NIST AI RMF

Extensive experience in supporting organisations conform and certify to existing ISO management system standards

Speak to Information Security Expert

Having assisted over 450 organisations to achieve ISO 27001 certification URM are the ideal experts and partners to help you certify.

Speak to one of our experts for more information on how we can help. Simply call 0118 206 5410 or use the contact form.

Contact us

NIST AI RMF

In 2023, the National Institute of Science and Technology (NIST) released its Artificial Intelligence Risk Management Framework (AI RMF), which is aimed at managing risks to individuals, organisations and society that are posed by AI.  Whilst alignment with the NIST AI RMF is voluntary, its adoption is extremely valuable in demonstrating to existing and prospective clients that your organisation’s systems are secure, trustworthy, and ethical, as well as supporting your compliance with regulations such as the EU AI Act.

The NIST AI RMF is organised into 4 Core Functions (Govern, Manage, Map and Measure), each of which address similar topics from different perspectives, covering governance activities, implementation and measurement of activities.  It is designed to be sector agnostic, and therefore applies broadly across industries that develop, deploy or use AI systems.

The Framework is considered a living document and will be updated as technologies and risks evolve.  As such, alignment with the NIST AI RMF will enable you to continuously adapt your organisation’s use of AI to emerging challenges, stay ahead of regulatory developments, and implement best practices that reflect the latest advancements in AI governance and risk management.

I am pleased to recognise the work of the URM internal auditor we have worked. Throughout all the audits carried out, he has consistently demonstrated professionalism, diligence, and a commitment to excellence in every task undertaken. Thanks to his efforts, we have achieved a very successful first stage ISO 27001:2022 certification audit, with zero findings noted, which has positioned us on track for the second stage audit and for long-term success.
Utilities solutions provider

Gap Analysis

URM’s consultants can conduct a gap analysis to facilitate your alignment with the NIST AI RMF. Our approach involves a comprehensive evaluation of your current AI systems and risk management practices to both identify where you are already following the guidance set out in the Framework, and any areas requiring improvement.  The output of the analysis is a report, in which we provide a detailed breakdown of your current alignment status and recommend appropriate actions your organisation can take to achieve full alignment with the Framework.

We were incredibly impressed with our consultant’s attention to detail during the reworking of many documents and the in-year assessment last month. He stood up and had his finger on the pulse and was a great help. He is liked by our team, and we look forward to a long working relationship with him.
Waste management company
Unsure how to approach ISO 42001 or AI governance more broadly?

You do not need a fully defined programme to speak with us. We offer a free, no‑obligation call to help you understand ISO 42001 requirements, assess your current AI governance maturity, and identify practical next steps. Early clarity can prevent unnecessary work and support confident compliance.

Get in touch to arrange your free call

Get in touch

You do not need a fully defined programme to speak with us. We offer a free, no‑obligation call to help you understand ISO 42001 requirements, assess your current AI governance maturity, and identify practical next steps. Early clarity can prevent unnecessary work and support confident compliance.
Get in touch to arrange your free call.

Please note, we can only process business email addresses.

Why URM for NIST AI RMF?

Track record

URM has a 20-year track record of providing high-quality training and consultancy services, assisting organisations to improve their governance and risk management programmes.  Whilst the NIST AI RMF is a relatively new framework and AI an emerging and rapidly evolving field, URM’s extensive experience supporting organisations to implement other NIST frameworks, such as the NIST Cybersecurity Framework (CSF), means we are ideally positioned to support your alignment with the AI RMF.  

Tailored solutions

We at URM appreciate that the use and development of AI will never be the same across any two organisations and, therefore, neither will the AI risk management programme.  The unique requirements of your organisation, its industry, size and structure, risk appetite, products and services provided, legal and obligatory requirements, etc., will always shape the approach we take in supporting your alignment with the NIST AI RMF.  Meanwhile, we will ensure the advice and guidance we offer you reflects your existing culture and working practices, enabling you to integrate AI risk management into business-as-usual operations as seamlessly as possible.

Knowledge transfer

One of the most fundamental aspects of the way we work at URM is our ‘real world’ knowledge transfer philosophy.  This enables you to benefit from our large team of consultants’ extensive practical experience and knowledge of AI best practice and, ultimately, independently improve your AI risk management by virtue of what you have learned from them, without needing to rely on ongoing consultancy support.

We would like to pass on our gratitude to our consultant for all his hard work and advice during our 3-year re-certification and assessment against the new Standard. After seven days of auditing, we have two OFIs that the assessors have put forward from the audits. This pays testament to our URM consultant, his hard work, eye for detail and advice given, both during the audits and during all the works beforehand.
Waste management company
We are immensely grateful to URM for their unwavering support, professionalism, and expertise throughout our ISO 27001 and Cyber Essentials Plus journey. Their guidance and strategic insights have been invaluable. With URM's continued partnership and support, we are confident in our ability to proactively address emerging threats and keep our business secure.
IT consultancy

Implementing and Certifying to ISO 42001

Published on
5/6/2026

URM’s blog breaks down how to effectively implement ISO 42001, where it differs from other ISO standards, and the common certification pitfalls to avoid

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
26/6/2026
How Organisations Fall Into PCI DSS Scope Without Realising It

URM’s blog explains how organisations can unintentionally and without realising fall into scope of the PCI DSS, despite not directly handling card data.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
17/6/2026
ISO 27001 Clause 10.2: Nonconformity and corrective action

URM’s blog explains how to meet ISO 27001 Clause 10.2, including finding nonconformities, performing root cause analysis, implementing corrective actions & more

Read more
Thumbnail of the Blog Illustration
Artificial Intelligence
Published on
5/6/2026
Implementing and Certifying to ISO 42001

URM’s blog breaks down how to effectively implement ISO 42001, where it differs from other ISO standards, and the common certification pitfalls to avoid

Read more
"
Our URM consultant was really thorough, genuinely helpful and contributed real value literally within the first few minutes of our session by pointing out some (not-so-obvious) details of the new version of ISO 27001 that we hadn't been aware of until then. He then proceeded with a very well-prepared run-through and explanation of the controls in scope for our upcoming internal audit. Definitely a highlight and overall, very positive experience for us!