AI Assistant

    ISO 27001 answers when you are stuck.

    Use the AI Assistant to understand requirements, draft implementation wording, prepare auditor responses, and improve your ISMS documents.

    What people ask the AI Assistant

    Practical prompts you can copy and adapt. Use them to understand a control, sharpen wording, or rehearse an auditor exchange.

    Explain what an auditor may ask about access control.

    Review this Statement of Applicability justification.

    Turn this risk into an audit-ready risk register entry.

    Create a risk treatment plan for supplier access to customer data.

    What evidence should I keep for this control?

    Challenge this policy like an ISO 27001 auditor.

    What the AI Assistant helps with

    Focused on the things ISO 27001 implementers actually get stuck on.

    Control explanations

    Plain-English explanations of ISO 27001:2022 clauses and Annex A controls, with what an auditor typically looks for.

    Risk wording support

    Turn rough risk notes into clear risk register entries: asset, threat, vulnerability, impact, likelihood, and treatment.

    Policy drafting support

    Draft and refine policy sections (access control, supplier security, cryptography, incident management) tailored to your context.

    Auditor question preparation

    Practice answers to typical Stage 1 and Stage 2 questions before your auditor asks them.

    Evidence suggestions

    For a given control or clause, get a short list of evidence types your auditor will accept and how to produce them.

    Statement of Applicability support

    Draft and challenge SoA justifications for inclusion and exclusion of Annex A controls.

    What the AI Assistant does not do

    The AI Assistant helps with guidance and drafting. It does not guarantee certification, replace professional judgement, or replace your certification body's audit process. Always review generated content before approving it as a policy, risk entry, or audit response.

    Privacy and data handling

    • We do not store your prompts or responses. Conversation content is not written to our database.
    • Metadata only. We record a hashed IP, your user ID, and a timestamp per request to enforce daily message limits and prevent abuse.
    • Processing. Prompts are sent to Lovable AI Gateway (which routes to Google and OpenAI models) for inference, subject to their standard terms.
    • No model training. We do not train AI models on your conversations.
    • Your responsibility. Do not paste sensitive client data, personal data, credentials, or secrets into prompts - the same rule that applies to any third-party AI service.

    See our Privacy Policy for full details.

    AI Assistant Plus vs Pro

    Plus is the AI Assistant on its own. Pro adds the full Audit Room workspace and tools.

    CapabilityAI Assistant Plus
    $9/mo
    Pro
    $149/mo
    AI Assistant access
    Messages per day30150
    Audit Room workspace (risks, readiness, owners, actions)
    ISO 27001 tools (SoA, risk, gap, audit, roadmap and more)
    Full export to Word, Excel, PDF
    Save and load your projects

    Frequently asked questions

    Get unstuck on your next ISO 27001 question.

    Open the AI Assistant and ask anything about clauses, controls, risks, or evidence.

    Open AI Assistant