ISO standards
ISO 42001:2023
Let's help you achieve ISO 42001 Certification
What is ISO 42001
ISO 42001:2023 is a standard for Artificial Intelligence Management System (AIMS). Its implementation involves establishing policies and procedures that ensure compliance with security regulations and protect sensitive information. Achieving ISO 42001 certification demonstrates an organization’s commitment to developing trust-driven, ethical AI systems, mitigating Artificial Intelligence (AI) risks, and maintaining a robust AI framework.
ISO 42001 was first developed in 2023 to address the rapidly evolving Artificial Intelligence technologies and systems that shape today’s modern digital world.
ISO 42001 Certification Requirements
To get ISO 42001:2023 certified your organization should meet the requirements outlined in clause 4 to 10 of the ISO 27001 document.
The organization is required to:
Identify internal and external issues relevant to the organization’s purpose and its AI management system.
Determine the relevant interested parties and their specific needs and expectations regarding AI.
Define the boundaries and applicability of the AI management system and document the scope
Establish, implement, maintain, and continually improve the system in accordance with the standard’s requirements.
The organization is required to:
Demonstrate top management commitment to the AI Management System (AIMS)
Establish and approve an AI Policy aligned with the organization’s purpose and strategy
Ensure ethical, responsible, and lawful use of AI systems
Assign clear roles, responsibilities, and authorities for AI governance
Promote continual improvement of the AIMS
Ensure AI objectives are aligned with business and risk priorities
The organization is required to:
Identify AI-related risks and opportunities that could impact individuals, society, or the organization
Perform AI risk assessments considering intended and unintended AI impacts
Conduct AI system impact assessments where applicable
Define and document AI objectives that are measurable and monitored
Plan actions to address AI risks and opportunities
Integrate AI risk controls into business and operational processes
The organization is required to:
Provide adequate resources for effective AI management
Ensure personnel involved with AI are competent through training and experience
Promote awareness of AI risks, policies, and responsibilities
Establish effective internal and external communication on AI matters
Create, control, and maintain documented information related to the AIMS
Ensure AI documentation is accurate, accessible, and protected
The organization is required to:
Plan, implement, and control the processes needed to meet requirements and to implement the actions determined in Clause 6.
Conduct regular operational risk assessments and implement treatment plans as planned.
Carry out assessments for AI systems during the operational phase to monitor their impact
The organization is required to:
- Determine what needs to be monitored, measured, and evaluated to ensure the system is performing correctly.
Conduct internal audits at planned intervals to provide information on whether the system conforms to requirements.
Top management must review the AI management system at planned intervals to ensure its continuing suitability and effectiveness.
The organization shall:
- Continually improve the suitability, adequacy, and effectiveness of the AI management system.
- React to nonconformities by taking action to control and correct them and dealing with the consequences.
Who needs ISO 42001 certification
Implementing ISO 27001 is essential for organizations of all sizes and industries that prioritize the confidentiality, integrity, and availability of their information assets, ensuring comprehensive protection and instilling trust among stakeholders.
Benefits of ISO 42001
- Trust & Credibility: Demonstrates to customers and partners that your AI systems are ethical, transparent, and reliable.
- Risk Management: Proactively identifies and mitigates AI-specific risks, such as algorithmic bias and data security threats.
- Regulatory Readiness: Helps ensure compliance with emerging global AI laws (like the EU AI Act).
- Competitive Advantage: Distinguishes your brand as a leader in responsible AI innovation.
- Global Alignment: Easily integrates with other ISO standards (like ISO 27001) for a unified approach to security and data privacy.
OUR PRICING
Our pricing is tailored to the size of your organization.
- KES 700,000 + VAT for implementation and certification.
- KES 100,00 + VAT for surveillance audits
- KES 250,00 + VAT for recertification audits
- KES 850,000 + VAT for Implementation and Certification.
