FOUNDED 2025 · INDEPENDENT UK PRACTICE

ISO/IEC 42001 Consultancy & AI Management System

AI management systems aligned to NIST AI RMF and the EU AI Act.

Implement ISO/IEC 42001:2023 once and satisfy NIST AI RMF, the EU AI Act overlap, and customer ISO 42001 questionnaires. Designed for AI builders and deployers preparing for high-risk Annex III enforcement on 2 August 2027.

Book a 30-minute working consultation Download the related paper
02Typical triggers

When this service is on the desk.

  1. 01Buyer questionnaire mentions ISO 42001
  2. 02AI Act conformity assessment scope
  3. 03Customer asking for AI assurance alongside SOC 2
  4. 04Board requesting an AI management system
03Typical outputs

Artefacts that earn the audit, the customer or the board.

  • ·AI management system scope and applicability statement
  • ·AI impact assessment process and template library
  • ·Control catalogue mapped to ISO 42001, NIST AI RMF, EU AI Act
  • ·Stage 1 / Stage 2 readiness and certification body engagement
04Engagement shapes

Three ways the engagement is typically scoped.

SHAPE 01
Implementation

6–9 months from gap analysis through Stage 1.

SHAPE 02
Pre-cert support

Stage 2 walkthrough, evidence pack, certification body liaison.

SHAPE 03
Aligned-only

ISO 42001 alignment without certification (for internal assurance).

05Related
RELATED PAPER

Bridging the AI Governance Gap

Open paper  →
RELATED TOOLKIT

ISO 42001 Toolkit

Open toolkit  →
FULL CATALOGUE ENTRY

See this service in the full catalogue

Open catalogue  →
Paul Jolliffe, Founder of InfoSecAI
DELIVERED BY

Paul Jolliffe

FOUNDER · INFOSECAI · MBA · CISSP · ISO 27001:2022 LA / LI / IA · PRINCE2 Practitioner

Twenty years of senior security leadership across financial services, healthcare, government, telecoms and technology. Engagements are senior from day one: no subcontracted juniors, no introduce-and-exit.