ISMS Mission 3 — AI Management and Security
Generative AI tools are now part of everyday work — drafting emails, summarising documents, writing reports, answering questions. Most employees using them have never been told what happens to the information they type in, what the organisation's AI use policy actually requires, or what it looks like when AI-generated output causes a real problem.
The AI Security Gap Nobody Has Addressed Yet
Every new technology cycle creates a training lag. Employees start using a tool — enthusiastically, at scale — before the organisation has trained them on the risks. Generative AI is the most significant instance of this in a decade.
Employees across functions are using ChatGPT, Gemini, Copilot, and other AI tools to do real work. Some of this is organisationally sanctioned. Much of it is not. And in most cases, the employees doing it have never been told: what happens to the client information, internal reports, and confidential data they are pasting into these tools; whether the outputs they are acting on are accurate; or what the organisation's liability looks like when an AI-generated document goes out with the employee's name on it.
This is not an IT problem. It is a training problem — and it has a narrow window before the first significant incident makes it a crisis. The AIMS mission closes the gap before that happens.
What the AIMS Mission Covers
What happens to data entered into AI tools. When an employee types confidential client information into a third-party AI tool, that information is processed on external infrastructure under terms of service the employee has almost certainly never read. The mission gives employees accurate information about data handling across the major AI tools — not to prohibit their use, but to ensure employees make informed decisions about what they put in.
Organisational AI use policy. Most organisations that have thought carefully about AI use have a policy or are developing one. Most employees have never read it, or are unaware it exists. The mission covers which tools are approved, which categories of information must not be entered into AI systems, and what the process is for using AI outputs in work that leaves the organisation.
Verifying AI outputs before acting on them. Generative AI systems produce confident, plausible, and sometimes entirely incorrect outputs. The mission develops verification habits: knowing when to verify, how to verify, and what types of AI outputs carry the highest risk of confident inaccuracy.
Intellectual property and AI-generated content. Ownership, originality, and disclosure when AI assists content creation — including what caution is required before using AI outputs in legally or contractually sensitive contexts.
Prompt security. Effective prompting often involves providing context — and employees may inadvertently disclose more than they intended. The mission covers how to use AI tools in ways that achieve the intended result without unnecessary disclosure of sensitive information.
Format and Delivery
The AIMS mission runs in the same immersive futuristic environment as the full ISMS programme, with scenarios explicitly AI-contextualised: deadlines, AI-drafted documents, statistics without sources, colleagues sharing tools.
Deploy independently — for AI policy rollouts, enterprise AI tools, or uncontrolled adoption — or as Mission 3 of the five-mission ISMS programme. Hosted online or SCORM.
ISO 27001 and AI Risk
ISO 27001 Clause 7.3 requires that all relevant personnel are aware of the organisation's information security policy and their responsibilities under it. As generative AI tools become embedded in daily work, employee behaviour around AI use becomes a direct component of an organisation's information security posture.
The 2022 revision of ISO 27001 Annex A includes controls for information security in supplier relationships and for monitoring and management of third-party services, which increasingly encompasses AI tools that process organisational data.
FAQs
What are the security risks of employees using AI tools like ChatGPT at work?▼
The primary security risks of unmanaged employee AI use are: data exposure (confidential, client, or personal data entered into third-party AI systems is processed outside the organisation's control and may be stored or used for model training); output reliability (employees acting on AI-generated content without verification introduce a specific error risk — confident inaccuracies in figures, citations, or legal language); IP and disclosure obligations (using AI to generate client-facing content may create disclosure, ownership, or originality concerns depending on the context); and policy non-compliance (employees using unsanctioned AI tools or using approved tools in ways the policy does not permit). Each of these risks is manageable with training — and none of them is managed by a technical control alone.
What should an AI use policy for employees cover?▼
An effective employee AI use policy should cover: which AI tools are approved for use and on what categories of task; which categories of information must not be entered into AI systems (typically: personal data, confidential client information, trade secrets, live financial data, legally sensitive material); when AI-generated outputs require human verification before use; when AI assistance in client-facing work requires disclosure; and the reporting process for suspected AI-related security incidents. Policy alone is insufficient — employees need training that explains the reasoning behind each requirement well enough to apply it in situations the policy did not anticipate.
Does data entered into ChatGPT or other AI tools get used for training?▼
This depends on the specific tool and how it is configured. Consumer versions of most large language model tools have historically used conversation data for model improvement, subject to user settings and opt-out options that most users have not configured. Enterprise versions of tools like ChatGPT, Microsoft Copilot, and Google Gemini typically include contractual data isolation terms. Employees using consumer versions of AI tools for work — without awareness of the difference — are making a data handling decision with significant security implications. The AIMS mission gives employees the accurate, tool-specific information they need to make that decision consciously.
Why is AI security training a priority for ISO 27001 compliance?▼
ISO 27001 Clause 7.3 requires demonstrable employee awareness of information security policies and responsibilities. As AI tools become standard in daily work, employee AI use behaviour is now a human factor risk that sits within the scope of ISO 27001's awareness requirements. Organisations with active AI use across their workforce that have not addressed this in their awareness programme have a gap in their ISMS human factor controls — one that auditors and certifying bodies are increasingly identifying. The AIMS mission is specifically designed to close this gap with training appropriate to the risk.
What is the risk of using AI-generated content in client communications?▼
AI-generated content used in client communications carries three categories of risk. First, accuracy risk — AI systems produce confident outputs that may contain factual errors, invented citations, or incorrect figures, which become the organisation's error once sent. Second, IP and originality risk — in some contexts, particularly regulated industries or contractual relationships requiring original work, using AI-generated content without disclosure may create legal or professional obligations. Third, relationship risk — clients and counterparties are increasingly aware of AI-generated content and may have views on its use in their engagements. The appropriate response in each case depends on context — which is exactly what the AIMS mission trains employees to navigate.
Related: Data Privacy · Password Management · AI Management & Security · Vulnerability · Cloud Security