Blog

It’s no secret that ISO 27001 has become one of the most popular compliance initiatives globally for organizations wishing to prove the solidity of their information security. And though many have already reaped the benefits, some may not have, and others may want to take further advantage of ISO’s stellar reputation regarding their provided frameworks and stack more certifications. Among your options is ISO 22301—another international standard focused on business continuity management.

For anyone immersed in digital technology, you know that artificial intelligence (AI) is all the rage right now, and for good reason, the use cases for this technology are growing all the time. But as AI continues to enmesh with daily life as well as business, security concerns have grown in parallel, as have questions regarding the implications on organizations and their ongoing compliance efforts. At the top of mind for many has been how AI factors into SOC 2 examinations.

Since being published in December 2023, a lot of people are still wrapping their heads around the ISO 42001 standard. While designed to help all organizations who provide, develop, or use artificial intelligence (AI) products and services do so in a trustworthy and responsible manner with the requirements and safeguards that the standard defines—including defining your AI role.

When seeking ISO 42001:2023 certification, you must ensure that your artificial intelligence management system (AIMS) aligns with the standard’s key clauses (4-10), each of which focuses on a specific facet—context, leadership, planning, support, operation, performance evaluation, and improvement.

Within a few months of their latest update to their Data Protection Requirements (DPR) to address a coding incident (version 9.1), Microsoft released a draft or “pre-read” for their version 10 requirements that will be utilized for its Supplier Security and Privacy Assurance (SSPA) process as of the 2025 fiscal year. Arguably the largest update to the DPR since September 2018, v10’s new mandates address artificial intelligence (AI) and include important references to ISO 42001 that suppliers may want to take advantage of during their next compliance cycle.

Underscoring the firm's commitment to responsible AI, this accreditation enables Schellman to certify organizations against the first global AI standard of its kind

As we continue to live through what is an increasingly digital society, data centers have become the backbone of our interconnected world, handling everything from cloud computing to data storage and beyond. That takes a lot of energy, and as environmental impact becomes more and more of a concern, ISO 14001 certification has emerged as a top option to help organizations better manage their carbon footprint, and a particularly pertinent option for data centers.

As they’re now two of the most popular compliance initiatives in the world, many organizations often choose to pursue either SOC 2 or ISO 27001, and others are tackling both. In fact, there are strategic benefits to be gained in undergoing both a SOC 2 examination and achieving ISO 27001 certification, especially as you can do both at the same time.