International Standard

ISO 27001 Certification — The Foundation for AI Governance

ISO 27001 + ISO 42001 = complete information security and AI management. 93 Annex A controls with 60-70% overlap with ISO 42001 — faster certification if you already have ISO 27001.

Get Started Book a Demo

93Annex A Controls

4Control Themes

60-70%ISO 42001 Overlap

What is ISO 27001?

ISO/IEC 27001 is the international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring it remains secure through people, processes, and technology controls.

The 2022 revision includes 93 controls across 4 themes: Organisational, People, Physical, and Technological. For organisations deploying AI systems, ISO 27001 provides the security foundation — but it doesn't address AI-specific governance requirements like risk classification, impact assessments, or model transparency.

That's where the ISO 27001 + ISO 42001 combination becomes powerful. Norivo maps the 60-70% overlap between the two standards, meaning organisations already ISO 27001 certified can achieve ISO 42001 certification significantly faster. One platform, both standards, shared evidence.

ISO 27001 + ISO 42001 together: 60-70% control overlap means faster certification and lower audit costs when managed on one platform.

Why Norivo for ISO 27001?

ISO 42001 Fast-Track

Already ISO 27001 certified? Norivo identifies the 60-70% overlap and shows exactly what additional controls you need for ISO 42001.

Unified Audit Evidence

One evidence item can satisfy both ISO 27001 and ISO 42001 controls. Reduce documentation burden by 60%+ for dual certification.

Gap Analysis with Nora

Nora analyses your existing ISMS controls and generates a prioritised action plan for achieving ISO 42001 alongside your 27001 certification.

Key Requirements

A.5: Information security policies (Organisational)

A.6: Organisation of information security (Organisational)

A.7: Human resource security (People)

A.8: Asset management (Organisational)

A.9: Access control (Technological)

A.10: Cryptography (Technological)

A.11: Physical security (Physical)

A.12: Operations security (Technological)

A.13: Communications security (Technological)

A.14: System development security (Technological)

A.15: Supplier relationships (Organisational)

A.16: Incident management (Organisational)

How Norivo Helps

Import your existing ISMS

Already ISO 27001 certified? Import your statement of applicability and existing controls. Norivo maps everything automatically.

Map ISO 42001 overlap

Norivo identifies which ISO 27001 controls already satisfy ISO 42001 requirements — typically 60-70% of the standard.

Close the AI governance gap

For the remaining AI-specific controls, use Norivo's guided workflows, policy templates, and Nora's recommendations.

Prepare for dual certification

Generate unified audit packages covering both standards. Cross-referenced evidence demonstrates comprehensive governance.

Get ISO 27001 Compliant

Get set up by our team in under 48 hours.