Progress 0 / 22 questions answered

ISO/IEC 27001:2022 AI Extension Checklist

Assess your AI system's ISO 27001 compliance. 22 questions, 5 categories.

Do you maintain an up-to-date inventory of all AI/ML systems, models, and datasets in your organization?

ISO Control A.5.9: Inventory of information and other associated assets. AI systems often spread as "shadow IT". You cannot protect what you don't know exists.

No inventory Partial inventory (some systems) Complete, up-to-date inventory of all AI systems

Have you classified your AI systems by risk level and data sensitivity (e.g., critical/high/medium/low)?

ISO Control A.5.12: Classification of information. Not all AI systems are equally critical. Classification determines required controls.

No classification Basic classification (high/low) Detailed classification by risk and data sensitivity

Do you have a designated owner (data owner/DPO/data steward) for each AI system?

ISO Control A.5.9: Asset ownership. ISO 27001 requires every asset to have an owner. In AI, responsibility is often unclear.

No designated owner Some systems have owners All systems have designated owners with a RACI matrix

Do you track the full lifecycle of AI models (development, staging, production, retirement)?

ISO Control A.5.37: Documented operating procedures. Models are often deployed to production without version control, or outdated models run for years.

No lifecycle tracking Tracking production models Full lifecycle tracking from dev to retirement

Do you have up-to-date technical documentation for each AI system (model card, datasheet, architecture diagram)?

ISO Control A.5.37: Documented operating procedures. First ISO audit question: "Show me the documentation". Critical to document the AI's purpose, limitations, and operation.

No documentation Basic documentation (README) Complete documentation (model cards, datasheets, diagrams)

Do you assess the security risks of third-party AI providers (OpenAI, AWS, Google Cloud AI) before contracting?

ISO Control A.5.19: Information security in supplier relationships. Third-party AI = third-party risk. A vendor outage or data leak is your responsibility too.

No vendor assessment Basic security check (certifications) Thorough risk assessment (SOC2, ISO27001, SLA)

Do your contracts include AI-specific security requirements (data retention, model ownership, audit rights)?

ISO Control A.5.20: Addressing information security within supplier agreements. Default contracts don't cover: who owns the model? Do you have audit rights?

No AI-specific terms Basic DPA exists Comprehensive AI-specific contract (ownership, audit, retention)

Do you check for security vulnerabilities in open-source libraries and pretrained models used in your AI systems?

ISO Control A.5.23: Information security for use of cloud services. Models from HuggingFace may contain backdoors; libraries may be vulnerable.

No vulnerability checking Manual checks occasionally Automated CVE monitoring (Dependabot, Renovate)

Do you encrypt data in transit to third-party AI providers (TLS, VPN, private endpoint)?

ISO Control A.8.24: Use of cryptography. An unencrypted (plaintext) API call creates a man-in-the-middle risk. Minimum TLS 1.2 or private endpoints are required.

No encryption TLS 1.2+ in use Private endpoints or VPN

Do you protect training datasets from unauthorized access (encryption at rest, access control, audit logs)?

ISO Control A.8.10/A.8.11: Training data often contains PII. If leaked, this is a GDPR breach + competitive disadvantage. Encryption at rest (AES-256) and RBAC are required.

No protection Access control exists Encryption at rest + RBAC + audit logging

Do you apply data minimization principles for AI training (using only necessary fields)?

ISO Control A.8.11: Data masking. GDPR Article 5(1)(c) - data minimization. If you don't need the email, don't collect/use it.

Using all data Removing some unnecessary fields Strict minimization, feature selection audit

Do you anonymize or pseudonymize personal data before AI training?

ISO Control A.8.11: Data masking. GDPR Article 25 - data protection by design. Anonymized data is not subject to the full rigor of GDPR.

No anonymization Pseudonymization applied Full anonymization (k-anonymity, differential privacy)

Do you have a defined data retention policy for AI training data and model outputs?

