At ISMS Copilot, we are committed to the responsible development and deployment of our AI systems, ensuring strict adherence to intellectual property (IP) rights at every stage. Our practices comply with applicable regulations, including French intellectual property law, U.S. copyright laws, and the EU AI Act, while maintaining the highest standards of ethical AI use.
Our AI assistants provide general guidance on compliance frameworks like ISO 27001, NIST 800-53, EU AI Act and do not include or reproduce copyrighted materials, such as the ISO 27001 standard, in their body of knowledge. The assistants’ knowledge base relies solely on internal resources and expertise developed by Better ISMS. ISMS Copilot is not a substitute for official standards, and users must purchase or access official ISO documents from authorized sources, such as the International Organization for Standardization (ISO) or its authorized distributors, for specific requirements.
ISMS Copilot is an independent service and has no affiliation with ISO, NIST, or other information security organizations. We do not represent or claim to be endorsed by these entities. It confirms that training data relies solely on Better ISMS’s internal resources, public domain, open-source, or synthetic sources, and excludes copyrighted materials, including ISO 27001 and other standards. Users should refer to official sources for standards developed by these organizations.
Our AI assistants are trained on curated, lawful datasets that exclude copyrighted materials. The table below summarizes the types of data used in training, ensuring transparency and compliance with intellectual property laws:
| Data type | Description | Source | Exclusions |
|---|---|---|---|
| Proprietary QnA datasets | Question-and-answer pairs on compliance frameworks (e.g., ISO 27001, SOC 2, GDPR) | Created by Better ISMS based on consulting expertise, informed by general ISMS principles | No ISO NIST frameworks, or copyrighted content |
| Synthetic QnA pairs | Hypothetical compliance scenarios and questions | Generated by Better ISMS using original content | No copyrighted standards, regulations, or external texts |
| User-derived QnA insights | QnA pairs based on anonymized patterns from user conversations (e.g., common ISMS queries) | Insights from reviewing ISMS Copilot usage, stripped of user information | No user data or copyrighted materials |
| Public domain resources | Cybersecurity guidelines and expired copyright works | U.S. NIST publications (e.g., SP 800-53), public domain in the U.S. | No ISO standards or copyrighted content |
| Open-source content | Guides and reports under permissive licenses | Creative Commons (CC0, CC BY) materials from cybersecurity communities | No restricted TDM or copyrighted standards |
| Licensed content | Partners-provided original information security guidance | Generated by partners using orginal content | No ISO standards or copyrighted content |
We do not scrape the web to train our AI, except for our own website, ensuring our training data remains free of unauthorized copyrighted material or personal data. By using curated, anonymized QnA datasets created or licensed by ISMS Copilot, we maintain accuracy and compliance, avoiding risks associated with web-scraped content.
Our AI models are trained on independently created or lawfully sourced content, focusing on general knowledge and implementation strategies for standards like ISO 27001, SOC 2, GDPR, and others. We explicitly exclude protected materials, such as verbatim standards or regulations, from our training datasets, aligning with fair use principles and EU copyright requirements.
We do not train our AI models on user data or conversations. Our licensing agreement excludes business-specific or user-provided data from model improvement processes, ensuring that no user intellectual property is incorporated into our AI. This protects user privacy and prevents any risk of IP infringement from user interactions.
Our AI assistants are designed with robust guardrails to prevent generating content that infringes on intellectual property rights. They avoid reproducing copyrighted material (e.g., exact clauses from standards or regulations), and provide actionable, implementation-focused guidance. Outputs are crafted to be compliant with IP laws, giving users confidence in their originality and legality.
When providing guidance on standards or frameworks, our assistants attribute the developing organization (e.g., ISO for ISO 27001, AICPA for SOC 2, EU for GDPR) and direct users to official sources for verbatim requirements. Users must obtain official standards from authorized distributors to ensure access to accurate and complete requirements.
We implement strict controls to safeguard customer data, ensuring it is never used for training or generating outputs. Our AI systems rely solely on curated, anonymized datasets, preventing any unauthorized use of IP-protected or sensitive information.