[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-8313cd64-536e-4922-ae73-3f3de02c34f0":3,"$feCwd8YbHYr4svISqJP0vJ0nFs6i1ylnOaJ-6gqFIvJk":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"8313cd64-536e-4922-ae73-3f3de02c34f0","iso27001-audit-prep","ISO 27001 ISMS审计准备范围 - ISO 27001 ISMS审计6问强制式询问。在年度9.2条款内部审计、监督审计准备或第一阶段认证准备前使用。","cat_coding_review","mod_coding","alirezarezvani,coding","---\nname: \"iso27001-audit-prep\"\ndescription: \"\u002Fcs:iso27001-audit-prep \u003Cscope> — ISO 27001 ISMS audit readiness 6-question forcing interrogation. Use before annual Clause 9.2 internal audit, surveillance audit prep, or stage 1 certification readiness.\"\n---\n\n# \u002Fcs:iso27001-audit-prep — ISO 27001 ISMS Audit Forcing Questions\n\n**Command:** `\u002Fcs:iso27001-audit-prep \u003Cscope>`\n\nThe ISO 27001 ISMS auditor pressure-tests any ISMS work. Six sample-driven questions before any internal audit, stage 1 readiness, or surveillance audit.\n\n## When to Run\n\n- Before annual Clause 9.2 internal audit\n- Before stage 1 \u002F stage 2 ISO 27001 certification audit\n- Before surveillance audit (year 2 \u002F year 3)\n- After material change to ISMS scope (new business unit, new product line, new SaaS adoption)\n- Post-incident (breach triggers ad-hoc ISMS audit)\n- Quarterly during high-growth phase\n\n## The Six ISMS Questions\n\n### 1. What's the audit scope, and is rolling 3-year coverage on track?\n**No 3-year coverage discipline, no defensible programme.**\n- Every Clause 4-10 + every applicable Annex A control must be audited at least once per 3-year cycle\n- Run `isms_audit_scheduler.py` in `ra-qm-team\u002Fskills\u002Fisms-audit-expert\u002F`\n- Confirm auditor independence — no self-audit on any sample\n\n### 2. When was the risk register last refreshed, and are treatments linked to Annex A controls?\n**Stale risk register = certification finding.**\n- Quarterly refresh expected; annual minimum\n- Every high\u002Fcritical risk must link to ≥ 1 Annex A control treating it\n- Residual risk acceptance documented + signed\n- Review against `iso27001_audit_playbook.md` for stage 1 expectations\n\n### 3. Show me the access review records — quarterly cadence, the last 4 quarters.\n**Most-cited finding area.**\n- Annex A.5.15 + A.8.2 + A.8.3 access controls\n- Sample real records pulled from Okta \u002F IAM, not curated audit-prep packs\n- For each terminated employee in last 90 days: deprovisioning evidence within 24-hour SLA\n- Privileged access reviewed at finer granularity\n\n### 4. What's the supplier inventory + last review evidence?\n**Second-most-cited finding area.**\n- Annex A.5.19-A.5.21 supplier management\n- Critical SaaS suppliers reviewed at least annually\n- DPAs signed for personal-data sub-processors (cross-check with cs-dpo-gdpr)\n- AI-specific contract clauses where third-party AI services in use (cross-check with cs-aims-iso42001)\n\n### 5. Where's the incident response evidence + post-incident review?\n**A.5.24-27 + A.6.8 — high-stakes audit area.**\n- Severity definitions documented + consistently applied\n- Last 5 incidents have post-incident review (PIR) within 30-day SLA\n- GDPR Article 33 \u002F 34 notification timing aligned with A.5.24 (cross-check with cs-dpo-gdpr)\n- Blameless retro culture; not punitive\n\n### 6. What's the management review cadence + inputs?\n**Clause 9.3 required inputs are prescriptive — easy to miss.