Diliko secures ISO 27001 & 27701 for Agentic AI platform
Diliko has announced it has achieved certification for ISO/IEC 27001 and ISO/IEC 27701 for its cloud-delivered Agentic AI data platform.
The company's recent certification includes ISO/IEC 27001:2022, which covers information security management, and ISO/IEC 27701:2019, centred on privacy information management. An independent audit was conducted by National Quality Assurance, USA, with the assessment concluding zero nonconformities, an outcome noted as confirming the maturity of Diliko's security and privacy practices at the organisational level.
International standards
ISO 27001 and ISO 27701 are internationally recognised frameworks, often referenced as benchmarks for secure and privacy-centred operations in data-driven sectors. Diliko's certification reflects its adoption of enterprise-grade processes to safeguard sensitive information, including Personally Identifiable Information (PII) and Protected Health Information (PHI). The compliance scope covers activity across multi-cloud platforms such as Azure, Google Cloud, AWS, and incorporates the use of Snowflake as a core data interface.
The independent audit also assessed Diliko's practices concerning extract, transform, load (ETL) processes, data orchestration, data provenance, lineage management, and the development of its AI platform. The scope of coverage was intended to ensure security and privacy principles are embedded throughout the lifecycle of data managed by the firm's platform.
Industry context
The attainment of both ISO 27001 and ISO 27701 certifications is aimed at supporting midmarket clients amid increasing regulatory demands worldwide. Mid-size enterprises are subject to similar legal and contractual requirements as larger organisations, particularly within healthcare, finance, and other heavily regulated sectors, but often operate with fewer dedicated compliance personnel and more limited budgets.
"Midmarket organizations face the same stringent privacy and security mandates as global enterprises, but without the deep staff or budget resources required to manage compliance," said Ken Ammon, Chief Strategy Officer at Diliko. "Certification to both ISO 27001 and ISO 27701 independently verifies that the privacy and security controls in our platform are not bolted on after the fact-they're built in from the start. Customers can operate with confidence knowing their data is managed to the highest international standards."
Diliko's platform aims to streamline security and privacy compliance with integrated features such as zero-trust data access, end-to-end encryption, real-time anomaly detection, and automated compliance monitoring. Additionally, Diliko provides functionality covering PII discovery, consent management, and granular policy enforcement within its data pipelines to facilitate adherence with a broad array of global and domestic mandates.
Regulatory support
Certification to ISO 27701 is specifically relevant for organisations addressing privacy frameworks such as Europe's General Data Protection Regulation (GDPR), the US Health Insurance Portability and Accountability Act (HIPAA), as well as additional frameworks like HITRUST, California's Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (CDPA), and the Tennessee Information Protection Act.
By certifying its platform to both standards, Diliko aims to assist customers in evidencing their compliance, while minimising operational complexity and the administrative workload associated with managing overlapping regulatory controls internally.
Diliko states its platform has been architected with security and privacy as foundational principles, helping organisations to manage data governance, integration, and integrity in complex multi-cloud environments.
