# Send Isms Audit Expert to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "isms-audit-expert", "name": "Isms Audit Expert", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/alirezarezvani/isms-audit-expert", "canonicalUrl": "https://clawhub.ai/alirezarezvani/isms-audit-expert", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/isms-audit-expert", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=isms-audit-expert", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md", "references/cloud-security-audit.md", "references/iso27001-audit-methodology.md", "references/security-control-testing.md", "scripts/isms_audit_scheduler.py" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "isms-audit-expert", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T08:59:55.101Z", "expiresAt": "2026-05-06T08:59:55.101Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=isms-audit-expert", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=isms-audit-expert", "contentDisposition": "attachment; filename=\"isms-audit-expert-2.1.1.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "isms-audit-expert" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/isms-audit-expert" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/isms-audit-expert", "downloadUrl": "https://openagent3.xyz/downloads/isms-audit-expert", "agentUrl": "https://openagent3.xyz/skills/isms-audit-expert/agent", "manifestUrl": "https://openagent3.xyz/skills/isms-audit-expert/agent.json", "briefUrl": "https://openagent3.xyz/skills/isms-audit-expert/agent.md" } } ``` ## Documentation ### ISMS Audit Expert Internal and external ISMS audit management for ISO 27001 compliance verification, security control assessment, and certification support. ### Table of Contents Audit Program Management Audit Execution Control Assessment Finding Management Certification Support Tools References ### Risk-Based Audit Schedule Risk LevelAudit FrequencyExamplesCriticalQuarterlyPrivileged access, vulnerability management, loggingHighSemi-annualAccess control, incident response, encryptionMediumAnnualPolicies, awareness training, physical securityLowAnnualDocumentation, asset inventory ### Annual Audit Planning Workflow Review previous audit findings and risk assessment results Identify high-risk controls and recent security incidents Determine audit scope based on ISMS boundaries Assign auditors ensuring independence from audited areas Create audit schedule with resource allocation Obtain management approval for audit plan Validation: Audit plan covers all Annex A controls within certification cycle ### Auditor Competency Requirements ISO 27001 Lead Auditor certification (preferred) No operational responsibility for audited processes Understanding of technical security controls Knowledge of applicable regulations (GDPR, HIPAA) ### Pre-Audit Preparation Review ISMS documentation (policies, SoA, risk assessment) Analyze previous audit reports and open findings Prepare audit plan with interview schedule Notify auditees of audit scope and timing Prepare checklists for controls in scope Validation: All documentation received and reviewed before opening meeting ### Audit Conduct Steps Opening Meeting Confirm audit scope and objectives Introduce audit team and methodology Agree on communication channels and logistics Evidence Collection Interview control owners and operators Review documentation and records Observe processes in operation Inspect technical configurations Control Verification Test control design (does it address the risk?) Test control operation (is it working as intended?) Sample transactions and records Document all evidence collected Closing Meeting Present preliminary findings Clarify any factual inaccuracies Agree on finding classification Confirm corrective action timelines Validation: All controls in scope assessed with documented evidence ### Control Testing Approach Identify control objective from ISO 27002 Determine testing method (inquiry, observation, inspection, re-performance) Define sample size based on population and risk Execute test and document results Evaluate control effectiveness Validation: Evidence supports conclusion about control status For detailed technical verification procedures by Annex A control, see security-control-testing.md. ### Finding Classification SeverityDefinitionResponse TimeMajor NonconformityControl failure creating significant risk30 daysMinor NonconformityIsolated deviation with limited impact90 daysObservationImprovement opportunityNext audit cycle ### Finding Documentation Template Finding ID: ISMS-[YEAR]-[NUMBER] Control Reference: A.X.X - [Control Name] Severity: [Major/Minor/Observation] Evidence: - [Specific evidence observed] - [Records reviewed] - [Interview statements] Risk Impact: - [Potential consequences if not addressed] Root Cause: - [Why the nonconformity occurred] Recommendation: - [Specific corrective action steps] ### Corrective Action Workflow Auditee acknowledges finding and severity Root cause analysis completed within 10 days Corrective action plan submitted with target dates Actions implemented by responsible parties Auditor verifies effectiveness of corrections Finding closed with evidence of resolution Validation: Root cause addressed, recurrence prevented ### Stage 1 Audit Preparation Ensure documentation is complete: ISMS scope statement Information security policy (management signed) Statement of Applicability Risk assessment methodology and results Risk treatment plan Internal audit results (past 12 months) Management review minutes ### Stage 2 Audit Preparation Verify operational readiness: All Stage 1 findings addressed ISMS operational for minimum 3 months Evidence of control implementation Security awareness training records Incident response evidence (if applicable) Access review documentation ### Surveillance Audit Cycle PeriodFocusYear 1, Q2High-risk controls, Stage 2 findings follow-upYear 1, Q4Continual improvement, control sampleYear 2, Q2Full surveillanceYear 2, Q4Re-certification preparation Validation: No major nonconformities at surveillance audits. ### scripts/ ScriptPurposeUsageisms_audit_scheduler.pyGenerate risk-based audit planspython scripts/isms_audit_scheduler.py --year 2025 --format markdown ### Audit Planning Example # Generate annual audit plan python scripts/isms_audit_scheduler.py --year 2025 --output audit_plan.json # With custom control risk ratings python scripts/isms_audit_scheduler.py --controls controls.csv --format markdown ### References FileContentiso27001-audit-methodology.mdAudit program structure, pre-audit phase, certification supportsecurity-control-testing.mdTechnical verification procedures for ISO 27002 controlscloud-security-audit.mdCloud provider assessment, configuration security, IAM review ### Audit Performance Metrics KPITargetMeasurementAudit plan completion100%Audits completed vs. plannedFinding closure rate>90% within SLAClosed on time vs. totalMajor nonconformities0 at certificationCount per certification cycleAudit effectivenessIncidents preventedSecurity improvements implemented ## Trust - Source: tencent - Verification: Indexed source record - Publisher: alirezarezvani - Version: 2.1.1 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-04-29T08:59:55.101Z - Expires at: 2026-05-06T08:59:55.101Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/isms-audit-expert) - [Send to Agent page](https://openagent3.xyz/skills/isms-audit-expert/agent) - [JSON manifest](https://openagent3.xyz/skills/isms-audit-expert/agent.json) - [Markdown brief](https://openagent3.xyz/skills/isms-audit-expert/agent.md) - [Download page](https://openagent3.xyz/downloads/isms-audit-expert)