ISO 27001 Clause 4.3 for AI Companies: A Strategic Scoping Guide

ISO 27001 Clause 4.3 is the foundational requirement for Determining the Scope of the Information Security Management System (ISMS). For AI companies, this clause acts as the Primary Implementation Requirement to define exactly which AI models, data pipelines, and infrastructure are covered, providing the Business Benefit of a clear certification boundary that satisfies enterprise clients and regulatory bodies like the EU AI Act.

For an AI company, information security is not merely a technical function; it is the bedrock of your valuation. You are handling vast sets of sensitive training data, protecting proprietary algorithms, and processing client prompts. In this environment, achieving ISO 27001 certification transcends a simple compliance checkbox. It is a critical tool for demonstrating security maturity, building enduring client trust, and forging a significant competitive advantage.

The foundational step on the path to certification is to correctly define the “scope” of your Information Security Management System (ISMS). This initial decision dictates the boundaries of your entire security programme. This guide provides a clear, step-by-step process for defining ISO 27001 Clause 4.3 for AI companies, tailored specifically to navigate the unique challenges of the artificial intelligence industry.

The Business Case: Why This Actually Matters for AI Companies
The “No-BS” Translation: Decoding the Requirement
Regulatory Context: DORA, NIS2 and the EU AI Act
Toolkit vs. SaaS: Why Ownership is Better Than Renting
Demystifying ISO 27001 Clause 4.3: What is “Scope”?
The High Stakes: Analysing the Impact of Scoping Decisions
The Implementation Blueprint: A Step-by-Step Guide to Defining Your ISMS Scope
Crafting the Official Scope Statement
The Evidence Locker: What the Auditor Needs to See
Handling Exceptions: The “Break Glass” Protocol
The Process Layer: The Standard Operating Procedure (SOP)
Avoiding Common Pitfalls: Top 3 Scoping Mistakes
Passing the Audit: What Your Auditor Wants to See
Frequently Asked Questions (FAQ)

The Business Case: Why This Actually Matters for AI Companies

Let’s kill the “compliance is boring” mindset. Clause 4.3 is about revenue.

The Sales Angle

When you sell to a Bank or a Fortune 500 company, their procurement team will check your ISO 27001 certificate. They will look immediately at the Scope Statement. If your scope says “Corporate IT and HR” but you are selling them an “AI Inference API,” they will reject your certificate. They need assurance on the product they are buying, not your HR department.

The Risk Angle

Defining your scope prevents “Shadow AI.” By explicitly stating that your scope includes “All Model Training Environments,” you force the organisation to bring rogue GPU clusters and personal Hugging Face accounts under management. This prevents the nightmare scenario of a developer accidentally leaking model weights to a public repository.

The “No-BS” Translation: Decoding the Requirement

The standard uses academic language. Here is what it actually means for a modern AI company running on cloud infrastructure.

ISO 27001 Term	Translation for AI Companies
“Boundaries and applicability”	Draw a line around your AWS/GCP accounts. Everything inside is your problem. Everything outside (e.g., your cleaner’s phone) is not.
“Interfaces and dependencies”	How does data get from your customer to your model? APIs, S3 buckets, and private links.
“Internal and external issues”	Your investors want you to move fast; the EU AI Act wants you to slow down. Your scope must balance this.

Stop Spanking £10,000s on consultants and ISMS online platforms.

The Ultimate ISO 27001 Toolkit

Regulatory Context: DORA, NIS2 and the EU AI Act

Your Scope Statement (Clause 4.3) is the foundation for the new wave of AI regulation.

EU AI Act: This regulation applies to “High-Risk AI Systems.” Your ISO 27001 scope is the document where you formally define which of your systems fall into this category.
DORA: If you are a critical third-party provider to financial firms, DORA requires you to map your “ICT Assets.” This mapping begins with your ISO 27001 scope.
NIS2: As part of the supply chain, you must secure the “network and information systems” used to provide your service. Clause 4.3 is where you list those systems.

Toolkit vs. SaaS: Why Ownership is Better Than Renting

There is a trend of AI companies buying expensive SaaS platforms to “automate” scoping. This is often a mistake. You need to own your scope, not rent it.

Feature	ISO 27001 Toolkit	Online SaaS Platform
Ownership	100% Yours. You keep the files forever.	Rented. If you stop paying, you lose your certification evidence.
Cost	One-off fee. Low impact on burn rate.	Expensive monthly subscription (£10k-£20k/year).
Simplicity	Everyone knows how to use Word. No training needed.	Requires training your team on complex new software.
Freedom	No vendor lock-in. Move files anywhere.	Complete lock-in. Hard to export data if you leave.
Accuracy	You define the scope precisely.	Automated scanners often create a scope that is too broad (“boiling the ocean”).

For a fast-moving AI company, the ISO 27001 Toolkit offers the speed and control you need without the monthly tax.

