The use of AI within business is starting to become more common place. With major applications like Microsoft Teams and Word integrating many new features designed to make our lives easier.  However, we still need to exercise caution with this new technology and consider what we can put in place to mitigate any potential security risks while developing or utilizing it. Which is precisely what today’s guest, Monolith, has done. Monolith provide a machine learning program that engineers can adopt to build highly accurate self-learning AI models that instantly predict the performance of systems in a wide variety of operating conditions. In this weeks’ episode Mel is joined by Æsc George, Senior Software Engineer at Monolith, to discuss why they have adopted ISO 27001, explain their implementation journey and the benefits of having an Information Security Management System.  You’ll learn ·       Who are Monolith AI? ·       What was their main driver behind obtaining ISO 27001? ·       What was the biggest Gap identified in the initial Gap Analysis? ·       What benefits did Monolith AI gain from implementing ISO 27001?   Resources ●      Monolith ●      ISO 27001 Transition Gameplan   In this episode, we talk about: [00:25] An introduction to Monolith and Æsc George – Monolith AI is all about empowering engineers to develop self-learning models from their engineering test data. With this they can develop machine learning models to really accelerate new product introductions and get these new products to market much more quickly, primarily by using these models to accelerate and streamline their testing. They are currently recommended for ISO 27001 certification, and are eagerly awaiting the arrival of their physical certificate. Æsc George is a Senior Software Engineer of this web browser based software. He is also the interim security officer, which is why he was tasked with obtaining ISO 27001. Fun fact about Æsc: He was a proud owner of a colony of 8 rats! He currently takes care of 4 cats, which have access to a plethora of enrichment in his home ? [03:35] What was the main driver for Monolith to obtain ISO 27001? – There were a few drivers, the most obvious being that they want to display their commitment and credibility when it comes to Information Security. Acquiring ISO 27001 makes it easier to show their clients and prospects that their engineering data is in safe hands. Monolith also know that there's a lot of buzz about artificial intelligence and machine learning at the moment, and that buzz covers both sides of the coin. What good it can do for the world and the harms it can do, so aligning with ISO 27001 shows that they’re trying to use AI in a responsible way. [05:10] The start-up is getting a head start! – Monolith AI is a start-up company, only a year in and already leading the way for AI development by ensuring security is a priority from the start. [05:40] How long did it take to implement ISO 27001? Nine months from the point of contacting Blackmores to assist to being recommended for certification. Æsc recounts his experience: “My perception is that the effort was quite front loaded, so the amount of effort involved in the process almost wound down towards the end - even with the external audit happening towards the end. I think once the information security management had been established and we'd worked it into our day-to-day, the perceived effort was lower. So I felt pretty confident going through our audit processes because I've experienced the system working already.” [08:15] What was the biggest gap identified at the Gap Analysis?: There wasn’t a formal approach to information security risk and risk treatment. There were already a number of existing systems and ad-hoc arrangements to mitigate information security risks – but they had been framed in terms of risk. They hadn’t gone through a process where risks were quantified and weighed against each other. So following the g