Unorma

Author

Zofia Kubiak

Compliance Specialist

Zofia Kubiak
  • ISO 42001
  • NIST AI RMF
  • Risk Management
  • Audit Readiness

Zofia is a compliance specialist who works with engineering and risk teams to implement management-system standards and AI risk frameworks, including ISO/IEC 42001 and the NIST AI RMF. Her background spans quality management and IT governance, which shapes her practical, audit-ready approach to AI compliance.

She writes to close the gap between what a standard says on paper and what an organization actually has to build, document and evidence to pass an audit.

Articles by Zofia

ISO 42001

ISO 42001

ISO 42001 Certification Requirements: The Complete Checklist

ISO 42001 has 10 clauses and 38 Annex A controls. This is the complete, plain-language checklist for what you actually need to have in place before your audit.

Zofia Kubiak
Zofia Kubiak · Jun 29, 2026 · 13 min read

NIST AI RMF

NIST AI RMF

The NIST AI RMF Playbook Explained: Govern, Map, Measure, Manage

Govern, Map, Measure, Manage — the NIST AI RMF's four functions sound simple. Here's what each one actually requires you to do, with the playbook's real structure.

Zofia Kubiak
Zofia Kubiak · Jul 1, 2026 · 12 min read

ISO 42001

ISO 42001

ISO 42001 Certification Software: How It Actually Speeds Up Your Audit

Software doesn't get you ISO 42001 certified — your organization does. But the right software removes months of manual evidence-wrangling from the process. Here's exactly where it helps and where it can't.

Zofia Kubiak
Zofia Kubiak · Jun 24, 2026 · 16 min read

NIST AI RMF

NIST AI RMF

NIST AI RMF Software: Automating Govern, Map, Measure and Manage at Scale

The NIST AI RMF is a voluntary framework with no software of its own — which is exactly why the market for RMF-mapped software exists. Here's what good implementations actually automate.

Zofia Kubiak
Zofia Kubiak · Jul 4, 2026 · 16 min read

ISO 42001

ISO 42001

ISO 42001 vs. ISO 27001: What's the Difference?

ISO 42001 and ISO 27001 share the same management-system DNA, but they're not the same standard wearing a different label. Here's exactly where they overlap and where they diverge.

Zofia Kubiak
Zofia Kubiak · Jun 19, 2026 · 17 min read

ISO 42001

ISO 42001

Best ISO 42001 Software Features: A Practical Evaluation Guide

Every ISO 42001 vendor demo looks impressive. Here's a practical evaluation framework — including the exact questions to ask and a scoring rubric — to see past the demo script.

Zofia Kubiak
Zofia Kubiak · Jun 26, 2026 · 18 min read

NIST AI RMF

NIST AI RMF

How to Implement the NIST AI RMF: A Step-by-Step Playbook

Understanding the NIST AI RMF's four functions is the easy part. Actually implementing them across a real organization is where most programs stall. Here's a concrete, staged playbook.

Zofia Kubiak
Zofia Kubiak · Jun 30, 2026 · 19 min read

NIST AI RMF

NIST AI RMF

How to Choose NIST AI RMF Software: Key Capabilities

Plenty of platforms now claim NIST AI RMF alignment. Here's how to tell which ones actually map to the framework's structure, and which just added it to a features page.

Zofia Kubiak
Zofia Kubiak · Jul 5, 2026 · 17 min read

ISO 42001

ISO 42001

How Long Does ISO 42001 Certification Take? A Realistic Timeline

Vendor marketing says weeks. Reality says months. Here's a realistic, stage-by-stage ISO 42001 certification timeline, and the specific factors that move it in either direction.

Zofia Kubiak
Zofia Kubiak · Apr 25, 2026 · 7 min read

ISO 42001

ISO 42001

From Gap Analysis to Certificate: Using Software to Run Your ISO 42001 Project

Most ISO 42001 guides describe the standard. This one describes the project — how gap analysis, document generation and evidence tracking chain together into a certificate.

Zofia Kubiak
Zofia Kubiak · Apr 26, 2026 · 7 min read

NIST AI RMF

NIST AI RMF

NIST AI RMF vs. EU AI Act: Mapping the Two Frameworks

One is voluntary US guidance; the other is binding EU law. Here's exactly where the NIST AI RMF and the EU AI Act overlap enough to share evidence, and where they don't.

Zofia Kubiak
Zofia Kubiak · Apr 28, 2026 · 7 min read

NIST AI RMF

NIST AI RMF

NIST AI RMF Software vs. Manual Spreadsheets: A Real Cost Comparison

Spreadsheets are free until you count the hours. Here's a grounded, line-item comparison of what NIST AI RMF implementation actually costs on spreadsheets versus software.

Zofia Kubiak
Zofia Kubiak · Apr 29, 2026 · 7 min read

ISO 42001

ISO 42001

ISO 42001 Audit: What Auditors Actually Look For

Auditors aren't grading your paperwork's writing quality — they're checking for specific evidence patterns. Here's what they actually look for, stage by stage.

Zofia Kubiak
Zofia Kubiak · May 9, 2026 · 7 min read

ISO 42001

ISO 42001

ISO 42001 for Startups: Is Certification Worth It Yet?

Certification is expensive in time a startup often doesn't have. Here's a candid framework for deciding whether ISO 42001 is worth it yet — or worth waiting on.

Zofia Kubiak
Zofia Kubiak · May 10, 2026 · 7 min read

ISO 42001

ISO 42001

ISO 42001 Documentation Templates You Actually Need (And How Software Generates Them)

Not every ISO 42001 document needs to be written from scratch. Here are the templates you actually need, and how software should draft the first version of each.

Zofia Kubiak
Zofia Kubiak · May 11, 2026 · 7 min read

NIST AI RMF

NIST AI RMF

NIST AI RMF Profiles: Building Your Organization's Risk Profile

A NIST AI RMF 'profile' sounds abstract until you build one. Here's exactly what fields it needs and a worked example of a current-vs-target profile.

Zofia Kubiak
Zofia Kubiak · May 13, 2026 · 7 min read

NIST AI RMF

NIST AI RMF

Implementing NIST AI RMF Software: A 30/60/90 Day Rollout Plan

Buying NIST AI RMF software is the easy part. Here's a concrete 30/60/90-day plan for actually rolling it out without stalling after the first system.

Zofia Kubiak
Zofia Kubiak · May 14, 2026 · 7 min read