{"id":25635,"date":"2025-11-25T16:22:46","date_gmt":"2025-11-25T16:22:46","guid":{"rendered":"https:\/\/www.dionach.com\/?p=25635"},"modified":"2025-11-25T16:23:29","modified_gmt":"2025-11-25T16:23:29","slug":"iso-27001-ai-dont-rebuild-extend","status":"publish","type":"post","link":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/","title":{"rendered":"ISO 27001 & AI:\u00a0Don’t\u00a0Rebuild.\u00a0Extend."},"content":{"rendered":"\n

As organisations race to integrate AI for competitive advantage, we rarely see a lack of activity. Instead, we see a variation in strategy, often resulting in missed opportunities for efficiency. <\/p>\n\n\n\n

We tend to see businesses fall into one of three categories. <\/p>\n\n\n\n

First, there are those pushing for speed; deploying AI rapidly to gain an edge while viewing governance as a hurdle to be cleared later. <\/p>\n\n\n\n

Second, there are those relying on their existing strength. These organisations trust that their mature ISO 27001 certification covers them. While this is a logical starting point, it often underestimates the AI-specific risks, such as algorithmic bias, lack of transparency, and ethical accountability, that fall outside the scope of a traditional ISMS. <\/p>\n\n\n\n

Finally, there are\u00a0those\u00a0starting from scratch. They are building\u00a0entirely new governance structures and committees to align with emerging\u00a0standards like ISO 42001<\/a>, NIST<\/a>, or the EU AI Act<\/a>. While the goal is correct, the method is often inefficient; they are rebuilding management machinery they already own.<\/p>\n\n\n\n

There is, however, a more effective approach.<\/strong> <\/h2>\n\n\n\n

If you already hold an ISO 27001 certification, you do not need to choose between ignoring the risk or rebuilding your governance from the ground up. You simply need to recognise, and extend, the asset you already have. <\/p>\n\n\n\n

Here is the reality of bridging the gap between Information Security (ISO 27001<\/a>) and AI Governance (ISO 42001<\/a>).<\/p>\n\n\n\n

The Good News: The Infrastructure is Already Built<\/strong> <\/h2>\n\n\n\n

Let\u2019s start with the efficiency case, because it is undeniable. <\/p>\n\n\n\n

Implementing any ISO standard involves a significant amount of management infrastructure. Before you even get to the technical controls, you have to build the machinery of the management system: determining the context of the organisation, establishing leadership roles, defining document control frameworks, and setting up internal audit programmes. <\/p>\n\n\n\n

Technically, this is known as the Annex SL High-Level Structure. <\/p>\n\n\n\n

In a mature ISMS, this framework is already built, documented, and operational. <\/p>\n\n\n\n

This gives you a significant head start. By reusing this framework, you strip away weeks of administrative setup and cost. Consider the practicalities: <\/p>\n\n\n\n

    \n
  • Internal Audit:<\/strong>\u00a0You already have an audit schedule,\u00a0a methodology, and a reporting line to the board. You\u00a0don’t\u00a0need a new “AI Audit Function”; you simply need to extend the scope of your existing audits to include AI controls.\u00a0<\/li>\n<\/ul>\n\n\n\n
      \n
    • Competence & Training:<\/strong>\u00a0You already have a system for onboarding and training staff on data handling. You\u00a0don’t\u00a0need a new Learning Management System; you just need to inject modules on AI ethics and bias.\u00a0<\/li>\n<\/ul>\n\n\n\n
        \n
      • Vendor Management:<\/strong>\u00a0You already assess suppliers for security. You simply need to add questions\u00a0regarding\u00a0model provenance and data transparency to your existing due diligence questionnaires.\u00a0<\/li>\n<\/ul>\n\n\n\n

        This reuse represents the vast majority of the structural work required for ISO 42001. The machinery is there; it just needs a new set of instructions. <\/p>\n\n\n\n

        The Reality Check: Security is Not Trustworthiness<\/strong> <\/h2>\n\n\n\n

        However, this is where we need to be realistic. Having the management<\/em> infrastructure in place does not mean the governance<\/em> work is finished. <\/p>\n\n\n\n

        We often see organisations assume that because they are ISO 27001 certified, they are “covered” for AI. This is an assumption that leaves the organisation exposed. <\/p>\n\n\n\n

