International · Certifiable standard
ISO 42001, certified
The first international, certifiable AI management system standard. The ISO 27001 of AI — and it's showing up in enterprise procurement requirements.
- Status
- Published — certifiable by accredited auditors
- Structure
- AIMS + Annex A controls (PDCA)
- Recognition
- Global — procurement door-opener
- Controls in Unorma
- 50
What it is
ISO/IEC 42001 — AI Management Systems, in plain language.
ISO/IEC 42001 defines an AI Management System (AIMS): the policies, roles, processes and controls an organization runs to develop and use AI responsibly. Like ISO 27001 for security, it follows the Plan-Do-Check-Act cycle and is certifiable by accredited third-party auditors.
Certification is fast becoming the cleanest answer to "prove your AI governance" in enterprise deals. The catch: auditors want evidence of a living management system — documented policies, risk assessments, internal audits, management reviews — not a binder assembled the week before.
Who it applies to
AI vendors selling to enterprise
An ISO 42001 certificate short-circuits months of procurement questionnaires. Increasingly listed as a requirement.
Regulated-industry adopters
Finance, healthcare and critical infrastructure use AIMS certification to demonstrate systematic AI governance to their own regulators.
Organizations pursuing EU AI Act compliance
ISO 42001 is expected to underpin harmonized standards — the work overlaps heavily, and Unorma maps it.
Requirements
What ISO 42001 actually asks of you.
50 controls in Unorma — each with plain-language guidance, action steps and the evidence you need.
AIMS policy & scope
A documented AI policy, scoped to your systems, endorsed by leadership.
AI risk assessment
Systematic identification and treatment of AI risks, repeated on schedule.
AI system impact assessment
Effects on individuals, groups and society — assessed and documented.
Lifecycle processes
Controls across design, development, deployment, operation and retirement.
Supplier management
Third-party AI components and data held to the same standard.
Internal audit & review
Scheduled internal audits and management reviews that keep the AIMS alive.
ISO 42001 in Unorma
From regulation text to audit-ready, in one platform.
Statement of Applicability generator
The SoA — the certification document auditors read first — generated from your actual control status.
Six ISO document templates
AIMS Policy, Lifecycle Procedures, Internal Audit Programmes and more, pre-filled and version-tracked.
Oversight = surveillance evidence
Scheduled reviews with logs prove your AIMS operates continuously — exactly what surveillance audits check.
Audit simulation before the auditor
Run a simulated certification audit, get realistic auditor questions, and fix gaps before paying for the real one.
Track ISO 42001 readiness from day one.
14-day free trial · No credit card · All 50 controls included
Cross-framework intelligence
Evidence for ISO 42001 counts elsewhere too.
~100 cross-framework mappings mean work done once counts toward multiple frameworks automatically.