ISO 27001 Annex A 5.20 for AI Companies

ISO 27001 Annex A 5.20 Addressing information security within supplier agreements is a security control that mandates organizations to define and agree upon information security requirements with every supplier. For AI companies, this control is essential to mitigate third-party risks associated with data handling, ensuring that cloud providers and data annotation services are contractually bound to protect intellectual property and adhere to regulatory standards.

As an AI business, you operate within a complex, interconnected ecosystem where suppliers are not just vendors but essential partners in your innovation. The core purpose of ISO 27001 Annex A 5.20 Addressing information security within supplier agreements is to ensure that you establish and agree upon clear information security requirements within all your supplier agreements.

While any business faces risks from its supply chain, for an AI company, this risk is significantly magnified. The data-intensive nature of your operations – from massive training datasets to proprietary models and cloud computing infrastructure – means that a security failure in a single supplier can have profound consequences for your data, intellectual property, and reputation.

The “No-BS” Translation: Decoding the Requirement
The Business Case: Why This Actually Matters for AI Companies
DORA, NIS2 and AI Regulation: You Are Liable for Your Vendors
ISO 27001 Toolkit vs SaaS Platforms: The Contract Trap
The AI Supply Chain: Analysing Your Unique Risk Landscape
Your Practical Compliance Roadmap: Implementing Control 5.20
The Evidence Locker: What the Auditor Needs to See
Common Pitfalls & Auditor Traps
Handling Exceptions: The “Break Glass” Protocol
The Process Layer: “The Standard Operating Procedure (SOP)”

The “No-BS” Translation: Decoding the Requirement

Let’s strip away the consultant-speak. Annex A 5.20 isn’t about sending a 100-page questionnaire to your cleaner. It is about the legal contract between you and the people who hold your data.

The Auditor’s View (ISO 27001)	The AI Company View (Reality)
“Information security requirements… shall be agreed with the supplier and documented.”	Don’t just click ‘I Agree’. If you use a data labelling firm in Kenya or a Vector DB in the US, you need a signed contract (or a very specific Terms of Service check) that says: “If you lose our data, you are liable, and you must tell us within 24 hours.”
“Requirements shall address the risks associated with… the supplier’s access to the organisation’s assets.”	Define the rules of engagement. Does your support vendor have admin access to your production AWS account? If yes, the contract must say they can only use it from a specific IP address and must use MFA. If it’s not in the contract, you can’t enforce it.

The Business Case: Why This Actually Matters for AI Companies

Why should a founder care about “contract clauses”? Because when a vendor breaches, your customers will blame you, not the vendor.

The Sales Angle

Enterprise clients will ask: “Do you bind your sub-processors to the same security standards you adhere to?” If your answer is “We just use their standard terms,” you look weak. If your answer is “We enforce a mandatory Security Schedule in all supplier contracts that includes Right to Audit and 24-hour breach notification,” you win the deal. Annex A 5.20 is the proof behind that promise.

The Risk Angle

The “Vendor Bankruptcy” Nightmare: Your cloud GPU provider goes bust overnight. Do you have a contractual clause regarding “Exit Management” and data retrieval? Without A 5.20, your data might be held hostage by a liquidator. With it, you have a pre-agreed path to get your data back within 48 hours.

DORA, NIS2 and AI Regulation: You Are Liable for Your Vendors

Regulators are no longer accepting “it was the vendor’s fault” as an excuse.

DORA (Article 30): Financial entities must include specific security clauses in contracts with ICT providers (that’s you). You must mirror these clauses in your contracts with your suppliers (sub-outsourcing). A 5.20 is the mechanism to pass these requirements down the chain.
NIS2 Directive: Requires “security aspects concerning the relationships between each entity and its direct suppliers.” You must contractually mandate that your suppliers disclose vulnerabilities to you.
EU AI Act: If you are a provider of General Purpose AI (GPAI), you rely on upstream providers for data and compute. You must have agreements in place to ensure you can meet your own transparency obligations.

ISO 27001 Toolkit vs SaaS Platforms: The Contract Trap

SaaS platforms help you send questionnaires, but they cannot write legal contracts. Here is why the ISO 27001 Toolkit is superior for Annex A 5.20.

