ISO 42001 Certification Readiness. Delivered.
ISO/IEC 42001: Artificial Intelligence Management System (AIMS)
ISO 42001 is the international standard for AI management systems. Norivo implements the full management system structure, cross-mapped to VALID controls and EU AI Act requirements. One engagement covers multiple frameworks.
Published in December 2023, ISO/IEC 42001 establishes requirements for organisations to manage AI responsibly. It provides the management system structure that complements the EU AI Act's prescriptive requirements. Our team delivers both in a single engagement. You sign off on the deliverables; we maintain them for 12 months.
10 Capability Areas
ISO 42001 covers the full scope of AI management. Our team implements each area and cross-maps it to VALID controls and EU AI Act requirements.
AI Management System (AIMS)
Establish a systematic approach to managing AI risks and opportunities within your organisation's context.
AI Policy & Objectives
Define organisational AI policies, objectives, and the commitment to responsible AI development and deployment.
Roles & Responsibilities
Assign clear accountability for AI governance, from board-level oversight to operational AI system owners.
AI Risk Assessment
Identify, analyse, and evaluate AI-specific risks including bias, safety, transparency, and fundamental rights impacts.
AI Impact Assessment
Conduct impact assessments for AI systems, considering effects on individuals, groups, and society.
Performance Evaluation
Monitor, measure, and evaluate AI system performance against defined objectives and ethical requirements.
AI System Lifecycle
Govern the full AI lifecycle: design, development, deployment, operation, monitoring, and decommissioning.
Data Governance for AI
Manage data quality, provenance, bias testing, and privacy throughout the AI data pipeline.
Continual Improvement
Systematic process for improving AI governance practices based on monitoring results and incident learnings.
Third-Party AI Management
Govern AI systems and components sourced from third parties, including vendor assessments and contractual requirements.
VALID Framework Cross-Mapping
40-50% of ISO 42001 requirements map directly to VALID controls. One assessment contributes to both frameworks.
| ISO 42001 | Requirement | VALID Control | VALID Name | Overlap |
|---|---|---|---|---|
| A.6.2.2 | AI Inventory | V-01 | AI System Inventory | Direct |
| A.6.2.3 | Risk Criteria | V-02 | Risk Classification | Direct |
| A.6.2.4 | Risk Assessment | A-01 | Risk Assessment | Direct |
| A.6.2.5 | Impact Assessment | A-02 | Impact Assessment | Direct |
| A.7.3 | AI Awareness | A-04 | Transparency Assessment | Partial |
| A.7.5 | Documented Information | L-04 | Cross-Framework Evidence | Direct |
| A.8.2 | Legal Requirements | L-01 | Regulatory Mapping | Direct |
| A.9.1 | Monitoring & Measurement | I-02 | Monitoring & Alerting | Direct |
| A.10.2 | AI Controls | D-01 | Authority Boundaries | Extended |
| A.10.3 | AI Safeguards | D-02 | Circuit Breakers | Extended |
How We Deliver ISO 42001 Readiness
Four phases. One engagement. Cross-mapped evidence that satisfies multiple frameworks at once.
Gap Analysis
Our team runs the gap analysis using Nora AI, measuring your current AI governance posture against ISO 42001 requirements. You receive a prioritised remediation plan, not a list of homework.
Control Implementation
We implement every ISO 42001 control on your behalf, cross-mapping to VALID controls so the same evidence satisfies both frameworks. Your team approves; we deliver.
Evidence Collection
We collect and organise evidence against every ISO 42001 clause, cross-mapped across VALID and EU AI Act. One upload, multiple frameworks covered.
Audit Package
We generate the Statement of Applicability, gap closure report, and full evidence set. You hand it to your certification body, and we walk you through every artefact in a handoff meeting.
Book a Scoping Call
ISO 42001 readiness delivered as a managed service, cross-mapped to VALID and the EU AI Act so one engagement covers multiple frameworks.