Overview

ISO/TR 24028 provides guidance on trustworthiness in artificial intelligence systems. Our assessment helps organizations:

• Evaluate AI systems against international trustworthiness principles

• Identify risks in AI decision-making processes

• Improve transparency and accountability of AI implementations

• Align with emerging AI governance frameworks

Who It's For

• Developers and deployers of AI systems

• Organizations using AI for critical decision-making

• Regulatory compliance teams addressing AI risks

• Procurement teams evaluating AI vendor solutions

• Ethics committees overseeing AI implementations

Why an AI Trustworthiness Assessment Matters

• Risk Mitigation: Identify and address AI system vulnerabilities

• Regulatory Preparedness: Stay ahead of evolving AI regulations

• Stakeholder Trust: Demonstrate responsible AI practices

• System Improvement: Enhance AI reliability and performance

Scope of Our Assessment

• AI System Documentation: Review of development processes

• Algorithmic Transparency: Explainability and interpretability

• Data Quality: Training data representativeness and bias

• Decision Auditing: Output validation and monitoring

• Human Oversight: Control mechanisms and fallback procedures

Our 6-Step Assessment Process

1. Scoping Call: Define AI systems and use cases

2. Document Review: Technical documentation and policies

3. Technical Evaluation: Algorithm and data pipeline analysis

4. Stakeholder Interviews: Developers, users, and affected parties

5. Impact Assessment: Potential harms and mitigation strategies

6. Final Report: Conformity Assessment with improvement plan

Deliverables

• Trustworthiness Assessment Certificate

• AI Risk Profile Report

• Bias and Fairness Evaluation

• Governance Improvement Plan

• Executive Summary Presentation

Why Company Certification Int.?

• AI Ethics Experts: Assessors with technical and ethical expertise

• Multidisciplinary Approach: Combines technical and governance perspectives

• Practical Framework: Actionable recommendations for improvement

• Future-Ready: Aligns with emerging global AI standards

FAQ

Q: Is this a certification of our AI system?
A: This is a conformity assessment providing independent validation of your AI's trustworthiness characteristics.

Q: How does this relate to EU AI Act requirements?
A: Our assessment helps prepare for compliance with high-risk AI system requirements.

Q: What types of AI systems can be assessed?
A: We assess machine learning, deep learning, and other AI approaches across all applications.

Q: How long does the assessment take?
A: Typically 3-5 weeks depending on system complexity.

Q: Do you need access to our source code?
A: We require appropriate technical documentation but typically don't need full source code access.

Get Started

Ready to demonstrate your AI's trustworthiness?
[Request AI Assessment] [Download Trustworthiness Checklist]

Company Certification Int. offers a structured Privacy Framework Assessment based on ISO/IEC 29100, the international guideline that defines a common privacy terminology and outlines principles for protecting personally identifiable information (PII). While not certifiable, our conformity assessment helps your organization align with global privacy best practices.

What Is ISO/IEC 29100?

ISO/IEC 29100 provides a high-level framework that:

• Establishes privacy principles for handling PII

• Defines key privacy terminology

• Identifies actors and roles in PII processing

• Supports compliance with privacy laws (e.g., GDPR, HIPAA, PDPA)

• Enables organizations to embed privacy-by-design

Our Assessment Services

We assess your organization’s alignment with ISO/IEC 29100 through:

• Review of privacy policies, notices, and practices

• Mapping PII life cycle stages and risk points

• Gap analysis against privacy principles

• Recommendations for improving governance and controls

• Issuance of a Conformity Assessment Certificate

Key Benefits

• Enhances trust with clients and stakeholders

• Supports regulatory compliance across jurisdictions

• Promotes privacy-by-design and by-default practices

• Reduces risk of data breaches and non-compliance fines

• Positions you for future ISO 27701 certification

Who Should Consider This?

• Organizations processing personal or sensitive data

• Data controllers and processors

• SaaS platforms, e-commerce, fintech, healthcare, and HR systems

• Startups seeking privacy readiness before product launch

• Compliance, DPOs, and legal teams

What You’ll Receive

• Privacy Framework Assessment Report

• Custom recommendations for improvement

• Alignment summary with ISO/IEC 29100

• Awareness training options for staff

• Non-accredited Conformity Certificate

Our Approach

• Remote interviews with data owners and privacy teams

• Review of existing PII handling procedures

• Risk analysis and remediation planning

Frequently Asked Questions (FAQ)

Q1: Is ISO/IEC 29100 a certifiable standard?
A1: No. It’s a guideline. We offer conformity assessment services to help you demonstrate alignment.

Q2: How is it different from ISO 27701?
A2: ISO 29100 provides general privacy principles. ISO 27701 builds on ISO 27001 to implement a full privacy information management system.

Q3: Is it helpful for GDPR compliance?
A3: Yes. The principles of ISO/IEC 29100 are aligned with GDPR and other global privacy regulations.

Q4: Who conducts the assessment?
A4: Our certified privacy and information security professionals assess your organization remotely or onsite.

Show Your Commitment to Privacy

Strengthen your privacy posture with ISO/IEC 29100 Assessment from Company Certification Int.

At Company Certification Int., we offer conformity assessment services based on ISO/IEC 27040, the globally recognized guideline for securing digital storage systems. While not certifiable, aligning with this standard demonstrates your organization's commitment to robust information security practices.

