Add ISO 27001 context and risk evidence gates

[alan747271363-art]

Summary

• add ISO/IEC 27001:2022/Amd 1:2024 context checks for climate relevance in Clauses 4.1 and 4.2
• clarify that qualitative, semi-quantitative, and quantitative risk methods are acceptable when criteria are defined and repeatable
• expand A.5.9 evidence for in-scope AI-integrated SaaS, approved generative AI, shadow AI, prompt stores, and model-connected data stores
• expand A.5.30 evidence for restore testing and protected recovery paths when destructive malware/ransomware scenarios are in scope

Scope notes

Addresses the climate amendment and risk-methodology portions of #1107. I intentionally avoided unverified incident-specific claims and mapped the AI/continuity guidance to existing ISO clauses and Annex A controls rather than inventing new requirements.

Official references used for the climate amendment:

• ISO/IEC 27001:2022/Amd 1:2024: https://www.iso.org/standard/88435.html
• ISO-IAF climate change amendments communique: https://iaf.nu/iaf_system/uploads/documents/Joint_ISO-IAF_Communique_re_Climate_Change_Amds_to_ISO_MSS_Feb_2024_Final.pdf

Validation

• git diff --check
• markdown fence balance check for skills/compliance/iso27001-gap/SKILL.md
• required frontmatter field check
• changed-file prompt-safety keyword scan

Bounty

Skill Improvement / Improver candidate. Payment details can be provided privately after maintainer acceptance.