How Quillio handles ISO 27001 scope
Quillio is certified to ISO 27001:2022 for information security management. The certified scope covers the Quillio application, underlying infrastructure, and the internal information security management system (ISMS). The certificate and Statement of Applicability are available under NDA.
Certified scope
The scope statement covers the provision of the Quillio AI legal platform and supporting services. Corporate functions (HR, finance, marketing) are also covered. The scope is intentionally inclusive rather than narrow — narrow scopes often indicate certification theatre.
Annex A controls
We implement all Annex A controls as applicable. The Statement of Applicability documents any controls we have assessed as not applicable (for example, controls around physical media or on-premises delivery do not apply to our cloud-only model).
Surveillance and recertification
ISO 27001 certificates are valid 3 years with annual surveillance audits. We undergo annual surveillance and recertify every 3 years. The current certificate and audit reports are available under NDA.
Common issues
- Scope matters — check the scope statement, not just the logo
- ISO 27001:2022 is the current standard (previously :2013) — confirm version
- Related standards (ISO 27017, ISO 27018) are on our roadmap
Try Quillio on a real matter.
The fastest way to know if Quillio fits your practice is to use it on your own work. The free trial requires no credit card and no sales call.
Start your free trial