Home/Services/ISO 42001
AI Governance

ISO 42001

Govern AI Responsibly — Before Regulators Make It Mandatory.

Norvex Assurance guides organisations through ISO/IEC 42001:2023 certification — building an auditable AI governance framework that satisfies regulators, enterprise buyers, and board-level expectations.

ISO 42001 compliance illustration

What Is ISO 42001 — and Why Does Your AI-Enabled Business Need It Now?

ISO/IEC 42001:2023 is the world's first international standard for Artificial Intelligence Management Systems (AIMS). Published by the International Organization for Standardization in December 2023, it provides organizations that develop, provide, or use AI-based products and services with a structured framework for governing AI responsibly — addressing risks, impacts, ethics, transparency, and accountability across the full AI lifecycle. As AI regulation accelerates globally — from the EU AI Act to the US AI Executive Order — ISO 42001 provides a recognized, auditable framework that demonstrates your AI governance maturity to regulators, enterprise customers, and investors. For organizations building or deploying AI systems, certification answers the question every enterprise buyer now asks: 'How do you manage AI risk?' — with an independent, internationally recognized answer.

Key Highlights

  • World's first international standard specifically designed for AI management systems
  • Addresses AI risk management, ethics, transparency, accountability, and human oversight
  • Aligned with the EU AI Act, US AI Executive Order, and ISO/IEC 27001
  • Applicable to any organization that develops, deploys, provides, or uses AI systems

Who Needs ISO 42001?

AI Product & Platform Companies
Enterprise AI Deployers
Financial Services Using AI
Healthcare AI Applications

Not sure if you need ISO 42001?

Talk to one of our experts — free, no obligation.

ISO 42001 Certification Path — A Clear Comparison

Your certification path depends on your relationship with AI — whether you build AI systems or deploy them. Both paths lead to the same internationally recognised ISO 42001 certificate.

AI Developer Certification

For Organizations Building AI Systems

What it evaluates

Development lifecycle governance, algorithmic impact assessment, bias testing, and responsible disclosure of AI capabilities to affected stakeholders.

Ideal for

Technology companies building AI products sold to other organisations — where enterprise buyers or regulators require evidence of responsible development.

Assurance value

Independent certification that your AI systems are built with governance controls embedded — supporting enterprise sales and EU AI Act obligations.

Gold Standard

AI Deployer Certification

For Organizations Deploying AI Systems

What it evaluates

AI procurement risk assessment, third-party vendor oversight, human oversight mechanisms, production bias monitoring, and AI incident response.

Ideal for

Enterprises, financial institutions, and healthcare organisations deploying third-party AI and needing to demonstrate responsible governance.

Assurance value

Demonstrates proactive AI governance to regulators and reduces organisational liability when AI systems produce adverse outcomes.

Not sure which certification path you need?

Our ISO 42001 Process

01

AI Inventory & Scoping

We catalogue all AI systems in scope — classifying each by risk level, purpose, and applicable regulatory requirements.

02

Current State Assessment

We assess existing AI governance against ISO 42001 requirements and deliver a prioritised action plan.

03

AI Policy & Governance Framework

We build your AI policy, roles and responsibilities, and governance documentation — for your specific AI use cases, not generic templates.

04

AI Risk & Impact Assessments

Structured assessments covering bias, privacy, safety, and societal risks — each with a treatment approach and monitoring schedule.

05

Control Implementation

We implement AIMS controls across the AI lifecycle — data governance, model versioning, bias testing, human oversight, and production monitoring.

06

Internal Audit

Structured internal AIMS audit mirroring the certification body's methodology before the external assessment.

07

Certification & Surveillance Support

We manage Stage 1 and Stage 2 and support annual surveillance across the full three-year cycle.

Business Impact

Why Organisations Choose Norvex for ISO 42001 ?

EU AI Act Alignment

Recognised conformity framework reducing compliance burden for organisations subject to the Act.

Enterprise AI Sales

Answers vendor risk questionnaires on ethics, bias, and accountability with an independent certificate.

Board-Level Governance

Governance structures boards require before approving AI deployments in regulated environments.

Reduced Liability

Documented assessments and oversight mechanisms demonstrate due diligence when AI produces adverse outcomes.

Competitive Edge

ISO 42001 is still rare. Early certification positions you as an AI governance leader.

Regulatory Future-Proofing

A scalable framework that adapts as AI regulation expands globally.

ISO 42001 Control Areas

Six domains covering every layer of your AI Management System.

Organisational Context & AI Policy

Clause 4 & 5

Define your AIMS scope, map stakeholder expectations, and establish an AI policy that commits leadership to responsible AI principles.

AI Risk & Impact Assessment

Risk Management

Structured assessment covering technical risks (bias, drift, adversarial attacks), ethical risks, and societal impacts — each with documented treatment and accountability.

AI System Lifecycle Controls

Design Through Decommissioning

Controls across data acquisition, model development, testing, deployment, and decommissioning — ensuring reproducibility, auditability, and version control.

Transparency & Explainability

Stakeholder Communication

Document AI capabilities and limitations, and ensure AI-driven outcomes are explainable to the degree regulations and stakeholders require.

Human Oversight & Control

Override & Intervention

Define decision points requiring human review, implement override capabilities, and establish escalation procedures for unexpected AI outcomes.

Performance Monitoring

Ongoing Governance

Continuous monitoring of AI performance, bias metrics, and risk indicators — with structured review cycles driving continual improvement.

What's Included in Your ISO 42001 Engagement

Everything required to achieve and maintain ISO 42001 certification — no hidden extras.

01
01 — AI system inventory and risk classification register
02
02 — AIMS documentation suite
03
03 — AI policy, governance framework, and roles & responsibilities
04
04 — AI risk and algorithmic impact assessments
05
05 — Statement of Applicability for ISO 42001 controls
06
06 — AI lifecycle controls and bias testing framework
07
07 — Internal audit, corrective actions, and certification support

What Our Clients Say

"Our enterprise prospects started asking about AI governance in every sales process. Norvex Assurance got us ISO 42001 certified in five months. The certification didn't just answer their questions — it became a competitive differentiator that closed two seven-figure contracts we were at risk of losing."

Chief AI Officer

Enterprise SaaS Platform — Series D

"The EU AI Act created real urgency for us. Norvex Assurance mapped our AI systems against ISO 42001 and the Act simultaneously, built our AIMS documentation, and had us certified before our competitors understood what was required. The integrated approach saved us significant time and cost."

Head of Compliance

Financial Services Firm — EU Market

"Deploying AI in healthcare means regulators, hospital procurement teams, and patients all scrutinize your governance. ISO 42001 certification from Norvex Assurance gave every stakeholder a recognized answer to the governance question — and our partnership pipeline tripled in the 12 months after certification."

CTO

Healthcare AI Company

Common Questions About ISO 42001

Ready to Start Your ISO 42001 Journey?

Get a Free Consultation

Response within 24 hours
Fixed-fee pricing
No obligation
Explore More

Other Services You May Need