Govern AI Responsibly — Before Regulators Make It Mandatory.
Norvex Assurance guides organisations through ISO/IEC 42001:2023 certification — building an auditable AI governance framework that satisfies regulators, enterprise buyers, and board-level expectations.

ISO/IEC 42001:2023 is the world's first international standard for Artificial Intelligence Management Systems (AIMS). Published by the International Organization for Standardization in December 2023, it provides organizations that develop, provide, or use AI-based products and services with a structured framework for governing AI responsibly — addressing risks, impacts, ethics, transparency, and accountability across the full AI lifecycle. As AI regulation accelerates globally — from the EU AI Act to the US AI Executive Order — ISO 42001 provides a recognized, auditable framework that demonstrates your AI governance maturity to regulators, enterprise customers, and investors. For organizations building or deploying AI systems, certification answers the question every enterprise buyer now asks: 'How do you manage AI risk?' — with an independent, internationally recognized answer.
Not sure if you need ISO 42001?
Talk to one of our experts — free, no obligation.
Your certification path depends on your relationship with AI — whether you build AI systems or deploy them. Both paths lead to the same internationally recognised ISO 42001 certificate.
For Organizations Building AI Systems
What it evaluates
Development lifecycle governance, algorithmic impact assessment, bias testing, and responsible disclosure of AI capabilities to affected stakeholders.
Ideal for
Technology companies building AI products sold to other organisations — where enterprise buyers or regulators require evidence of responsible development.
Assurance value
Independent certification that your AI systems are built with governance controls embedded — supporting enterprise sales and EU AI Act obligations.
For Organizations Deploying AI Systems
What it evaluates
AI procurement risk assessment, third-party vendor oversight, human oversight mechanisms, production bias monitoring, and AI incident response.
Ideal for
Enterprises, financial institutions, and healthcare organisations deploying third-party AI and needing to demonstrate responsible governance.
Assurance value
Demonstrates proactive AI governance to regulators and reduces organisational liability when AI systems produce adverse outcomes.
Not sure which certification path you need?
We catalogue all AI systems in scope — classifying each by risk level, purpose, and applicable regulatory requirements.
We assess existing AI governance against ISO 42001 requirements and deliver a prioritised action plan.
We build your AI policy, roles and responsibilities, and governance documentation — for your specific AI use cases, not generic templates.
Structured assessments covering bias, privacy, safety, and societal risks — each with a treatment approach and monitoring schedule.
We implement AIMS controls across the AI lifecycle — data governance, model versioning, bias testing, human oversight, and production monitoring.
Structured internal AIMS audit mirroring the certification body's methodology before the external assessment.
We manage Stage 1 and Stage 2 and support annual surveillance across the full three-year cycle.
Recognised conformity framework reducing compliance burden for organisations subject to the Act.
Answers vendor risk questionnaires on ethics, bias, and accountability with an independent certificate.
Governance structures boards require before approving AI deployments in regulated environments.
Documented assessments and oversight mechanisms demonstrate due diligence when AI produces adverse outcomes.
ISO 42001 is still rare. Early certification positions you as an AI governance leader.
A scalable framework that adapts as AI regulation expands globally.
Six domains covering every layer of your AI Management System.
Define your AIMS scope, map stakeholder expectations, and establish an AI policy that commits leadership to responsible AI principles.
Structured assessment covering technical risks (bias, drift, adversarial attacks), ethical risks, and societal impacts — each with documented treatment and accountability.
Controls across data acquisition, model development, testing, deployment, and decommissioning — ensuring reproducibility, auditability, and version control.
Document AI capabilities and limitations, and ensure AI-driven outcomes are explainable to the degree regulations and stakeholders require.
Define decision points requiring human review, implement override capabilities, and establish escalation procedures for unexpected AI outcomes.
Continuous monitoring of AI performance, bias metrics, and risk indicators — with structured review cycles driving continual improvement.
Everything required to achieve and maintain ISO 42001 certification — no hidden extras.
"Our enterprise prospects started asking about AI governance in every sales process. Norvex Assurance got us ISO 42001 certified in five months. The certification didn't just answer their questions — it became a competitive differentiator that closed two seven-figure contracts we were at risk of losing."
Chief AI Officer
Enterprise SaaS Platform — Series D
"The EU AI Act created real urgency for us. Norvex Assurance mapped our AI systems against ISO 42001 and the Act simultaneously, built our AIMS documentation, and had us certified before our competitors understood what was required. The integrated approach saved us significant time and cost."
Head of Compliance
Financial Services Firm — EU Market
"Deploying AI in healthcare means regulators, hospital procurement teams, and patients all scrutinize your governance. ISO 42001 certification from Norvex Assurance gave every stakeholder a recognized answer to the governance question — and our partnership pipeline tripled in the 12 months after certification."
CTO
Healthcare AI Company