Theta Lake Touts First-of-its-Kind ISO Certification for AI Comms Data Trust

Data security specialist Theta Lake has been awarded trust certification for its artificial intelligence-powered compliance communications services.

The designation was conferred as the company prepares to release a report that shows IT teams in financial services and other industries are facing challenges with their AI governance and security.

“Financial services AI, compliance, security and risk teams evaluating AI technologies should view the ISO 42001 certification as a gold standard indicative of independent, third-party validation of the rigour applied to the development, maintenance and security of AI systems,” Theta Lake general counsel and vice president of compliance Marc Gilman told Data Management Insight.

Data Monitoring

Theta Lake said, however, that not all providers of AI communications technology offer detailed visibility into their systems’ documentation, procedures and tools. The company added that its new ISO certification makes it the only such vendor that can provide trust in its AI capabilities.

“From an AI provider perspective, ISO 42001 provides a set of industry-aligned baseline competencies for the internal processes and procedures used to develop and deploy AI products and services,” Gilman said. “Additionally, it supports compliance with emerging regulatory frameworks such as the EU AI Act and existing mandates such as those under the Federal Reserve’s SR 11-7 Guidance on Model Risk Management.

“The ISO 42001 certification cuts to the heart of these challenges as it is designed specifically for entities providing or using AI-enabled products or services to ensure responsible innovation.”

Data Challenge

In its survey more than 500 IT and compliance professionals, the detailed results of which will be published this month, the company found that 88 per cent of respondents cited AI governance and data security as a core challenge. The scope of that is magnified by the findings that all but a small handful said they plan to implement or expand the use of AI features in their unified communications and collaboration (UCC) tools. Nine in 10 of those said the technology they’re most likely to deploy would be generative AI (GenAI).

Theta Lake warned that GenAI is “exactly the type of applications where jailbreaking may occur”, referring to the act of circumventing regulations around the technology’s use.

“This type of behaviour risk is new, and presents a huge risk to organisations as they look to… maximise productivity,” the company said in a statement.

Theta Lake said its own DCGA product had been updated with better capabilities to detect jailbreak attempts and have provided the ability to hare detailed insights from AI communications with detailed metadata via new observability and security information and event management (SIEM) API endpoints.

The new endpoints ensure customers can maximise the value and intelligence of the data they derive from their communications stack, the company said.

Positive Signal

Gilman said that use ISO 42001-accredited services sends a signal that a company is serious about protecting its data.

“Overall, given regulatory scrutiny around the adoption and use of AI in financial services, the ISO 42001 certification is meaningful and demonstrable evidence of an organisation’s maturity and sophistication in managing these complex technologies,” he said.