        To understand why, we must look at the fundamental difference in the objective<\/em> of these standards. <\/p>\n\n\n\n

        ISO 27001 is about Information Security.<\/strong> It focuses on Confidentiality, Integrity, and Availability (CIA). It asks: Is the training data encrypted? Is access to the model restricted? Is the server patched? <\/p>\n\n\n\n

        ISO 42001 is about System Trustworthiness.<\/strong> It looks beyond security to broader concerns including fairness, transparency, and data quality. It asks: Is the model biased against a protected demographic? Can we explain how it reached its decision? Is the output accurate and reliable? <\/p>\n\n\n\n

        <\/div>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        The “Secure but Untrustworthy” Paradox<\/strong> Consider a “Black Box” AI recruitment tool. <\/h2>\n\n\n\n
          \n
        • From an ISO 27001 perspective:<\/strong>\u00a0If the\u00a0CV\u00a0data\u00a0is encrypted, access\u00a0is logged, and the system is available 99.9% of the time, it is compliant. It is secure.\u00a0<\/li>\n<\/ul>\n\n\n\n
            \n
          • From an ISO 42001 perspective:<\/strong>\u00a0If that secure model has\u00a0been trained\u00a0on historical data from a male-dominated sector, causing it to systematically reject female candidates, it is non-compliant. It is untrustworthy.\u00a0<\/li>\n<\/ul>\n\n\n\n

            Your encryption keys won\u2019t stop a model from hallucinating legal advice, and your firewall won\u2019t prevent algorithmic bias. This is the specific governance gap that your current ISMS cannot fill on its own. <\/p>\n\n\n\n

            The Opportunity: Focusing on the AI Specifics<\/strong> <\/h2>\n\n\n\n

            The business case for integrating ISO 42001 with your ISO 27001 is not that “it makes AI governance easy”. It is that it allows you to focus your energy where it matters. <\/p>\n\n\n\n

            Because you don’t have to waste time writing a new Nonconformity Procedure or setting up an Audit Committee, you can focus 100% of your effort on the critical task of governing your AI models. <\/p>\n\n\n\n

            To bridge the gap, you must implement new, AI-specific measures. Some of the most critical additions include: <\/p>\n\n\n\n

              \n
            1. AI Impact Assessments (AIA):<\/strong>\u00a0Unlike a security risk assessment, which looks at threats to the asset, an AIA looks at threats to the\u00a0subject<\/em>. You need a process to evaluate how your AI affects individuals and society before you deploy it.\u00a0<\/li>\n<\/ol>\n\n\n\n
                \n
              1. Data Quality vs. Data Integrity:<\/strong>\u00a0In ISO 27001, we care about “Integrity” (ensuring the file\u00a0hasn’t\u00a0been tampered\u00a0with). In ISO 42001, we care about “Quality” (ensuring the data is representative, unbiased, and suitable for training).\u00a0<\/li>\n<\/ol>\n\n\n\n
                  \n
                1. Human Oversight:<\/strong>\u00a0You need to define formally when a human must be in the loop. An automated decision might be secure, but is it ethically\u00a0appropriate to\u00a0let a machine make it without review?\u00a0<\/li>\n<\/ol>\n\n\n\n
                    \n
                  1. Adversarial Robustness:<\/strong>\u00a0Traditional vulnerability management and penetration testing often miss AI-specific attacks like “Prompt Injection” or “Model Poisoning.” These attacks target the logic of the model rather than the security of the code, requiring\u00a0a new approach\u00a0to testing and validation.\u00a0<\/li>\n<\/ol>\n\n\n\n

                    Don’t Rebuild. Extend.<\/strong> <\/h2>\n\n\n\n

                    The most logical path is not a massive new implementation project, but a targeted strategic extension.  <\/p>\n\n\n\n

                    This approach validates your existing investment in ISO 27001. It takes the robust machinery you have built for security and points it at a new target: AI Trustworthiness. <\/p>\n\n\n\n

                    <\/div>\n\n\n\n
                    \"\"<\/figure>\n\n\n\n

                    Where to Start?<\/strong> <\/h2>\n\n\n\n

                    To ensure your controls are effective, you must establish a clear baseline of your actual AI footprint. This means identifying not just the new tools your teams are adopting, but the generative features silently activating within the trusted software you already own. <\/p>\n\n\n\n

