ISO/IEC 42001 · AI Management System · Certification Readiness
Could you face an
ISO 42001 audit today?
ISO/IEC 42001 is the certifiable standard for AI management systems - and enterprise procurement teams have started asking for it. CertReady tells you exactly what stands between you and certification: the missing artefacts, the stage 1 blockers, and the 180-day path to close them.
Free readiness scorecard · No account creation required · Full report with SoA $149
Sample scorecard
Certification readiness
68/100
“Impact assessment and internal audit are your stage 1 blockers. Both are documentation exercises you can close in 30 days.”
2023
ISO/IEC 42001 published - the first certifiable management-system standard for AI. Certification bodies now audit against it worldwide.
RFPs
Enterprise and government procurement increasingly asks AI vendors for ISO 42001 alignment - the way ISO 27001 became table stakes for SaaS.
$20-80K
What readiness consultants charge for the gap assessment and document preparation. CertReady does the diagnostic in 20 minutes.
What we assess
Seven domains. Every clause
an auditor will check.
Mapped to the management-system clauses (4-10) and all nine Annex A control themes of ISO/IEC 42001.
AIMS Governance & Leadership
20%Scope, AI policy, roles, risk planning - the clause 4-6 core. Weak here fails stage 1.
AI Impact Assessment
15%The control auditors probe hardest: a repeatable impact process covering individuals, groups, and society.
AI System Lifecycle Controls
20%Requirements, V&V, deployment gates, monitoring, event logging, and technical documentation.
Data for AI Systems
15%Provenance, quality criteria, and reproducible preparation for training data - the Annex A.7 controls.
Transparency & Responsible Use
10%What users are told, how incidents are communicated, and how intended use is enforced.
Third Parties & Customers
10%Foundation-model vendors, AI suppliers, and your obligations to customers who rely on your AI.
Audit & Certification Readiness
10%Competence records, document control, internal audit, management review, corrective action.
What you walk away with
The artefacts auditors ask for.
Statement of Applicability
The document certification bodies request at stage 1: all nine Annex A control themes with applicability and implementation status. Derived automatically from your answers, exportable and printable.
Auditor-framed gap register
Every gap classified the way audits classify them: stage 1 blockers, stage 2 majors, minors, and observations - each with the specific artefact you need to produce.
Certification roadmap
A 180-day plan in three phases: establish the management-system core, implement and evidence the Annex A controls, then internal audit and certification-body engagement.
How it works
Twenty minutes to a verdict.
01
30 questions, ~20 minutes
Seven domains mapped to the ISO/IEC 42001 clauses and Annex A control themes, in plain business language.
02
Seven specialist AI assessors
One assessor per domain runs in parallel, framing every gap the way a certification auditor would: what evidence is missing, and what stage of the audit it blocks.
03
Score, SoA, and a roadmap
Certification readiness score, a derived Statement of Applicability across all nine Annex A themes, a gap register with severity, and a 180-day path to certification.
No management system exists yet. Start with scope, policy, and risk process.
Elements exist but would not survive an audit. Systematise and document.
The documentation review is passable. Close the operational-evidence gaps for stage 2.
Engage a certification body. Use the assessment to brief your internal audit.
The Compass Suite
Ready. Governed. Certified. Monitored.
Certification takes months.
Knowing your gaps takes 20 minutes.
Your readiness band, your Statement of Applicability, your stage 1 blockers, and a 180-day roadmap to the audit.
Start free assessment