NIST AI RMF

Extensive experience in supporting organisations conform and certify to existing ISO management system standards

Speak to Information Security Expert

Having assisted over 450 organisations to achieve ISO 27001 certification URM are the ideal experts and partners to help you certify.

Speak to one of our experts for more information on how we can help. Simply call 0118 206 5410 or use the contact form.

Contact us

NIST AI RMF

In 2023, the National Institute of Science and Technology (NIST) released its Artificial Intelligence Risk Management Framework (AI RMF), which is aimed at managing risks to individuals, organisations and society that are posed by AI.  Whilst alignment with the NIST AI RMF is voluntary, its adoption is extremely valuable in demonstrating to existing and prospective clients that your organisation’s systems are secure, trustworthy, and ethical, as well as supporting your compliance with regulations such as the EU AI Act.

The NIST AI RMF is organised into 4 Core Functions (Govern, Manage, Map and Measure), each of which address similar topics from different perspectives, covering governance activities, implementation and measurement of activities.  It is designed to be sector agnostic, and therefore applies broadly across industries that develop, deploy or use AI systems.

The Framework is considered a living document and will be updated as technologies and risks evolve.  As such, alignment with the NIST AI RMF will enable you to continuously adapt your organisation’s use of AI to emerging challenges, stay ahead of regulatory developments, and implement best practices that reflect the latest advancements in AI governance and risk management.

The enthusiasm and passion URM consultants have for their subject matter is clearly evident in every engagement. They always take care to ensure that the advice they deliver is understandable and actionable.
IoT provider

Gap Analysis

URM’s consultants can conduct a gap analysis to facilitate your alignment with the NIST AI RMF. Our approach involves a comprehensive evaluation of your current AI systems and risk management practices to both identify where you are already following the guidance set out in the Framework, and any areas requiring improvement.  The output of the analysis is a report, in which we provide a detailed breakdown of your current alignment status and recommend appropriate actions your organisation can take to achieve full alignment with the Framework.

The enthusiasm and passion URM consultants have for their subject matter is clearly evident in every engagement. They always take care to ensure that the advice they deliver is understandable and actionable.
IoT provider
Developing or reviewing your AI management framework?

Whether you are at an early planning stage or preparing for audit and assurance activities, we offer a free introductory call to help you assess risks, responsibilities, and the most proportionate route forward. No obligation, just clear and practical advice.

Contact us to book your free consultation

Get in touch

You do not need a fully defined programme to speak with us. We offer a free, no‑obligation call to help you understand ISO 42001 requirements, assess your current AI governance maturity, and identify practical next steps. Early clarity can prevent unnecessary work and support confident compliance.
Get in touch to arrange your free call.

Please note, we can only process business email addresses.

Why URM for NIST AI RMF?

Track record

URM has a 20-year track record of providing high-quality training and consultancy services, assisting organisations to improve their governance and risk management programmes.  Whilst the NIST AI RMF is a relatively new framework and AI an emerging and rapidly evolving field, URM’s extensive experience supporting organisations to implement other NIST frameworks, such as the NIST Cybersecurity Framework (CSF), means we are ideally positioned to support your alignment with the AI RMF.  

Tailored solutions

We at URM appreciate that the use and development of AI will never be the same across any two organisations and, therefore, neither will the AI risk management programme.  The unique requirements of your organisation, its industry, size and structure, risk appetite, products and services provided, legal and obligatory requirements, etc., will always shape the approach we take in supporting your alignment with the NIST AI RMF.  Meanwhile, we will ensure the advice and guidance we offer you reflects your existing culture and working practices, enabling you to integrate AI risk management into business-as-usual operations as seamlessly as possible.

Knowledge transfer

One of the most fundamental aspects of the way we work at URM is our ‘real world’ knowledge transfer philosophy.  This enables you to benefit from our large team of consultants’ extensive practical experience and knowledge of AI best practice and, ultimately, independently improve your AI risk management by virtue of what you have learned from them, without needing to rely on ongoing consultancy support.

Without doubt, URM helped us to achieve our planned objectives a lot sooner than expected. The engagement was a huge success and couldn’t have gone any better.
Postal service company
We’d like to thank our assessor for his usual thorough and fully detailed attention to our system. Our ISMS is being spoken about in much awe and reverence within the wider organisation and I can honestly say that, without his support and wisdom over the last few years, this would not be happening.
Cloud infrastructure provider

Implementing and Certifying to ISO 42001

Published on
5/6/2026

URM’s blog breaks down how to effectively implement ISO 42001, where it differs from other ISO standards, and the common certification pitfalls to avoid

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
3/7/2026
ISO 27001 Clause 8.1: Effective ISMS operational planning and control

URM’s blog explains the requirements of ISO 27001 Clause 8.1 and why it matters, as well as sharing key insights on how to properly implement it in practice.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
26/6/2026
How Organisations Fall Into PCI DSS Scope Without Realising It

URM’s blog explains how organisations can unintentionally and without realising fall into scope of the PCI DSS, despite not directly handling card data.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
17/6/2026
ISO 27001 Clause 10.2: Nonconformity and corrective action

URM’s blog explains how to meet ISO 27001 Clause 10.2, including finding nonconformities, performing root cause analysis, implementing corrective actions & more

Read more
"
Our partnership with URM has been outstanding. From supporting us with our own Cyber Essentials certification to assisting our customers with Cyber Essentials, ISO 27001, and virtual CISO services, URM consistently delivers exceptional service. Their expertise, open communication, and ability to allocate the right expert resources for specific requirements makes every project seamless. We highly value their support and look forward to continuing our collaboration.