ISO/IEC 42001:2023 · AIMS Certification

ISO/IEC 42001 Artificial Intelligence Management Systems (AIMS) Certification

Empowering Organizations to Build Trustworthy, Transparent, and Responsible AI. The world’s first international standard focused on AI management systems — published in 2023 to ensure AI is deployed safely, ethically, and with accountability.

3-year certificate cycle Annual surveillance ANZ · EU · NA · CEMEA
AIMS-aligned
★ ISO/IEC 42001:2023
AI Management System
Trustworthy · Transparent · Accountable AI governance
AI Governance
Risk-Based
Accountability
Ethics
High Level Structure — IMS compatible (14001/27001/45001)
3-year cert · annual surveillance
Trusted by AI & governance teams across ANZ
SparkDatacomInland RevenueVodafoneHumm GroupCCLFidelityIllionPlan BXplore
Overview

What Is ISO/IEC 42001?

ISO/IEC 42001 (published in 2023) is the world’s first international standard focused on AI management systems, created to guide organizations in the responsible development and use of AI. This standard, officially titled “Information technology — Artificial intelligence — Management system”, establishes requirements for setting up an Artificial Intelligence Management System (AIMS) within an organization.

ISO/IEC 42001 provides a structured, risk-based framework for governing AI, analogous to how ISO 9001 governs quality or ISO 27001 governs information security. Its significance lies in filling a crucial gap: as AI becomes foundational to business operations, there was a need for a formal AI governance standard to ensure AI is deployed safely, ethically, and with accountability.

Cianaa helps organisations across New Zealand, Australia, Asia Pacific, Europe, USA and Canada design and certify AIMS programmes — from pre-audit through Stage 1, Stage 2, and ongoing surveillance.

Benefits

Benefits of ISO 42001 Certification

ISO/IEC 42001 certification demonstrates trustworthy AI governance to clients, investors, and regulators worldwide.

Trustworthy AI

Build AI systems that stakeholders can trust through transparent governance and accountability — a key differentiator as AI scrutiny intensifies.

Risk-Based AI Governance

Structured risk-based approach to AI governance — identify, assess and treat AI-specific risks before they materialise.

International Credibility

Partnering with us gives your organization credibility with clients, investors, and regulators worldwide — across all major AI-regulated jurisdictions.

EU AI Act Readiness

ISO/IEC 42001 supports compliance with emerging AI regulation including the EU AI Act, US AI Executive Order, and similar frameworks.

Continuous Improvement

Build a sustainable system that evolves with AI technology and regulations — your AIMS adapts as the AI landscape evolves.

Stakeholder Confidence

Demonstrate responsible AI deployment to customers, regulators, and the public — turn AI ethics from risk into competitive advantage.

Key Requirements

What ISO/IEC 42001 Requires

ISO/IEC 42001:2023 uses the High Level Structure and organizes AIMS requirements across context, leadership, AI risk management, support, operation, evaluation, and improvement.

Clause 4

Context & AI Use Cases

Organizational context, interested parties, scope of the AIMS, and the AI systems and use cases in scope.

Clause 5

Leadership & AI Policy

Top management commitment, AI policy, organizational roles, responsibilities for AI governance and authorities.

Clause 6

AI Risk Management

AI risk assessment, AI impact assessment, AI objectives, change management, and risk and opportunity handling.

Clause 7

Support

Resources, competence in AI ethics and ML, awareness, communication, and documented information management.

Clause 8

Operation

Operational planning and control, AI system lifecycle management, AI risk treatment, data quality, third-party AI components.

Clause 9–10

Performance & Improvement

Monitoring AI performance, internal audit, management review. Nonconformity and corrective action; continual improvement of AI controls.

Process

Certification Process — Step by Step

Pre-audit, Stage 1, Stage 2, certification, and annual surveillance — led by qualified ISO/IEC 42001 lead auditors with AI governance background.

1
Optional

Stage 1 Readiness Review

Evaluate your current AI policies, governance, and processes against ISO/IEC 42001 requirements if required.

