Fernando Arrieta
Research

Published evidence

Original research with methodology, verifiable data and actionable recommendations.

6AI and governance6Information security4Quality and management systems3Organizational transparency

AI and governance

INV-012026-02-15

Shadow AI: 73% of organizations have AI operating outside governance

Assessment of 120 organizations reveals that 3 out of 4 have unregistered AI systems. Risks, findings and detection protocol.

AIShadow AIISO 42001
INV-022026-01-22

ISO 42001 in practice: only 28% of certified organizations manage AI effectively

Assessment of 45 ISO 42001-certified organizations in Latin America. 72% present at least one critical gap.

ISO 42001CertificationAI
INV-032026-01-08

Algorithmic risk: assessment framework under ISO 23894

Practical framework for evaluating algorithmic risk with ISO 23894 and ISO 42001. Includes risk matrix and assessment protocol.

Algorithmic riskISO 23894AI
INV-042025-12-15

ISO 42001 vs EU AI Act: convergence and gaps

Comparative analysis between ISO/IEC 42001 and the European AI Regulation. Where they converge, where they diverge and what to do.

ISO 42001EU AI ActRegulation
INV-132026-02-10

Algorithmic bias: audit and assessment framework in LATAM

Algorithmic bias assessment framework for Latin American organizations. Includes audit protocol and metrics.

Algorithmic biasAIAudit
INV-162025-01-15

ISO 27001 and ISO 42001 convergence: integrated management system

How to integrate an ISMS (27001) with an AIMS (42001). Synergies, shared controls and implementation strategy.

ISO 27001ISO 42001Integration

Information security

INV-052025-11-20

State of ISO 27001 in Latin America: regional diagnosis

Diagnosis of ISO 27001 implementation status across 12 LATAM countries. Maturity, gaps and recommendations.

ISO 27001LATAMSecurity
INV-062025-10-15

Security incident management: lessons from 200 audits

Analysis of incident patterns across 200 security audits. Recurring findings and improvement protocol.

IncidentsISO 27001Audit
INV-072025-09-10

Transition to ISO 27001:2022 — Status and challenges

Assessment of the transition status to ISO 27001:2022. Deadlines, common gaps and implementation guide.

ISO 27001:2022TransitionSecurity
INV-082025-08-05

ISO 27001 for boards: what senior leadership needs to know

Executive guide to ISO 27001 for directors and C-suite. What to ask, what to demand and how to evaluate.

ISO 27001GovernanceLeadership
INV-172024-12-10

Cybersecurity resilience in the financial sector

State of cyber resilience in Latin American financial institutions. Regulation, controls and maturity.

CybersecurityFinanceResilience
INV-192024-10-01

Industrial cybersecurity: state of OT security in LATAM

Diagnosis of operational technology security in Latin American industry. IEC 62443 and IT/OT convergence.

OT SecurityIEC 62443Industry

Quality and management systems

INV-092025-07-20

Certification vs real management: the gap that compromises results

Analysis of the gap between holding an ISO certificate and operating an effective management system. Data from 150 organizations.

CertificationManagementISO 9001
INV-102025-06-15

ROI of ISO 42001 certification: return analysis

Return on investment analysis for ISO 42001 certification. Costs, benefits and success factors.

ISO 42001ROICertification
INV-112025-05-10

Evidence-based talent management for ISO systems

How to apply evidence-based talent management to ISO management system implementation. Competencies, assessment and improvement.

TalentCompetenciesManagement
INV-182024-11-05

ISO 22301 and supplier continuity: risk assessment

Continuity risk assessment in supplier chains. ISO 22301 framework and management tools.

ISO 22301ContinuitySuppliers

Organizational transparency

INV-122025-04-05

Organizational transparency: metrics and assessment frameworks

Organizational transparency assessment framework. Metrics, indicators and implementation protocol.

TransparencyGovernanceMetrics
INV-142025-03-01

Corporate disinformation: risks and governance

Analysis of corporate disinformation risks and their impact on organizational governance. Controls and recommendations.

DisinformationGovernanceRisk
INV-152025-02-01

ISO 37001 in the public sector: evidence-based anti-corruption

ISO 37001 implementation in Latin American public agencies. Challenges, cases and recommendations.

ISO 37001Anti-corruptionPublic sector
Methodology

How we research

1

Formulation

Research question based on audit findings and sector needs.

2

Collection

Data from field audits, structured interviews and document review.

3

Analysis

Processing with normative frameworks (ISO, NIST, OECD) as reference.

4

Publication

Report with findings, actionable recommendations and downloadable tools.