ISO 27001 and Artificial Intelligence

1Does ISO 27001 addresses AI from a human factor in the Annexis and which one?

Answer: ISO 27001 does not treat requirements and controls in terms of technologies that can be used, but in terms of security objectives to be achieved. So there is no control that explicitly address AI, but this does not prevent AI to be used in any one of them if you can show that the use of AI can fulfil the stated objective (e.g. if you can show that AI can successfully review logs of human activity in search for anomalies, you can address controls A.12.4.1 (Event logging) and A.12.4.3 (Administrator and operator logs)).

2Shall we add AI as a add on to the ISO27001 ISMS compliance?

Answer: Using AI is not mandatory for ISO 27001, but you can make such kind of statement if you can demonstrate how AI can fulfil specific requirements or controls of the standard.

This article will provide you further explanation about s pecific solutions in ISO 27001:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

These materials will also help you regarding controls in ISO 27001:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/