AI Meets Compliance: OnWatch AI’s Journey to a Smarter, Safer, and Certified Workplace

What was the standard you became certified in, and can you tell us about your certification journey? 

We became accredited in ISO 27001 as part of our commitment to doing things properly for our clients, our users, and ourselves. As a start-up, we recognised early on that information security needed to be a core part of our operations rather than a tick-box exercise. 
 
Going through the process helped us mature significantly as a business. We moved from a loose set of documents and folders to building our own compliance portal, driven by our AI assistant and powered by our policies. This was not just a technical upgrade, it shaped how we operate, how we collaborate, and how we present ourselves to the outside world. 

Is there a part of the standard that you find particularly useful or pertinent to your business? 

We found sections such as 5.1 (Policies for information security), 5.2 (Information security roles and responsibilities) and 5.33 (Protection of records) aligned well with how we use our AI assistant. 

Our assistant helps staff ask questions in natural language, understand policy requirements, and follow the correct process without needing to search through folders. These controls were not only useful in our audit but are now embedded in our daily operations. 

How did you find the certification process with Centre for Assessment? 

The entire process with Centre for Assessment was incredibly smooth and straightforward. At every stage, we knew exactly what was happening and what was expected. The auditor was outstanding. She was a true professional with a wealth of knowledge and brought a kind and realistic approach that was well suited to our size and business model. We genuinely felt privileged to be audited by someone so experienced and thoughtful. 

Would you recommend the ISO 27001 standard to others, and why? 

Absolutely. ISO 27001 has not only helped us secure more business but has also significantly reduced the administrative burden when working with larger clients. We are no longer jumping through endless paperwork hoops, simply mentioning our certification positively changes the conversation. More importantly, the internal impact has been transformative. We are more aligned, more professional, and more confident in our practices. 

What advice would you give to other organisations considering accreditation? 

Do not wait until you are “big enough” to need it. The earlier you build ISO 27001 into your culture, the more value you will get from it. Use it as a framework to grow properly rather than just a badge for sales. Also, think about usability – a system that only stores documents is not enough, your team needs to use and understand it. For us, integrating AI to simplify access and comprehension was essential. 

Stephanie Ryan, Co-founder and Head of Cyber and Compliance at OnWatch Ai, said: 

“Centre for Assessment made the ISO 27001 journey straightforward and genuinely valuable. The audit was not just a checklist. It was a professional, collaborative experience that helped us grow. I would recommend CfA without hesitation. If you want to do things properly, and you want a team that understands your business as well as the standard, they are the ones to work with.” 

For more information:

Visit our website for more information about us and what we offer: Home | Centre for Assessment