Feature	ISO 27001 Toolkit (Hightable.io)	Online SaaS Platform
The “Meat”	Actual Legal Clauses. We provide the text you need to insert into the contract: “Right to Audit,” “Breach Notification,” “Data Return.”	Empty Shells. Platforms track if you have a contract, but they rarely tell you what needs to be in it. You still have to pay a lawyer to draft the clauses.
Ownership	You Own the Agreements. The signed contracts sit in your legal drive (DocuSign/Dropbox).	Rented Metadata. The platform stores metadata about the contract (“Renewal Date”). If you cancel, you lose the alerts, but you still need the actual document.
Simplicity	Copy-Paste. Send our “Supplier Security Schedule” to your vendor and ask them to sign it. Done.	Portal Fatigue. Forcing vendors to log into your GRC portal to answer questions annoys them and slows down procurement.
Cost	One-off fee. Includes all supplier templates.	Per-Vendor Pricing. Many platforms charge extra for “Vendor Risk Management” modules.

The AI Supply Chain: Analysing Your Unique Risk Landscape

An AI company’s supply chain is more than a list of traditional vendors; it is a dynamic network of data providers, model developers, and cloud platforms. Applying ISO 27001 control 5.20 effectively requires a deep understanding of the specific information security risks associated with each type of AI-centric supplier.

Data Providers and Annotation Services

When you engage suppliers for datasets or annotation, the risks go beyond simple data protection. Your agreements must address the risks of data poisoning or bias injection. Contractual clauses must demand full transparency into the supplier’s data sourcing and labelling methodologies.

Cloud and Compute Providers

Training models requires immense computational power. These suppliers form the backbone of your operations. Key concerns include misconfigurations that can expose sensitive data. Their business continuity and disaster recovery plans are as critical as your own, and your contract must guarantee availability SLAs (Service Level Agreements).

Third-Party Models and APIs: Inheriting Risk

Leveraging pre-trained models via API means inheriting the security posture of your supplier. You face threats like model inversion. Your supplier agreements must include clauses requiring evidence of security testing performed against these specific attack vectors.

Your Practical Compliance Roadmap: Implementing Control 5.20

Implementing control 5.20 is not merely a compliance task; it is about establishing a legal framework for security.

Establish a Supplier Management Process

Before you sign, assess. Create a simple “New Vendor Request” form. If the vendor touches PII or Code, they trigger a Security Review. Document this in a policy.

Conduct Supplier Risk Assessments

Don’t assess the cleaner the same way you assess AWS. Use a tiering system:

Tier 1 (Critical): Holds IP/PII. Requires ISO 27001/SOC 2 report review + Specific Security Schedule in contract.
Tier 3 (Low): No data access. Standard Terms of Service are fine.

Draft Key Security Clauses in Your Agreements

Your agreements must contain specific, legally enforceable clauses. Use the Hightable.io Supplier Security Schedule to cover:

Key Clause	Why It’s Critical for Your AI Business
Right to Audit	Allows you to check if your data labeller is actually deleting data when they say they are.
Incident Notification	Requires them to tell you within 24 hours of a breach, so you can tell your customers within 72 hours (GDPR).
Data Residency	Ensures your EU customer data doesn’t accidentally get processed in a non-compliant jurisdiction.
Subcontracting	Prevents your vendor from outsourcing your data to a 4th party without your permission.

Implement Ongoing Monitoring and Review

Don’t just sign and forget. Review Tier 1 suppliers annually. Did they renew their ISO 27001 certificate?

The Evidence Locker: What the Auditor Needs to See

When the audit comes, you need proof that you didn’t just sign blindly. Prepare these artifacts:

Supplier Security Policy (PDF): The rules of engagement.
Signed Contracts (PDFs): 3 examples of Tier 1 vendor contracts showing the specific security clauses (highlight them for the auditor).
Due Diligence Records (Folder): Copies of the SOC 2 reports you reviewed before signing.
Supplier Register (Excel): The master list of who you use and what they do.

Common Pitfalls & Auditor Traps

Here are the top 3 ways AI companies fail this control:

The “Click-Through” Error: You use a critical API (e.g., OpenAI) but only agreed to the standard online terms. The auditor asks, “Where is the clause guaranteeing they won’t train on your data?” You can’t find it. You failed.
The “missing DPA” Gap: You have a Master Services Agreement (MSA) but forgot the Data Processing Agreement (DPA) required for GDPR. This is a legal compliance failure.
The “Shadow Vendor”: Engineering started using a new vector database without telling Legal. There is no contract review on file.

