Compliance Updates Webinar

What We Learned from the ISO 42001 Webinar

May 20, 2025

AI is reshaping how we operate, but as innovation accelerates, so does scrutiny. That’s why our recent webinar, “Securing and Demonstrating AI Compliance with ISO 42001”, was so timely.

Hosted by CyberGuard Advantage and CPSI, and led by experts Anastasiia Mueller and Nazim Chowdhury, the session outlined how organizations can align with the world’s first AI management system standard to build transparency, accountability, and regulatory readiness.

cyber-security-technology-online-data-protection-innovative-perception (1)

What Makes ISO 42001 So Important?

ISO 42001 delivers a globally accepted framework for implementing, maintaining, and continually improving an AI Management System (AIMS). It helps organizations:

  • Build AI responsibly
  • Ensure legal and ethical compliance
  • Align internal governance and risk mitigation
  • Prepare for audits and external scrutiny
  • Support innovation without compromising trust

Audience Q&A: Diving Deeper into the Most Relevant Questions

 

How many controls are in the ISO 42001 audit?

The standard has 38 controls and 10 control objectives. ISO/IEC 42001 requires organizations to implement these controls to address AI-related risks comprehensively. From risk assessment processes to the selection of appropriate treatment options and the implementation of necessary controls, the standard provides organizations with the necessary tools to proactively minimize risks and enhance AI system resilience.

Is the pre-assessment included as part of your fees?

Pre-assessment services are typically offered by certification bodies as an optional step to help organizations prepare for the formal certification audit. Whether this service is included in the certification fees depends on the specific terms and agreements with the certification body. It's advisable to discuss this directly with your chosen certification provider.

What are the feelings about each state or country developing its own laws (e.g., penalties, privacy, etc.)?

The development of individual laws by different states or countries can lead to a fragmented regulatory landscape, which may pose challenges for organizations operating internationally. ISO/IEC 42001 aims to provide a unified framework that promotes responsible AI practices across borders, potentially reducing the complexities associated with varying national regulations.

Currently, have there been any documented violations? If so, what penalties were imposed?

As of now, there are no publicly available records of documented violations or imposed penalties specifically related to AI.

Do we need ISO 27001 to get ISO 42001, or is 42001 a standalone standard?

ISO/IEC 42001 is a standalone standard specifically designed for managing AI systems. However, it is compatible with other management system standards, such as ISO/IEC 27001 (Information Security Management Systems), and can be integrated with them to enhance overall governance and risk management practices.


Why does ISO 42001 make the most sense for an AI framework?

ISO/IEC 42001 provides a structured approach to managing AI systems, focusing on ethical considerations, transparency, and continuous improvement. It addresses unique challenges associated with AI, such as bias, explainability, and accountability, making it a comprehensive framework for organizations developing or utilizing AI technologies.


How does it compare to other frameworks you’ve seen?

ISO/IEC 42001 distinguishes itself by offering an internationally recognized certification for AI management systems, unlike some other frameworks that may not provide formal certification. It emphasizes a holistic approach to AI governance, integrating aspects of risk management, ethical considerations, and compliance, which may not be as comprehensively addressed in other frameworks

Do you believe Data Governance has been slow in different regions?

Data governance has indeed progressed at varying paces across different regions. While some areas have established robust data governance frameworks, others are still developing their policies and regulations. The adoption of standards like ISO/IEC 42001 can help accelerate the implementation of effective data governance practices globally.


How is the observable or statistical adoption of companies adopting the framework and/or inquiring for certification?

ISO/IEC 42001 is a relatively new standard, and widespread adoption is still in the early stages. However, interest is growing among organizations, especially those heavily involved in AI development and deployment, as they seek to align with best practices and demonstrate their commitment to responsible AI use. Many organizations have developed use cases and policies that certification has helped to attest to their commitment to governance.

 

Is ISO 42001 referenced in ISO 27001, especially concerning risks?

ISO/IEC 42001 and ISO/IEC 27001 are complementary standards. While ISO/IEC 27001 focuses on information security management systems, ISO/IEC 42001 addresses AI-specific risks, including ethical considerations, transparency, and accountability. Organizations can integrate both standards to create a comprehensive approach to managing information security and AI governance.

 

Watch the Full Webinar

portada webinar

Ready for What’s Next?

Here’s how to take the first step:

  • Identify AI use cases and risk exposure
  • Update third-party vendor risk assessments to include AI questions
  • Build internal AI governance with C-suite support
  • Conduct a readiness assessment to benchmark your current state
  • Partner with experts to guide your ISO 42001 journey

We’re proud to help companies navigate this emerging frontier with confidence. 

Want to learn more? Connect with one of our experts by booking a Meeting Below: