Cargando…
Cargando
Preparando la información solicitada…
ISO/IEC 42001:2023 · AIMS · EU AI ACT
ISO 42001 Readiness: prepare your organization for AI governance certification
ISO/IEC 42001:2023 establishes the requirements for AI management systems (AIMS). Readiness preparation covers policy design, risk assessment, human oversight, and certification audit preparation. Certification is issued by an independent accredited body.
Lead Auditor ISO/IEC 42001AI Governance · ISO/IEC 23894
ISO 42001First AI standard
72 hPreliminary diagnosis
5Certification phases
"ISO 42001 is the first standard that turns AI governance into a certifiable management system."Fernando Arrieta — Lead Auditor ISO/IEC 42001
Audience
Who needs ISO 42001 certification?
Companies that develop AI
Software providers, SaaS platforms, and AI startups that need to demonstrate governance to stakeholders and regulators.
Organizations that use AI
Banks, insurers, healthcare, and government that integrate AI models into operational decisions and need auditable control.
Companies with regulatory exposure
Organizations subject to the EU AI Act or operating with European partners that require compliance.
Certification process
Preparation phases for ISO/IEC 42001 certification
AI inventory
Survey of all AI systems in use: purpose, data, vendors, owners, and risk level.
Gap assessment
Evaluation of the current state vs. ISO 42001 requirements and the EU AI Act.
Governance design
AI policy, roles (RACI), human oversight, algorithmic risk management, and continuous improvement.
AIMS implementation
Operational controls, monitoring, incident management, vendor evaluation, and documentation.
Certification audit preparation
Internal audit, management review, and complete preparation: findings closure and documentation ready for the independent certification body.
Deliverables
What you receive in the process
AI Systems Inventory
Registry of all AI systems: purpose, input data, vendors, owners, and risk classification.
Algorithmic Risk Map
Per-system assessment: bias, opacity, vendor dependency, data quality, and regulatory exposure.
AI Policy and Governance
AI policy, RACI roles, human oversight procedures, and documented transparency criteria.
Annex A Controls
ISO 42001 controls implementation tailored to your context: data, development, deployment, and monitoring.
AIMS Maturity Roadmap
Evolution roadmap: from the current state to full conformity, with measurable milestones and realistic timelines.
Certification Preparation
Internal audit, management review, and audit simulation. Documentation ready for the independent certification body.
FAQ
ISO 42001 Certification: frequently asked questions
What is ISO 42001 and what is it for?
ISO/IEC 42001:2023 is the first international standard for AI Management Systems (AIMS). It defines the requirements for organizations to use, develop, and provide AI responsibly, with controls, human oversight, and continuous improvement.
Who needs ISO 42001 certification?
Any organization that uses, develops, or contracts AI systems and needs to demonstrate control to regulators, stakeholders, or contracting parties. It is especially relevant for companies subject to the EU AI Act (EU 2024/1689).
How long does ISO 42001 implementation take?
It depends on the number of AI systems and the organization's maturity. On average, implementation takes between 3 and 6 months. The preliminary diagnosis is delivered in 72 hours.
Do I need ISO 27001 before ISO 42001?
It is not mandatory, but it is recommended. ISO 27001 covers the information security that AI systems process. Many organizations implement both in an integrated manner to optimize effort.
What is its relationship with the EU AI Act?
Regulation (EU) 2024/1689 requires documentation, risk classification, and human oversight for AI systems. ISO 42001 provides the management framework to meet these requirements in a structured and auditable way.
What is Shadow AI and how is it controlled?
Shadow AI is the unauthorized use of AI tools within the organization (for example, employees using ChatGPT without policies). ISO 42001 includes controls to inventory, assess, and govern all AI uses, including undeclared ones.
How much does ISO 42001 certification cost?
The cost depends on the scope, the number of AI systems, and the organization's maturity. As a reference: the preliminary diagnosis has an accessible fixed cost; the full implementation is quoted in stages based on complexity.
Acreditaciones y membresías institucionales
Evidence-based AI governance certification starts with a clear conversation.
If your organization is evaluating ISO 42001 readiness, this is the channel to discuss scope and viability. All inquiries are handled under confidentiality.
The consulting and implementation services described on this site are provided independently. Certification audits and decisions are the exclusive responsibility of accredited certification bodies. In accordance with ISO/IEC 17021-1 §5.2, impartiality restrictions and cooling-off periods apply.