Man and woman with robot sitting at a table in the office to symbolize working with AI

Checklist: ISO/IEC 42001 Readiness

Assess your organization’s preparedness for responsible AI governance


ISO/IEC 42001 Readiness Checklist

ISO/IEC 42001 Readiness Checklist

Assess your organization's preparedness for responsible AI governance

1. Foundation & Awareness

Have you reviewed the ISO/IEC 42001 standard and understood its scope and objectives?

Have you engaged relevant stakeholders to raise awareness about the importance of responsible Al governance and certification?

Have you identified internal and external resources (people, systems, infrastructure) required to implement the AIMS?

2. Status Check & Risk Perspective

Have you assessed your existing processes against the ISO/IEC 42001 requirements?

Is there a risk management framework in place specifically addressing AI-related risks (e.g., bias, data misuse, unintended outcomes)?

Have you documented your Al policies, risk assessments, and AI impact assessments?

3. System Design & Implementation

Are roles and responsibilities for AI governance clearly defined within the organization?

Have relevant personnel been trained on AI risks, governance practices, and ISO/IEC 42001 expectations?

Are technical controls in place for managing AI systems, including monitoring, updates, and access controls?

4. Internal Audit and Corrective Actions

Have you conducted an internal audit to assess conformity with the standard?

Are non-conformities addressed with corrective actions and follow-up?

5. Controls Based on Annex A (ISO/IEC 42001)

A.2 - Alignment: Are your AI-related policies aligned with organizational policies and periodically reviewed?

A.3 - Responsibility: Are internal responsibilities for AI systems and their lifecycle clearly assigned?

A.4 - Resources: Have you identified and documented all resources relevant to your Al systems (data, tools, infrastructure)?

A.5 - Impact Assessment: Is there a formal process for conducting AI impact assessments on individuals, groups, or society?

A.6 - Lifecycle: Do you have lifecycle management processes for AI systems, including monitoring and ethical design?

A.7 - Data: Are data quality, provenance, and handling procedures defined for Al systems?

A.8 - Transparency: Are stakeholders and users informed about Al system behavior, risks, and reporting channels?

A.9 - Ethical Use: Do you have measures to ensure ethical and responsible use of Al technologies?

A.10 - Supply Chain: Are supplier and partner relationships aligned with your Al governance framework?

6. Certification Preparation

Have you selected an accredited certification body for ISO/IEC 42001?

Are all relevant documents compiled and the team prepared for the certification audit?