Is Artificial Intelligence Help ISO 27001 Consultants?

Danis Miler
So, you're an ISO 27001 consultant, and you believe that generative AI will eliminate all of your clients? Or do you believe that generative AI will never be accurate enough for professional work?

Well, none of this is true –AI-powered tools will become quite intelligent, and skilled ISO 27001 consultants will be able to use such AI tools in their daily work to become even more effective.

How ISO 27001 Consultants can Apply AI in their Work?

  • Project administration AI tools
  • AI tools integrated into GRC software
  • Specialised AI-powered chatbots

What Kinds of AI Technologies will be Available to ISO 27001 Consultants?

At the time of writing (second half of 2023), trends indicate that the following sorts of AI technologies are (or will be very soon) available to ISO 27001 consultants:

  • AI tools that aid in project management — for example, Notion. so generates summaries of project tasks (or any document), while Fireflies.ai generates transcripts and to-do lists; in the future, there will most likely be tools that automatically communicate with project team members and possibly resolve some less complex organisational tasks.
  • AI tools that will be integrated into GRC software – such tools will be capable of speeding up risk management, document drafting, gathering proof, and so on.
  •  AI tools that are text-based and utilised for conversations – today, these take the form of chatbots.

Since AI tools in this latter category (AI-powered chatbots) are now the most advanced, I'll concentrate on them in this post.

How might AI-powered Chatbots be used by Consultants for ISO 27001?

AI-powered chatbots can assist ISO 27001 consultants with the following:

  • Teach less experienced consultants about ISO 27001.
  • Save time when verifying things.
  • Accelerate implementation
  • Assist with internal audits and pre-certification checks
  • Make training materials

What to Anticipate from AI-Powered Chatbots in the Future?

There are some things that AI technologies cannot perform (now); nevertheless, these capabilities will almost probably be added soon:

  • Creating personalised documents. AI tools will enable semi-automatic writing of ISO 27001 documents that are personalised for a company depending on its industry, size, internal context, and so on.
  • Examining the text of policies and procedures. AI technologies will be able to understand the language of your papers and tell you what needs to be improved — for example, some parts of the document may not be compliant with the standard or may not follow best practices.
  • Policy and procedural revision. Consider uploading the text of your, say, Access Control Policy that was written according to the previous 2013 revision and having it automatically modified for the 2022 revision. This is no longer science fiction; such features will be available very soon.

How do AI-Powered Chatbots Work?

An AI-powered chatbot works on the premise that if you ask it a question, it will use generative AI technology to predict the best answer. The crucial word here is "predicted" — these technologies are not clever; they just calculate the probability of the best answer given the facts available to the chatbot.

This is the problem with general chatbots like ChatGPT: their data source is the entire Internet, and it cannot tell whether some material regarding ISO 27001 on a specific website was written correctly or not.

Specialised AI-powered chatbots, on the other hand, employ a proprietary knowledge base that is curated by specialists — Such chatbots deliver significantly more accurate replies since when the source is correct, the output is correct as well.

