Spell-check for privacy
Blog
Compliance and AI 8 min read

ISO 27001 and AI: how does AI use fit into your ISMS?

ISO 27001 does not mention AI, but it requires policy, classification, supplier management, awareness, and data leakage prevention. Here is how to bring AI use under those controls.

Security team bringing AI use under ISO 27001 controls
Quick answer

ISO 27001 is the international standard for an information security management system (ISMS). The standard does not mention AI, but several Annex A controls touch AI use directly: policy and acceptable use, information classification, supplier management for cloud services, awareness and training, and data leakage prevention. AI tools are suppliers that process your data, so they belong in your risk assessment and your controls. The data leakage prevention control (A.8.12) applies most directly here.

01

ISO 27001 requires an ISMS; AI use should fall under your existing controls

02

AI tools are suppliers: include them in supplier management and risk assessment

03

Classification and acceptable use decide which data may enter an AI tool

04

The data leakage prevention control (A.8.12) touches AI use directly

05

Awareness at the point of use beats a once-a-year training

Many organisations with an ISO 27001 certificate have their policy, classification, and supplier management neatly in place, but written for a world without AI assistants. The standard itself does not mention AI. Yet you do not need to build a new framework: AI use fits the controls you already have. You just have to apply them to a new kind of risk.

ISO 27001 in short

ISO 27001 is the international standard for an information security management system (ISMS). It is built on risk-based work: you assess risks and choose appropriate measures, the so-called controls in Annex A. In the 2022 version, those are grouped into four themes: organisational, people, physical, and technological. AI use mainly touches the organisational and people controls, plus one important technological one.

The controls that touch AI use

Policy and acceptable use. Your information security policy and your acceptable use rules must make clear which AI tools may be used and with which data. Without that, AI use sits outside your ISMS.

Information classification. Which data is confidential, internal, or public? That classification decides what may and may not enter an AI tool. A prompt with confidential customer data is a classification problem before it is an AI problem.

Supplier management. An AI tool that processes your data is a supplier or cloud service. It belongs in your supplier assessment, with attention to what the provider does with the data. Unapproved AI tools are unmanaged suppliers, that is, shadow AI.

Awareness and training. People must know what they can and cannot share. That is a people control, and ties directly to what you can and cannot share with AI.

Data leakage prevention. The 2022 version of the standard has a dedicated control for data leakage prevention (A.8.12). This is the control AI use touches most directly, because the core risk is exactly that: sensitive data leaving the organisation through a prompt or upload.

Why AI is a new kind of leak

Classic measures against data leaks look at email, USB sticks, and uploads to known services. A prompt is something new: free text, in the browser, to a service that can store the input or use it for model improvement. The data leakage prevention control calls for appropriate measures, and those measures must therefore also reach the text field of an AI tool. Otherwise you cover email but not the fastest-growing route.

Awareness works best in the moment

ISO 27001 calls for awareness, and most organisations fill that in with a yearly training. It helps, but under time pressure behaviour rarely changes. The more effective approach is a signal at the point of use, so the control does not only exist on paper. See why security training alone does not close the AI gap.

How BeeSensible fits ISO 27001

BeeSensible makes several controls concrete in one place: the text field. Sensitive data gets a highlight while someone types in browser-based AI tools, so it can be removed, replaced, or masked before the prompt is sent.

That supports:

  • Data leakage prevention (A.8.12): sensitive data is stopped before it leaves the organisation.
  • Classification in practice: detection profiles align with what you have marked as sensitive.
  • Awareness at the point of use: the employee sees the risk exactly when it arises.
  • Demonstrability: an administrator sees, at an aggregate level, where data risks sit, without reading the content of personal chats.

An example: an organisation classifies customer files as confidential. Detection highlights names, file numbers, and IBANs in prompts, so they are removed before they are sent. The data leakage prevention control is then not only described, but working.

The infrastructure BeeSensible runs on is ISO 27001 certified; BeeSensible itself is not. BeeSensible does not replace your ISMS, but it makes the relevant controls workable for AI use.

Further reading: Compliance and AI and NIS2 and AI.

FAQ

Common questions

Does ISO 27001 mention AI?

ISO 27001 does not name AI separately, but the standard is risk-based. AI tools process information and are suppliers, so they fall under existing controls for policy, classification, supplier management, awareness, and data leakage prevention.

Which ISO 27001 control touches AI use most?

The data leakage prevention control (A.8.12 in the 2022 version) applies most directly, because the core AI risk is that sensitive data leaves the organisation through a prompt or upload.

Are AI tools suppliers under ISO 27001?

Yes. An AI tool that processes your data is a supplier or cloud service, and belongs in your supplier management and risk assessment. Unapproved AI tools are unmanaged suppliers, that is, shadow AI.

Should AI use be in my information security policy?

Yes. An acceptable use policy should make clear which AI tools may be used and with which data. That is part of both the policy and the awareness controls.

Is awareness training enough for AI risks?

Training helps, but it rarely changes behaviour under time pressure. ISO 27001 calls for awareness; in practice, a signal at the point of use works better than a yearly session.