iso-27001-evidence-collectionlisted

Collect, organize, and validate evidence for ISO 27001 and SOC 2 audits. API-first approach with CLI commands for major cloud platforms. Produces timestamped, auditor-ready evidence packages. Use when user says "collect audit evidence," "prepare evidence package," "evidence for the auditor," "refresh evidence," or "evidence gap analysis."
open-agreements/open-agreements · ★ 34 · AI & Automation · score 81

Install: claude install-skill open-agreements/open-agreements

# ISO 27001 Evidence Collection Systematically collect audit evidence for ISO 27001:2022 and SOC 2. This skill provides API-first evidence collection commands, organizes evidence by control, and validates completeness before auditor review. ## Security Model - **No scripts executed** — this skill is markdown-only procedural guidance - **No secrets required** — works with reference checklists; CLI commands use existing local credentials - **Evidence stays local** — all outputs go to the local filesystem - **IP-clean** — references NIST SP 800-53 (public domain); ISO controls cited by section ID only ## When to Use Activate this skill when: 1. **Preparing evidence package for external audit** — 2-4 weeks before auditor arrives 2. **Quarterly evidence refresh** — update evidence that has aged beyond the audit window 3. **After remediation** — collect evidence proving a finding has been fixed 4. **New system onboarding** — establish baseline evidence for a newly in-scope system 5. **Evidence gap analysis** — identify what's missing before the audit Do NOT use for: - Running the internal audit itself — use `iso-27001-internal-audit` - SOC 2-only readiness assessment — use `soc2-readiness` - Interpreting audit findings — use the internal audit skill ## Core Concepts ### Evidence Hierarchy (Best to Worst) | Rank | Type | Example | Why Better | |------|------|---------|------------| | 1 | **API export (JSON/CSV)** | `gcloud iam service-accounts list --format=json` | Timesta