- KES 150,000 + VAT for Surveillance Audits
- KES 300,000 + VAT for Recertification Audits
- KES 1,000,000 + VAT for Implementation and Certification
- KES 200,000 + VAT for Surveillance Audits
- KES 350,000 + VAT for Recertification Audits
- KES 1,200,000 + VAT for Implementation and Certification
- KES 250,000 + VAT for Surveillance Audits
- KES 400,000 + VAT for Recertification Audits
- KES 1,500,000 + VAT for Implementation and Certification
- KES 300,000 + VAT for Surveillance Audits
- KES 450,000 + VAT for Recertification Audits
- A quotation is obtained from office for Implementation & Certification, Surveillance and Recertification Audits.
information
- Nairobi office: Kimathi Street, Nanak House, 3rd floor, Rm 301
- (+254) 722 817 818
- info@valuemax.co.ke
ISO 42001 Annex A controls
- A.2.2 AI policy: The organization shall document a policy for the development or use of AI systems (p. 25).
- A.2.3 Alignment with other organizational policies: The organization shall determine where other policies can be affected by or apply to the organization's objectives with respect to AI systems (p. 25).
- A.2.4 Review of the AI policy: The AI policy shall be reviewed at planned intervals or additionally as needed to ensure its continuing suitability, adequacy, and effectiveness
- A.3.2 AI roles and responsibilities: Roles and responsibilities for AI shall be defined and allocated according to the needs of the organization
- A.3.3 Reporting of concerns: The organization shall define and put in place a process to report concerns about the organization's role with respect to an AI system throughout its life cycle
- A.4.2 Resource documentation: The organization shall identify and document relevant resources required for the activities at given AI system life cycle stages and other AI-related activities
- A.4.3 Data resources: The organization shall document information about the data resources utilized for the AI system
- A.4.4 Tooling resources: The organization shall document information about the tooling resources utilized for the AI system
- A.4.5 System and computing resources: The organization shall document information about the system and computing resources utilized for the AI system
- A.4.6 Human resources: The organization shall document information about the human resources and their competences utilized throughout the AI system's life cycle stages
- A.5.2 AI system impact assessment process: The organization shall establish a process to assess the potential consequences for individuals or groups of individuals, or both, and societies that can result from the AI system throughout its life cycle (p. 26).
- A.5.3 Documentation of AI system impact assessments: The organization shall document the results of AI system impact assessments and retain results for a defined period .
- A.5.4 Assessing AI system impact on individuals or groups of individuals: The organization shall assess and document the potential impacts of AI systems to individuals or groups of individuals throughout the system's life cycle .
- A.5.5 Assessing societal impacts of AI systems: The organization shall assess and document the potential societal impacts of their AI systems throughout their life cycle
- A.6.1.2 Objectives for responsible development of AI system: The organization shall identify and document objectives to guide the responsible development of AI systems, and integrate measures to achieve them in the development life cycle (p. 26).
- A.6.1.3 Processes for responsible AI system design and development: The organization shall define and document the specific processes for the responsible design and development of the AI system (p. 26).
- A.6.2.2 AI system requirements and specification: The organization shall specify and document requirements for new AI systems or material enhancements to existing systems (p. 26).
- A.6.2.3 Documentation of AI system design and development: The organization shall document the AI system design and development based on organizational objectives, documented requirements, and specification criteria (p. 26).
- A.6.2.4 AI system verification and validation: The organization shall define and document verification and validation measures for the AI system and specify criteria for their use (p. 26).
- A.6.2.5 AI system deployment: The organization shall document a deployment plan and ensure that appropriate requirements are met prior to deployment (p. 26).
- A.6.2.6 AI system operation and monitoring: The organization shall define and document the necessary elements for the ongoing operation of the AI system, including system and performance monitoring, repairs, updates, and support (p. 27).
- A.6.2.7 AI system technical documentation: The organization shall determine what AI system technical documentation is needed for interested parties and provide it in the appropriate form (p. 27).
- A.6.2.8 AI system recording of event logs: The organization shall determine at which phases of the AI system life cycle, record keeping of event logs should be enabled, but at the minimum when the AI system is in use (p. 27).
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