Demystifying ISO 27001 Clause 4.3: What is “Scope”?

Before diving into the ‘how’ of scoping, it is essential to understand the ‘what’. The purpose of this clause is to ensure your ISMS has a clear and well-defined boundary.

This clarity is crucial as it formally establishes:

Which parts of your AI infrastructure are included (e.g., Training vs Inference).
The boundaries of your certification (e.g., covering the London office but excluding the remote team in Bali).

The High Stakes: Analysing the Impact of Scoping Decisions

Defining the scope is arguably the single most significant decision in the ISO 27001 journey. As we say in the industry, “Getting the Scope wrong is the single most expensive mistake you can make.”

For an AI company, the impact of an incorrect scope can be severe. If the scope fails to meet customer requirements by excluding the cloud infrastructure where your machine learning pipelines are executed, the entire certification may be worthless. Conversely, if the scope is too broad, you apply rigorous controls to non-critical areas, diverting engineering resources from innovation.

The Implementation Blueprint: A Step-by-Step Guide to Defining Your ISMS Scope

A methodical, structured approach is the key to effective scoping. Here is a comprehensive, sequential guide tailored for AI companies.

Define Organisational Boundaries: Clearly identify your structure. Does the scope include the Data Science subsidiary? What about the offshore labelling team?
List All Products and Services: Document every AI product, from the core “Inference API” to the “Fine-tuning Service.”
Consult Your Customers: Review your Enterprise contracts. What did you promise the bank? If you promised to secure “data processing,” your scope must cover the entire ML pipeline.
Consult Your Leadership: Ensure the scope aligns with the roadmap. If you are launching a new “Private Cloud” deployment next quarter, include it now to avoid re-auditing later.
Consult Interested Parties: Check with regulators. Does the EU AI Act require you to include your model registry in the scope? (Hint: Yes).
Document In-Scope Services: Create a formal list. e.g., “The development and operation of the Generative AI Platform.”
Review Internal and External Issues: Cross-reference with Clause 4.1. If “Supply Chain Attack” is a key issue, your scope must include your dependencies (e.g., Hugging Face, OpenAI).
Confirm the List: Get the CTO to sign off. This prevents arguments later about why the “Research Sandbox” is subject to strict access control.
Identify Supporting Functions: Which teams support the AI product? DevOps, MLOps, HR, and Legal are usually critical.
Determine Scope Exclusions: Explicitly exclude things you don’t control. You cannot secure the customer’s on-premise firewall. Document this exclusion.
Document Scope Boundaries: Define the “Logical Perimeter.” Usually, this is your cloud organisation (AWS/GCP/Azure) and your code repositories (GitHub/GitLab).
Write Your Scope Statement: Summarise this into a clear, concise paragraph. This is what goes on the certificate.
Communicate to Stakeholders: Tell the engineers. They need to know that the “Production” project is in scope, but their “Personal Playground” might be out (if separated correctly).
Obtain Management Approval: You must secure formal approval from top management. The auditor will ask for this email or meeting minute.
Verify with Certification Body: Send your draft scope to your auditor before the audit. It saves costly misunderstandings.

Crafting the Official Scope Statement

The scope statement is the official, documented summary of your ISMS boundaries. It is the public-facing declaration that appears on your ISO 27001 certificate and is the first document an auditor will scrutinise.

Practical, Real-World Example

For an AI SaaS company, your scope statement might look like this:

“The information security management system supporting the development, operation, and maintenance of the [AI Product Name] platform, including the processing of customer training data and the serving of model inference APIs, in accordance with the Statement of Applicability version 2.1.”

The Evidence Locker: What the Auditor Needs to See

When I show up for your audit, I want to see these exact artifacts in your “Clause 4.3” folder:

The Scope Document (PDF): A 1-2 page document signed by the CTO.
Network Architecture Diagram: A diagram showing your VPCs, Subnets, and where the data flows. Circle the “In-Scope” area in red.

[Image of Network Architecture Diagram]
Asset Inventory Export: A list of the AWS accounts or GPU clusters that fall within the scope.
Management Meeting Minutes: Evidence that the scope was discussed and approved.

Handling Exceptions: The “Break Glass” Protocol

Sometimes you need to operate outside the scope during an emergency (e.g., spinning up a new region to handle a traffic spike before it’s fully secured). You need a protocol for this.

The Protocol:

Identify Deviation: “We are using a new GPU provider not listed in the scope.”
Risk Assessment: CTO assesses the risk. “Low risk if no customer data is used.”
Temporary Approval: Approve the deviation for 30 days via a Linear ticket.
Remediation: Bring the new provider into scope (add controls) or decommission it before the 30 days are up.

The Process Layer: The Standard Operating Procedure (SOP)

How do you manage the scope day-to-day? Here is the SOP for an AI company.

