FREE GUIDE
How to Implement ISO 42001 in 12 Steps
Get the free, step-by-step guide to building your AIMS and achieving ISO/IEC 42001:2023 certification—from defining scope through your certification audit.
WHAT'S INSIDE
The 12 steps inside the free ISO 42001 guide
01
Scope of the AIMS
Define what is included, where boundaries sit, and which teams, assets, and systems the AIMS covers.
02
Gap Analysis
Compare your current AI governance practices against ISO/IEC 42001:2023 requirements before you build.
03
Management Support
Secure leadership commitment, ownership, resources, and a clear reason for the certification project.
04
AI Policy
Create the policy foundation that communicates intent, responsibilities, and expectations across the organization.
05
AI Inventory
Build an inventory of AI systems and the data and model assets they depend on, with clear ownership for each.
06
Risk Management Methodology
Set the scoring approach, risk criteria, and repeatable method your team will use for decisions.
07
Risk Assessment
Identify, analyze, and prioritize information security risks before deciding how to treat them.
08
Risk Treatment
Choose controls, document decisions, and create a treatment plan that connects risks to action.
09
Competence & Awareness
Make sure people understand their responsibilities and can prove awareness when the auditor asks.
10
Performance Evaluation
Track whether the AIMS is working through monitoring, internal audits, and management review.
11
Improvement
Handle nonconformities, corrective actions, and continuous improvement without losing momentum.
12
Certification Audit
Prepare for Stage 1 and Stage 2 audits with the right evidence, mindset, and process readiness.
Aron Lange · GRC Lab