ISO 27001 Annex A 5.33 is a security control that ensures organizational records are protected from loss, destruction, and unauthorized access. Implementing an automated data retention framework ensures compliance with privacy laws, providing the business benefit of reduced legal liability and safeguarding high-value AI training datasets.
While ISO 27001 Annex A 5.33 Protection of records is a fundamental security control, its implementation presents unique challenges for AI companies. The core requirement is to ensure all business records are protected from loss, destruction, falsification, and unauthorised access.
However, for an AI company, “records” aren’t just invoices and board minutes. Your most valuable assets, vast training datasets, complex model weights, and algorithmic outputs, are all records under this control. These high-value assets demand a more specialised approach than standard corporate files.
Table of contents
- The “No-BS” Translation: Decoding the Requirement
- The Business Case: Why This Actually Matters for AI Companies
- DORA, NIS2 and AI Regulation: The Audit Trail
- ISO 27001 Toolkit vs SaaS Platforms: The Retention Trap
- The Amplified Risks: Applying Annex A 5.33 to Your AI Workflows
- Actionable Compliance: Securing Your AI Environment
- The Evidence Locker: What the Auditor Needs to See
- Common Pitfalls & Auditor Traps
- Handling Exceptions: The “Break Glass” Protocol
- The Process Layer: “The Standard Operating Procedure (SOP)”
The “No-BS” Translation: Decoding the Requirement
Let’s strip away the consultant-speak. Annex A 5.33 is about proving you didn’t lose the data that built your business. It asks: “If we delete the production database today, can we explain why in court 5 years from now?”
| The Auditor’s View (ISO 27001) | The AI Company View (Reality) |
|---|---|
| “Records shall be protected from loss, destruction, falsification, unauthorized access and unauthorized release.” | Don’t let the intern verify the model. 1. Integrity: If you trained a model on Data Set A, can you prove you didn’t secretly swap it for Data Set B? Use hashes. 2. Retention: Don’t keep customer data forever “just in case.” Delete it when the contract says so, or you will get fined. |
| “Retention periods… shall be defined.” | Set a deletion date. Your S3 buckets shouldn’t just grow forever. Set a lifecycle policy. “Logs = 1 year. Models = 7 years. Temp data = 30 days.” |
The Business Case: Why This Actually Matters for AI Companies
Why should a founder care about “Record Retention”? Because data hoarding is a liability, not an asset.
The Sales Angle
Enterprise clients will ask: “How do you ensure our data is deleted after the contract ends?” If your answer is “We manually delete it when we remember,” you lose the deal. If your answer is “We have an automated retention policy that crypto-shreds data after 30 days of contract termination, evidenced by deletion logs,” you win trust. A 5.33 proves you respect the data lifecycle.
The Risk Angle
The “Right to be Forgotten” Nightmare: A user asks you to delete their data under GDPR. You delete their account, but their data remains in your “raw_training_dump” bucket for 5 years. You get audited. You get fined 4% of revenue. A 5.33 ensures you know where the records are so you can actually delete them.
Stop Guessing. Start Passing.
AI-generated policies are generic and fail audits. Our Lead-Auditor templates have a 100% success rate. Don’t risk your certification on a prompt
DORA, NIS2 and AI Regulation: The Audit Trail
Regulators demand a paper trail for your AI.
- EU AI Act (Annex IV): High-risk AI systems must keep technical documentation. This includes datasheets describing the training data. If you didn’t keep a record of what data you used 3 years ago, your model is illegal.
- DORA (Article 12): Financial entities must keep records of ICT incidents. If you delete your logs too quickly to save money, you are non-compliant with incident reporting standards.
- NIS2 Directive: Requires “basic cyber hygiene.” This includes managing the lifecycle of your data. Keeping sensitive data you no longer need increases your attack surface.
ISO 27001 Toolkit vs SaaS Platforms: The Retention Trap
SaaS platforms love to store your logs for you, but they charge you a fortune for it. Here is why the ISO 27001 Toolkit is superior.
| Feature | ISO 27001 Toolkit (Hightable.io) | Online SaaS Platform |
|---|---|---|
| Flexibility | Custom Schedules. Define retention periods that match your business (e.g., “Delete raw audio after 24 hours”). | Default Settings. Platforms often apply generic “7-year” retention rules to everything, bloating your storage costs. |
| Ownership | Your Records. Your retention schedule is a document you own. Your logs stay in your S3 bucket. | Data Hostage. Your compliance evidence is stored in their cloud. If you stop paying, you lose the proof that you were compliant. |
| Simplicity | Clear Policy. A simple “Retention Schedule” in Excel. Easy to read, easy to update. | Complex Config. You have to configure “Data Lifecycle Manager” rules inside a complex UI that changes every month. |
| Cost | One-off fee. Pay once. Define your rules. | Storage Tax. Many GRC platforms charge you for the volume of evidence/logs stored. You pay a tax on your own history. |
I’ve sat in the Auditor’s chair for 20 years. These are the exact tools I use to guarantee a pass.
The Amplified Risks: Applying Annex A 5.33 to Your AI Workflows
Successfully implementing record protection in an AI environment requires moving beyond generic compliance checklists.
The Training Data Dilemma
Your training datasets are the lifeblood of your AI models. The primary challenge is protecting these records from unauthorised access or release throughout the data lifecycle. Imagine a developer inadvertently pushes a subset of your raw, unanonymised training data to a public repository; the resulting GDPR fine could be catastrophic.
