Many organisations with an ISO 27001 certificate have their policy, classification, and supplier management neatly in place, but written for a world without AI assistants. The standard itself does not mention AI. Yet you do not need to build a new framework: AI use fits the controls you already have. You just have to apply them to a new kind of risk.
ISO 27001 in short
ISO 27001 is the international standard for an information security management system (ISMS). It is built on risk-based work: you assess risks and choose appropriate measures, the so-called controls in Annex A. In the 2022 version, those are grouped into four themes: organisational, people, physical, and technological. AI use mainly touches the organisational and people controls, plus one important technological one.
The controls that touch AI use
Policy and acceptable use. Your information security policy and your acceptable use rules must make clear which AI tools may be used and with which data. Without that, AI use sits outside your ISMS.
Information classification. Which data is confidential, internal, or public? That classification decides what may and may not enter an AI tool. A prompt with confidential customer data is a classification problem before it is an AI problem.
Supplier management. An AI tool that processes your data is a supplier or cloud service. It belongs in your supplier assessment, with attention to what the provider does with the data. Unapproved AI tools are unmanaged suppliers, that is, shadow AI.
Awareness and training. People must know what they can and cannot share. That is a people control, and ties directly to what you can and cannot share with AI.
Data leakage prevention. The 2022 version of the standard has a dedicated control for data leakage prevention (A.8.12). This is the control AI use touches most directly, because the core risk is exactly that: sensitive data leaving the organisation through a prompt or upload.
Why AI is a new kind of leak
Classic measures against data leaks look at email, USB sticks, and uploads to known services. A prompt is something new: free text, in the browser, to a service that can store the input or use it for model improvement. The data leakage prevention control calls for appropriate measures, and those measures must therefore also reach the text field of an AI tool. Otherwise you cover email but not the fastest-growing route.
Awareness works best in the moment
ISO 27001 calls for awareness, and most organisations fill that in with a yearly training. It helps, but under time pressure behaviour rarely changes. The more effective approach is a signal at the point of use, so the control does not only exist on paper. See why security training alone does not close the AI gap.
How BeeSensible fits ISO 27001
BeeSensible makes several controls concrete in one place: the text field. Sensitive data gets a highlight while someone types in browser-based AI tools, so it can be removed, replaced, or masked before the prompt is sent.
That supports:
- Data leakage prevention (A.8.12): sensitive data is stopped before it leaves the organisation.
- Classification in practice: detection profiles align with what you have marked as sensitive.
- Awareness at the point of use: the employee sees the risk exactly when it arises.
- Demonstrability: an administrator sees, at an aggregate level, where data risks sit, without reading the content of personal chats.
An example: an organisation classifies customer files as confidential. Detection highlights names, file numbers, and IBANs in prompts, so they are removed before they are sent. The data leakage prevention control is then not only described, but working.
The infrastructure BeeSensible runs on is ISO 27001 certified; BeeSensible itself is not. BeeSensible does not replace your ISMS, but it makes the relevant controls workable for AI use.
Further reading: Compliance and AI and NIS2 and AI.