validation\t4\t4\t16\nR003\tA004\tCredential theft\tNo MFA\t4\t5\t20\nStep 3: Determine Treatment\nRisk\tTreatment\tControl\tTimeline\nR001\tMitigate\tImplement AES-256 encryption\t30 days\nR002\tMitigate\tAdd input validation, WAF\t14 days\nR003\tMitigate\tEnforce MFA for all admins\t7 days\nStep 4: Verify Implementation\npython scripts/compliance_checker.py --controls-file implemented_controls.csv\n\n\nVerification output:\n\nControl Implementation Status\n=============================\nCryptography (A.8.24): IMPLEMENTED\n - AES-256 at rest: YES\n - TLS 1.3 in transit: YES\n\nAccess Control (A.8.5): IMPLEMENTED\n - MFA enabled: YES\n - Admin accounts: 100% coverage\n\nApplication Security (A.8.26): PARTIAL\n - Input validation: YES\n - WAF deployed: PENDING\n\nOverall Compliance: 87%" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/alirezarezvani/information-security-manager-iso27001", "publisherUrl": "https://clawhub.ai/alirezarezvani/information-security-manager-iso27001", "owner": "alirezarezvani", "version": "2.1.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001", "downloadUrl": "https://openagent3.xyz/downloads/information-security-manager-iso27001", "agentUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001/agent", "manifestUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001/agent.json", "briefUrl": "https://openagent3.xyz/skills/information-security-manager-iso27001/agent.md" } }