I’m the first user of ISMS Copilot. It has a good potential, but also limitations. Here are important tips to get the most out of it:

• Break down long requests in several parts. You want feedback on your policy? Cut it into separate sections. For example, instead of sending the complete policy, tell the assistant you will share a policy in 3 steps, tell it to wait until you’re done, and then once you’re done sharing the 3 parts, ask the assistant for feedback. If you sent everything straightaway, you might overwhelm the assistant, and even if it works, the feedback might be less relevant/detailed because it used too many tokens just to read your document.
• Be explicit about your preferences. You prefer a policy to be written in a certain tone or following a given style? Please, say it, otherwise, the assistant won’t know what you prefer.
• Indicate the version of the standard you’re working with. Don’t mention ISO “5.10 control”, say ISO 27001:2022 Appendix A 5.10 control. This way, you reduce the assistant’s likelihood to do mistakes.
• Use the EU version for short data retention period. Very soon, all chats with the EU version of our assistants will be automatically deleted from database within 30 days. You can u*Use EU version of ISMS Copilot assistants for “temporary chats” that might contain more sensitive data. You can of course the default version of the ISMS Copilot for requests that don’t reveal information about your business, or anonymize inputs when providing more contextualized information.