ISO/IEC 42001:2023 Internal Audit

Did you know under Clause 9.2 you require an impartial internal audit for both the initial certification and maintenance cycle of ISO/IEC 42001:2023 ? That means anyone who implements your AI management system internally, or provides external audit/certification can't fill this role.

We can provide independent internal audit services either one-off or across a full stage 1, stage 2 and surveillance cycle. We can help with:

• Qualified ISO/IEC 42001:2023 Internal Auditors
• Pre-certification single cycle internal audit (ie before Stage 1/2 certification)
• Post-certification single cycle internal audit (ie Surveillance in Year 1 or 2)
• Full lifecycle internal audit (pre Stage 1/2 and post certification, with 2x Surveillance)
• Full lifecycle is preferred because it allows selection and internal audit coverage of components of your AIMS across a 3 year cycle

With our internal audit service, we can:

• Act as objective and impartial internal auditors
• Plan, establish, and maintain an internal audit program - defining scope, frequency, and methods
• Audit all parts of the AIMS at planned intervals
• Report internal audit results to relevant management for corrective actions
• Retain documented information as evidence of internal audit results and follow-up, including making those records available to external auditors

Specific AWS Services Addressed

ISO/IEC 42001:2023 is not AWS specific and will provide a baseline compliance position across any/all cloud and on-prem AI services and providers. If you have a significant AWS footprint, including AI services on Sagemaker (including Studio, Custom Models, Hyperpod, Inference, MLflow), Bedrock (including Nova & Agentcore - Runtime, Gateway, Memory, Browser Tool, Code Interpreter, Identity, Observability), open source agent frameworks (eg Strands, LangGraph, CrewAI), other foundation model providers accessed via Bedrock (eg OpenAI, Google Gemini, Anthropic Claude, Meta Llama, Mistral, Cohere) or older AI services (eg Comprehend, Kendra, Lex, Personalize, Polly, Rekognition, Textract, Transcribe, Translate) we have specific expertise and experience in designing, implementing and operating and documenting these solutions and the wider AWS security and compliance services wrapepd around them (such as Organizations, Identity & Access Management, Config, CloudFormation, Control Tower, Security Hub) to ensure you gain maximum coverage from your ISO/IEC 42001:2023 activities.