COMPEL Glossary / iso-27001
ISO 27001
ISO/IEC 27001 is the international standard for information security management systems (ISMS).
What this means in practice
While not AI-specific, it provides the security governance foundation that AI systems require. AI introduces specific information security considerations beyond traditional IT: training data protection (preventing unauthorized access to datasets that may contain sensitive information), model intellectual property (protecting proprietary models from theft or reverse-engineering), inference data handling (securing the data flowing through prediction pipelines), and adversarial robustness (protecting models from deliberately crafted malicious inputs). In the COMPEL framework, the Calibrate stage assesses AI-specific security dimensions, and the Produce stage implements controls that extend the organization's existing ISMS to cover AI workloads.
Why it matters
While not AI-specific, ISO 27001 provides the security governance foundation that AI systems require. AI introduces security considerations beyond traditional IT, including training data protection, model intellectual property, inference data handling, and adversarial robustness. Organizations with existing ISO 27001 certification must extend their information security management system to address these AI-specific dimensions.
How COMPEL uses it
During Calibrate, COMPEL assesses AI-specific security dimensions that extend beyond traditional ISO 27001 scope. The Produce stage implements controls that extend the organization's existing ISMS to cover AI workloads. Module 4.2 covers framework interoperability including how COMPEL AI governance integrates with ISO 27001 security management. The Evaluate stage audits whether AI security controls meet both ISO 27001 and AI-specific requirements.
Related Terms
Other glossary terms mentioned in this entry's definition and context.