Information Security Manager ISO 27001
Skill Verified ActiveISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.
To streamline and automate the implementation of ISO 27001 ISMS and cybersecurity governance for HealthTech and MedTech organizations, ensuring compliance and robust security posture.
Features
- Automated security risk assessment using ISO 27001 methodology
- Compliance checking against ISO 27001/27002 controls
- Gap analysis with remediation recommendations
- Structured workflows for ISMS implementation and incident response
- Reference guides for controls, risk assessment, and incident response
Use Cases
- Designing and implementing an ISO 27001 ISMS
- Conducting security risk assessments for healthcare systems
- Verifying compliance with ISO 27001 and related healthcare regulations
- Developing incident response plans and procedures
- Preparing for ISO 27001 certification audits
Non-Goals
- Performing penetration testing or vulnerability scanning directly
- Providing legal advice on specific regulatory requirements
- Automating the full certification process (focuses on preparation)
- Managing IT infrastructure directly (focuses on policy and process)
Practices
- Information Security Management
- Risk Management
- Compliance Auditing
- Incident Response Planning
Installation
First, add the marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install ra-qm-team@claude-code-skillsQuality Score
VerifiedTrust Signals
Similar Extensions
Context Mode Ops
100Manage context-mode GitHub issues, PRs, releases, and marketing with parallel subagent army. Orchestrates 10-20 dynamic agents per task. Use when triaging issues, reviewing PRs, releasing versions, writing LinkedIn posts, announcing releases, fixing bugs, merging contributions, validating ENV vars, testing adapters, or syncing branches.
Quality Manager QMR
95Senior Quality Manager Responsible Person (QMR) for HealthTech and MedTech companies. Provides quality system governance, management review leadership, regulatory compliance oversight, and quality performance monitoring per ISO 13485 Clause 5.5.2.
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.
Monitor Data Integrity
100Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Master Claude for Legal
100Master skill for legal teams using Claude. Loads the right reference for the user's question (privilege configuration, MCP hardening, verification, long documents, practice-area patterns, skill authoring) and routes to specialized starter skills (NDA triage, version diff, meeting brief, citation verification, status synthesis). Auto-invokes when the user mentions legal work, contracts, redlines, NDAs, privilege, attorney-client, court filings, depositions, regulatory compliance, or asks how to set up Claude for a law firm or in-house legal team.