Information Security Manager ISO 27001
技能 已验证 活跃ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.
To streamline and automate the implementation of ISO 27001 ISMS and cybersecurity governance for HealthTech and MedTech organizations, ensuring compliance and robust security posture.
功能
- Automated security risk assessment using ISO 27001 methodology
- Compliance checking against ISO 27001/27002 controls
- Gap analysis with remediation recommendations
- Structured workflows for ISMS implementation and incident response
- Reference guides for controls, risk assessment, and incident response
使用场景
- Designing and implementing an ISO 27001 ISMS
- Conducting security risk assessments for healthcare systems
- Verifying compliance with ISO 27001 and related healthcare regulations
- Developing incident response plans and procedures
- Preparing for ISO 27001 certification audits
非目标
- Performing penetration testing or vulnerability scanning directly
- Providing legal advice on specific regulatory requirements
- Automating the full certification process (focuses on preparation)
- Managing IT infrastructure directly (focuses on policy and process)
实践
- Information Security Management
- Risk Management
- Compliance Auditing
- Incident Response Planning
安装
请先添加 Marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install ra-qm-team@claude-code-skills质量评分
已验证类似扩展
Context Mode Ops
100使用并行子代理军队管理 context-mode GitHub 问题、PR、发布和营销。为每个任务编排 10-20 个动态代理。在分类问题、审查 PR、发布版本、撰写 LinkedIn 帖子、宣布发布、修复错误、合并贡献、验证 ENV 变量、测试适配器或同步分支时使用。
Quality Manager QMR
95Senior Quality Manager Responsible Person (QMR) for HealthTech and MedTech companies. Provides quality system governance, management review leadership, regulatory compliance oversight, and quality performance monitoring per ISO 13485 Clause 5.5.2.
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.
Monitor Data Integrity
100Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Master Claude for Legal
100Master skill for legal teams using Claude. Loads the right reference for the user's question (privilege configuration, MCP hardening, verification, long documents, practice-area patterns, skill authoring) and routes to specialized starter skills (NDA triage, version diff, meeting brief, citation verification, status synthesis). Auto-invokes when the user mentions legal work, contracts, redlines, NDAs, privilege, attorney-client, court filings, depositions, regulatory compliance, or asks how to set up Claude for a law firm or in-house legal team.