Global security baseline

ISO 27001 was built for IT.
We added the AI attack surface.

ISO/IEC 27001:2022 AI-ready kit — £999 one-time + £199/mo monitoring (optional)

Certification bodies and enterprise buyers now expect AI assets — models, embeddings, prompts, inference endpoints — inside your ISMS. We provide the threat library, risk register, and Statement of Applicability to make it pass.

AI assets missing from most ISMS scopes

Model weights and checkpoints are high-value intellectual property.
Prompt logs contain confidential and personal data.
Third-party model providers are critical suppliers requiring due diligence.
Embeddings and vector databases need integrity and access controls.

Book free readiness check Compare ISO 42001 See all protocols

Choose your tier

Quick Scope

£9one-time

AI asset inventory template and 20-question ISO 27001 + AI scope check.

Get £9 Quick Scope

ISO 27001 AI Kit

£999one-time

Threat library, risk register, SoA mapping, supplier governance pack, and one signed attestation.

Buy — £999

Audit-Prep Bundle

£4,950one-time

Kit + 2-day engagement + internal audit run + 90-day support.

Buy Audit-Prep — £4,950

Enterprise

£1,499/month

Continuous ISMS monitoring, quarterly risk reviews, and unlimited attestations.

Talk sales — £1,499/mo

What's covered

AI threat library & risk register

Pre-populated risk register with AI-specific threats: model exfiltration, prompt injection, training-data poisoning, supply-chain compromise, and insider misuse.

ISO 27001:2022 control mapping

Every Annex A control mapped to AI assets, owners, evidence sources, and statement of applicability rationale.

Supplier & model-provider governance

Due-diligence checklists and contract clauses for OpenAI, Anthropic, Google, AWS Bedrock, and open-weight model hosts.

Internal audit programme

12-month audit schedule, checklists, and non-conformance tracker tuned to an AI-first ISMS.

Why this matters now

ISO 27001 is the global baseline for information security. Adding AI assets to the ISMS is now expected by certification bodies and enterprise customers.

Generic ISMS templates treat AI as ‘just another SaaS’. They miss model weights, embeddings, prompt logs, and inference endpoints as critical assets.

Certification bodies are asking how organisations manage AI supply-chain risk. The kit provides pre-written SoA justifications.

A well-scoped ISMS accelerates SOC 2, GDPR, and ISO 42001 by reusing risk treatments and evidence.

Frequently asked questions

Is ISO 27001 enough for AI security?

ISO 27001 provides an excellent information security baseline, but it does not cover AI-specific governance such as model risk management, bias, explainability, or AI system lifecycle. Most organisations pair it with ISO/IEC 42001 for a complete AI management system.

What AI assets belong in the ISMS asset inventory?

Model weights, checkpoints, LoRA adapters, embeddings, prompt templates, inference endpoints, vector databases, training datasets, evaluation datasets, fine-tuning pipelines, and third-party API keys should all be classified and owned.

How does the kit map to ISO 27001:2022 Annex A?

We provide a Statement of Applicability with control-by-control applicability, implementation status, evidence references, and AI-specific notes. Organisations without an ISMS can use it as a starting point; those with an ISMS can use it as a gap fill.

Can we use this alongside an existing ISMS?

Yes. The kit is designed as a delta: AI risk treatment, AI asset inventory, and updated SoA justifications that integrate with your existing ISO 27001 management system.

How long until we are certification-ready?

For organisations with no prior ISMS, certification typically takes 6-12 months. With an existing ISMS, the AI delta can be addressed in 4-8 weeks using the kit.

Building a full AI management system?

See the ISO 42001 AIMS kit →

MEOK AI Labs · CSOAI LTD · UK Companies House 16939677

CSOAI

Initializing...

ISO 27001 was built for IT.
We added the AI attack surface.

ISO/IEC 27001:2022 AI-ready kit — £999 one-time + £199/mo monitoring (optional)

AI assets missing from most ISMS scopes

Model weights and checkpoints are high-value intellectual property.
Prompt logs contain confidential and personal data.
Third-party model providers are critical suppliers requiring due diligence.
Embeddings and vector databases need integrity and access controls.

Choose your tier

Quick Scope

£9one-time

AI asset inventory template and 20-question ISO 27001 + AI scope check.

Get £9 Quick Scope

ISO 27001 AI Kit

£999one-time

Threat library, risk register, SoA mapping, supplier governance pack, and one signed attestation.

Buy — £999

Audit-Prep Bundle

£4,950one-time

Kit + 2-day engagement + internal audit run + 90-day support.

Buy Audit-Prep — £4,950

Enterprise

£1,499/month

Continuous ISMS monitoring, quarterly risk reviews, and unlimited attestations.

Talk sales — £1,499/mo

What's covered

AI threat library & risk register

Pre-populated risk register with AI-specific threats: model exfiltration, prompt injection, training-data poisoning, supply-chain compromise, and insider misuse.

ISO 27001:2022 control mapping

Every Annex A control mapped to AI assets, owners, evidence sources, and statement of applicability rationale.

Supplier & model-provider governance

Due-diligence checklists and contract clauses for OpenAI, Anthropic, Google, AWS Bedrock, and open-weight model hosts.

Internal audit programme

12-month audit schedule, checklists, and non-conformance tracker tuned to an AI-first ISMS.

Why this matters now

ISO 27001 is the global baseline for information security. Adding AI assets to the ISMS is now expected by certification bodies and enterprise customers.

Generic ISMS templates treat AI as ‘just another SaaS’. They miss model weights, embeddings, prompt logs, and inference endpoints as critical assets.

Certification bodies are asking how organisations manage AI supply-chain risk. The kit provides pre-written SoA justifications.

A well-scoped ISMS accelerates SOC 2, GDPR, and ISO 42001 by reusing risk treatments and evidence.

Frequently asked questions

Is ISO 27001 enough for AI security?

What AI assets belong in the ISMS asset inventory?

How does the kit map to ISO 27001:2022 Annex A?

Can we use this alongside an existing ISMS?

Yes. The kit is designed as a delta: AI risk treatment, AI asset inventory, and updated SoA justifications that integrate with your existing ISO 27001 management system.

How long until we are certification-ready?

For organisations with no prior ISMS, certification typically takes 6-12 months. With an existing ISMS, the AI delta can be addressed in 4-8 weeks using the kit.

MEOK AI Labs · CSOAI LTD · UK Companies House 16939677

ISO 27001 was built for IT.We added the AI attack surface.

Choose your tier

What's covered

Why this matters now

Frequently asked questions

ISO 27001 was built for IT.We added the AI attack surface.

Choose your tier

What's covered

Why this matters now

Frequently asked questions

ISO 27001 was built for IT.
We added the AI attack surface.

ISO 27001 was built for IT.
We added the AI attack surface.