ISO 42001 Implementation

Implementation of the international standard for AI Management Systems

The Global Standard for AI Governance

Your directors are asking about AI governance and your regulators are expecting evidence of due diligence. Now customers and partners want the same assurances.

ISO 42001 certification answers all of these. It’s the international standard for AI Management Systems, signalling that your governance meets globally recognised benchmarks rather than just internal assertions.

What's Included

Gap Analysis

See exactly where you stand against ISO 42001 requirements, what you already have in place and what needs to be built.

Implementation Support

Develop the policies, processes and controls the standard requires, with practical guidance alongside your team.

Documentation Development

Build the documentation auditors expect — AI policies, risk assessments, impact assessments and operational procedures.

Certification Readiness

Enter your certification audits prepared, with internal audit support and management review facilitation already complete.

Ongoing Maintenance

Keep your AIMS (AI Management System) current after certification, with surveillance audit preparation and continual improvement guidance.

Ready to Start Your Certification Journey?

Let's discuss your certification objectives and map out a practical path to achieving them.

Plan Your Certification

Who It's For

This service suits organisations that want to demonstrate AI governance maturity through independent certification. You might be responding to customer requirements, preparing for regulatory scrutiny or seeking competitive differentiation.

Particularly relevant for AI product companies, technology service providers and organisations in regulated sectors where formal certification is expected.

Engagement Model

Delivered as a milestone-based engagement aligned to your certification timeline, we structure work around key deliverables rather than open-ended consulting. You maintain visibility of progress and investment at each stage.

Certification readiness often requires technical controls to be in place — our AI Security Projects service can design and deploy them alongside the implementation programme.

Standards & Frameworks

Our services are aligned to industry-leading standards and regulations.

Cyber Essentials
EU AI Act
EU GDPR
ICO AI Guidance
ISO 27001
ISO 42001
NCSC CAF
NHS DSPT
NIS2 Directive
NIST AI RMF
OWASP AI Top 10
SOC 2
UK AI Act
UK GDPR
Cyber Essentials
EU AI Act
EU GDPR
ICO AI Guidance
ISO 27001
ISO 42001
NCSC CAF
NHS DSPT
NIS2 Directive
NIST AI RMF
OWASP AI Top 10
SOC 2
UK AI Act
UK GDPR

Frequently Asked Questions

How long does certification take?

Typically 6 to 12 months from starting implementation to achieving certification, depending on your starting position and organisational complexity. We help you set realistic timelines during scoping.

How much does ISO 42001 certification cost in the UK?

UK SMEs typically invest between £35,000 and £60,000 across implementation and certification, depending on organisational maturity and the AI systems in scope. Implementation consultancy forms the larger share. Certification body fees scale with site count and personnel. We provide fixed-price scoping after initial assessment so the investment is known upfront.

What is the difference between ISO 42001 and ISO 27001?

ISO 27001 governs information security management; ISO 42001 governs AI management. They share the structural Annex SL framework, but ISO 42001 adds AI-specific requirements around impact assessment, system lifecycle, transparency and responsible use. Many organisations operate both, with ISO 27001 securing the data and ISO 42001 governing the AI systems that process it.

Who needs ISO 42001?

Organisations developing or deploying AI systems where governance must be demonstrable. That typically means AI product companies, technology service providers and regulated sectors such as healthcare, finance and the public sector. It also fits any organisation responding to customer or procurement requirements that ask for evidence of AI governance maturity. Certification is voluntary but increasingly expected.

Do we need ISO 27001 first?

No, though the standards share structural elements. If you already have ISO 27001, implementation is typically faster. If not, we can advise on the most efficient approach to either or both.

Which certification body should we use?

We’re independent of certification bodies and can advise on selection, but the choice is yours. We work with whichever accredited body you choose.

What ongoing effort is required after certification?

ISO 42001 requires continual improvement and regular management reviews as annual external surveillance audits confirm continued compliance. We can provide ongoing support or help you build internal capability to manage independently.

Is certification worth it for smaller organisations?

It depends on your market and stakeholder requirements. Certification involves investment, but for organisations where AI governance is a competitive differentiator or customer requirement, the return is often clear. We help you assess whether it’s right for your situation.

Plan Your Certification

Let's discuss your certification objectives and map out a practical path to achieving them.

Plan Your Certification
Book a Call