ISO/IEC 27001 Information Security Management
ISO/IEC 27001 is the international standard for information security management systems (ISMS). It complements ISO/IEC 42001 (AI management systems) and is often held by AI governance vendors as a baseline information-security certification. Required by many enterprise procurement processes globally.
This is an attestation a vendor obtains for its own operations — it is distinct from the AI-specific obligations the vendor’s tooling can help you meet. Vendors hold this certification or they don’t; we don’t use partial-coverage tiers here.
Standard owner
International (ISO)
Typical certification cycle
See overview
Penalty for misrepresentation
Loss of certification; legal exposure
Vendors that hold ISO 27001
Vendors below have a current third-party attestation against this standard. We list the certification, not coverage levels.
5 vendors
| Vendor | HQ | Founded | Size | Pricing | Coverage | Last verified |
|---|---|---|---|---|---|---|
| Scrut Automation | Palo Alto, US | 2021 | 51-200 | Contact for pricing | Certified | Apr 24, 2026 |
| Vanta | San Francisco, USA | 2018 | 500-1000 | Contact for pricing | Certified | Apr 26, 2026 |
| TrustArc | Walnut Creek, US | 1997 | 501-1000 | Enterprise subscription; contact sales for quote; modular pricing based on scope and modules | Certified | Apr 26, 2026 |
| Naaia | Louveciennes, FR | 2021 | 11-50 | No public pricing tiers; demo and quote requested via website. | Adjacent | Apr 27, 2026 |
| Knostic | Herndon, US | 2023 | 11-50 | Contact for pricing | Adjacent | Apr 27, 2026 |
Compare across industries
See which vendors support ISO 27001 in your sector.
Last verified April 24, 2026. Informational summary only — not legal advice. Consult qualified counsel for specific obligations.