ISO 27001 Annex A 5.17 for AI Companies

ISO 27001 Annex A 5.17 Authentication information is a security control that governs the allocation, management, and secure handling of user credentials such as passwords, API keys, and tokens. For AI companies, this control is vital to prevent unauthorized access to high-performance computing resources and protect sensitive datasets from being compromised through leaked or weak authentication secrets.

As a leader in the AI industry, you understand that your most valuable assets are not just your algorithms, but the vast datasets that train them and the complex systems that run them. While the ISO 27001 security standard provides a robust framework for protection, ISO 27001 Annex A 5.17 Authentication information, which governs authentication information, might seem like a standard IT requirement. However, its application is uniquely critical and complex in AI-driven environments. This guide is designed to help you see robust authentication not as a compliance burden, but as the foundational element for building trust with your customers, protecting your high-value intellectual property, and securing your place at the forefront of innovation.

The “No-BS” Translation: Decoding the Requirement
The Business Case: Why This Actually Matters for AI Companies
DORA, NIS2 and AI Regulation: The Authentication Imperative
ISO 27001 Toolkit vs SaaS Platforms: The Credential Trap
Understanding the Core Requirement: What is ISO 27001 Annex A 5.17?
- The Purpose of the Control
- Key Compliance Obligations
The AI Magnifier: Unique Authentication Risks in Your AI Workflows
From Theory to Practice: Your Actionable Compliance Roadmap
The Evidence Locker: What the Auditor Needs to See
Common Pitfalls & Auditor Traps
Handling Exceptions: The “Break Glass” Protocol
The Process Layer: “The Standard Operating Procedure (SOP)”

The “No-BS” Translation: Decoding the Requirement

Let’s strip away the consultant-speak. Authentication is simply the “password” process. But for AI, it is about securing the “keys to the kingdom.”

The Auditor’s View (ISO 27001)	The AI Company View (Reality)
“Allocation and management of authentication information shall be controlled by a management process.”	No Shared Passwords. Stop sharing the AWS root password on Slack. Give everyone their own account. If you give a temp password to a new hire, force them to change it on first login.
“Users shall be advised to keep authentication information confidential.”	Don’t commit secrets to Git. If you push an API key to a public repo, you fail this control. Use .env files or a secrets manager (like Vault).

The Business Case: Why This Actually Matters for AI Companies

Why should a founder care about “password policies”? Because 81% of hacking-related breaches leverage either stolen or weak passwords. In AI, credentials are the keys to your compute and data.

The Sales Angle

Enterprise clients will ask: “Do you enforce MFA on all systems?” and “How do you distribute initial passwords securely?”. If your answer is “We email them,” you look incompetent. If your answer is “We use an automated IdP (Identity Provider) with forced MFA and secure, one-time links for initial credentials,” you look professional. Annex A 5.17 provides the evidence.

The Risk Angle

The “Crypto-Mining” Bill: If a hacker guesses your weak AWS password, they won’t just steal data; they will spin up 1,000 GPU instances to mine crypto. You will wake up to a $500,000 cloud bill. Strong authentication prevents this financial disaster.

DORA, NIS2 and AI Regulation: The Authentication Imperative

Weak authentication is no longer just bad practice; it is illegal in many contexts.

DORA (Article 9): Requires “strong authentication mechanisms.” This means MFA is mandatory for accessing financial systems. Single-factor passwords are non-compliant.
NIS2 Directive: Mandates “cyber hygiene,” including password security. If you use “Password123” for your admin accounts, you are negligent under EU law.
EU AI Act: High-risk AI systems must ensure “robustness.” A system that can be compromised by a simple brute-force password attack is not robust.

ISO 27001 Toolkit vs SaaS Platforms: The Credential Trap

SaaS platforms often just check “Is MFA on?”. They miss the nuances of how you issue and revoke credentials. Here is why the ISO 27001 Toolkit is superior.

