trudie@tlnconsulting.co.uk

07795 802982

Information Security

ISO 27001:2022 - Information Technology - Security Techniques

Contact trudie@tlnconsulting.co.uk if you would like a more in-depth gap analysis to any standard.

ISO 27001:2022 -

Information security, cybersecurity and privacy protection — Information security management systems 

Benefits of implementing an Information Security Management System include:

  • -Helps to protect all forms of information, including digital, paper-based, intellectual property and personal information.
  • -Increases resilience to cyber attacks.
  • -Provides a framework for keeping your organisation’s information safe and managing it all in one place.
  • -Offers organisation-wide protection from technology-based risks and common threats such as ineffective procedures.
  • -Helps respond to evolving security threats both in the environment and inside the organisation.
  • -Reduces costs associated with information security.
  • -Protects the confidentiality, integrity and availability of data with a set of policies, procedures, and technical and physical controls.
  • -Ensures timely resumption of information and critical business processes.
  • -Improves company culture and enables employees to embrace security controls as part of their everyday working practices.
Contact Us
This standard addresses the information security culture & infrastructure of the organisation and TLN Consulting will ensure policies and procedures are written which reflect and address your business needs and risks, as well as those of your customers, the standard and all legal requirements.

Acceptable Use Policy and AI Chatbots (LLMs)

To reduce your risk, you may want to consider updating any existing Acceptable Use policies to include AI.

If you are using free LLMs like ChatGPT eg. for tenders, an auditor would be likely to challenge this.

Most UK corporates, NHS bodies, councils, and tier-one contractors are now:

-Blocking free ChatGPT etc. on corporate networks unless via an approved enterprise version.

 

-Writing AI Acceptable Use Policies that:

-Prohibit inputting personal/confidential data into free AI tools.

-Define approved use cases (e.g. summarising public documents)

-Require attribution/review (no blind copy-paste).

-Specify procurement route for new AI tools (so IT/security check contracts & compliance).

Free versions don’t offer data processing agreements, enterprise security assurances, or audit logs. Inputs may be used for model training (unless opted out).

No contractual control = risk under A.15 (supplier relationships).

An auditor wouldn’t insist on a specific product (e.g. ChatGPT Enterprise vs Copilot), but they would insist that risk assessment and controls are in place:

  • -Documented  Acceptable Use policy
  •  
  • -Clear risk acceptance or mitigation
  •  
  • -Preferable: use of a paid/enterprise version with contractual assurances (no training, data residency, admin controls).
  •  
  •  -In addition, you may also want to amend your Access Control Policy

  • As always, please call if you would like help with the above policies 07795 802 982

You Can Download our free 27001 Checklist

Download Our High-level 27001 Checklist
FURTHER RESOURCES

Check out our FURTHER RESOURCES page

Let's chat about your ISO Certification requirements

TLN Logo depicting shield lock and tick to show compliance
  • TLN Consulting
  • Brierley Holt (Accountants) Ltd
  • 78 Borough Road
  • Altrincham
  • Cheshire
  • WA15 9EJ
  • trudie@tlnconsulting.co.uk
  • Tel: 07795 802 982
Linkedin

Contact Us

More about ISO TRAINING

© 2024 Tln Consulting

Privacy Policy