                    The most logical starting point is a structured discovery and assessment phase to answer three critical questions: <\/p>\n\n\n\n

                      \n
                    1. The Inventory Question:<\/strong>\u00a0Where is the AI?<\/em>\u00a0You need to look beyond the IT asset register. True visibility means engaging with business units to uncover “shadow” usage and auditing your existing software stack for embedded features.\u00a0<\/li>\n<\/ol>\n\n\n\n
                        \n
                      1. The Gap Question:<\/strong>\u00a0What is the true crossover?<\/em>\u00a0You need to map your existing ISO 27001 controls against ISO 42001 to\u00a0determine\u00a0what\u00a0is fully covered, what requires extension, and what is missing entirely.\u00a0<\/li>\n<\/ol>\n\n\n\n
                          \n
                        1. The Roadmap Question:<\/strong>\u00a0How do we bridge the gap?<\/em>\u00a0Create a prioritised implementation plan that focuses resources strictly on addressing the specific AI governance risks\u00a0identified.\u00a0<\/li>\n<\/ol>\n\n\n\n

                          Conclusion<\/strong> <\/h2>\n\n\n\n

                          AI governance can be a complex challenge, but it shouldn’t be an overwhelming one. <\/p>\n\n\n\n

                          If you have an ISMS in place, your infrastructure is already built. The most effective strategy is to treat ISO 42001 not as a new mountain to climb, but as a necessary and logical extension of the security culture you have already created. <\/p>\n\n\n\n

                          Dionach can help you identify your real AI exposure, extend your ISO 27001 controls to meet ISO 42001, and build a practical roadmap to trustworthy AI. Our experts ensure your governance is efficient, compliant, and aligned with your business goals so you can adopt AI securely and responsibly.<\/p>\n\n\n\n

                          <\/p>\n","protected":false},"excerpt":{"rendered":"

