ISMS Copilot

Compliance Information

• Regulatory Compliance: We adhere to relevant regulatory requirements, including GDPR and CCPA. We are also preparing for compliance with the upcoming EU AI Act.
• Industry Standards: We are working towards ISO 27001 certification and SOC 2 attestation to demonstrate our commitment to security, availability, and confidentiality.
• Internal Policies: We have implemented comprehensive internal policies covering information security, data protection, acceptable use, incident response, and change management. Our list of policies is accessible on our Trust Center main page.
• Employee Training: All employees undergo regular compliance training to ensure adherence to our compliance requirements.
• Vendor Management: We carefully vet and monitor our vendors and subprocesses to ensure they meet our compliance standards. If they’re outside EU, we require safeguards, typically SCCs.
• Continuous Monitoring: There are areas multiple monitoring areas, including Stripe Radar for Payments and Card Fraud Prevention.

Intellectual Property Compliance

At ISMS Copilot, we prioritize the responsible development and deployment of our AI systems to ensure they respect intellectual property (IP) rights at every stage.

1. Ethical AI Training: Our AI models are trained on content we create independently, drawing on general knowledge and implementation strategies for standards like ISO without directly using or replicating protected materials. This ensures that our AI is not exposed to IP-protected content during its training process.
2. User Licensing Agreement: We have established clear agreements that allow us to improve our AI models based on user interactions, while strictly excluding any business-specific data. This ensures that the AI evolves based on generalized knowledge and user feedback without infringing on user-specific intellectual property.
3. IP-Compliant Outputs: By focusing on training our AI on non-protected and independently created content, we ensure that the outputs generated by our AI systems do not infringe on intellectual property rights. When you use ISMS Copilot, you can trust that the content generated is both original and compliant with IP laws.
4. Clear attribution: We instructed our models to always mention the organization at the source of a standard or a framework, when the users asks information about their framework/standard.
5. Data Protection: We maintain strict controls to ensure that customer data is never used inappropriately. Our AI models do not train on or generate outputs based on customer-provided data, further safeguarding intellectual property.
6. Transparent Usage Policies: We are committed to transparency in how we handle data and intellectual property. Our clear and accessible data usage policies are designed to inform and protect our users, ensuring that all interactions with our AI are both safe and compliant with relevant legal standards.
7. Ongoing Compliance and Education: We regularly consult with legal experts in intellectual property compliance and continuously review our measures to stay aligned with the latest legal standards. This proactive approach ensures that we remain up-to-date and compliant with evolving IP laws, providing our users with reliable and legally sound AI solutions.