Brochures
18 resources in this section
Accredited vs. Non-Accredited ISO 27001 Certification
ISO 27001 has been around for two decades. The standard is well understood. The market is mature. And yet, when a procurement team or a regulator evaluates a vendor's certificate,…
Accredited vs. Non-Accredited ISO 42001 Certification
Not every ISO 42001 certificate is equal. In fact, two certificates that look identical on the wall can have completely different meaning in front of a regulator, an enterprise procurement…
From ISO 27001 to ISO 42001: The Migration Path
If your organization holds ISO 27001 and operates AI, ISO 42001 is not a second project. It is an extension. The question is not whether to add it, but how…
How to Choose a Certification Body for ISO 42001
Choosing a certification body is often treated as a procurement exercise: collect three quotes, compare prices, pick one. That approach works for commodities. It fails for certification, because the value…
How to Implement ISO 42001: A 12-Month Roadmap
Ask ten consultants how long ISO 42001 implementation takes and you will get ten answers, ranging from three months to two years. Some of this is honest disagreement. Most of…
ISO 27001 Explained: What It Actually Protects
Ask a non-specialist what ISO 27001 certifies and you will hear one of three answers. That the company has strong security. That the company protects data. That the company is…
ISO 27001 Is Not Enough for AI Operations
Most organizations operating AI today already hold ISO 27001. The natural assumption is that certification covers their AI operations. It does not. And the gap is not a detail. It…
ISO 27001:2022 Annex A — What Changed and Why
When ISO/IEC 27001:2022 replaced the 2013 version, many organizations treated it as a maintenance update. A new year on the cover, some renumbered controls, a transition deadline that felt distant.…
ISO 42001 and the EU AI Act: How They Fit Together
The most common question EU-based AI companies ask right now is whether certifying under ISO 42001 will make them compliant with the EU AI Act. The short answer is no.…
ISO 42001 Explained: What It Actually Certifies
When an AI company says "we're getting ISO 42001 certified," the phrase usually carries a quiet misunderstanding. Most buyers, investors, and even some consultants assume ISO 42001 certifies the AI…
ISO 42001 for AI Providers vs. AI Deployers
Two very different types of organizations are pursuing ISO 42001 today, and they need almost completely different implementations. The standard is the same. The scope, the evidence, and the audit…
ISO 42001, 27001 and 27701: Building an Integrated Management System
Organizations that already hold ISO 27001, and sometimes ISO 27701, usually ask the same question when 42001 enters the conversation: do we have to build a second management system from…
The Complete Guide to EU AI Act Compliance
Everything you need to know about the EU AI Act: risk classification, compliance deadlines, global impact, and a step-by-step strategy to prepare your organization.
The ISO 42001 Audit: What Auditors Look For
Most preparation guides for ISO 42001 audits are written from the inside out: "here is what you need to prepare." This one is written from the outside in: "here is…
Third-Party AI Risk Under ISO 27001
The modern enterprise runs on third-party AI it does not always know it is running. Foundation models are called from SaaS platforms. AI features are embedded in CRM plugins, productivity…
Training Data as an Information Asset Under ISO 27001:2022
When ISO 27001:2022 added control A.8.11 ("data masking") and broadened the language around data classification, most implementers registered it as a small update. The bigger shift was quieter and more…
Understanding AI Bias: Detection and Mitigation Strategies
A comprehensive guide to identifying, measuring, and mitigating algorithmic bias in AI systems, with practical frameworks for building fairer, more trustworthy artificial intelligence.
What Is an AI Management System (AIMS)?
The term "AI Management System" sounds like software. A platform, a dashboard, a tool you buy and deploy. That is one of the most common misreadings of ISO 42001, and…
Need to apply this to your organization?
Talk to us. 30 minutes, no commercial pressure.
