ISO 27001 is the international standard for information security management systems. When a vendor is certified, an accredited external auditor has examined how they manage security — their controls, their processes, their risk management — and verified it against the standard. It is one of the few security claims in a sales deck you can actually check.
That makes it useful. It doesn’t make it magic. Here’s how to read it when you’re evaluating an AI platform.
What certification does tell you
Security is managed, not improvised. Certification requires a working information security management system: named responsibilities, documented processes, risk assessments that actually happen, and corrective action when something fails. The audit tests whether the system operates, not whether a policy document exists.
Someone external checks. Surveillance audits happen on a cycle. A certified organisation has accepted that an outsider will keep turning up and asking for evidence. That ongoing accountability matters more than the certificate PDF.
There’s a scope statement. Every certificate has one, and it’s the part worth reading. It says which parts of the business and which services the certification covers.
What it doesn’t tell you
It doesn’t tell you the product is secure by design. ISO 27001 covers the organisation’s management of security. A certified company can still ship a product with weak access controls. You still need product answers: how is data isolated? Who can see what? What’s logged?
It doesn’t tell you what happens to your data in AI terms. The standard predates the current AI wave. It says nothing about whether your documents are used to train models, whether prompts are retained, or whether your corpus is separated from other customers’. Ask those questions separately and get the answers in writing.
It doesn’t replace due diligence on hosting and residency. Where the data lives, under which jurisdiction, and who the sub-processors are — all still your questions to ask.
The questions to put to any AI vendor claiming ISO 27001
- Can you share the certificate and its scope statement? Does the scope cover the service I’m buying?
- Is my organisation’s data isolated from other customers’? How, technically?
- Are my documents or prompts used to train shared models? Where is that stated contractually?
- What gets logged, and can my administrators see the log?
- Where is the data hosted, and what are the residency options if that’s not acceptable?
A vendor comfortable with those questions in a room with your security team is telling you something the certificate alone can’t.
We hold ISO 27001 certification at OpenKit and build Marella so that the product-level answers — isolation, access control, audit trails, no training on your data — hold up under exactly this kind of questioning. The security page covers them, and we’d rather you interrogate us than take the badge at face value.