Beginner

Building an ISMS for AI Systems

An Information Security Management System provides the framework for managing information security risks systematically. Extending an ISMS to cover AI requires identifying AI-specific assets, threats, and controls.

ISMS Fundamentals

An ISMS is a systematic approach to managing sensitive information so that it remains secure. It encompasses people, processes, and technology through a risk management framework. The core cycle follows the Plan-Do-Check-Act (PDCA) model:

  1. Plan: Establish the ISMS policy, objectives, processes, and procedures
  2. Do: Implement and operate the ISMS
  3. Check: Monitor and review the ISMS performance
  4. Act: Maintain and improve the ISMS based on findings

AI-Specific Assets to Include

When extending your ISMS scope to include AI, these assets must be inventoried and classified:

Asset CategoryExamplesClassification
Training dataDatasets, labels, annotationsConfidential to Restricted
ModelsWeights, architectures, hyperparametersConfidential
AI infrastructureGPU clusters, training pipelines, serving endpointsInternal
Prompts and configurationsSystem prompts, fine-tuning configs, RAG pipelinesConfidential
AI outputsPredictions, generated content, decisionsVaries by use case
Evaluation dataTest sets, benchmarks, red team resultsConfidential

AI Risk Assessment Process

The ISMS risk assessment for AI should follow this structured approach:

  1. Identify AI Assets

    Catalog all AI-related assets including models, data, infrastructure, and personnel with AI expertise.

  2. Identify Threats

    Enumerate threats specific to AI: adversarial attacks, data poisoning, model theft, prompt injection, supply chain compromises of AI libraries.

  3. Assess Vulnerabilities

    Evaluate AI system vulnerabilities: model robustness, data pipeline security, inference endpoint exposure, third-party AI service dependencies.

  4. Calculate Risk

    Determine the likelihood and impact of each risk scenario using your organization's risk criteria and scoring methodology.

  5. Treat Risks

    Select treatment options: mitigate with controls, transfer via insurance or outsourcing, accept with documented rationale, or avoid by not deploying the AI system.

💡
Scope definition: Clearly define which AI systems fall within your ISMS scope. Include all systems that process, store, or transmit information within the scope boundary, including third-party AI services accessed via APIs.

Documenting the AI ISMS

ISO 27001 requires specific documentation. For AI systems, ensure you document:

  • AI security policy and objectives
  • AI asset inventory and classification
  • AI-specific risk assessment methodology and results
  • Statement of Applicability (SoA) covering AI controls
  • AI model lifecycle security procedures
  • Third-party AI vendor assessment records
  • AI incident response procedures
Practical advice: Start with your existing ISMS documentation and extend it to cover AI. You do not need a separate ISMS for AI — integrate AI security into your existing management system.