AI organizational context
Understanding how the organization interacts with AI systems — as provider, developer, deployer or user — and mapping of the parties involved.
Compliance · ISO/IEC 42001
Artificial intelligence management system.
ISO/IEC 42001:2023. First international standard for AI management systems. Structure similar to ISO 27001 (high-level structure) but applied to the lifecycle of artificial intelligence systems.
Context
Who it is useful for
Organizations that develop, supply, or use AI systems and want to adopt a structured management framework. The standard is recent (published late 2023), diffusion is still limited but growing. It integrates with the AI Act for those operating in the European Union and with ISO 27001 for those already running an ISMS.
What the assessment covers
What the assessment covers
AI policy and leadership
Management commitment, AI policy, alignment with business strategy and other existing management systems.
AI risk assessment and management
Identification of AI-specific risks, treatment, integration with enterprise risk management.
Annex A controls
Specific controls for managing AI systems: data, lifecycle, third parties, transparency, performance, human oversight.
AI system lifecycle
Design, development, validation, deployment, monitoring, retirement. Documentation and traceability across the phases.
Regulatory alignment
Mapping against AI Act, GDPR, NIS2 and sectoral regulations. The standard is voluntary, but it can help demonstrate due diligence.
Same method
Same methodology, applied to the specific regulation.
The methodology common to all certifications — the open-source platform, the documents delivered, the 0–5 maturity model, the work phases — is described once on the main Compliance page.
Have a deadline to face on this regulation?
We start with a scoping: classification of the organization, perimeter, responsible people, availability of existing evidence. From there the rest is sized.