Governance & Compliance
ISO 27001
An international standard for an information security management system (ISMS) — a structured, certifiable program for managing security risk across an organization. Where SOC 2 is common in the US, ISO 27001 is the global benchmark.
Example
An overseas customer requires ISO 27001 certification before onboarding. Because your AI access controls and audit trail map to its requirements, the AI portion of the assessment is evidence you can hand over rather than a gap to close.
Related terms
SOC 2
A widely used security-and-controls audit standard (from the AICPA) that assesses how well a service organization protects customer data across areas like security, availability, and confidentiality. A SOC 2 report is often the first thing an enterprise buyer asks for.
ISO 42001
The first international standard for an AI management system (AIMS) — a certifiable framework specifically for governing how an organization builds and runs AI responsibly, including risk, oversight, and accountability. It's the AI-specific counterpart to ISO 27001.
NIST AI RMF
The AI Risk Management Framework from the US National Institute of Standards and Technology — a voluntary, widely referenced guide for identifying and managing AI risks across a system's life cycle. Not a certification, but a common language for AI governance.