# Information security and AI governance, made practical | BoardX

> Translate risk and regulatory pressure into controls and evidence. ISO 27001, DORA, UK GDPR, NIS 2, plus AI governance under EU AI Act, ISO 42001 and NIST AI RMF.

Canonical URL: https://www.boardx.io/for-compliance/information-security

## What this page is

A practical framing of how BoardX supports two pillars together: **information security** and **AI governance**. Stop managing governance across disconnected tools — give boards, audit committees and security leaders one place to translate risk and regulatory pressure into controls and evidence that stand up when it counts.

## Pillar one: information security

- **Frameworks**: ISO 27001, NIST CSF 2.0, CIS v8.1, SOC 2, Cyber Essentials.
- **Regulations**: UK GDPR, DUAA 2025, DORA, NIS 2, PCI DSS 4.0.1, NHS DSPT.
- **Capabilities**: control libraries, evidence recommendations, continuous control monitoring, risk register, incident management, third-party risk, business continuity and resilience.

## Pillar two: AI governance

- **Frameworks**: ISO 42001, NIST AI RMF.
- **Regulations**: EU AI Act.
- **Capabilities**: AI system register, AI risk assessments, AI incident management, model red-teaming records, AI policy and attestation, board oversight.

## How BoardX engages

1. **Scope** — agree the in-scope frameworks, regulations and entities.
2. **Gap** — assess current control posture against the chosen frameworks.
3. **Build** — implement controls, policies and evidence flows directly in BoardX.
4. **Assure** — present audit-ready evidence to the board, auditors and regulators.

## Where this fits in BoardX

This is the umbrella view for compliance and security leaders. For the AI side, see [AI compliance](https://www.boardx.io/for-compliance/ai-compliance). For the day-to-day compliance product, see [Compliance management](https://www.boardx.io/compliance-management). For the risk register, see [Risk management](https://www.boardx.io/risk-management).