Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

ISO 42001

Extensive experience in supporting organisations conform and certify to existing ISO management system standards

ISO 42001

With the field of artificial Intelligence (AI) continuing to develop and becoming increasingly pervasive throughout our culture and business landscape, the International Organization for Standardization (ISO) has released ISO/IEC 42001:2023, Information technology- Artificial intelligence-Management system Standard.  Published in December 2023, the Standard is aimed at helping organisations responsibly perform their role with respect to AI systems to use, develop, monitor or provide products that utilise AI.  By meeting the requirements of ISO 42001, organisations will be able to generate evidence of responsibility and accountability in respect of AI.

The Standard requires organisations to potentially consider issues such as the use of AI for automatic decision making, the use of data analytics and machine learning to design systems and AI systems performing continuous learning that change behaviour during use.  The Standard addresses topics such as ethical considerations, transparency, fairness and bias, and is applicable across a range of AI applications and contexts.

In time, organisations will be able to certify against ISO 42001, but in the meantime are able to establish, implement, maintain and continually improve an AI management system (AIMS).  ISO 42001 applies the same harmonised structure with clause numbers and titles identical to ISO 27001 and ISO 9001, thereby facilitating integration of management systems.

In comparison to ISO 27001, the main body sets out requirements in the familiar Clauses 4 – 10 format, with reference controls set out in Annex A.  These controls provide references for meeting an organisation’s objectives and addressing risks related to the design and operation of AI systems.  However, unlike ISO 27001, the ISO 42001 Standard includes 3 additional annexes:

Annex B provides implementation guidance in relation to the controls set out in Annex A, while potential organisational objectives, risk sources and descriptions that can be considered when managing risks are outlined in Annex C.   The potential use of an AIMS across domains or sectors are covered within Annexes C and D respectively. Integrating ISO 42001 with standards such as ISO 27001 is also covered in Annex D.

Gap Analysis

URM’s consultants can conduct gap analyses for existing management systems against the requirements of ISO 42001, to allow for the development or extension of an integrated management system encompassing ISO 42001 and other standards to which you are already conformant and/or certified.  The gap analysis will also allow us to identify areas where you are currently meeting the best practice defined in ISO 42001, any areas where your use, provision or development of AI is not currently conformant, and where we recommend appropriate remediation approaches.  

ISO 42001 Implementation and Remediation Support

Having established your current conformance position, URM can support you implement and maintain your AIMS which will be fully tailored to the context of your organisation.  Services we can offer you include:

  • Supporting you in the implementation of an ISO/IEC 42001 conformant management system (whether a standalone AIMS or an integrated management system)
  • Assisting you conduct an AI impact assessments for systems that you are developing or are using
  • Supporting you in your journey to achieve certification against the ISO 42001 Standard.

ISO 42001 Internal Audits

Once your AIMS has been implemented, URM can perform internal audits of your management system and controls to ensure they are operating effectively and meeting the requirements in ISO 42001.  URM’s auditors are not only skilled in audit techniques and knowledgeable about the subject of the audit, but can also provide the objectivity and impartiality required in the auditing process for conformance to the Standard.

Get in touch

Please note, we can only process business email addresses.

Why URM for ISO 42001?

Track record

While ISO 42001 is a new standard, URM’s extensive experience in supporting organisations conform and certify to existing ISO management system standards, such as ISO 27001 and ISO 22301, means we are uniquely positioned to provide informed and reliable support in helping you meet the requirements of ISO 42001.  Over the last two decades of steady, organic growth as a consultancy and training provider, we have supported over 400 successful ISO certifications without being involved in a single failed certification project.  As such, you can be assured that any guidance you receive from URM is informed by a long history of success stories, and can guarantee the same result for your organisation.  

Tailored solutions

We at URM appreciate that the use and development of AI will never be the same across any two organisations and, therefore, neither will the AIMS.  The unique requirements of your organisation, its industry, size and structure, risk appetite, products and services provided, legal and obligatory requirements, etc. will always shape the approach we take in helping you develop, implement and maintain your AIMS.  Meanwhile, we will ensure the advice and guidance we offer you reflects how you work and your existing culture, enabling you to integrate the AIMS into business-as-usual operations as seamlessly as possible.

Knowledge transfer

One of the most fundamental aspects of the way we work at URM is our ‘real world’ knowledge transfer philosophy. This enables you to benefit from our large team of consultants’ extensive practical experience and knowledge of AI best practice and, ultimately, independently maintain and improve your AIMS by virtue of what you have learned from them, without needing to rely on ongoing consultancy support.

Information Security FAQISO 27001 FAQ

ISO 13485: Medical Devices-Quality Management System Explained

Published on
13/12/2024

URM’s blog explains what ISO 13485, which organisations it applies to, its relationship with regulatory frameworks such as the UK and EU MDR, and much more.

Read more
Thumbnail of the Blog Illustration
Other Standards
Published on
16/8/2024
The EU Artificial Intelligence Act

URM’s blog breaks down the EU AI Act and discusses its scope, requirements, how it will be enforced, how it may impact the UK & the rest of the world, and more.

Read more
Thumbnail of the Blog Illustration
Quality Standards
Published on
25/7/2024
5 Golden Rules for Implementing ISO 9001

URM’s blog offers advice and guidance on how to implement and maintain an ISO 9001-aligned QMS and receive the maximum benefit from your investment.

Read more
Thumbnail of the Blog Illustration
Other Standards
Published on
5/6/2024
ISO 42001 Artificial Intelligence Impact Assessments (AIIAs)

URM’s blog explores artificial intelligence impact assessments (AIIAs) and offers advice on how to conduct these assessments in full conformance with ISO 42001.

Read more
"
The partnership approach URM takes is genuine. Our relationship with URM is not hard-nosed or overly commercialised, and feels much closer to a partnership arrangement than any other security consultancy providers we have worked with. If we had a new piece of work that we needed external help with, URM would be our first port of call for assistance.
CISO at University of Surrey
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.