axigetik: ISO/IEC 42001:2023 AI Management Systems End-to-End Support

To fully implement an ISO/IEC 42001:2023 AI Management System (AIMS) you must address 27 required activities and 16 required documentation artefacts in a way that allows an auditor to assess conformance.

We can help with:

• qualified ISO/IEC 42001:2023 Lead Implementers
• running an initial AIMS health check - what elements of an AIMS do you have already, where are the gaps, and what needs to be improved or enhanced to meet the conformance criteria ?
• program/project management for coordination across the variety of activities needed to implement an AIMS, which typically require several contributors in your organization - this may include:
  • planning, implementing and controlling processes required for an AIMS
  • performing risk assessments regularly
  • implementing risk treatment plans as required
  • performing AI system impact assessments (also see our standalone service)
  • making sure you have evidence of monitoring and measurement
  • provisioning an internal audit program
  • interacting with management to review results
  • dealing with any non-conformities, corrections and corrective actions that arise from internal or external audits
• using your preferred GRC automation platform to support governance and operational policies and capture ISO/IEC 42001:2023 audit evidence

Did you know under Clause 9.2 you require an impartial internal audit for both the initial certification and maintenance cycle of ISO/IEC 42001:2023 ? That means anyone who implements your AI management system internally, or provides external audit/certification can't fill this role. We can provide independent internal audit services either one-off or across a full stage 1, stage 2 and surveillance cycle.

We can help with:

• Qualified ISO/IEC 42001:2023 Internal Auditors
• Pre-certification single cycle internal audit (ie before Stage 1/2 certification)
• Post-certification single cycle internal audit (ie Surveillance in Year 1 or 2)
• Full lifecycle internal audit (pre Stage 1/2 and post certification, with 2x Surveillance)

Full lifecycle is preferred because it allows selection and internal audit coverage of components of your AIMS across a 3 year cycle

With our internal audit service, we can:

• Act as objective and impartial internal auditors
• Plan, establish, and maintain an internal audit program - defining scope, frequency, and methods
• Audit all parts of the AIMS at planned intervals
• Report internal audit results to relevant management for corrective actions
• Retain documented information as evidence of internal audit results and follow-up, including making those records available to external auditors

Are you an auditor/certification body looking for an extra pair of hands ? We can act as technical specialists and auditors on a whitelabel basis to supplement your existing resources and expertise, to deliver better outcomes for your customers.

We can help with:

• Qualified ISO/IEC 42001:2023 Lead Auditors
• Easy reach into/across the APAC region (Australia, New Zealand, South East Asia) if you need audit support for multiple sites within an organization
• Broad and deep engineering experience in designing, building, operating, maintaining AI systems of different types (from expert systems, neural networks, statistical natural language processing, information retrieval, big data, deep learning, transformers, LLMs, agentic AI)

Our audit augmentation resources can be contracted on a day rate, per audit, or retained as flexible bench capability.

Specific AWS Services Addressed

ISO/IEC 42001:2023 is not AWS specific and will provide a baseline compliance position across any/all cloud and on-prem AI services and providers. If you have a significant AWS footprint, including AI services on Sagemaker (including Studio, Custom Models, Hyperpod, Inference, MLflow), Bedrock (including Nova & Agentcore - Runtime, Gateway, Memory, Browser Tool, Code Interpreter, Identity, Observability), open source agent frameworks (eg Strands, LangGraph, CrewAI), other foundation model providers accessed via Bedrock (eg OpenAI, Google Gemini, Anthropic Claude, Meta Llama, Mistral, Cohere) or older AI services (eg Comprehend, Kendra, Lex, Personalize, Polly, Rekognition, Textract, Transcribe, Translate) we have specific expertise and experience in designing, implementing and operating and documenting these solutions and the wider AWS security and compliance services wrapepd around them (such as Organizations, Identity & Access Management, Config, CloudFormation, Control Tower, Security Hub) to ensure you gain maximum coverage from your ISO/IEC 42001:2023 activities.