Feature	ISO 27001 Toolkit (Hightable.io)	Online SaaS Platform
Depth	Full Process. Our templates cover the “human” side: verifying identity before issuing a password.	Tech-Only. Platforms check technical settings but can’t verify if you actually checked the ID of the contractor you just hired.
Ownership	Your Policy. You own the “Password Policy” document. It sits in your ISMS.	Rented Rules. If you leave the SaaS platform, you lose the documented evidence of your authentication procedures.
Simplicity	Clear Instructions. “Do not write passwords on post-it notes.” Simple, actionable rules for staff.	Configuration Hell. You spend hours mapping IDP groups instead of defining clear rules for your team.
Cost	One-off fee. Pay once. Secure forever.	Subscription. You pay monthly for a dashboard that just tells you “MFA is enabled.”

Understanding the Core Requirement: What is ISO 27001 Annex A 5.17?

Before we explore the unique challenges that artificial intelligence presents, it is essential to have a solid grasp of the fundamental requirements of Annex A 5.17. This control governs the entire lifecycle of any information used to verify an identity – be it a password, a token, a PIN, or a biometric credential.

The Purpose of the Control

The core purpose of Annex A 5.17 is to ensure that the authentication of all entities, both internal and external, is managed properly. It establishes a formal management process to control who gets access, how they prove their identity, and how those credentials are protected.

Key Compliance Obligations

To achieve compliance, your organisation must implement and evidence the following practices:

Verification: Verify the identity of a user before issuing credentials.
Secure Transfer: Send temporary passwords securely (e.g., via One-Time Link), not plain text email.
Default Credentials: Change vendor defaults immediately.
User Responsibility: Users must sign an agreement to keep passwords secret.

The AI Magnifier: Unique Authentication Risks in Your AI Workflows

For an AI company, a standard interpretation of authentication risk is insufficient. A single compromised credential doesn’t just unlock a user’s account; it can unlock the very “brain” of your business.

Exposure of Sensitive Training Datasets

Your training data is a core component of your intellectual property. Unauthorised access enabled by a stolen password can lead to data poisoning or theft. This threat becomes a reality when basic obligations – such as enforcing strong passwords – are overlooked.

Disruption of Algorithmic Processes

If an attacker gains access to your MLOps platform using compromised credentials, they can manipulate deployment pipelines to push flawed models into production. Without robust authentication logs, tracing this is impossible.

Vulnerabilities in the AI Supply Chain

You rely on a complex supply chain. A single weak credential at a data annotation partner can create a backdoor into your organisation.

From Theory to Practice: Your Actionable Compliance Roadmap

Achieving auditable compliance with Annex A 5.17 requires a structured approach.

Establish a Formal Authentication Management Policy

Create a comprehensive policy that defines allowed authentication methods (MFA, SSO) and the process for issuing credentials.

Secure the Entire Credential Lifecycle

Issuance: Only issue credentials after verifying identity.
Change: Force password changes on first login.
Revocation: Disable credentials immediately upon termination.

Define and Enforce Clear User Responsibilities

Include password security obligations in employment contracts and conduct regular awareness training.

Maintain Meticulous, Audit-Ready Records

Keep logs of who requested credentials, who approved them, and when they were issued/revoked.

The Evidence Locker: What the Auditor Needs to See

When the audit comes, prepare these artifacts:

Password Policy (PDF): A signed document defining rules (e.g., “12 chars minimum”).
New Starter Ticket (Linear/Jira): Evidence that you verified identity before sending the Okta invite.
System Configuration (Screenshot): A screenshot of your IdP (Okta/Google) showing “MFA Enforced = True”.
User Acknowledgement (PDF): A signed Acceptable Use Policy where the user agrees to keep passwords safe.

Common Pitfalls & Auditor Traps

Here are the top 3 ways AI companies fail this control:

The “Sticky Note” Admin: The root password for the server is written on a whiteboard in the office. Instant Major Non-Conformity.
The “Email” Distribution: You email the new employee their username and password in the same email. If that email is intercepted, the account is compromised. Send them via separate channels (e.g., Email + SMS).
The “Hardcoded” Credential: A developer hardcoded a password in a script to make testing easier. The auditor finds it during a code review sample.

