Vertical Structure Guides AI Governance Platform, Enzai, to ISO27001 Certification
As the artificial intelligence market continues to advance at breakneck speeds, Enzai is uniquely positioned to help businesses make sense of the rapidly changing landscape.
Enzai helps businesses to comply with AI regulations, including the EU AI Act, safeguarding the use and development of AI systems. According to Grand View Research, Global AI is growing at a CAGR of almost 40 per cent, and global AI adoption by organisations is predicted to reach a CAGR of 37.3 per cent from 2023 to 2030. Due to this sheer pace of innovation, AI regulations are being implemented quickly, and organisations frequently need guidance on the impact of these legal frameworks. Enzai assists companies through this challenge, particularly in heavily regulated industries such as financial services, insurance and telecommunications.
In tasking Vertical Structure to guide them through the ISO27001 process, Enzai wanted to:
- Create a cyber resilience framework to improve the company’s risk profile, ensure business continuity, and manage documentation;
- Formalise cyber resilience policies, such as onboarding and offboarding employees, and the creation of an official company IT handbook; and,
- Demonstrate its commitment to the most robust practices in data handling, providing its customers with total peace of mind regarding security and privacy.
Gaining ISO27001 certification helps give peace of mind within a business, but it can also be a pathway towards attracting larger clients, demonstrating the secure handling of sensitive data.
“We wanted to put our best foot forward, highlighting that we act in the most responsible way with our customers’ data,” said co-founder and CTO of Enzai, Jack Carlisle.
Jack pointed out that because AI is such a rapidly changing space, companies might feel burdened to make sense of regulations, dictating what evidence and documentation they need to supply. It’s a complex process to uncover how their resources match up against the requirements in AI policies.
The process of obtaining ISO27001 certification normally takes an organisation around six to ten months, from start to finish. It impacts many aspects of a business, including:
- Disaster scenario / incident management
- Recovery modeling
- Employee handbook and HR policies
- IT usage guide
At the end of this process, the entire framework is audited by an external certification body.
“With Enzai, most of their documentation lives in a platform that was self-built, so that was a unique scenario compared to many of our customers who use the cloud. It was something that we had no problem working with,” said Tom Shields, Information Security Consultant at Vertical Structure. “We built their cyber resilience needs right into the architecture; it wasn’t just a case of sending over PDFs and expecting them to handle documentation. We’re dedicated to using a hands-on approach, above and beyond what the solution-based providers are offering.”
Jack Carlisle - Co-FounderIt was Vertical Structure’s personal touch that made all the difference. With a platform alternative, as technical lead, I would have had to sink many hours in, to ensure we were compliant. Instead, Vertical Structure and their team of experts handled most of that legwork. Whereas a platform solution is entirely offsite, Vertical Structure was a team in our corner, who we could lean on for advice. They were fantastic at providing that support, and we’d recommend them to our partners.
The overall process for Enzai entailed the following steps:
- Gap analysis
- Readiness audit
- Developing information security policy, procedure and frameworks
- Creating an information security management system
- Staff awareness training
- Implementation of controls
- Internal audit
- Management review
- External audit
- Certification with ISO27001
Tom from Vertical Structure concluded: “We keep disruption to the business at a minimum while we’re preparing our clients for certification. Our goal is to maintain a consistent but quiet presence, being there at all times, right up through the final auditing phase. But we also keep top of mind the nature of the business, making things work as easily for the client as possible. We’re happy when we close out a project of this nature and we leave the business better prepared, more organised, and with improved business continuity, should any unexpected cyber security scenarios arise.”
As a relatively young business, Enzai is looking forward to expanding and growing around the world, engaging with large customers in Europe, North America and Asia.
About Enzai
Enzai provide an AI governance software platform that helps organisations understand and manage the risks that come with AI, while meeting their emerging regulatory obligations. Founded by leading lawyers and engineers in this space, the company is on a mission to ensure powerful AI technologies can reach their full potential. The Enzai platform helps organisations adopt policies, standards and controls around how they build, deploy and use AI.
Need help?
Email Us
email hidden; JavaScript is required
Call Us
+ 4428 9099 5777
Or send us a quick message