ISO 27001

The international standard for an Information Security Management System - a documented, audited approach to managing information risk that global and regulated buyers often require.

ISO/IEC 27001 is the leading international standard for an Information Security Management System (ISMS): a systematic, documented framework for identifying information risks and applying controls to manage them, subject to independent certification. It signals a mature, repeatable security program and is frequently required by global enterprises and regulated buyers.

Certification covers the management system, not the runtime behavior of any one AI application. As with SOC 2, the standard's control objectives around access control, cryptography, and logging translate, for AI, into enforced controls and tamper-evident evidence at the point where a model touches data - the operational detail an ISMS expects but does not itself implement.

All terms

Govern AI like infrastructure.

Talk to our team about deploying DataStrict across your enterprise stack.