ISO 42001 for AI Management Systems

The certifying body audits your AI Management System; we ship the evidence. ISO/IEC 42001:2023 is a management-system standard — the same family as ISO 27001 and ISO 9001. The certificate sits with the organisation that runs an AIMS, not with any vendor underneath it. Adjudon's role on this page is to make a precisely-defined subset of the Annex A control requirements automatically evidenced by the runtime audit-layer the deployer already has in production: every trace, every policy verdict, every review item, every FRIA attestation. We document this honestly so an external auditor reading this page knows exactly which Annex A controls Adjudon helps cover and which ones the deployer must cover with their own controls.

Scope

This page applies to organisations pursuing or operating an ISO/IEC 42001:2023 AI Management System — whether self-declaring conformance, in pre-audit readiness, or under maintenance after first certification. The most commonly load-bearing controls map to the Annex A clauses surfaced below. The Adjudon ComplianceMappingNote API surface (/api/v1/compliance/mapping) records per-clause status, evidence, and reviewer attribution, audit-logged on every change.

ISO/IEC 42001 was published in December 2023 and is the first international management-system standard for AI. Conformance is voluntary today; a growing number of European public-sector procurement processes treat ISO 42001 readiness as a tie-breaker.

Roles

Role	Party	ISO 42001 basis
AI Management System operator	Your organisation	Clause 4 (Context)
Top management accountability	Your executive sponsor	Clause 5 (Leadership)
Audit / policy infrastructure	Adjudon	Out of scope as a certified entity
Certifying body	An accredited third-party auditor	Annex SL audit cycle

Adjudon is not itself a certified ISO 42001 management system. The audit-and-policy layer is infrastructure used by the AIMS-operating organisation to evidence its own controls.

Annex A clause mapping — what Adjudon evidences

The mapping below is the canonical 18-row table the dashboard's ComplianceMappingPage renders. Each row pairs an Annex A clause with the Adjudon capability that supplies the evidence; the Default status column is what the dashboard shows on first load before the deployer overrides it with their own attestation.

Clause	Title	Default status	Evidence supplied by Adjudon
A.6.2.4	AI System Impact Assessment	covered	FRIA wizard records intended use; Hash-Chain audit captures every decision
A.6.2.6	Human Oversight of AI Systems	covered	Review Queue + Policy Engine + 4-eyes Auto-Approval sign-off
A.7.2	Data Quality for AI Systems	partial	Anomaly detection flags drift; data-quality dashboard not yet customer-facing
A.7.4	AI System Performance and Reliability	covered	Confidence Engine on every trace; CPI dashboard tracks reliability over time
A.8.2	AI System Documentation	covered	Deployer Compliance Pack consolidates oversight, monitoring, DPIA, instructions
A.8.3	AI System Lifecycle Management	partial	Agent registry tracks state; lifecycle-stage transitions not yet enforced
A.8.4	Verification and Validation	covered	Hash Chain + verify endpoint; FRIA approval transitions are append-only
A.9.2	AI System Operation	covered	Policy Engine evaluates every trace synchronously inside the latency budget
A.9.3	Performance Monitoring	covered	Analytics rollup, anomalies, CPI
A.10.2	Communication of AI Risks	partial	Alerts + notifications; risk-to-third-party communication is the operator's
A.10.3	Incident Management	covered	Multi-Clock Incident Hub with 5 regulator clocks
A.10.4	Continuous Improvement	covered	Decision Mining surfaces patterns; feedback analytics correlates outcomes
A.10.5	Stakeholder Engagement	partial	Audit Log surfaces history; stakeholder interviews are off-platform
A.10.6	Data Subject Rights	partial	PII scrubbing + GDPR right-to-erasure on payloads (audit shells preserved)
B.5	Resources	not applicable	Operator's organisational concern
B.6	Operational Planning	partial	Performance SLOs documented; planning is the operator's
B.7	Performance Evaluation	covered	CPI dashboard + audit-log posture review
B.8	Improvement	covered	Audit Log captures every policy change with reviewer attribution

The status vocabulary on the dashboard is covered, partial, not_applicable, and unmet. Default status is the floor, not the ceiling: a deployer can downgrade covered to partial with free-text justification, but the audit log records both the change and the reviewer email. An auditor reading the export sees exactly who attested what and when.

