AI Assistant
ISO 27001 answers when you are stuck.
Use the AI Assistant to understand requirements, draft implementation wording, prepare auditor responses, and improve your ISMS documents.
What people ask the AI Assistant
Practical prompts you can copy and adapt. Use them to understand a control, sharpen wording, or rehearse an auditor exchange.
Explain what an auditor may ask about access control.
Review this Statement of Applicability justification.
Turn this risk into an audit-ready risk register entry.
Create a risk treatment plan for supplier access to customer data.
What evidence should I keep for this control?
Challenge this policy like an ISO 27001 auditor.
What the AI Assistant helps with
Focused on the things ISO 27001 implementers actually get stuck on.
Control explanations
Plain-English explanations of ISO 27001:2022 clauses and Annex A controls, with what an auditor typically looks for.
Risk wording support
Turn rough risk notes into clear risk register entries: asset, threat, vulnerability, impact, likelihood, and treatment.
Policy drafting support
Draft and refine policy sections (access control, supplier security, cryptography, incident management) tailored to your context.
Auditor question preparation
Practice answers to typical Stage 1 and Stage 2 questions before your auditor asks them.
Evidence suggestions
For a given control or clause, get a short list of evidence types your auditor will accept and how to produce them.
Statement of Applicability support
Draft and challenge SoA justifications for inclusion and exclusion of Annex A controls.
What the AI Assistant does not do
The AI Assistant helps with guidance and drafting. It does not guarantee certification, replace professional judgement, or replace your certification body's audit process. Always review generated content before approving it as a policy, risk entry, or audit response.
Privacy and data handling
- We do not store your prompts or responses. Conversation content is not written to our database.
- Metadata only. We record a hashed IP, your user ID, and a timestamp per request to enforce daily message limits and prevent abuse.
- Processing. Prompts are sent to Lovable AI Gateway (which routes to Google and OpenAI models) for inference, subject to their standard terms.
- No model training. We do not train AI models on your conversations.
- Your responsibility. Do not paste sensitive client data, personal data, credentials, or secrets into prompts - the same rule that applies to any third-party AI service.
See our Privacy Policy for full details.
AI Assistant Plus vs Pro
Plus is the AI Assistant on its own. Pro adds the full Audit Room workspace and tools.
| Capability | AI Assistant Plus $9/mo | Pro $149/mo |
|---|---|---|
| AI Assistant access | ||
| Messages per day | 30 | 150 |
| Audit Room workspace (risks, readiness, owners, actions) | ||
| ISO 27001 tools (SoA, risk, gap, audit, roadmap and more) | ||
| Full export to Word, Excel, PDF | ||
| Save and load your projects |
Frequently asked questions
Get unstuck on your next ISO 27001 question.
Open the AI Assistant and ask anything about clauses, controls, risks, or evidence.
Open AI Assistant