Intellectual Property Compliance
ISMS Copilot maintains strict intellectual property compliance policies to ensure all content respects the rights of standards organizations and third-party content owners.
All standards referenced in the platform are acquired through authorized distribution channels. We do not use unauthorized copies of any copyrighted material.
Content Sourcing Standards
All standards and frameworks referenced by ISMS Copilot are acquired legitimately:
ISO standards (27001, 42001, 27701) — purchased through authorized national standards bodies
SOC 2 Trust Service Criteria — acquired from AICPA
PCI DSS — obtained from PCI Security Standards Council
EU regulations (GDPR, NIS 2, DORA, AI Act) — public law, freely referenced
We maintain proof of purchase for all copyrighted standards and acquire updated editions as they are published.
How We Protect IP Rights
Framework Knowledge Tables
Our framework reference tables contain only:
Control IDs (e.g., ISO 27001 A.5.1, SOC 2 CC6.1)
Concise control titles
We do not reproduce full control text, normative requirements, or copyrighted implementation guidance. Control identifiers and short titles are factual elements not subject to substantial copyright protection and are used solely for navigational and reference purposes, consistent with industry practice in compliance tools. These references are supported by our legitimately purchased copies of the standards and do not substitute for official publications.
Users conducting certification or audit work must obtain official copies of applicable standards from the relevant standards body. ISMS Copilot provides implementation guidance only and does not replace authoritative standard texts.
AI-Generated Content Guardrails
All AI system prompts include IP protection rules:
No verbatim quotation — AI cannot quote excerpts from ISO or copyrighted standards
No close paraphrasing — Content must not closely reproduce copyrighted expression
Attribution required — Responses mention the organization that developed referenced standards
Original guidance only — Focus on actionable advice specific to user context
Our AI providers (Anthropic, OpenAI) offer copyright indemnification to qualifying enterprise and API customers for certain claims related to model-generated outputs, subject to their respective commercial terms, conditions, and exclusions. These protections apply only to content generated by the models themselves. All content we inject into AI context — including framework tables and knowledge base material — is independently verified for IP compliance and does not rely on provider indemnification.
Knowledge Base Management
Our RAG knowledge base contains only original consulting knowledge created by the Better ISMS team. We conduct annual audits to verify:
No copyrighted standard text (ISO, AICPA, etc.)
All content is original or lawfully licensed
No scraped content from unauthorized sources
Most recent audit: February 2026 — Result: Compliant.
What This Means for You
ISMS Copilot provides implementation guidance based on legitimately purchased standards and original consulting expertise. We do not reproduce or substitute for official standards.
When using the platform:
You receive actionable advice grounded in real-world consulting experience
Responses reference standards appropriately with attribution
You still need access to official standards for certification/audit work
ISMS Copilot accelerates compliance workflows but does not replace the authoritative standard texts required for formal certification or audit processes.
Compliance Mapping
These IP policies support:
ISO 27001:2022 A.5.32 — Intellectual property rights
SOC 2 CC3.1 — Risk assessment and management
If you have questions about how specific content is sourced or licensed, contact [email protected].