Handling Exceptions: The “Break Glass” Protocol

If SSO fails, how do you log in to fix it? You need a “Break Glass” account.

The Emergency Auth Workflow:

Account: A dedicated admin account excluded from SSO.
Storage: Credentials split and stored in a physical safe or secure vault accessible only to C-Suite.
Process: Accessing this account triggers an alert. Passwords must be rotated immediately after use.

The Process Layer: “The Standard Operating Procedure (SOP)”

How to operationalise A 5.17 using your existing stack (Google Workspace, 1Password).

Step 1: Verification (Manual). HR confirms new hire identity via video call/passport check.
Step 2: Generation (Automated). IT generates a random temp password.
Step 3: Distribution (Manual). Send username via Email. Send temp password via SMS/Signal.
Step 4: Enforcement (Automated). Google Workspace forces “Change Password on Next Login” and “Enrol in 2FA.”

By adopting a structured approach like that provided by the High Table ISO 27001 Toolkit, you can move beyond simple compliance. You can build a resilient security posture that protects your most valuable innovations.

ISO 27001 Annex A 5.17 for AI Companies FAQ

What is ISO 27001 Annex A 5.17 for AI companies?

ISO 27001 Annex A 5.17 requires AI companies to control the allocation and management of authentication information. For AI firms, this involves securing 100% of API keys, model registry tokens, and administrative passwords used to access high-compute GPU clusters and sensitive training datasets.

Why is authentication management critical for AI startups?

It is critical because leaked API keys can lead to catastrophic financial losses and data exfiltration. With 80% of security breaches linked to compromised credentials, strict management ensures that secret keys for LLM providers and cloud infrastructure remain confidential and are rotated regularly to mitigate “Secret Sprawl.”

How should AI firms manage API keys for compliance?

AI firms should use automated secret management tools rather than hardcoding keys. Best practices for compliance include:

Environment Variables: Never store keys in source code; use protected environment variables instead.
Secret Managers: Use tools like AWS Secrets Manager or HashiCorp Vault for 100% of production credentials.
Rotation Cycles: Enforce 90-day rotation policies for high-privilege access tokens.
Least Privilege: Restrict API key scopes to the specific microservice or model function required.

Does Annex A 5.17 require Multi-Factor Authentication (MFA)?

Yes, while implicitly part of managing authentication information, auditors expect MFA for 100% of access to production AI environments. This ensures that even if a password or token is compromised, an additional layer of verification prevents unauthorised access to proprietary model weights and training pipelines.

What evidence is required for an Annex A 5.17 audit?

Auditors require proof that authentication info is handled securely. This includes a formal Authentication Policy, technical logs showing successful secret rotations, records of MFA enrolment across the workforce, and evidence that 100% of default passwords on new infrastructure have been changed immediately.

About the author

Stuart Barker

ISO 27001 Ninja

Stuart Barker is a veteran practitioner with over 30 years of experience in systems security and risk management. Holding an MSc in Software and Systems Security, he combines academic rigor with extensive operational experience, including a decade leading Data Governance for General Electric (GE).

As a qualified ISO 27001 Lead Auditor, Stuart possesses distinct insight into the specific evidence standards required by certification bodies. His toolkits represent an auditor-verified methodology designed to minimise operational friction while guaranteeing compliance.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp_woocommerce_session_*	2 days	WooCommerce sets this cookie to make a unique code for each customer so that it knows where to find the cart data in the database for each one.
yith_wcmcs_currency	7 days	Required for currency conversion.
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.

Cookie	Duration	Description
PREF	8 months	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
m	1 year 1 month 4 days	No description available.
_monsterinsights_uj	1 year	Description is currently not available.

ISO 27001:2022 Annex A 5.17 Authentication information for AI Companies

Table of contents