How can AI help ISO 27001 consultants?

So, you are an ISO 27001 consultant, and you think generative AI will take away all of your clients? Or you think generative AI will never be accurate enough for some serious work?

Well, I believe none of this is true — I think that AI-powered tools will become very smart, and that skillful consultants will be able to use such AI tools in their everyday work to become even more successful.

How ISO 27001 consultants can use AI for their work:
  • AI tools for project management
  • AI tools integrated in GRC software
  • Specialized AI-powered chatbots

What types of AI tools will be available for consultants?

At the time this article was written (second half of 2023), the trends are such that the following types of AI tools are (or will be very soon) available to ISO 27001 consultants:

  • AI tools that help with project management — e.g., Notion.so automatically creates summaries of project tasks (or any documents), while Fireflies.ai automatically creates transcripts and to do lists; in the future, there will most likely be tools that will automatically communicate with project team members and perhaps resolve some less complex organizational tasks.
  • AI tools that will be integrated in GRC software — such tools will be able to speed up risk management, document writing, evidence collection, etc.
  • AI tools that are text based, and that are used for conversations — currently, these are in the form of chatbots.

Because AI tools in this last category (AI-powered chatbots) are currently the most advanced, I’m going to focus on them in this article.

How can consultants use AI-powered chatbots for ISO 27001?

From my experience, AI-powered chatbots can help ISO 27001 consultants with the following:

  1. Teach less experienced consultants about ISO 27001
  2. Save time when checking things
  3. Speed up implementation
  4. Help with internal audit and pre-certification check
  5. Create training materials

I’m going to show you several examples of how to do this using Experta, a specialized AI-powered chatbot-style knowledge base for ISO 27001 (Experta is currently free to use; you can sign up here.)

Teach less experienced consultants about ISO 27001

If you have a junior consultant who has just started to work in your consultancy, or if you are starting your own ISO 27001 career, you can save a lot of time by letting an AI chatbot do the teaching — try asking questions like these (click the question or the image to show the full answer):

“What are the mandatory clauses in ISO 27001?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“How to present ISO 27001 benefits to the top management?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“What is the purpose of ISMS?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“What are the steps to perform corrective actions?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“Create a learning program for ISO 27001 for a new consultant” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

Save time when checking things

Usually, during a project, a consultant needs to check several sources or simply brainstorm ideas — here’s how an AI chatbot can help you with this:

“Which Annex A controls cover incident management?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“What are the most common risks related to USB memory drives?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“How to protect against insider threats?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“What is ISO 27019?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

Speed up implementation

Once you’re further along in the implementation, you may sometimes need quick reminders on how to perform activities, or you might simply need a second opinion on how to complete a task:

“What are the steps for performing management review?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“What inputs are needed for ISO 27001 management review?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“Create a script on what should a consultant present at a management review meeting” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“How to review audit results during management review” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“What to include in management review minutes” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

Help with internal audit and pre-certification check

As part of your consulting work, you might do an internal audit, or the client may ask to you check if everything is ready for the certification audit. Here are some questions you might ask:

“How to structure the internal audit checklist?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“What will the certification auditor look for regarding risk assessment and treatment?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“What evidence to look for regarding clause 7.4?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“What evidence is needed for access control?” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

Creating training materials

When you have to train your clients, you will be able to create training materials more quickly by using these prompts:

“Create topics for an ISO 27001 training” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“Create a script for a training on identifying requirements of interested parties” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

“Create a multiple choice question with 4 answers for a topic of management review” How can AI help ISO 27001 consultants? - 27001Academy

How can AI help ISO 27001 consultants? - 27001Academy

What to expect from AI-powered chatbots in the future

There are some things that AI tools cannot do (yet); however, these functionalities will certainly come soon:

  • Writing personalized documents. AI tools will enable semi-automatic writing of documents that are personalized for a company based on their industry, size, internal context, etc.
  • Reviewing the text of policies and procedures. AI tools will be able to read the text of your documents and tell you what needs to be improved — e.g., some parts of the document might not be compliant with the standard, or might not follow best practices.
  • Updating policies and procedures. Imagine that you can upload the text of your, e.g., Access Control Policy that is written according to the old 2013 revision, and that it is automatically updated for the 2022 revision? This is no longer science fiction; such features will be available pretty soon.

You can read some other ideas here:  The future of compliance with generative AI technology.

How ISO 27001 consultants can use AI for their work

How do the AI-powered chatbots work?

An AI-powered chatbot operates on the principle that if you ask it a question, it will use generative AI technology to predict the best answer. “Predict” is the key word here — those technologies are not intelligent; they simply calculate the probability of the best answer from the data that is available to the chatbot.

And here lies the problem with generic chatbots like ChatGPT — their source of data is the whole Internet, and it cannot distinguish whether certain text about ISO 27001 on a particular website was written correctly or not.

On the other hand, specialized AI-powered chatbots use a proprietary knowledge base that is curated by experts — such chatbots provide much more accurate answers because when the source is accurate, the output will be accurate as well.

Adapt and prosper

I have no doubt that the ISO world will change a lot with generative AI technology — it will change not only how companies implement or maintain standards, but also how they train their employees, how the certification is performed, and yes — how consultants do their part.

Therefore, as an ISO 27001 consultant, it is better to start changing how you work, and to start using this new technology to make your work more productive, but also more meaningful.

Experta AI-powered knowledge base is free to use — click here to start using it. Experta is trained on a proprietary knowledge base built by Advisera’s ISO 27001 experts.

Advisera Dejan Kosutic
Author
Dejan Kosutic
Leading expert on cybersecurity & information security and the author of several books, articles, webinars, and courses. As a premier expert, Dejan founded Advisera to help small and medium businesses obtain the resources they need to become compliant with EU regulations and ISO standards. He believes that making complex frameworks easy to understand and simple to use creates a competitive advantage for Advisera's clients, and that AI technology is crucial for achieving this.

As an ISO 27001, NIS 2, and DORA expert, Dejan helps companies find the best path to compliance by eliminating overhead and adapting the implementation to their size and industry specifics.