Handling Exceptions: The “Break Glass” Protocol

Sometimes you need a vendor now to fix a critical issue, and you can’t wait 2 weeks for legal review.

The Emergency Onboarding Workflow:

Trigger: P0 Incident requiring external expertise.
Action: CEO/Legal authorises “At Risk” engagement.
Mitigation: Vendor is given restricted access (e.g., specific logs only), and all actions are monitored/recorded.
Follow-up: Formal contract and due diligence are completed retroactively within 5 days.

The Process Layer: “The Standard Operating Procedure (SOP)”

How to operationalise A 5.20 using your existing stack (Linear, DocuSign).

Step 1: Request (Manual). Employee raises “New Vendor” ticket in Linear.
Step 2: Risk Check (Manual). Security Lead checks data type. If “Confidential,” proceed to Step 3.
Step 3: Contract (Automated/Manual). Legal team inserts the “Standard Security Schedule” into the draft contract in DocuSign.
Step 4: Signing (Automated). Vendor signs. DocuSign sends a copy to the “Contracts” folder in Google Drive.
Step 5: Logging (Manual). Compliance Manager adds the vendor to the Supplier Register and sets a review date for 12 months.

By using the High Table toolkit, you directly solve the challenges outlined in this guide. It provides a logical, efficient, and professional pathway to establishing and agreeing upon information security requirements with all your suppliers, turning a daunting compliance task into a manageable strategic activity.

ISO 27001 Annex A 5.20 for AI Companies FAQ

What is ISO 27001 Annex A 5.20 for AI companies?

ISO 27001 Annex A 5.20 requires AI companies to define and agree upon information security requirements within supplier contracts. For AI firms, this involves ensuring that 100% of agreements with cloud providers, data labelling services, and LLM vendors include specific clauses to protect proprietary training data and model weights.

Why is Annex A 5.20 essential for AI third-party risk?

Annex A 5.20 is essential because it formalises the security obligations of external partners. Statistics show that 62% of supply chain breaches could be prevented with robust contractual security requirements, ensuring that vendors handling high-value AI assets are legally bound to maintain the same security rigour as the primary organisation.

What clauses are required in AI supplier agreements for ISO 27001?

To comply with Annex A 5.20, AI firms must include technical and legal safeguards in their contracts. Key clauses include:

Data Sovereignty: Specifying the geographic locations where AI training data can be processed.
Model IP Ownership: Explicitly stating that the AI firm retains 100% ownership of any models fine-tuned on the provider’s infrastructure.
Right to Audit: Permitting the firm to perform security assessments of the supplier’s AI environment.
Incident Reporting: Mandatory 24-hour notification for any breach involving the firm’s information.

How does Annex A 5.20 align with the EU AI Act?

Annex A 5.20 provides the contractual framework necessary to meet the supply chain transparency requirements of the EU AI Act. By defining security responsibilities in agreements, AI companies can ensure their upstream providers meet the safety standards required for high-risk AI systems, mitigating potential regulatory fines.

What evidence do auditors expect for Annex A 5.20?

Auditors expect to see a documented Supplier Security Policy and 100% of critical supplier contracts containing a security schedule. Evidence should include signed Master Service Agreements (MSAs), executed Non-Disclosure Agreements (NDAs), and documented risk assessments performed prior to the finalisation of any new AI vendor contract.

About the author

Stuart Barker

ISO 27001 Ninja

Stuart Barker is a veteran practitioner with over 30 years of experience in systems security and risk management. Holding an MSc in Software and Systems Security, he combines academic rigor with extensive operational experience, including a decade leading Data Governance for General Electric (GE).

As a qualified ISO 27001 Lead Auditor, Stuart possesses distinct insight into the specific evidence standards required by certification bodies. His toolkits represent an auditor-verified methodology designed to minimise operational friction while guaranteeing compliance.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp_woocommerce_session_*	2 days	WooCommerce sets this cookie to make a unique code for each customer so that it knows where to find the cart data in the database for each one.
yith_wcmcs_currency	7 days	Required for currency conversion.
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.

Cookie	Duration	Description
PREF	8 months	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
m	1 year 1 month 4 days	No description available.
_monsterinsights_uj	1 year	Description is currently not available.

ISO 27001:2022 Annex A 5.20 Addressing information security within supplier agreements for AI Companies

Table of contents