ISO 42001

Extensive experience in supporting organisations conform and certify to existing ISO management system standards

Speak to Information Security Expert

Having assisted over 400 organisations to achieve ISO 27001 certification URM are the ideal experts and partners to help you certify.

Speak to one of our experts for more information on how we can help. Simply call 0118 206 5410 or use the contact form.

Contact us

ISO 42001

With the field of artificial Intelligence (AI) continuing to develop and becoming increasingly pervasive throughout our culture and business landscape, the International Organization for Standardization (ISO) has released ISO/IEC 42001:2023, Information technology- Artificial intelligence-Management system Standard.  Published in December 2023, the Standard is aimed at helping organisations responsibly perform their role with respect to AI systems to use, develop, monitor or provide products that utilise AI.  By meeting the requirements of ISO 42001, organisations will be able to generate evidence of responsibility and accountability in respect of AI.

Our consultant was very thorough and knowledgeable when delivering the ISO 27001 pre-stage-2 internal audit.
Transport technology provider

The Standard requires organisations to potentially consider issues such as the use of AI for automatic decision making, the use of data analytics and machine learning to design systems and AI systems performing continuous learning that change behaviour during use.  The Standard addresses topics such as ethical considerations, transparency, fairness and bias, and is applicable across a range of AI applications and contexts.

In time, organisations will be able to certify against ISO 42001, but in the meantime are able to establish, implement, maintain and continually improve an AI management system (AIMS).  ISO 42001 applies the same harmonised structure with clause numbers and titles identical to ISO 27001 and ISO 9001, thereby facilitating integration of management systems.

In comparison to ISO 27001, the main body sets out requirements in the familiar Clauses 4 – 10 format, with reference controls set out in Annex A.  These controls provide references for meeting an organisation’s objectives and addressing risks related to the design and operation of AI systems.  However, unlike ISO 27001, the ISO 42001 Standard includes 3 additional annexes:

Annex B provides implementation guidance in relation to the controls set out in Annex A, while potential organisational objectives, risk sources and descriptions that can be considered when managing risks are outlined in Annex C.   The potential use of an AIMS across domains or sectors are covered within Annexes C and D respectively. Integrating ISO 42001 with standards such as ISO 27001 is also covered in Annex D.

We are immensely grateful to URM for their unwavering support, professionalism, and expertise throughout our ISO 27001 and Cyber Essentials Plus journey. Their guidance and strategic insights have been invaluable. With URM's continued partnership and support, we are confident in our ability to proactively address emerging threats and keep our business secure.
IT consultancy

Get in touch

Please note, we can only process business email addresses.

Why URM for ISO 42001?

Track record

While ISO 42001 is a new standard, URM’s extensive experience in supporting organisations conform and certify to existing ISO management system standards, such as ISO 27001 and ISO 22301, means we are uniquely positioned to provide informed and reliable support in helping you meet the requirements of ISO 42001.  Over the last two decades of steady, organic growth as a consultancy and training provider, we have supported over 400 successful ISO certifications without being involved in a single failed certification project.  As such, you can be assured that any guidance you receive from URM is informed by a long history of success stories, and can guarantee the same result for your organisation.  

Tailored solutions

We at URM appreciate that the use and development of AI will never be the same across any two organisations and, therefore, neither will the AIMS.  The unique requirements of your organisation, its industry, size and structure, risk appetite, products and services provided, legal and obligatory requirements, etc. will always shape the approach we take in helping you develop, implement and maintain your AIMS.  Meanwhile, we will ensure the advice and guidance we offer you reflects how you work and your existing culture, enabling you to integrate the AIMS into business-as-usual operations as seamlessly as possible.

Knowledge transfer

One of the most fundamental aspects of the way we work at URM is our ‘real world’ knowledge transfer philosophy. This enables you to benefit from our large team of consultants’ extensive practical experience and knowledge of AI best practice and, ultimately, independently maintain and improve your AIMS by virtue of what you have learned from them, without needing to rely on ongoing consultancy support.

Our partnership with URM has been outstanding. From supporting us with our own Cyber Essentials certification to assisting our customers with Cyber Essentials, ISO 27001, and virtual CISO services, URM consistently delivers exceptional service. Their expertise, open communication, and ability to allocate the right expert resources for specific requirements makes every project seamless. We highly value their support and look forward to continuing our collaboration.
Cyber security services and solutions provider
We are immensely grateful to URM for their unwavering support, professionalism, and expertise throughout our ISO 27001 and Cyber Essentials Plus journey. Their guidance and strategic insights have been invaluable. With URM's continued partnership and support, we are confident in our ability to proactively address emerging threats and keep our business secure.
IT consultancy

Establishing Organisational Control Over Artificial Intelligence

Published on
22/11/2024

URM’s blog discusses the need for policy in relation to the use of AI, real-world cases where AI has caused organisations issues & how to create an AI policy.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
27/3/2025
ISO 27001:2022 Annex A Physical Controls

URM’s blog offers key advice on implementing the physical controls in Annex A of ISO 27001 and preparing for a successful physical controls audit.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
10/3/2025
PCI SSC Announces Changes to the SAQ A

URM’s blog explains the recent update to PCI DSS SAQ-A that has resulted in the removal of 2 new v4 requirements & the addition of new eligibility criteria.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
21/2/2025
The Impact of AI on PCI DSS Compliance

URM’s blog explores how AI can impact PCI DSS compliance, both in terms of the benefits it can provide and the challenges it may present.

Read more
"
On our path of growing our business, we have found in URM a very capable and knowledgeable consultancy firm to guide and structure our processes towards SOC 2 compliance. The consultancy by URM played an essential role in building our competences and expanding the compliance framework for our SaaS based propositions.