Protecting Algorithmic Processes
Records of model configurations, hyperparameters, and version histories are critical operational assets. If these records are falsified (e.g., via model poisoning), the consequences can be devastating. You must ensure the integrity of these records using hashing and version control (e.g., Git, MLflow).
Vulnerabilities in the AI Supply Chain
Your workflows rely on third-party data sources. Each external input constitutes a record that must be protected. A failure to secure records from your supply chain can introduce vulnerabilities, such as biased data, into your systems.
Actionable Compliance: Securing Your AI Environment
A clear understanding of the risks paves the way for implementing practical controls.
- Develop an AI-Specific Records Policy: Define datasets, models, and logs as official records.
- Implement a Dynamic Retention Schedule: Specify distinct retention periods for raw training data vs. finalised production models.
- Enforce Strict Access Controls: Use RBAC to ensure only authorised personnel can delete sensitive records.
- Manage Your Metadata: Maintain meticulous metadata for all AI models (Model Cards) to ensure explainability and auditability.
The Evidence Locker: What the Auditor Needs to See
When the audit comes, prepare these artifacts:
- Retention Schedule (Excel): A matrix showing Record Type (e.g., “Financials,” “Training Data”) vs. Retention Period (e.g., “7 Years,” “Indefinite”).
- Disposal Logs (PDF): Evidence of secure destruction (e.g., “Certificate of Destruction” for hard drives, or CloudTrail logs for S3 bucket deletion).
- Archive Configuration (Screenshot): Screenshot of AWS S3 Object Lock or Glacier settings proving records are immutable for the required period.
- Model Lineage Record: A document linking a specific model version to the specific dataset version used to train it.
Common Pitfalls & Auditor Traps
Here are the top 3 ways AI companies fail this control:
- The “Data Hoarder” Syndrome: You keep everything “because storage is cheap.” The auditor asks “Why do you have ex-employee passports from 2015?” You have no legal basis. GDPR violation.
- The “Write-Only” Backup: You have backups, but you’ve never tested restoring them. That’s not a record; that’s a hope.
- The “Missing Context”: You have the model weights, but you deleted the training logs. You can’t prove how the model was built. This fails the “Accountability” principle.
The Tools We Use.
100% Audit Success. Zero AI Guesswork.
Handling Exceptions: The “Break Glass” Protocol
What if you are legally ordered to delete a record immediately, but your policy says “keep for 7 years”?
The “Legal Takedown” Workflow:
- Trigger: Court order or GDPR “Right to Erasure” request.
- Authority: DPO (Data Protection Officer) / Legal Counsel approves the exception.
- Action: Manually purge the record from live systems AND backups (crypto-shredding often used here).
- Log: Record the deletion event (but not the data) in a “Deletion Register” for proof of compliance.
The Process Layer: “The Standard Operating Procedure (SOP)”
How to operationalise A 5.33 using your existing stack (AWS, Linear).
- Step 1: Classification (Automated). Tag new S3 objects with Retention: 7-Years or Retention: 30-Days.
- Step 2: Storage (Automated). AWS Lifecycle Rules move data to Glacier or delete it based on the tag.
- Step 3: Review (Manual). Annual review of the “Retention Schedule” document by Legal/Compliance.
- Step 4: Destruction (Automated/Manual). When a laptop is returned, IT uses a disk-wiping tool and logs the “Certificate of Destruction” in Linear.
By implementing these controls, you build an auditable record protection programme. The High Table ISO 27001 Toolkit offers the purpose-built solution to accelerate this process, providing the governance structure you need to protect your AI assets effectively.
ISO 27001 Annex A 5.33 for AI Companies FAQ
What is ISO 27001 Annex A 5.33 for AI companies?
ISO 27001 Annex A 5.33 requires AI companies to protect records from loss, destruction, falsification, unauthorised access, and unauthorised release. For AI firms, this ensures 100% integrity of training logs, data provenance records, and model metadata, which are vital for proving compliance with the EU AI Act and GDPR during forensic audits.
What specific AI records require protection under Annex A 5.33?
AI organisations must safeguard a variety of technical and administrative records to satisfy Annex A 5.33. Critical records include:
- Data Lineage Records: Documentation of the origin, transformation, and destination of training datasets.
- Model Versioning History: Secure logs of hyperparameter configurations and architecture changes.
- Inference Logs: Records of model inputs and outputs for auditing algorithmic fairness and security.
- Compliance Artifacts: Signed risk assessments and auditor reports stored in a non-repudiable format.
How long should AI records be retained for ISO 27001 compliance?
AI companies must define retention periods based on statutory and business requirements. High-risk AI systems under the EU AI Act generally require logging records to be maintained for at least 6 months, while financial or healthcare AI records often follow a 7-year retention mandate to satisfy national regulatory frameworks and legal discovery processes.
How do AI firms prevent the falsification of training logs?
To prevent record falsification, AI firms should implement technical controls such as cryptographic hashing (SHA-256) and WORM (Write Once Read Many) storage. By creating an immutable audit trail for training logs, companies ensure that data provenance cannot be altered post-facto to conceal biases, data poisoning, or unauthorised access to proprietary datasets.
What is the legal impact of poor record protection for AI companies?
Failure to protect records under Annex A 5.33 can result in significant legal liability and the loss of ISO 27001 certification. Inadequate record-keeping regarding data consent or model safety can trigger GDPR fines of up to 4% of global turnover or EU AI Act penalties reaching €35 million, as the organisation cannot provide verifiable proof of “due diligence.”
About the author
