Govern AI across its lifecycle and prove you have real oversight
ISO/IEC 42001 is the internationally recognised standard for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS). It brings ISO-style discipline to AI: governance, risk management, lifecycle controls, supplier oversight, monitoring, change management, and evidence that decisions and risks are being managed. It applies to organisations that provide, develop, or use AI systems, and helps you demonstrate responsible, trustworthy AI practices to customers, regulators and stakeholders.
Lockdown helps you pressure-test the basics before as you scale AI: what data is shared, stored, and trained on; where AI is used across the organisation; what third-party contracts permit; and what controls and evidence you need to show oversight and compliance.
- Internationally recognised standard for strong AI commercial practices
- Builds controls and processes to identify and manage AI risks
- Designed to prevent confidential data being trained on by uncontrolled AI processes (via governance, data controls, supplier oversight and lifecycle management)
- Evidence-based processes to demonstrate oversight and compliance
- Format: ISO 42001 readiness + gap assessment, AIMS to build, evidence & lifecycle controls, internal audit preparation, & certification readiness (optional)
- Duration: typically 6-14 weeks to reach “audit-ready” (depends on AI usage, suppliers, and scope)
- Audience: leadership sponsor, compliance/risk, IT/security, data owners, product/ops teams using AI, procurement/legal (third parties)
- Ideal for: organisations rolling out AI (or buying AI tools) who need accountable governance for customers, regulators, or enterprise procurement
- What's included: scope definition, AI register, risk/impact approach, supplier/contract checks, data rules, controls & evidence plan, monitoring & change controls, internal audit readiness
ISO 42001
Common problems
“Teams are using AI tools, but we don’t know what data is being shared.”
Explore problem →
Recommended focus: AI usage mapping + data boundaries
You’ll get: clear data rules and practical guardrails that reduce risk
“We can’t clearly show how AI is monitored, changed, or rolled back.”
Explore problem →
Recommended focus: lifecycle controls + change management
You’ll get: monitoring, approvals, and evidence of changes
“We’re moving fast with AI but governance isn’t defined.”
Explore problem →
Recommended focus: clear accountability + decision governance
You’ll get: named owners, escalation routes, and evidence of oversight
“We need credible AI assurance, not a ‘responsible AI’ slide deck.”
Explore problem →
Recommended focus: AIMS + evidence pack
You’ll get: ISO 42001-aligned governance with proof
“Procurement is signing AI vendors but data terms are unclear.”
Explore problem →
Recommended focus: supplier oversight + contract evidence
You’ll get: clearer clauses, supplier checks, and an audit trail
“We have ISO 27001 and we want AI governance without starting over.”
Explore problem →
Recommended focus: integrate AIMS with existing ISMS
You’ll get: reuse what works, add AI-specific controls
What this service includes
- ISO 42001 scoping workshop (where AI is used, who owns it, what systems/data are in scope)
- AI register: AI tools/systems, purpose, owners, data types, suppliers, deployment status
- Governance model: accountability, decision rights, approvals, and review cadence
- AI risk & impact approach (risk management and impact assessment aligned to ISO 42001 expectations)
- Data controls: rules for sensitive/confidential data, retention, access, and “no-training” boundaries
- Third-party oversight: supplier checks and contract evidence around acceptable data usage and responsibilities
- Lifecycle controls: deployment gates, monitoring, incident handling, change management, and decommissioning approach
- Evidence pack design: what to collect, where it lives, and how to keep it consistent
- Internal audit readiness and continual improvement plan (so it stays usable through 2026 and beyond)
Ask for price
Tell us your number of staff, service of interest, your sector, and timeline. If you’d like a call back, leave your phone number in the optional message field and we’ll get back to you. We’ll recommend the best-fit option and send a clear quote.
