What does ISO 27001 actually require?
ISO 27001 sets out governance, risk-assessment, and documentation requirements for the AI systems in its scope. See the framework brief for the full obligation list.
What is ISO 27001?
ISO/IEC 27001 is the international standard for information security management systems (ISMS). It complements ISO/IEC 42001 (AI management systems) and is often held by AI governa
Last updated April 26, 2026 · Every fact traceable to a public source
ISO/IEC 27001 is the international standard for information security management systems (ISMS). It complements ISO/IEC 42001 (AI management systems) and is often held by AI governance vendors as a baseline information-security certification. Required by many enterprise procurement processes globally.
Who is in scope of ISO 27001?
ISO 27001 is active in International (ISO). Scope attaches based on jurisdiction and the role a company plays in the AI supply chain. See /frameworks/iso-27001 for the full scope note and source links.
Which vendors help with ISO 27001 compliance?
In our directory, the following vendors reference ISO 27001 in their compliance coverage: TrustArc, Scrut Automation, Vanta, Naaia, Knostic. Each profile links to the public source for the claim.
Related
Keep reading
Editorial independence
This FAQ is editorial. No vendor can pay to be highlighted or ranked in answers, and the written commentary on this page is payment-free. Featured slots in directory listings are always labeled where they appear. Read our methodology for details.