2
Year 1

Stage 1 Audit

Documentation review against ISO/IEC 42001 — confirms readiness for Stage 2 (after 3 months of pre-audit) or direct initial audit.

3
Year 1

Stage 2 Audit

On-site/remote audit of AIMS implementation, AI risk management, controls effectiveness, and worker interviews.

4
Year 1

Certificate Issued

The successful Stage 1 and Stage 2 audit results in certification. The certificate will be issued after the assurance team is satisfied.

5
Year 2–3

Surveillance Audits

Surveillance audits performed every one year. Continuous certification subject to successful surveillance.

6
Year 4

Recertification

Full recertification audit — renews your ISO/IEC 42001 certificate to maintain certified status.

Why Cianaa

Why Choose Cianaa Certification Partner

No sales fluff, no upsells. Just the facts you need to proceed with confidence.

Multi-audit efficiency

We use a multi-audit approach to unify our assertions through the triangulation of evidence emerging from different standards.

AI + ISO expertise

Our team combines deep knowledge of artificial intelligence with years of experience in ISO certification — trusted by organizations worldwide.

Transparent pricing

We have no hidden costs, give transparent pricing and clear deliverables based on the standard requirement.

Crystal-clear reports

Audit reports with prioritized nonconformities and improvement opportunities — actionable, not buzzword-heavy.

Predictable timelines

Predictable timelines that keep your team focused — typically 3 to 6 months from Stage 1 to Stage 2 audit.

Internationally accepted

Our process mirrors internationally accepted certification practices (Stage 1/Stage 2 → surveillance → recertification).

Complimentary · No Obligation

Get Your Free ISO 42001 Maturity Assessment

Talk to a Cianaa AI governance specialist for a complimentary scoping call — we’ll map your current AI policies and controls against ISO/IEC 42001:2023 and outline a realistic certification pathway.

Gap heat-mapClause-by-clause status across Clauses 4–10.
Realistic timelineEffort and calendar estimate to Stage 2 audit readiness.
AI risk & impact scanInitial view across AI use cases and risk register maturity.
IMS opportunityWhere 27001/9001 integration adds value alongside 42001.
Book Your Free Assessment →
30-minute scoping callAI governance specialistNo obligation
New research
The State of ISO/IEC 42001 Adoption in New Zealand & Australia
How many organisations are certified, what both governments decided, and the 2026–27 outlook.
Read the research →
Ready to Certify

Achieve ISO 42001 Certification with Confidence

Speak with our AI governance certification specialists to scope your ISO/IEC 42001 certification project and map a clear path to AIMS certification.

Get in Touch →
FAQ

Frequently Asked Questions

What is ISO/IEC 42001?
ISO/IEC 42001 (published in 2023) is the world’s first international standard focused on AI management systems. It establishes requirements for setting up an Artificial Intelligence Management System (AIMS) within an organization.
Why is ISO/IEC 42001 important?
As AI becomes foundational to business operations, ISO/IEC 42001 fills a crucial gap by providing a formal AI governance standard to ensure AI is deployed safely, ethically, and with accountability. It is analogous to how ISO 9001 governs quality or ISO 27001 governs information security.
What does the certification process involve?
Pre-audit evaluation of AI policies, governance, and processes; Stage 1 and Stage 2 audit (after 3 months of pre-audit) or direct initial audit; certification issued after assurance team is satisfied; surveillance audits every year.
How does AIMS recertification work?
Surveillance audits are performed every one year. Continuous certification is subject to successful surveillance audit.
Does ISO/IEC 42001 align with the EU AI Act?
ISO/IEC 42001 is designed to support compliance with emerging AI regulation — including the EU AI Act, US AI Executive Order, and similar frameworks. While not a regulatory document itself, AIMS implementation provides much of the governance evidence regulators expect.
How does ISO/IEC 42001 compare to the NIST AI RMF?
They are complementary: the NIST AI RMF is a voluntary risk framework, while ISO/IEC 42001 is a certifiable management system standard. Read our full ISO 42001 vs NIST AI RMF comparison.