Welcome to Exploring Standards! In this episode, host Jess sits down with Dan Sampson, a GRC consultant and certified lead auditor specialising in ISO 27001 and ISO 42001, to explore the intersection of information security and AI governance.

What You'll Learn:

• The key differences between ISO 27001 (information security) and ISO 42001 (AI governance)
• How these two standards complement each other and where they overlap
• Critical gaps that ISO 42001 fills that ISO 27001 doesn't address
• Which standard should your organisation implement first
• When ISO 42001 is necessary vs. when ISO 27001 alone is sufficient
• Common misconceptions about AI security and governance
• Practical advice for organisations considering certification

Key Takeaway: ISO 27001 prevents your data from being stolen, while ISO 42001 prevents your data from being used unfairly or unpredictably by AI systems. Together, they provide comprehensive protection for organisations deploying AI.

About Dan Sampson: Dan is a GRC consultant specialising in information security and responsible AI governance through his company, Sampson ISO Audit and Consult Limited. With extensive experience at the University of Sheffield and now as an independent consultant, Dan helps organisations align their information security practices with responsible AI deployment.

Connect with Dan:

Connect with Assent:

• LinkedIn: https://www.linkedin.com/company/associate-enterprises-ltd-t-a-assent/
• Facebook: https://www.facebook.com/assentuk
• Youtube: https://www.youtube.com/channel/UCWw6ny-YyfkxdGm7ig4yFoQ
• Instagram: @assentriskmanagement

Subscribe for more episodes exploring standards, compliance, and governance topics!