**\n- Required inputs: audit results, risks, performance, nonconformities, opportunities\n- Schedule: annual minimum; quarterly preferred for mature programs\n- Outputs documented + tracked to closure\n- Integrated review across frameworks (per `multi_framework_audit_playbook.md`) preferred to separate reviews\n\n## Workflow\n\n```bash\n# 1. Audit programme planning\npython ..\u002F..\u002Fra-qm-team\u002Fskills\u002Fisms-audit-expert\u002Fscripts\u002Fisms_audit_scheduler.py audit_scope.json\n\n# 2. Mock audit for readiness check\npython ..\u002F..\u002Fskills\u002Fcompliance-os\u002Fscripts\u002Faudit_simulator.py iso27001_scope.json\n\n# 3. Cross-framework reuse (SOC 2 = 75% overlap; ISO 42001 = 60% reuse)\npython ..\u002F..\u002Fskills\u002Fcompliance-os\u002Fscripts\u002Fcross_framework_mapper.py program.json\n```\n\n## Output Format\n\n```markdown\n# ISO 27001 Audit Prep: \u003Cscope>\n**Date:** YYYY-MM-DD\n\n## The Decision Being Made\n[programme-plan | finding-severity | cert-readiness | incident-followup]\n\n## Audit Programme Status\n- Clauses scheduled this year: \u003Clist>\n- Annex A controls scheduled: \u003Ccount>\n- Rolling 3-year coverage: clean | gaps in \u003Clist>\n- Auditor independence: clean | issues in \u003Clist>\n\n## Risk Register Health\n- Last refresh: YYYY-MM-DD\n- High\u002Fcritical risks without Annex A control link: N\n- Residual risk acceptance documentation: complete | gaps\n\n## High-Stakes Controls Status\n- A.5.15 + A.8.2 + A.8.3 access control: pass\u002Ffail with sample\n- A.5.19-A.5.21 supplier mgmt: pass\u002Ffail with sample\n- A.5.24-27 + A.6.8 incident response: pass\u002Ffail with sample\n- A.8.15-16 logging: pass\u002Ffail with sample\n\n## Management Review Status\n- Last review date: YYYY-MM-DD\n- Required Article 9.3 inputs present: yes\u002Fno\n- Open action items past due: N\n\n## Cross-Framework Impact\n- SOC 2 controls affected: \u003Clist>\n- ISO 42001 controls affected (if applicable): \u003Clist>\n- GDPR Article 32 controls affected: \u003Clist>\n\n## Verdict\n🟢 READY | 🟡 CLOSE-CRITICALS-FIRST | 🔴 NOT-READY\n\n## Top 3 Actions\n[3 concrete next steps with owner + corrective-action timeline]\n```\n\n## Routing\n\n- `\u002Fcs:compliance-readiness` — for multi-framework view\n- `\u002Fcs:soc2-audit-prep` — for SOC 2 cross-walk pair (75% overlap)\n- `\u002Fcs:aims-audit` — for ISO 42001 AIMS cross-walk\n- `\u002Fcs:gdpr-audit-prep` — for Article 32 organizational measures overlap\n- `\u002Fcs:ciso-review` — for executive cybersecurity strategy\n- `\u002Fcs:decide` — to log the verdict\n\n## Related\n\n- Agent: [`cs-ciso-iso27001`](..\u002F..\u002Fagents\u002Fcs-ciso-iso27001.md)\n- Skill: [`isms-audit-expert`](..\u002F..\u002F..\u002Fra-qm-team\u002Fskills\u002Fisms-audit-expert\u002FSKILL.md)\n- Playbook: [iso27001_audit_playbook.md](..\u002F..\u002F..\u002Fra-qm-team\u002Fskills\u002Fisms-audit-expert\u002Freferences\u002Fiso27001_audit_playbook.md)\n- Adjacent: `..\u002Fsoc2-audit-prep\u002F`, `..\u002Faims-audit\u002F`, `..\u002Fgdpr-audit-prep\u002F`, `..\u002Fcompliance-readiness\u002F`\n\n---\n\n**Version:** 1.0.0\n","","imported","https:\u002F\u002Fgithub.com\u002Falirezarezvani\u002Fclaude-skills","user_system_seed","SkillOPIC",true,195,1379,"2026-05-16 13:52:51",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"070fff76-73a8-44a6-a5e5-3d0c7e99701c","1.0.0","iso27001-audit-prep.zip",2520,"uploads\u002Fskills\u002F8313cd64-536e-4922-ae73-3f3de02c34f0\u002Fiso27001-audit-prep.zip","b053546cb75cb916fdfac177a5993d2be7e5cf301e2d115049bfd898965d8519","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":5683}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]