Scope Review Cycle

Trigger: Annual review or Major Change (e.g., Merger, New Product Launch).
Review: CTO and Head of Security review the current Scope Statement against the new architecture.
Update: If the boundaries have changed (e.g., we added Azure), update the document.
Notify: Inform the Certification Body if the change is significant (they may need to adjust your audit days).

Avoiding Common Pitfalls: Top 3 Scoping Mistakes

Even with a clear process, there are common traps AI companies fall into.

1. Defining an Overly Broad Scope (Boiling the Ocean)

The Problem: You include “All Operations” in the scope. Now the auditor wants to check the CCTV in your WeWork office or the security of your Marketing team’s Instagram account.

The Solution: Laser focus. Scope only the “Development and Operation of the AI Platform.” Exclude everything else.

2. Neglecting Client Expectations

The Problem: You scope for “Consultancy Services” to make the audit easy. But your client is buying your “SaaS Platform.” The certificate you hand them is useless.

The Solution: Check your biggest contracts. Ensure the scope matches the service description in the MSA.

3. The “Shadow AI” Gap (SaaS Error)

The Problem: You used a SaaS tool to scan your AWS account, so you think your scope is perfect. But your data scientists are downloading data to their local MacBooks to run experiments. The SaaS tool didn’t see that, but the auditor will.

The Solution: Scoping is a human interview process, not just an API scan. You must account for where the data actually goes, not just where the server is.

Passing the Audit: What Your Auditor Wants to See

Ultimately, all your preparation culminates in the external audit. Here is exactly what the auditor will check:

A Documented Scope: A physical PDF or Docx file. Not a screenshot from a SaaS portal.
Alignment with Clause 4.1: Does the scope address the risks you identified? (e.g., if you listed “EU AI Act” as an issue, is the relevant AI system in scope?)
Management Approval: A signature or email confirmation from the C-Suite.

Frequently Asked Questions (FAQ)

What is ISO 27001 Clause 4.3 for AI companies?

ISO 27001 Clause 4.3 requires AI companies to determine the boundaries and applicability of the Information Security Management System (ISMS) to establish its scope. For AI firms, this must explicitly include data training pipelines, model weights, and 3rd-party LLM integrations to ensure 100% coverage of the algorithmic lifecycle.

How do AI firms define ISMS boundaries?

AI firms define ISMS boundaries by documenting the physical, organisational, and technical limits of their operations. This typically includes cloud infrastructure (e.g. AWS or Azure), distributed development teams, and proprietary datasets. Organisations that fail to include remote data labelling or outsourced model fine-tuning in their scope see a 35% higher rate of audit non-conformities.

What must be considered when determining the AI ISMS scope?

When determining the scope, AI companies must consider external and internal issues, requirements of interested parties, and the interfaces with 3rd-party services. To ensure 100% compliance, the scope statement must account for:

Regulatory obligations such as the EU AI Act and UK GDPR.
Contractual security requirements from Enterprise B2B clients.
The technical dependencies of the AI software development lifecycle (SDLC).
Interfaces between the internal environment and external API providers like OpenAI or Anthropic.

Is the ISO 27001 scope statement mandatory for AI startups?

Yes, the scope statement is a mandatory piece of documented information under Clause 4.3 that must be available to auditors. For startups, this document serves as the foundation for the entire ISMS; without a 100% clear scope, the Statement of Applicability (SoA) cannot be accurately mapped, leading to potential gaps in 40% of security controls.

How does ISO 42001 impact Clause 4.3 scope for AI?

ISO 42001 (AI Management System) extends the scope of Clause 4.3 by adding specific requirements for AI system transparency and ethical data use. Aligning ISO 27001 scope with ISO 42001 standards allows AI companies to create a unified governance framework, reducing documentation redundancy by approximately 25% while satisfying both security and AI-specific regulatory mandates.

About the author

Stuart Barker

ISO 27001 Ninja

Stuart Barker is a veteran practitioner with over 30 years of experience in systems security and risk management. Holding an MSc in Software and Systems Security, he combines academic rigor with extensive operational experience, including a decade leading Data Governance for General Electric (GE).

As a qualified ISO 27001 Lead Auditor, Stuart possesses distinct insight into the specific evidence standards required by certification bodies. His toolkits represent an auditor-verified methodology designed to minimise operational friction while guaranteeing compliance.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp_woocommerce_session_*	2 days	WooCommerce sets this cookie to make a unique code for each customer so that it knows where to find the cart data in the database for each one.
yith_wcmcs_currency	7 days	Required for currency conversion.
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.

Cookie	Duration	Description
PREF	8 months	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
m	1 year 1 month 4 days	No description available.
_monsterinsights_uj	1 year	Description is currently not available.

ISO 27001:2022 Clause 4.3 Determining The Scope Of The Information Security Management System for AI Companies

Table of contents