Zurück zum Trust Center
Gültig ab: 2026-05-01
Nur auf Englisch verfügbar. Dieses Rechtsdokument wird auf Englisch als verbindliche Fassung bereitgestellt. Die Trust-Center-Oberfläche ist in Ihre Sprache übersetzt.

Intellectual Property Compliance — ISMS Copilot

Effective Date: 2026-05-01.

Overview

ISMS Copilot is built on legitimately acquired sources, original consulting expertise, and clearly attributed third-party content. This page summarises how we handle the intellectual property of the standards organisations whose frameworks our platform helps customers implement, the safeguards built into our AI guidance, and the open-source and Creative Commons licences that govern certain platform components.

A more detailed operational article is maintained on our help centre at help.ismscopilot.com → Intellectual Property Compliance. This page is the canonical Trust Center summary.

Standards procurement

All standards and frameworks referenced by ISMS Copilot are acquired through their authorised channels:

  • ISO standards (ISO 27001, ISO 27701, ISO 42001, ISO 9001, and others) — purchased through authorised national standards bodies (AFNOR for France, BSI for the United Kingdom, DIN for Germany, NEN for the Netherlands, and equivalents elsewhere).
  • SOC 2 Trust Services Criteria — acquired from the AICPA (American Institute of Certified Public Accountants).
  • PCI DSS — obtained from the PCI Security Standards Council.
  • Public-law instruments (GDPR, NIS 2, DORA, EU AI Act, BSIG, and similar) — referenced as published law; no acquisition needed.

Proof of purchase is retained for every copyrighted standard and updated editions are acquired as they are published.

How we protect IP rights

Framework knowledge tables

Our framework reference tables contain only:

  • Control identifiers (for example, ISO 27001 A.5.1, SOC 2 CC6.1).
  • Concise control titles.

We do not reproduce the full normative text of any copyrighted standard, nor copyrighted implementation guidance. Control identifiers and short titles are factual elements not subject to substantial copyright protection. Customers conducting certification or audit work must obtain official copies of the relevant standards from authorised distributors.

AI-generated content guardrails

All of our AI system prompts include the following IP-protection rules:

  • No verbatim quotation — the AI is instructed not to quote excerpts from ISO standards or other copyrighted texts.
  • No close paraphrasing — generated content must not closely reproduce copyrighted expression.
  • Attribution required — AI responses identify the organisation that developed the referenced standard.
  • Original guidance only — focus on actionable advice tailored to the user's specific context.

AI-provider indemnification

Our AI providers (Anthropic, Mistral, and the OpenRouter underlying-provider stack) offer copyright indemnification to qualifying enterprise and API customers for certain claims related to model-generated outputs. These protections apply only to content generated by the models themselves. All material we inject into AI context — including framework reference tables and knowledge-base content — is independently verified for IP compliance and does not rely on provider indemnification.

Knowledge-base management

Our retrieval-augmented generation (RAG) knowledge base contains only original consulting knowledge created by the Better ISMS team. We conduct annual audits to verify:

  • No copyrighted standard text from ISO, AICPA, NEN, BSI or other standards bodies.
  • All content is original or lawfully licensed.
  • No content scraped from unauthorised sources.

Most recent audit: February 2026 — Result: Compliant.

Third-party content under permissive licences

Some platform content is openly licensed and is incorporated under the terms of its source licence. Adapted versions retain the original licence and attribution.

SOC 2 Report Review skill (Creative Commons)

The built-in SOC 2 Report Review skill in the chat product adapts the SOC 2 Reliability Rubric maintained by the SOC 2 Quality Guild (s2guild.org), originally licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0), © 2026 SOC 2 Quality Guild. In accordance with the share-alike obligation in CC BY-SA 4.0 §3(b)(1), this adaptation is also licensed under CC BY-SA 4.0.

The 11-signal taxonomy and the Structure / Substance / Source pillar grouping are taken from the Guild rubric. The chat workflow, the Pass / Flag / Skip verdict scheme, and the summary scorecard format are this project's adaptation. The same rubric is also the basis of the public ISMS Copilot tool at ismscopilot.com/resources/soc2-red-flags-checker.

Open-source dependencies

The ISMS Copilot software incorporates third-party open-source software through the dependency manifests of its repositories. Common licences across these dependencies include MIT, Apache-2.0, ISC, BSD-2-Clause, BSD-3-Clause, and MPL-2.0. A full register of these dependencies, alongside the Creative Commons-licensed components above, is maintained internally and available on request — contact legal@ismscopilot.com.

What this means for you

ISMS Copilot provides implementation guidance grounded in legitimately acquired standards and original consulting expertise. We do not reproduce copyrighted standards, and we do not substitute for them. You receive actionable advice; you remain responsible for obtaining the official standards you need for certification or audit work. Where platform content is openly licensed, we credit the source and honour the licence in full.

Compliance mapping

This page corresponds to the following control objectives in our internal ISMS:

  • ISO 27001:2022 A.5.32 — Intellectual property rights.
  • SOC 2 CC3.1 — Risk assessment and management.

Contact

To report a discrepancy or to ask about the licensing status of a specific component, contact legal@ismscopilot.com.