Stats
Actions
Tags
How this skill is triggered — by the user, by Claude, or both
Slash command
/cps-iso:iso-certificationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
---
Provides specialized knowledge for ISO certification engagements including gap analysis methodologies, documentation templates, audit preparation, and certification body coordination across ISO 9001, 27001, 42001, 14001, and 45001.
| Clause | Title | Key Requirements |
|---|---|---|
| 4 | Context | Organization context, interested parties, scope |
| 5 | Leadership | Policy, roles, management commitment |
| 6 | Planning | Risks, objectives, change planning |
| 7 | Support | Resources, competence, awareness, communication |
| 8 | Operation | Planning, requirements, design, production |
| 9 | Evaluation | Monitoring, internal audit, management review |
| 10 | Improvement | Nonconformity, corrective action, continual improvement |
| Clause/Annex | Key Requirements |
|---|---|
| 4-10 | Management system (same as 9001) |
| A.5 | Organizational controls (37 controls) |
| A.6 | People controls (8 controls) |
| A.7 | Physical controls (14 controls) |
| A.8 | Technological controls (34 controls) |
| Clause | Key AI-Specific Requirements |
|---|---|
| 4 | Context including AI context |
| 5 | AI policy and leadership |
| 6 | AI risk assessment, objectives |
| 7 | AI competence, awareness |
| 8 | AI lifecycle, data management, third parties |
| 9 | AI system performance monitoring |
| 10 | AI incident management, improvement |
| Key Areas | Requirements |
|---|---|
| Environmental policy | Commitment, objectives |
| Aspects/Impacts | Identification, significance |
| Legal compliance | Requirements register |
| Operational control | Procedures, monitoring |
| Emergency preparedness | Response procedures |
| Key Areas | Requirements |
|---|---|
| OH&S policy | Commitment, objectives |
| Hazard identification | Risk assessment |
| Legal compliance | Requirements register |
| Worker participation | Consultation mechanisms |
| Incident investigation | Root cause, corrective action |
Phase 1: Document Review
├── Existing policies and procedures
├── Records and evidence
├── Previous audit reports
└── Organizational charts
Phase 2: Process Interviews
├── Key process owners
├── Management representatives
├── Technical staff
└── Support functions
Phase 3: Control Testing
├── Sample evidence review
├── Process observation
├── Technical verification
└── Record examination
Phase 4: Gap Scoring
├── Clause-by-clause assessment
├── Maturity scoring
├── Priority ranking
└── Remediation effort estimation
| Score | Level | Description | Action |
|---|---|---|---|
| 0 | Non-existent | No evidence | Implement from scratch |
| 1 | Initial | Ad-hoc, undocumented | Document and formalize |
| 2 | Developing | Partially implemented | Complete implementation |
| 3 | Defined | Documented, consistent | Minor improvements |
| 4 | Managed | Measured, controlled | Optimization only |
| 5 | Optimized | Best practice | Maintain |
1. Executive Summary
- Overall readiness score
- Key gaps identified
- Estimated effort to certification
- Recommended timeline
2. Methodology
- Assessment scope
- Approach taken
- Limitations
3. Findings by Clause
- Current state
- Gap description
- Score
- Remediation action
- Priority
- Effort estimate
4. Remediation Roadmap
- Phased approach
- Resource requirements
- Dependencies
- Timeline
5. Appendices
- Evidence inventory
- Interview log
- Detailed scoring
Level 1: Policy
├── Management-approved
├── Sets direction
└── Reviewed annually
Level 2: Procedures
├── How to perform activities
├── Process-specific
└── Maintained by process owners
Level 3: Work Instructions
├── Detailed step-by-step
├── Task-specific
└── Used at operational level
Level 4: Forms/Records
├── Evidence of activities
├── Controlled templates
└── Retention requirements
ISO 9001:2015 Minimum:
ISO 27001:2022 Minimum:
ISO 42001:2023 Minimum:
Document Control Information:
├── Document ID: [XXX-YYY-NNN]
├── Title: [Document Name]
├── Version: [X.X]
├── Effective Date: [DD-MMM-YYYY]
├── Author: [Name]
├── Approver: [Name]
├── Review Frequency: [Annual]
├── Classification: [Internal/Confidential]
└── Distribution: [Controlled/Uncontrolled]
Revision History:
| Version | Date | Author | Changes |
|---------|------|--------|---------|
| 1.0 | Date | Name | Initial release |
Annual Audit Plan:
├── Scope (all clauses over cycle)
├── Frequency (at least annual)
├── Audit team (qualified, independent)
├── Schedule (aligned with operations)
└── Risk-based focus areas
Audit Cycle:
Year 1: All clauses + high-risk processes
Year 2: All clauses + different risk areas
Year 3: Full certification preparation
| Requirement | Evidence to Check | Finding |
|---|---|---|
| 8.1 Planning | Process plans, work instructions | |
| 8.2 Requirements | Customer specs, contract review | |
| 8.3 Design | Design plans, verification records | |
| 8.4 External provision | Supplier evaluations, inspections | |
| 8.5 Production | Control plans, monitoring records | |
| 8.6 Release | Inspection records, authorizations | |
| 8.7 Nonconforming | NCR records, disposition evidence |
| Category | Definition | Response Time |
|---|---|---|
| Major NC | System failure, missing requirement | Before certification |
| Minor NC | Isolated instance, partial compliance | 90 days typical |
| Observation | Improvement opportunity | Discretionary |
| Good Practice | Exceeds requirements | Document for sharing |
Pre-Certification (3-12 months):
├── Gap analysis
├── System development
├── Implementation
├── Internal audits
└── Management review
Stage 1 Audit (1-2 days):
├── Documentation review
├── Readiness assessment
├── Scope confirmation
└── Stage 2 planning
Gap Closure (4-8 weeks):
├── Address Stage 1 findings
├── Additional implementation
└── Evidence collection
Stage 2 Audit (2-5 days):
├── Implementation verification
├── Process observation
├── Interview staff
└── Evidence sampling
Certification:
├── NC closure (if any)
├── Certificate issuance
└── 3-year cycle begins
Surveillance (Annual):
├── Subset of clauses
├── NC follow-up
└── Continuous compliance
| Criterion | Considerations |
|---|---|
| Accreditation | UKAS, ANAB, JAS-ANZ, etc. |
| Industry experience | Relevant sector expertise |
| Geographic coverage | Local auditors available |
| Cost | Audit fees, travel, extras |
| Reputation | Client references |
| Timeline | Availability, speed |
Management Review Meeting
Date: [Date]
Attendees: [Top management required]
1. Opening / Previous Actions (15 min)
2. Context Changes (10 min)
3. Performance Dashboard (20 min)
4. Audit and NC Summary (15 min)
5. Risk and Opportunity Update (15 min)
6. Resource Review (10 min)
7. Improvement Initiatives (15 min)
8. Decisions and Actions (20 min)
9. Close
Output: Management Review Minutes (mandatory record)
All ISO management system standards share:
| Benefit | Description |
|---|---|
| Reduced duplication | Single policy, procedures |
| Efficiency | One audit, one review |
| Consistency | Aligned approaches |
| Resource savings | Shared team, tools |
| Stakeholder confidence | Comprehensive system |
| Combination | Industries |
|---|---|
| 9001 + 14001 | Manufacturing, construction |
| 9001 + 27001 | Technology, services |
| 27001 + 42001 | AI/ML companies |
| 9001 + 45001 | Manufacturing, oil & gas |
| 9001 + 14001 + 45001 | Heavy industry |
See references/ folder for:
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.
npx claudepluginhub hossamdaoud83/cps-plugins-official --plugin cps-iso