ISMS Copilot
Capabilities

Supported Compliance Frameworks

ISMS Copilot provides specialized AI assistance for 14 compliance frameworks, with dynamic framework knowledge injection to ensure accurate, grounded responses. When you mention any supported framework in your questions, the system automatically detects it and injects verified framework knowledge before the AI responds.

Supported Frameworks

ISMS Copilot currently supports these frameworks with dedicated knowledge injection:

  • ISO 27001:2022 - Information Security Management System

  • ISO 42001:2023 - Artificial Intelligence Management System

  • ISO 27701:2025 - Privacy Information Management System

  • SOC 2 - Service Organization Control (Trust Services Criteria)

  • HIPAA - Health Insurance Portability and Accountability Act

  • GDPR - General Data Protection Regulation

  • CCPA - California Consumer Privacy Act

  • NIS 2 - Network and Information Systems Directive

  • DORA - Digital Operational Resilience Act

  • ISO 9001:2015 - Quality Management System

  • ISO 22301:2019 - Business Continuity Management System

  • HDS v2.0 - French Health Data Hosting Certification

  • TISAX - Trusted Information Security Assessment Exchange

  • EU AI Act - European Union Artificial Intelligence Regulations

When you mention any of these frameworks in your questions, ISMS Copilot automatically detects the framework and loads relevant knowledge before answering. This prevents hallucinations and ensures responses are grounded in actual framework requirements, not AI guessing.

Coming Soon

Additional frameworks currently in development:

  • NIST 800-53

  • PCI DSS

  • Additional regional regulations

Check the Product Changelog for updates on new framework support.

How Framework Knowledge Injection Works

ISMS Copilot v2.5 introduced dynamic framework knowledge injection to dramatically reduce AI hallucinations:

  1. You ask a question mentioning a framework (e.g., "What is ISO 27001 control A.5.9?")

  2. The system detects the framework mention

  3. Verified framework knowledge is loaded and provided to the AI

  4. The AI responds based on provided facts, not memory or guessing

This architecture change (February 2025) means you get accurate answers grounded in actual framework requirements, not probabilistic responses based on training data.

For best results, mention the specific framework and version in your questions. For example: "Generate an access control policy for ISO 27001:2022 Annex A control 5.15" instead of just "Generate an access control policy."

What You Can Do

For any supported framework, you can:

  • Ask specific questions about controls, requirements, or implementation guidance

  • Generate framework-aligned policies and procedures

  • Perform gap analysis by uploading existing documentation

  • Create risk assessments mapped to framework requirements

  • Get audit preparation guidance

  • Map controls between different frameworks

Was this helpful?