Unorma

International · Certifiable standard

ISO 42001, certified

The first international, certifiable AI management system standard. The ISO 27001 of AI — and it's showing up in enterprise procurement requirements.

Status
Published — certifiable by accredited auditors
Structure
AIMS + Annex A controls (PDCA)
Recognition
Global — procurement door-opener
Controls in Unorma
50

What it is

ISO/IEC 42001 — AI Management Systems, in plain language.

ISO/IEC 42001 defines an AI Management System (AIMS): the policies, roles, processes and controls an organization runs to develop and use AI responsibly. Like ISO 27001 for security, it follows the Plan-Do-Check-Act cycle and is certifiable by accredited third-party auditors.

Certification is fast becoming the cleanest answer to "prove your AI governance" in enterprise deals. The catch: auditors want evidence of a living management system — documented policies, risk assessments, internal audits, management reviews — not a binder assembled the week before.

Who it applies to

  • AI vendors selling to enterprise

    An ISO 42001 certificate short-circuits months of procurement questionnaires. Increasingly listed as a requirement.

  • Regulated-industry adopters

    Finance, healthcare and critical infrastructure use AIMS certification to demonstrate systematic AI governance to their own regulators.

  • Organizations pursuing EU AI Act compliance

    ISO 42001 is expected to underpin harmonized standards — the work overlaps heavily, and Unorma maps it.

Requirements

What ISO 42001 actually asks of you.

50 controls in Unorma — each with plain-language guidance, action steps and the evidence you need.

  • AIMS policy & scope

    A documented AI policy, scoped to your systems, endorsed by leadership.

  • AI risk assessment

    Systematic identification and treatment of AI risks, repeated on schedule.

  • AI system impact assessment

    Effects on individuals, groups and society — assessed and documented.

  • Lifecycle processes

    Controls across design, development, deployment, operation and retirement.

  • Supplier management

    Third-party AI components and data held to the same standard.

  • Internal audit & review

    Scheduled internal audits and management reviews that keep the AIMS alive.

ISO 42001 in Unorma

From regulation text to audit-ready, in one platform.

  • Statement of Applicability generator

    The SoA — the certification document auditors read first — generated from your actual control status.

  • Six ISO document templates

    AIMS Policy, Lifecycle Procedures, Internal Audit Programmes and more, pre-filled and version-tracked.

  • Oversight = surveillance evidence

    Scheduled reviews with logs prove your AIMS operates continuously — exactly what surveillance audits check.

  • Audit simulation before the auditor

    Run a simulated certification audit, get realistic auditor questions, and fix gaps before paying for the real one.

Track ISO 42001 readiness from day one.

14-day free trial · No credit card · All 50 controls included

Start free trial

Cross-framework intelligence

Evidence for ISO 42001 counts elsewhere too.

~100 cross-framework mappings mean work done once counts toward multiple frameworks automatically.