What Is ISO/IEC 27001?
ISO/IEC 27001 is the international standard specifying requirements for an information security management system (ISMS).
ISO/IEC 27001 — the international standard specifying requirements for an information security management system (ISMS).
ISO/IEC 27001:2022 is the most widely adopted information-security certification standard. It is highly relevant to AI governance because AI systems handle data whose confidentiality, integrity, and availability must be protected, and because many organisations build their AI management system (ISO/IEC 42001) on top of an existing ISMS. The control set in its companion, ISO/IEC 27002, covers access control, cryptography, supplier relationships, and incident management — all of which apply directly to AI pipelines.
Source: ISO/IEC 27001:2022
Plain-language explanation
ISO/IEC 27001:2022 is the most widely adopted information-security certification standard. It is highly relevant to AI governance because AI systems handle data whose confidentiality, integrity, and availability must be protected, and because many organisations build their AI management system (ISO/IEC 42001) on top of an existing ISMS. The control set in its companion, ISO/IEC 27002, covers access control, cryptography, supplier relationships, and incident management — all of which apply directly to AI pipelines.
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →