ISMS Copilot Integration - Security FAQ

This section will provide details on the security measures and compliance related to integrating our information security compliance chatbot. By integration, we mean embedding one of our assistants into your own service, such as a compliance platform.

As of today, the only available chatbot for integration is the ISO 27001 Copilot. You can select either the US version or the EU version. If you need a more custom chatbot, please check out this page.

1. Intellectual Property

The ISO 27001 Copilot's knowledge base does not contain copyrighted information. It operates on our own proprietary knowledge to assist users in their compliance efforts.

2. Language Model

Our chatbots currently adopt the Anthropic Claude 3.5 Sonnet model. However, we can offer custom solutions where you can choose from other AI providers such as OpenAI, Anthropic, or Mistral, depending on your organization’s requirements.

3. Data Location and Retention

Data Storage: Data is securely stored in AWS data centers, either in the US or Europe, based on customer preference.
Data Retention: Our default data retention period is 30 days, after which the data is automatically purged from our servers (AWS Amsterdam). The AI provider (Anthropic) also retains the data for 30 days.
Customization: We can offer custom retention periods to align with your organizational policies.

4. Security Measures

Encryption: All data in transit is secured using SSL/TLS encryption. Data at rest is encrypted using AWS's AES-256 encryption.
Access Controls: We implement strong access control policies, including mandatory two-factor authentication (2FA) for all users.
Principle of Least Privilege: Admin access follows the principle of least privilege, and all admin accounts are protected with multi-factor authentication (MFA).
Generated Policy Protection: Policies generated by the chatbot are stored as uneditable text within chat logs, ensuring no unauthorized modifications can be made.

5. Compliance

GDPR: ISMS Copilot complies with GDPR through short data retention periods and stringent security controls.
ISO 27001 and SOC 2: We are currently working towards ISO 27001 and SOC 2 certifications but are not certified yet. We are happy to undergo a security review or questionnaire to align with your organizational requirements.

6. Customization

The chatbots we offer for integration can have knowledge of your company, be named as per your preference. This includes setting up data retention periods and allowing you to choose the AI model of your preference.