How a clause attestation flows

   ┌─────────────────────────────────────────────────────────┐
   │  ComplianceMappingNote                                   │
   ├─────────────────────────────────────────────────────────┤
   │   framework:    'iso-42001'                              │
   │   clauseId:     'A.7.2'                                  │
   │   status:       'partial'   ← deployer override          │
   │   evidence:     "Drift dashboards in production;         │
   │                  data-quality KPI not yet wired."        │
   │   reviewedBy:   <userId>                                 │
   │   reviewedAt:   2026-04-29T14:02:11Z                     │
   │   chainHash:    <sha256>     ← anchored on save          │
   ├─────────────────────────────────────────────────────────┤
   │  Audit-log entry on save:                                │
   │    action:  'compliance.mapping.updated'                 │
   │    detail:  "iso-42001 / A.7.2 → partial"                │
   └─────────────────────────────────────────────────────────┘

Every save is append-only and audit-logged. Editing the same clause later writes a new note + audit entry; the prior attestation survives in the audit history.

What an external auditor typically asks for

A first-time ISO 42001 audit against an Adjudon-evidenced AIMS usually surfaces five concrete artefact requests — in our experience accompanying customers through pre-audit gap analyses:

1. The Annex A clause status export. A PDF or CSV showing every clause, the deployer's attestation, the evidence narrative, and the reviewer who signed off. The Compliance Mapping API produces this directly; the iso42001Pdf plan-gate (Enterprise+) renders it as an audit-grade PDF.
2. A sample audit-log slice. The auditor picks an arbitrary 30-day window and asks for every policy change, every reviewer action, every FRIA transition during that window. The Operations Audit Log export satisfies this with a single CSV.
3. A hash-chain verification proof. "Show me that the audit log of January cannot have been retroactively rewritten." GET /api/v1/hash-chain/verify returns the proof; the regulator can re-run the same verify command with three curls.
4. One worked FRIA. Pick one high-risk system and walk through its FRIA from draft to approval, with timestamps and the reviewer's email on the approve transition.
5. The three Cardinal Rules disclosure. Auditors increasingly ask about runtime guarantees: PII-scrubbing on ingestion, no-cross-tenant-leakage proof, append-only audit log. The Audit & Security concept page is the canonical disclosure.

What Adjudon does not cover

Annex A is broader than the audit-layer surface. Adjudon does not evidence:

• Top-management leadership commitments (Clause 5). Executive sponsorship, AI policy authoring, role definitions are organisational artefacts the operator authors and reviews.
• Internal-audit programme (Clause 9.2 management-system audit). This is the meta-audit of the AIMS itself; Adjudon feeds it but does not replace it.
• Third-party supplier risk (Annex A specific to suppliers). Adjudon is one supplier on the operator's register; the operator's own DD on every other supplier (model providers, hosting, data brokers) sits with them.
• Training & awareness (Clause 7.2). Staff training records, competency assessments, and onboarding evidence live in the operator's HR / LMS systems, not here.

What this is NOT

• Not a certificate. Adjudon is not ISO 42001 certified itself today. The certificate, when issued, lives with the deployer's AIMS, not with this audit-layer.
• Not auto-conformance. "Covered" status on a clause means Adjudon provides the runtime evidence; the operator still authors the AIMS policy that ties the evidence into the control framework. The auditor reads both.
• Not the only evidence channel. The operator's policy library, training records, incident registers, and supplier DD all feed the audit independently. Adjudon evidences the runtime layer cleanly; the rest is the operator's stack.

See also

• Compliance Mapping API — the per-clause CRUD surface
• Hash Chain — the tamper-evident anchor for every clause attestation
• FRIA Wizard — the Article 27 attestation referenced by Annex A clause A.6.2.4
• Multi-Clock Incidents — the Annex A clause A.10.3 incident-management surface
• Plans & Features — the complianceMapping (Governance+) and iso42001Pdf (Enterprise+) feature gates