Home FrameworksISO 42001

International Standard

ISO 42001 Certification — AI Management System

ISO 42001 is the world's first international standard for AI management systems. Norivo covers all 39 controls across 4 annexes, with automatic mapping to ISO 27001 for organisations already certified.

Get Started Book a Demo

39Controls

4Annexes

60-70%ISO 27001 Overlap

What is ISO 42001?

ISO/IEC 42001:2023 specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system (AIMS) within organisations. It is designed for organisations providing or using AI-based products or services.

The standard follows the familiar ISO management system structure (harmonised with ISO 27001), making it easier for organisations already certified to ISO 27001 to achieve certification. Norivo automatically maps the 60-70% overlap between the two standards.

Key areas include AI policy, risk assessment, AI system lifecycle management, data management, transparency, human oversight, and continual improvement. Certification demonstrates to customers, regulators, and partners that your organisation manages AI responsibly.

60-70% overlap with ISO 27001 — significantly faster certification if you're already certified.

Why Norivo for ISO 42001?

Accelerated Certification

If you're already ISO 27001 certified, Norivo maps the overlap automatically — cutting your timeline by months.

Unified Management

Manage ISO 42001 and ISO 27001 from one platform. Shared evidence items reduce documentation burden by 60%+.

Gap Analysis with Nora

Nora analyses your existing ISO 27001 controls and identifies exactly what additional work is needed for 42001.

Key Requirements

AI management system policy (Clause 5.2)

AI risk assessment process (Clause 6.1)

AI system impact assessment (Annex B)

Data management for AI (Annex C)

AI system lifecycle management (Annex A.6)

Transparency and explainability (Annex A.7)

Human oversight controls (Annex A.8)

Third-party AI due diligence (Annex A.10)

AI system monitoring and measurement (Clause 9)

Continual improvement process (Clause 10)

How Norivo Helps

Assess ISO 27001 overlap

Norivo identifies which of your existing ISO 27001 controls already satisfy ISO 42001 requirements — typically 60-70%.

Map remaining controls

For the AI-specific controls not covered by ISO 27001, Norivo creates a structured implementation plan with Nora's guidance.

Build your AI management system

Use policy templates, risk assessment tools, and impact assessment workflows purpose-built for ISO 42001 clauses.

Prepare for certification audit

Generate the complete evidence package, statement of applicability, and audit trail needed for certification.

Get ISO 42001 Compliant

Get set up by our team in under 48 hours.