                          As organisations race to integrate AI for competitive advantage, we rarely see a lack of activity. Instead, we see a variation in strategy, often resulting in missed opportunities for efficiency.  We tend to see businesses fall into one of three categories.  First, there are those pushing for speed; deploying AI rapidly to gain an edge while viewing […]<\/p>\n","protected":false},"author":12,"featured_media":25637,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[327,328,210],"class_list":["post-25635","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-researchblog","tag-email-security","tag-phishing","tag-social_engineering","wpbf-post"],"contentshake_article_id":"","yoast_head":"\nISO 27001 & AI:\u00a0Don't\u00a0Rebuild.\u00a0Extend.<\/title>\n<meta name=\"description\" content=\"ISO 27001 isn\u2019t enough for AI risks. See how to extend your ISMS to address bias, transparency, and trustworthiness with ISO 42001.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 27001 & AI:\u00a0Don't\u00a0Rebuild.\u00a0Extend.\" \/>\n<meta property=\"og:description\" content=\"ISO 27001 isn\u2019t enough for AI risks. See how to extend your ISMS to address bias, transparency, and trustworthiness with ISO 42001.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-25T16:22:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-25T16:23:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/11\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1117\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach by Nomios\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach by Nomios\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/\"},\"author\":{\"name\":\"Dionach by Nomios\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/#\\\/schema\\\/person\\\/cda8ad8b5715b4d431547564ed6a9ca9\"},\"headline\":\"ISO 27001 & AI:\u00a0Don’t\u00a0Rebuild.\u00a0Extend.\",\"datePublished\":\"2025-11-25T16:22:46+00:00\",\"dateModified\":\"2025-11-25T16:23:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/\"},\"wordCount\":1362,\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1\",\"keywords\":[\"email security\",\"phishing\",\"social engineering\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"en-AU\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/\",\"url\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/\",\"name\":\"ISO 27001 & AI:\u00a0Don't\u00a0Rebuild.\u00a0Extend.\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1\",\"datePublished\":\"2025-11-25T16:22:46+00:00\",\"dateModified\":\"2025-11-25T16:23:29+00:00\",\"description\":\"ISO 27001 isn\u2019t enough for AI risks. See how to extend your ISMS to address bias, transparency, and trustworthiness with ISO 42001.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1\",\"width\":2048,\"height\":1117},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/iso-27001-ai-dont-rebuild-extend\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 27001 & AI:\u00a0Don’t\u00a0Rebuild.\u00a0Extend.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/#website\",\"url\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-AU\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/dionachcyber\",\"https:\\\/\\\/x.com\\\/dionachcyber\",\"https:\\\/\\\/uk.linkedin.com\\\/company\\\/dionach-ltd\",\"https:\\\/\\\/www.instagram.com\\\/dionachcyber\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-au\\\/#\\\/schema\\\/person\\\/cda8ad8b5715b4d431547564ed6a9ca9\",\"name\":\"Dionach by Nomios\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g\",\"caption\":\"Dionach by Nomios\"},\"sameAs\":[\"http:\\\/\\\/Dionach\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 27001 & AI:\u00a0Don't\u00a0Rebuild.\u00a0Extend.","description":"ISO 27001 isn\u2019t enough for AI risks. See how to extend your ISMS to address bias, transparency, and trustworthiness with ISO 42001.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/","og_locale":"en_US","og_type":"article","og_title":"ISO 27001 & AI:\u00a0Don't\u00a0Rebuild.\u00a0Extend.","og_description":"ISO 27001 isn\u2019t enough for AI risks. See how to extend your ISMS to address bias, transparency, and trustworthiness with ISO 42001.","og_url":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2025-11-25T16:22:46+00:00","article_modified_time":"2025-11-25T16:23:29+00:00","og_image":[{"width":2048,"height":1117,"url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/11\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1","type":"image\/jpeg"}],"author":"Dionach by Nomios","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Written by":"Dionach by Nomios","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/#article","isPartOf":{"@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/"},"author":{"name":"Dionach by Nomios","@id":"https:\/\/dionach.com\/en-au\/#\/schema\/person\/cda8ad8b5715b4d431547564ed6a9ca9"},"headline":"ISO 27001 & AI:\u00a0Don’t\u00a0Rebuild.\u00a0Extend.","datePublished":"2025-11-25T16:22:46+00:00","dateModified":"2025-11-25T16:23:29+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/"},"wordCount":1362,"publisher":{"@id":"https:\/\/dionach.com\/en-au\/#organization"},"image":{"@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/11\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1","keywords":["email security","phishing","social engineering"],"articleSection":["researchblog"],"inLanguage":"en-AU"},{"@type":"WebPage","@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/","url":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/","name":"ISO 27001 & AI:\u00a0Don't\u00a0Rebuild.\u00a0Extend.","isPartOf":{"@id":"https:\/\/dionach.com\/en-au\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/#primaryimage"},"image":{"@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/11\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1","datePublished":"2025-11-25T16:22:46+00:00","dateModified":"2025-11-25T16:23:29+00:00","description":"ISO 27001 isn\u2019t enough for AI risks. See how to extend your ISMS to address bias, transparency, and trustworthiness with ISO 42001.","breadcrumb":{"@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/"]}]},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/#primaryimage","url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/11\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1","contentUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/11\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1","width":2048,"height":1117},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.com\/en-au\/iso-27001-ai-dont-rebuild-extend\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.com\/en-au\/"},{"@type":"ListItem","position":2,"name":"ISO 27001 & AI:\u00a0Don’t\u00a0Rebuild.\u00a0Extend."}]},{"@type":"WebSite","@id":"https:\/\/dionach.com\/en-au\/#website","url":"https:\/\/dionach.com\/en-au\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.com\/en-au\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.com\/en-au\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"},{"@type":"Organization","@id":"https:\/\/dionach.com\/en-au\/#organization","name":"Dionach","url":"https:\/\/dionach.com\/en-au\/","logo":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/dionach.com\/en-au\/#\/schema\/logo\/image\/","url":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.com\/en-au\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.com\/en-au\/#\/schema\/person\/cda8ad8b5715b4d431547564ed6a9ca9","name":"Dionach by Nomios","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/secure.gravatar.com\/avatar\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g","caption":"Dionach by Nomios"},"sameAs":["http:\/\/Dionach"]}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/11\/AdobeStock_1770408071.jpeg?fit=2048%2C1117&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-6Ft","_links":{"self":[{"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/posts\/25635","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/comments?post=25635"}],"version-history":[{"count":0,"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/posts\/25635\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/media\/25637"}],"wp:attachment":[{"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/media?parent=25635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/categories?post=25635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.com\/en-au\/wp-json\/wp\/v2\/tags?post=25635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}