How to implement ISO 27001 using generative AI

If you’re starting to implement ISO 27001, you probably have questions about what the standard requires, how to organize the project, how to implement each step, which documents to write, how to structure each document, who should be in charge of implementation, what kind of evidence needs to be created, etc.

And the good thing is — all of these question can be answered by using AI tools. Read on, and I’ll show you several examples.

AI-powered chatbots can help ISO 27001 implementation by answering the following questions:
  • What are the requirements of the standard?
  • How should the project be organized?
  • How should each step be implemented?
  • How should documentation be handled?
  • What kind of evidence is needed for certification?

In this article, I’ll use Experta to answer all of these questions — this is a specialized AI-powered chatbot-style knowledge base for ISO 27001 (Experta is currently free to use; you can sign up here). The reason I’m not using ChatGPT is that this kind of generic AI chatbot does not provide accurate enough answers, so a specialized AI tool is needed.

For more on advanced usage of AI tools for consultants, see this article: How can AI help ISO 27001 consultants?

What are the requirements of the standard?

For starters, you might want to learn about the basics of the standard — to do that, you can ask questions like these (click the question or the image to show the full answer):

“What are the main benefits of ISO 27001?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“What are ISO 27001 clauses?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“What is ISMS?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

How should the project be organized?

After you have gained some basic knowledge, you can start exploring how to organize your ISO 27001 implementation project — here are some things you might ask:

“What are the steps in ISO 27001 implementation?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“How long does it take to implement ISO 27001?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“How much does it cost to implement ISO 27001?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“How to select the project manager for ISO 27001?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“Should we use an ISO 27001 consultant?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

How should each step be implemented?

Once you have organized your project, you should start implementing the standard, step by step. Here are some questions you might ask:

“What are the steps to define the ISMS scope?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“Who should be in charge of defining the ISMS scope?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“What are the steps to perform risk assessment and treatment?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“How to implement control A.8.13 Information backup?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

How should documentation be handled?

Implementing various steps usually goes hand in hand with writing documentation — here’s what you can ask:

“What are mandatory documents for ISO 27001?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“How to document clause 4.2 Understanding the needs and expectations of interested parties?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“How to document control A.5.7 Threat intelligence?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“What is the structure of Statement of Applicability?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

What kind of evidence is needed for certification?

If your company is going for the certification, you’re probably wondering what kind of evidence will be needed — therefore, you might ask:
“What kind of records are needed according to ISO 27001?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“Are training records required?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy

“What will the certification auditor look for regarding control A.5.18 Access rights?” How to implement ISO 27001 using generative AI - 27001Academy

How to implement ISO 27001 using generative AI - 27001Academy
How to implement ISO 27001 using generative AI - 27001Academy

Is Experta AI-Powered Knowledge Base enough for implementation?

I’m not saying that Experta or similar AI-powered chatbots can completely replace other tools used for ISO 27001 implementation — you will still need documentation templates, some kind of risk management tool, etc.

However, AI-powered chatbots can be a great complementary tool — this kind of chatbot can do all of the things that you can’t figure out from the templates or from a GRC tool.

By the way, the questions listed in this article are only examples of what you can ask Experta — feel free to explore on your own. There’s a lot to learn!

Experta AI-powered knowledge base is free to use — click here to start using it. Experta is trained on a proprietary knowledge base built by Advisera’s ISO 27001 experts.

Advisera Dejan Kosutic
Author
Dejan Kosutic
Leading expert on cybersecurity & information security and the author of several books, articles, webinars, and courses. As a premier expert, Dejan founded Advisera to help small and medium businesses obtain the resources they need to become compliant with EU regulations and ISO standards. He believes that making complex frameworks easy to understand and simple to use creates a competitive advantage for Advisera's clients, and that AI technology is crucial for achieving this.

As an ISO 27001, NIS 2, and DORA expert, Dejan helps companies find the best path to compliance by eliminating overhead and adapting the implementation to their size and industry specifics.