Metadata-Version: 2.4
Name: iso-27001-ai-mcp
Version: 1.0.1
Summary: AI-powered iso 27001 ai MCP server for agents. Supports audit isms, risk assessment, gap analysis. By MEOK AI Labs.
Project-URL: Homepage, https://meok.ai
Project-URL: Repository, https://github.com/CSOAI-ORG/iso-27001-ai-mcp
Author-email: MEOK AI Labs <nicholas@meok.ai>
License: MIT License
        
        Copyright (c) 2026 CSOAI-ORG / MEOK AI Labs
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
License-File: LICENSE
Keywords: ai-governance,compliance,mcp,meok
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.10
Requires-Dist: mcp>=1.0.0
Description-Content-Type: text/markdown

[![iso-27001-ai-mcp MCP server](https://glama.ai/mcp/servers/CSOAI-ORG/iso-27001-ai-mcp/badges/card.svg)](https://glama.ai/mcp/servers/CSOAI-ORG/iso-27001-ai-mcp)

<div align="center">

[![PyPI](https://img.shields.io/pypi/v/iso-27001-ai-mcp)](https://pypi.org/project/iso-27001-ai-mcp/)
[![Downloads](https://img.shields.io/pypi/dm/iso-27001-ai-mcp)](https://pypi.org/project/iso-27001-ai-mcp/)
[![GitHub stars](https://img.shields.io/github/stars/CSOAI-ORG/iso-27001-ai-mcp)](https://github.com/CSOAI-ORG/iso-27001-ai-mcp/stargazers)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)

# ISO 27001 AI MCP

**ISMS audit, Annex A gap analysis, and Statement of Applicability generation for AI/ML systems against ISO 27001:2022.**

[![MEOK AI Labs](https://img.shields.io/badge/MEOK_AI_Labs-224+_servers-purple)](https://meok.ai)

[Install](#install) · [Tools](#tools) · [Pricing](#pricing) · [Attestation API](#attestation-api)

</div>

---

## Why This Exists

ISO 27001:2022 is the global standard for information security management, and the 2022 revision added 11 new controls (including A.5.23 cloud services, A.8.11 data masking, A.8.12 data leakage prevention) that directly affect AI deployments. Organisations running AI systems need to map model training pipelines, inference endpoints, and data flows into their ISMS scope.

Most consultancies charge 15-30K per ISO 27001 gap analysis. This MCP automates the ISMS audit against all 93 Annex A controls, generates Statements of Applicability, performs risk assessments per ISO 27005, crosswalks to AI-specific frameworks, and classifies security incidents under ISO 27035.

## Install

```bash
pip install iso-27001-ai-mcp
```

## Tools

| Tool | ISO Reference | What it does |
|------|--------------|--------------|
| `audit_isms` | Clauses 4-10 | Full ISMS audit against ISO 27001:2022 management clauses |
| `risk_assessment` | ISO 27005 | Information security risk assessment for AI assets |
| `gap_analysis` | Annex A (93 controls) | Control-by-control gap analysis against 2022 Annex A |
| `crosswalk_to_ai` | Annex A + AI frameworks | Map ISO 27001 controls to ISO 42001 / EU AI Act requirements |
| `generate_soa` | Clause 6.1.3 | Generate Statement of Applicability with justifications |
| `incident_classification` | ISO 27035 | Classify and triage AI security incidents |

## Example

```
Prompt: "Run an ISO 27001 gap analysis on our ML training pipeline.
We store training data in S3, run training on GPU clusters in eu-west-1,
and deploy models via a REST API with no authentication."

Result: Gap analysis across Annex A with critical findings on unauthenticated
API endpoints, missing data deletion policies, absent cloud service agreements,
and no DLP controls on model outputs. Statement of Applicability generated
with all 93 controls assessed.
```

## Pricing

| Tier | Price | What you get |
|------|-------|-------------|
| **Free** | £0 | 10 calls/day — ISMS audit + gap analysis |
| **Pro** | £199/mo | Unlimited + HMAC-signed attestations + verify URLs |
| **Enterprise** | £1,499/mo | Multi-tenant + co-branded reports + webhooks |

[Subscribe to Pro](https://buy.stripe.com/14A4gB3K4eUWgYR56o8k836) · [Enterprise](https://buy.stripe.com/4gM9AV80kaEG0ZT42k8k837)

## Attestation API

Every Pro/Enterprise audit produces a cryptographically signed certificate:

```
POST https://meok-attestation-api.vercel.app/sign
GET  https://meok-attestation-api.vercel.app/verify/{cert_id}
```

Zero-dep verifier: `pip install meok-attestation-verify`

## Links

- Website: [meok.ai](https://meok.ai)
- All MCP servers: [meok.ai/labs/mcp/servers](https://meok.ai/labs/mcp/servers)
- Enterprise support: nicholas@csoai.org

## License

MIT
<!-- mcp-name: io.github.CSOAI-ORG/iso-27001-ai-mcp -->
