Build trust with ISO 42001 in 2025

Demonstrate a high standard of artificial intelligence management security through
ISO 42001 certification.

alab-network-countries-and-employees-1

We work with more than 700 fast-growing companies across 20+ countries, ranging in size from 2 to 26,000+ employees.

ISO 42001 CERTIFICATION

Is this the year you

grow with ISO 42001?

ISO 42001 is an International Management System standard for the safe and reliable development and implementation of AI enabling certification of Artificial Intelligence Management Systems (AIMS). 

It specifies requirements for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS) within organisations. Applicable across all industries, ISO 42001 is a framework for policies, people and processes.

We provide audit pre-assessments through to certifications for ISO 42001.

Ready to get started with ISO 42001?

alab-soc2-image
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital
  • Vital

THE PROCESS

Six Phases of ISO 42001

left arrow right arrow
alab-soc2-audit-01-icon

Stage 1 Audit

Audits your key AIMS documentation from a design standpoint to confirm it satisfies the mandatory requirements of the ISO 42001 framework. A report is issued with any non-conformities, process improvements and observations to consider while implementing the remaining AIMS activities.

alab-soc2-audit-02-icon

Stage 2 Audit

Audits the complete AIMS against the mandatory requirements and Annex A controls in your Statement of Applicability. A report is issued with any non-conformities, process improvements and observations. Minor non-conformities require a management action plan and an agreed timeframe.

alab-recognition-of-partial-progress-icon

Certification Decision

The certification decision is conducted at the mutually agreed date after the Stage 2 audit is complete. This allows time to remediate any non-conformities that may adversely impact the decision. Upon a successful certification decision, the certification documents are issued.

Surveillance audits

Surveillance Audits

To ensure ongoing conformity of your AIMS with ISO 42001, surveillance audits are performed for the following two years while the certification remains valid. We follow a risk-based approach to confirming ongoing conformance to the ISO 42001 requirements, by rotating areas of focus and combining with a general assessment of its ongoing operation.

Recertification audit

Re-certification Audit

The certification expires in three years. The recertification audit is conducted prior to the expiry to ensure continuous certification. The recertification audits assess the full AIMS mandatory requirements and Annex A controls in the Statement of Applicability.

Ready to get started on your compliance journey?

THE BENEFITS

Clear reasons to act

alab-international-credibility-icon

International credibility

A globally recognised certification
to build trust at scale

alab-customer-confort-and-trust-icon

Customer comfort and trust

AssuranceLab is a certified audit firm and
trusted audit provider

alab-minimal-business-disruption-icon

Minimal business disruption

Agile and flexible audits leveraging technology to
help minimise the disruption 

alab-choice-of-goalposts-icon

Broadened coverage

Optionally add ISO 27001, ISO 27017, 27018, or 27701 to
increase your coverage

alab-multi-standard-compliance-icon

Multi-standard compliance

Audits that can combine multiple related
frameworks, standards and certifications

alab-recognition-of-partial-progress-icon

Recognition of progress

Audit reports and status letters that keep your customers informed of your progress

FAQ

Your questions answered

What is ISO 42001 accreditation?

ISO 42001 is the first International Management System standard for the safe and reliable development and implementation of AI, and it enables certification of Artificial Intelligence Management Systems (AIMS). It is interoperable with the NIST AI Risk Management Framework and the EU AI Act.

It specifies requirements for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS) within organisations. This standard is designed for entities providing or utilising AI-based products or services, ensuring responsible development and use of AI systems. It addresses the unique challenges AI poses, such as ethical considerations, transparency and continuous learning.

For organisations, it sets out a structured way to manage risks and opportunities associated with AI, balancing innovation with governance. It is a management system much in the same way as the Information Security Management System (ISO 27001). It provides a framework for policies, people and processes.


Who does ISO 42001 apply to?

ISO 42001 applies to any organisation involved in the use, design, procurement, development or deployment of AI Systems. Feel free to reach out if you are unsure whether ISO 42001 applies to you!


What is the definition of AI, AI model and AI systems?

  • Artificial Intelligence: an engineered or machine-based system that can, for a given set of objectives, generate outputs such as predictions, recommendations, or decisions influencing real or virtual environments. AI systems are designed to operate with varying levels of autonomy. [ISO/IEC 22989:2022]
  • AI model: a component of an information system that implements AI technology and uses computational, statistical, or machine-learning techniques to produce outputs from a given set of inputs. [United States Executive Order No.14110]
  • AI System: any data system, software, hardware, application, tool, or utility that operates in whole or in part using AI. [United States Executive Order No.14110]



How is the standard related to the EU AI Act or NIST AI Risk Management Framework?

ISO 42001 can be used as a conformity assessment, which is a requirement for all “high-risk” use cases in the EU AI Act. It is also interoperable with NIST AI RMF - refer to this mapping document.



Who can perform ISO 42001 Audit?

ISO/IEC DIS 42006 Requirements for bodies providing audit and certification of artificial intelligence management systems are currently under draft and include a detailed list of requirements for an auditor. We expect a formal accreditation of auditors to be rolled out in the near future. 



OTHER STANDARDS

Earn trust with other leading standards

alab-blended-audits-icon

SOC 1 / SOX ITGC

Satisfy publicly listed customers regulated by Sarbanes Oxley and supporting financial reporting requirements.

alab-hipaa-icon

HIPAA

The de facto global and best practice standard for proving secure handling of electronic protected health information (ePHI).

alab-custom-framework-icon

Custom Frameworks

Manage any compliance obligations from customers, regulators or your own internal risk requirements with custom frameworks.

alab-iso-27001-icon

ISO 27001

An international framework to apply a structured and best practice methodology for managing information security.

alab-csa-star-icon

CSA STAR

A comprehensive, best practice standard for cloud security to achieve Level Two accreditation in the security, trust and risk (STAR) register.

alab-cdr-icon

Consumer Data Right

Access consumer data in Australia’s economy-wide open data regime with Consumer Data Right accreditation.

alab-esg-icon

ESG Reporting

A flexible and lightweight framework to report up to 500+ positive impact activities supporting environmental, social and governance (ESG) objectives.

alab-gdpr-icon

GDPR

The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.

alab-soc1-sox-itgc-icon

SOC 2

Trust services criteria to satisfy a broad customer base globally for security, availability, confidentiality, privacy and processing integrity.

Get started your way

We’re ready when you are

alab-gdpr-icon

GDPR

The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.