Author
Zofia Kubiak
Compliance Specialist

- ISO 42001
- NIST AI RMF
- Risk Management
- Audit Readiness
Zofia is a compliance specialist who works with engineering and risk teams to implement management-system standards and AI risk frameworks, including ISO/IEC 42001 and the NIST AI RMF. Her background spans quality management and IT governance, which shapes her practical, audit-ready approach to AI compliance.
She writes to close the gap between what a standard says on paper and what an organization actually has to build, document and evidence to pass an audit.
Articles by Zofia
ISO 42001
ISO 42001
ISO 42001 Certification Requirements: The Complete Checklist
ISO 42001 has 10 clauses and 38 Annex A controls. This is the complete, plain-language checklist for what you actually need to have in place before your audit.
NIST AI RMF
NIST AI RMF
The NIST AI RMF Playbook Explained: Govern, Map, Measure, Manage
Govern, Map, Measure, Manage — the NIST AI RMF's four functions sound simple. Here's what each one actually requires you to do, with the playbook's real structure.
ISO 42001
ISO 42001
ISO 42001 Certification Software: How It Actually Speeds Up Your Audit
Software doesn't get you ISO 42001 certified — your organization does. But the right software removes months of manual evidence-wrangling from the process. Here's exactly where it helps and where it can't.
NIST AI RMF
NIST AI RMF
NIST AI RMF Software: Automating Govern, Map, Measure and Manage at Scale
The NIST AI RMF is a voluntary framework with no software of its own — which is exactly why the market for RMF-mapped software exists. Here's what good implementations actually automate.
ISO 42001
ISO 42001
ISO 42001 vs. ISO 27001: What's the Difference?
ISO 42001 and ISO 27001 share the same management-system DNA, but they're not the same standard wearing a different label. Here's exactly where they overlap and where they diverge.
ISO 42001
ISO 42001
Best ISO 42001 Software Features: A Practical Evaluation Guide
Every ISO 42001 vendor demo looks impressive. Here's a practical evaluation framework — including the exact questions to ask and a scoring rubric — to see past the demo script.
NIST AI RMF
NIST AI RMF
How to Implement the NIST AI RMF: A Step-by-Step Playbook
Understanding the NIST AI RMF's four functions is the easy part. Actually implementing them across a real organization is where most programs stall. Here's a concrete, staged playbook.
NIST AI RMF
NIST AI RMF
How to Choose NIST AI RMF Software: Key Capabilities
Plenty of platforms now claim NIST AI RMF alignment. Here's how to tell which ones actually map to the framework's structure, and which just added it to a features page.
ISO 42001
ISO 42001
How Long Does ISO 42001 Certification Take? A Realistic Timeline
Vendor marketing says weeks. Reality says months. Here's a realistic, stage-by-stage ISO 42001 certification timeline, and the specific factors that move it in either direction.
ISO 42001
ISO 42001
From Gap Analysis to Certificate: Using Software to Run Your ISO 42001 Project
Most ISO 42001 guides describe the standard. This one describes the project — how gap analysis, document generation and evidence tracking chain together into a certificate.
NIST AI RMF
NIST AI RMF
NIST AI RMF vs. EU AI Act: Mapping the Two Frameworks
One is voluntary US guidance; the other is binding EU law. Here's exactly where the NIST AI RMF and the EU AI Act overlap enough to share evidence, and where they don't.
NIST AI RMF
NIST AI RMF
NIST AI RMF Software vs. Manual Spreadsheets: A Real Cost Comparison
Spreadsheets are free until you count the hours. Here's a grounded, line-item comparison of what NIST AI RMF implementation actually costs on spreadsheets versus software.
ISO 42001
ISO 42001
ISO 42001 Audit: What Auditors Actually Look For
Auditors aren't grading your paperwork's writing quality — they're checking for specific evidence patterns. Here's what they actually look for, stage by stage.
ISO 42001
ISO 42001
ISO 42001 for Startups: Is Certification Worth It Yet?
Certification is expensive in time a startup often doesn't have. Here's a candid framework for deciding whether ISO 42001 is worth it yet — or worth waiting on.
ISO 42001
ISO 42001
ISO 42001 Documentation Templates You Actually Need (And How Software Generates Them)
Not every ISO 42001 document needs to be written from scratch. Here are the templates you actually need, and how software should draft the first version of each.
NIST AI RMF
NIST AI RMF
NIST AI RMF Profiles: Building Your Organization's Risk Profile
A NIST AI RMF 'profile' sounds abstract until you build one. Here's exactly what fields it needs and a worked example of a current-vs-target profile.
NIST AI RMF
NIST AI RMF
Implementing NIST AI RMF Software: A 30/60/90 Day Rollout Plan
Buying NIST AI RMF software is the easy part. Here's a concrete 30/60/90-day plan for actually rolling it out without stalling after the first system.