ISO Control A.8.10: Information deletion. GDPR Article 17 - right to erasure. You cannot store data longer than necessary. An automated deletion policy is required.

No retention policy Policy exists, manual deletion Automated retention policy and deletion

Do you have DLP (Data Leakage Prevention) controls to prevent sensitive data leakage from AI outputs?

ISO Control A.8.12: Data leakage prevention. LLMs "memorize" training data. Output filtering and anomaly detection are required.

No DLP controls Basic output filtering (regex) Advanced DLP (anomaly detection, canary tokens)

Do you use version control for AI models and training scripts (Git, DVC, MLflow)?

ISO Control A.8.32: Change management. Without version control, there is no auditability or rollback capability. Git (code) + DVC (data) + MLflow (models) recommended.

No version control Only code in Git Full MLOps (Git + DVC + MLflow)

Do you have a formal change management process for deploying AI models to production (approval, testing, rollback plan)?

ISO Control A.8.32: Change management. Ad-hoc deployment = outage risk. ISO 27001 requires a documented change process (CAB approval, rollback plan).

No formal process Basic approval exists Full change management (CAB, testing, rollback)

Do you monitor AI systems in real-time (model drift, performance degradation, security anomalies)?

ISO Control A.8.16: Monitoring activities. AI models "rot" over time (data drift). Accuracy can drop from 95% → 70% in 6 months. This must be detected.

No monitoring Basic performance metrics Full monitoring (drift detection, alerting)

Do you log critical events of AI systems (model inference, training job start/stop, access logs)?

ISO Control A.8.15: Logging. Incident investigation is impossible without logs. Centralized logging (ELK, Splunk) + min 12 months retention + tamper-proof storage is required.

No logging Basic application logs Centralized, tamper-proof logging (12+ months)

Do you have a dedicated incident response plan for AI-specific events (model poisoning, adversarial attack, data leak)?

ISO Control A.5.24: Incident management planning. A generic IR plan doesn't cover AI-specific incidents. A playbook + escalation path + post-mortem are required.

No AI IR plan Generic IR plan exists AI-specific IR playbook (model poisoning, adversarial)

Do you regularly test AI systems for security vulnerabilities (prompt injection, adversarial attacks)?

ISO Control A.8.8: Management of technical vulnerabilities. Traditional scanners don't find AI-specific vulnerabilities. Prompt injection + adversarial testing are required.

No AI vulnerability testing Occasional manual testing Regular AI security testing (prompt injection, adversarial)

Do you have a process for applying security patches to AI libraries and frameworks (PyTorch, TensorFlow, transformers)?

ISO Control A.8.8: Management of technical vulnerabilities. AI library critical vulnerabilities require fast patching. Automated dependency updates + a 7-day SLA are required.

No patch management Manual patching monthly Automated patch management (Dependabot, 7-day SLA)

Do you measure and report AI security metrics (incident count, patch time, audit findings)?

ISO Control A.5.28: Collection of evidence. ISO 27001 audit question: "Show me the metrics!" A KPI dashboard + quarterly review + trend analysis are required.

No security metrics Basic incident tracking KPI dashboard + quarterly review + trend analysis

Your AI Security Assessment

/100

📧 Get your results via email

We will send you the complete report with all answers and recommendations

I accept the Terms of Use.

Want a deeper analysis?

Our experts can help with a detailed AI Red Team audit

Schedule Free Consultation →

Does your ISO 27001 ISMS cover AI-specific risks?

Take our 3-Minute ISO 27001 & AI Checklist! Implementing AI introduces new risks to your Information Security Management System (ISMS). This quick audit helps you assess if your controls (based on ISO 27001:2022) adequately address AI-specific threats, such as data quality and model security. Complete it in just 3 minutes to get an instant evaluation!

We’ll email you the recommendations.

ISO/IEC 27001:2022 AI Extension Checklist

Your AI Security Assessment

📧 Get your results via email

Want a deeper analysis?

Does your ISO 27001 ISMS cover AI-specific risks?

Contact