Dejan Kosutic If you’re starting to implement ISO 27001, you probably have questions about what the standard requires, how to organize the project, how to implement each step, which documents to write, how to structure each document, who should be in charge of implementation, what kind of evidence needs to be created, etc.
And the good thing is — all of these question can be answered by using AI tools. Read on, and I’ll show you several examples.
AI-powered chatbots can help ISO 27001 implementation by answering the following questions:
- What are the requirements of the standard?
- How should the project be organized?
- How should each step be implemented?
- How should documentation be handled?
- What kind of evidence is needed for certification?
In this article, I’ll use Experta to answer all of these questions — this is a specialized AI-powered chatbot-style knowledge base for ISO 27001 (Experta is currently free to use; you can sign up here). The reason I’m not using ChatGPT is that this kind of generic AI chatbot does not provide accurate enough answers, so a specialized AI tool is needed.
For more on advanced usage of AI tools for consultants, see this article: How can AI help ISO 27001 consultants?
What are the requirements of the standard?
For starters, you might want to learn about the basics of the standard — to do that, you can ask questions like these (click the question or the image to show the full answer):
“What are the main benefits of ISO 27001?” 
How should the project be organized?
After you have gained some basic knowledge, you can start exploring how to organize your ISO 27001 implementation project — here are some things you might ask:
“What are the steps in ISO 27001 implementation?”
“How long does it take to implement ISO 27001?”
“How much does it cost to implement ISO 27001?”
“How to select the project manager for ISO 27001?”
“Should we use an ISO 27001 consultant?”
How should each step be implemented?
Once you have organized your project, you should start implementing the standard, step by step. Here are some questions you might ask:
“What are the steps to define the ISMS scope?”
“Who should be in charge of defining the ISMS scope?”
“What are the steps to perform risk assessment and treatment?”
“How to implement control A.8.13 Information backup?”
How should documentation be handled?
Implementing various steps usually goes hand in hand with writing documentation — here’s what you can ask:
“What are mandatory documents for ISO 27001?”
“How to document clause 4.2 Understanding the needs and expectations of interested parties?”
“How to document control A.5.7 Threat intelligence?”
“What is the structure of Statement of Applicability?”
What kind of evidence is needed for certification?
If your company is going for the certification, you’re probably wondering what kind of evidence will be needed — therefore, you might ask:
“What kind of records are needed according to ISO 27001?”
“Are training records required?”
“What will the certification auditor look for regarding control A.5.18 Access rights?”
Is Experta AI-Powered Knowledge Base enough for implementation?
I’m not saying that Experta or similar AI-powered chatbots can completely replace other tools used for ISO 27001 implementation — you will still need documentation templates, some kind of risk management tool, etc.
However, AI-powered chatbots can be a great complementary tool — this kind of chatbot can do all of the things that you can’t figure out from the templates or from a GRC tool.
By the way, the questions listed in this article are only examples of what you can ask Experta — feel free to explore on your own. There’s a lot to learn!
Experta AI-powered knowledge base is free to use — click here to start using it. Experta is trained on a proprietary knowledge base built by Advisera’s ISO 27001 experts.
