ISO/IEC 42001:2023 AI Management System Implementation Assistance

To fully implement an ISO/IEC 42001:2023 AI Management System (AIMS) you must address 27 required activities and 16 required documentation artefacts in a way that allows an auditor to assess conformance.

We can help with:

• qualified ISO/IEC 42001:2023 Lead Implementers running an initial AIMS health check - what elements of an AIMS do you have already, where are the gaps, and what needs to be improved or enhanced to meet the conformance criteria ?
• program/project management for coordination across the variety of activities needed to implement an AIMS, which typically require several contributors in your organization - this may include:
  • planning, implementing and controlling processes required for an AIMS
  • performing risk assessments regularly
  • implementing risk treatment plans as required
  • performing AI system impact assessments (also see our standalone service)
  • making sure you have evidence of monitoring and measurement
  • provisioning an internal audit program
  • interacting with management to review results
  • dealing with any non-conformities, corrections and corrective actions that arise from internal or external audits
  • using your preferred GRC automation platform to support governance and operational policies and capture ISO/IEC 42001:2023 audit evidence

Specific AWS Services Addressed

ISO/IEC 42001:2023 is not AWS specific and will provide a baseline compliance position across any/all cloud and on-prem AI services and providers. If you have a significant AWS footprint, including AI services on Sagemaker (including Studio, Custom Models, Hyperpod, Inference, MLflow), Bedrock (including Nova & Agentcore - Runtime, Gateway, Memory, Browser Tool, Code Interpreter, Identity, Observability), open source agent frameworks (eg Strands, LangGraph, CrewAI), other foundation model providers accessed via Bedrock (eg OpenAI, Google Gemini, Anthropic Claude, Meta Llama, Mistral, Cohere) or older AI services (eg Comprehend, Kendra, Lex, Personalize, Polly, Rekognition, Textract, Transcribe, Translate) we have specific expertise and experience in designing, implementing and operating and documenting these solutions and the wider AWS security and compliance services wrapepd around them (such as Organizations, Identity & Access Management, Config, CloudFormation, Control Tower, Security Hub) to ensure you gain maximum coverage from your ISO/IEC 42001:2023 activities.