ISMS Copilot Interested Parties
As part of our ISO 27001 and ISO 42001 commitments, we identify and analyze interested parties—stakeholders who affect or are affected by our information security practices. Understanding these stakeholders shapes our ISMS scope, security objectives, and control priorities.
Our Key Interested Parties
Customers
You are our primary stakeholder. Your requirements drive our security priorities:
Data isolation: Workspace separation ensures your data never mixes with other customers'
Privacy: GDPR compliance, EU infrastructure, zero use of your data for AI training
Control: User-managed data retention (0 days to 7 years), export, and deletion rights
Transparency: Trust Center documentation, timely breach notification
Compliance support: SOC 2 and ISO 27001 certification roadmap for enterprise requirements
Regulatory Authorities
We comply with GDPR (CNIL, EU data protection authorities) and relevant privacy laws. This drives our privacy-by-design architecture, data subject rights implementation, and incident response capabilities.
Third-Party Suppliers
Critical subprocessors (Supabase, Vercel, OpenAI, Grok, Mistral, ConvertAPI) undergo security assessment. We pursue Zero Data Retention agreements with AI providers when feasible and use Standard Contractual Clauses for international data transfers.
Internal Teams
Our development, customer success, and leadership teams maintain security through mandatory MFA, Semgrep code scanning, separation of environments, and a 24-hour response commitment to security reports.
Certification Bodies & Auditors
Future SOC 2 and ISO 27001 auditors require complete ISMS documentation, evidence of control effectiveness, and continuous improvement processes. We're building mature documentation and internal audit programs to support certification.
Insurance & Legal Parties
Cyber insurance providers and contractual obligations influence our control implementations (MFA, backups, incident response) and drive formal SLA and Data Processing Agreement requirements.
Customers' Customers (Indirect Beneficiaries)
When compliance consultants and auditors use ISMS Copilot, their clients are indirect stakeholders. Workspace isolation (A.5.15, A.8.3) ensures no cross-contamination between consultant clients. User-controlled retention (A.5.33) allows consultants to meet client retention requirements. PII minimization guidance (A.5.34) and planned automated detection help protect end-client employee data. Zero use of user data for AI training (A.7.2) prevents client data leakage across workspaces.
Standards Bodies and Copyright Holders
Framework publishers (ISO, IEC, NIST, CIS, AICPA) require intellectual property protection. Our training data excludes copyrighted standards text (A.5.32), using publicly available guidance and proprietary consulting experience instead. System prompts prevent verbatim reproduction of control text. Generated outputs reference frameworks by name and version with guidance to consult official standards for audit evidence.
We review interested parties annually and when business changes occur, ensuring our ISMS evolves with stakeholder needs. This analysis directly informs our risk assessments and security objectives.
Practice What We Preach
As a compliance AI platform, aligning our own ISMS with ISO 27001 and ISO 42001 demonstrates our commitment to the standards we help you implement. Interested parties analysis (ISO 27001:2022 Clause 4.2) is foundational to that alignment.
Use ISMS Copilot to identify your own interested parties, map their requirements to Annex A controls, or generate stakeholder documentation templates. Ask: "Help me identify interested parties for a [your industry] organization."