What Is ISO/IEC 27040?

ISO/IEC 27040 provides detailed recommendations for planning, implementing, and maintaining secure storage environments. It covers a broad range of storage technologies, from cloud to local data centers, with a focus on confidentiality, integrity, and availability.

It includes:

• Threat and risk analysis for storage

• Secure storage architecture and design

• Encryption, access control, and data masking

• Backup, replication, and data retention strategies

• Lifecycle protection of data at rest and in motion

Our Assessment Services

Our Storage Security Assessment includes:

• Review of current storage technologies and controls

• Gap analysis against ISO/IEC 27040 guidelines

• Recommendations tailored to your storage architecture

• Risk mitigation strategies for data storage environments

• A Conformity Assessment Certificate upon completion

Key Benefits

• Reduces risk of data breaches and unauthorized access

• Strengthens compliance with privacy and industry laws

• Enhances resilience of storage infrastructure

• Supports business continuity and disaster recovery

• Builds customer trust and regulatory confidence

Who Should Consider This?

• Data center operators and cloud service providers

• IT and cybersecurity managers

• Finance, healthcare, legal, and government sectors

• Organizations managing critical or sensitive data

• Businesses pursuing ISO/IEC 27001 implementation

What You’ll Receive

• Storage Security Assessment Report

• Customized action plan for enhancements

• Certificate of Conformity (non-accredited)

• Optional team awareness training

Our Approach

• Remote or onsite evaluations available

• Interviews, system reviews, and architecture mapping

• Practical, risk-based recommendations

Frequently Asked Questions (FAQ)

Q1: Is ISO/IEC 27040 a certifiable standard?
A1: No. It’s a guideline. We offer conformity assessments to confirm your alignment with its best practices.

Q2: Does this overlap with ISO/IEC 27001?
A2: ISO/IEC 27040 complements ISO/IEC 27001 by providing detailed technical guidance for storage security controls.

Q3: Is this suitable for cloud storage environments?
A3: Yes. It includes recommendations for securing both on-premises and cloud-based storage systems.

Q4: Can we use this assessment in our audit reports or vendor evaluations?
A4: Yes. The report and certificate enhance credibility during audits and supply chain assessments.

Secure Your Data Storage with Confidence

Partner with Company Certification Int. to demonstrate leadership in data storage security aligned with ISO/IEC 27040.

Company Certification Int. offers a professional conformity assessment service based on ISO/IEC 27036, the international guideline that helps organizations manage information security risks in supplier and third-party relationships. While it is not a certifiable standard, this assessment supports businesses in aligning with best practices to secure their supply chain.

What Is ISO/IEC 27036?

ISO/IEC 27036 is a multi-part guideline that provides structured advice on managing information security in supplier relationships. It focuses on:

• Risk identification and mitigation in outsourcing and procurement

• Secure information exchange with suppliers and service providers

• Lifecycle security from onboarding to contract termination

• Integration with broader information security management systems

This guideline supports compliance with ISO/IEC 27001, especially in environments where third-party vendors, cloud services, or outsourcing are involved.

What We Offer

Our conformity assessment services for ISO/IEC 27036 include:

• Evaluation of supplier security risk controls

• Assessment of policies, contracts, and SLAs

• Review of due diligence, onboarding, and monitoring processes

• Identification of vulnerabilities and gaps in supplier relationships

• Issuance of a Conformity Assessment Certificate (non-accredited)

Key Benefits

• Strengthens third-party risk management

• Reduces risk of data breaches via supply chain channels

• Improves contract-based security governance

• Supports ISO 27001 Annex A control requirements (A.15 & A.6)

• Demonstrates responsible vendor management to clients and regulators

Who Should Consider This Assessment?

• Organizations that outsource IT, cloud, or business processes

• Enterprises with complex vendor ecosystems

• Government and regulated industries

• Any business pursuing ISO 27001 or general cybersecurity enhancement

Our Delivery Method

• 100% remote or hybrid assessments

• Efficient, tailored reviews for your supply chain context

• Clear reporting and remediation advice

What You’ll Receive

• Supplier Security Assessment Report

• Actionable recommendations

• Certificate of Conformity (showing alignment with ISO/IEC 27036)

• Optional consultation on supplier onboarding and contract controls

Frequently Asked Questions (FAQ)

Q1: Is ISO/IEC 27036 a certifiable standard?
A1: No, it’s a guideline. Organizations can align with it and obtain a conformity assessment certificate, but not ISO certification.

Q2: Is this useful if we’re already ISO 27001 certified?
A2: Absolutely. ISO/IEC 27036 deepens your control over supplier-related security, which is part of ISO 27001’s Annex A controls.

Q3: Can this help us prepare for client audits or RFPs?
A3: Yes. Many clients and contracts demand supplier risk management. This assessment shows your proactive approach.

Q4: Do you review actual supplier contracts?
A4: Yes. Our assessors evaluate relevant clauses and SLAs to check alignment with ISO/IEC 27036 best practices.

Ready to Secure Your Supplier Network?

Reach out to Company Certification Int. today to schedule your ISO/IEC 27036 conformity assessment and strengthen your supplier relationships with confidence.