Skip to main content
Glama
deenesjakoruzh
CSOAI-ORG

ISO 27001 AI MCP

Official
by CSOAI-ORG
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

iso-27001-ai-mcp MCP server MCP Registry PyPI

iso-27001-ai-mcp MCP server

PyPI Downloads GitHub stars License: MIT

ISO 27001 AI MCP

ISMS audit, Annex A gap analysis, and Statement of Applicability generation for AI/ML systems against ISO 27001:2022.

MEOK AI Labs

Install · Tools · Pricing · Attestation API

Why This Exists

ISO 27001:2022 is the global standard for information security management, and the 2022 revision added 11 new controls (including A.5.23 cloud services, A.8.11 data masking, A.8.12 data leakage prevention) that directly affect AI deployments. Organisations running AI systems need to map model training pipelines, inference endpoints, and data flows into their ISMS scope.

Most consultancies charge 15-30K per ISO 27001 gap analysis. This MCP automates the ISMS audit against all 93 Annex A controls, generates Statements of Applicability, performs risk assessments per ISO 27005, crosswalks to AI-specific frameworks, and classifies security incidents under ISO 27035.

Install

pip install iso-27001-ai-mcp

Tools

Tool

ISO Reference

What it does

audit_isms

Clauses 4-10

Full ISMS audit against ISO 27001:2022 management clauses

risk_assessment

ISO 27005

Information security risk assessment for AI assets

gap_analysis

Annex A (93 controls)

Control-by-control gap analysis against 2022 Annex A

crosswalk_to_ai

Annex A + AI frameworks

Map ISO 27001 controls to ISO 42001 / EU AI Act requirements

generate_soa

Clause 6.1.3

Generate Statement of Applicability with justifications

incident_classification

ISO 27035

Classify and triage AI security incidents

Example

Prompt: "Run an ISO 27001 gap analysis on our ML training pipeline.
We store training data in S3, run training on GPU clusters in eu-west-1,
and deploy models via a REST API with no authentication."

Result: Gap analysis across Annex A with critical findings on unauthenticated
API endpoints, missing data deletion policies, absent cloud service agreements,
and no DLP controls on model outputs. Statement of Applicability generated
with all 93 controls assessed.

Pricing

Tier

Price

What you get

Free

£0

10 calls/day — ISMS audit + gap analysis

Pro

£199/mo

Unlimited + HMAC-signed attestations + verify URLs

Enterprise

£1,499/mo

Multi-tenant + co-branded reports + webhooks

Subscribe to Pro · Enterprise

Attestation API

Every Pro/Enterprise audit produces a cryptographically signed certificate:

POST https://meok-attestation-api.vercel.app/sign
GET  https://meok-attestation-api.vercel.app/verify/{cert_id}

Zero-dep verifier: pip install meok-attestation-verify

Links

License

MIT

This server cannot be installed

A
license - permissive license
-
quality - not tested
B
maintenance

How are these scores calculated?

Maintenance

Maintainers
Response time
Release cycle
1Releases (12mo)

Resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CSOAI-ORG/iso-27001-ai-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server