AI Management System Standard
The certifiable AI management system standard. Plan, Do, Check, Act across the AI lifecycle.
What we know in this framework.
The specific clauses, articles, appendices and supervisory expectations we work against — anchored to primary source and maintained as the regime evolves.
How the firm carries ISO/IEC 42001:2023 into client work.
ISO/IEC 42001:2023 is read against the services below. Each one draws on the same compliance intelligence layer — indexed to primary source, versioned alongside the regulator, and carried into the engagement.
- Auditable AI inventory indexed to primary-source obligations
- Governance charter, RACI, and human sign-off gates that survive examination
- Model and agent cards indexed to regulator clauses
- Digital compliance officers scoped to your programme
- Evidence captured at the point of work, not reconstructed after
- Control library indexed to the obligations your supervisor reads
Playbooks that ship against ISO/IEC 42001:2023.
Each playbook walks from discovery through artifact — phases, controls, evidence. Agents assist the mechanical steps; specialists own the sign-off.
EU AI Act High-Risk System Playbook
Classify use cases against Annex III, build the Article 9 risk management system, and compile the Annex IV technical file your conformity assessment will depend on.
Read the playbook →ISO/IEC 42001 · ControlsISO/IEC 42001 AIMS Stand-Up Playbook
Build a certifiable AI Management System: scope, policy, objectives, risk, controls, audit. Mapped to your portfolio.
Read the playbook →NIST AI RMF 1.0 · AssessmentNIST AI RMF Profile Playbook
Govern / Map / Measure / Manage — profiled to your sector, your use cases and the frameworks your regulators read.
Read the playbook →Cross-framework · ControlsAgentic AI Governance Playbook
Multi-step autonomous agents, tool-calling chains, and the oversight these systems demand. Agent cards, action budgets, kill switches.
Read the playbook →Cross-framework · DocumentationRAG Assurance Playbook
Retrieval-augmented generation has its own attack surface — source provenance, index drift, poisoning risk. Control it.
Read the playbook →Cross-framework · VendorFoundation Model Due Diligence Playbook
Bringing a GPAI, Claude, GPT, Gemini, Llama or sovereign model into scope — the diligence a regulated deployer is now expected to perform.
Read the playbook →Cross-framework · MonitoringContinuous Control Monitoring Playbook
Drift, performance, outcome and complaint monitoring in one pipeline — outputs a supervisor can act on.
Read the playbook →Map your posture against ISO/IEC 42001:2023.
Bring us your current documentation, controls and inventory. We will map them clause by clause against ISO/IEC 42001:2023 — and against every other regime your portfolio touches — and produce the evidence artifact your supervisor will read.