AI Risk Management Guidance

The companion risk guidance that pairs with 42001 and ISO 31000 on AI-specific risk.

Depth of coverage

What we know in this framework.

The specific clauses, articles, appendices and supervisory expectations we work against — anchored to primary source and maintained as the regime evolves.

01AI-specific risk sources

02Risk evaluation criteria

03Treatment options

04Lifecycle integration

How we cover it

How the firm carries ISO/IEC 23894 into client work.

ISO/IEC 23894 is read against the services below. Each one draws on the same compliance intelligence layer — indexed to primary source, versioned alongside the regulator, and carried into the engagement.

This framework is carried through our cross-framework control mapping. Speak with a partner for a scoped plan against your portfolio.

Related playbooks

Playbooks that ship against ISO/IEC 23894.

Each playbook walks from discovery through artifact — phases, controls, evidence. Agents assist the mechanical steps; specialists own the sign-off.

ISO/IEC 42001 · Controls

ISO/IEC 42001 AIMS Stand-Up Playbook

Build a certifiable AI Management System: scope, policy, objectives, risk, controls, audit. Mapped to your portfolio.

Read the playbook →

Map your posture against ISO/IEC 23894.

Bring us your current documentation, controls and inventory. We will map them clause by clause against ISO/IEC 23894 — and against every other regime your portfolio touches — and produce the evidence artifact your supervisor will read.

Speak with a partner Back to all frameworks →