FRAMEWORK

ISO/IEC 42001

The international management-system standard for AI (ISO/IEC 42001:2023). The one AI framework you can be certified against by an accredited body — externally verified proof.

Book a demo See coverage

Coverage updated2 min ago

Coverage · ISO/IEC 42001

Framework coverage

90%

Coverage

38 Annex A controls

Obligations mapped

+4% wk

Files on record

Live · synced 2 min ago · 7-day trend

Recent activity

Annex IV v4Approved

FRIA v2Approved

Monitoring plan v1Draft

THE OBLIGATION

The AI standard you can actually be certified against.

Unlike a voluntary framework, ISO/IEC 42001:2023 is an auditable management-system standard: required clauses, Annex A controls, and a documented Statement of Applicability, certified through a two-stage external audit.

Certification is externally verified evidence a buyer or regulator can trust without taking your word for it — increasingly the proof enterprise procurement asks for first.

At a glance

Applies toAny organisation operating an AI management system

Your likely roleCertified AI management system owner

Key deadlineCertifiable — on your timeline (typically 2–4 months)

Penalty exposureNo penalty; certification is a procurement differentiator and audit shortcut

ARTEFACTS

The files this framework actually requires.

ISO 42001 names the clauses and the 38 Annex A controls. Hael generates the Statement of Applicability and the control evidence behind it.

Files · Evidence pack

PDFStatement of Applicabilityv3updated 2 min agoApproved

PDFAI Management System Policyv2updated 14 MayApproved

PDFAnnex A Control Evidencev2updated 11 MayApproved

PDFRisk & Impact Assessmentv2updated 04 MayApproved

PDFInternal Audit Recordv1updated 02 MayDraft

PDFSystem Inventory — Clause 6.1v2updated 28 AprApproved

GRC tools tell you these are missing. Hael generates them — from each system's real configuration.

THE DIFFERENCE

A checklist tells you what's missing. Hael puts it on record.

A checklist tracks which Annex A controls you're missing. Hael generates the Statement of Applicability and the evidence behind each one.

Typical GRC tool

Statement of Applicabilityupload required

AI Management System Policyupload required

Annex A Control Evidenceupload required

Risk & Impact Assessmentupload required

Internal Audit Recordupload required

System Inventory — Clause 6.1upload required

Tracks the gap. You still author every document.

Hael

Statement of Applicabilityv3Generated 2 min agoview

AI Management System Policyv2Generated · Approvedview

Annex A Control Evidencev2Generated · Approvedview

Risk & Impact Assessmentv2Generated · Approvedview

Internal Audit Recordv1Generated · Draftview

System Inventory — Clause 6.1v2Generated · Approvedview

Generated from each system's real configuration, versioned, and kept current as it changes.

HOW HAEL WORKS

Discover, classify, produce — for ISO/IEC 42001.

01DISCOVER

Find the systems in ISO/IEC 42001 scope, including embedded third-party AI.

Inventory · 14 systems

Credit scoring enginehigh

HR screening bothigh

Salesforce Einsteinlimited

02CLASSIFY

Assess each against ISO/IEC 42001's risk tiers and obligations.

Risk tier

Prohib.HighLimitedMin.

Role: ProviderArt. 9 · 11 · 14

03PRODUCE

Generate the ISO/IEC 42001 records, versioned and current.

Generated files

Annex IV v4Approved

FRIA v2Approved

Monitoring v1Draft

COVERAGE

Every obligation, mapped to the control that satisfies it.

Rows are the framework's clauses.

Columns are the controls and files that satisfy them.

Cells update as the underlying configuration changes.

Explore the platform

Coverage Map

Obligation → Control

5 obligations · 5 controls

90%

covered

SoA

Policy

Control Evidence

RIA

Audit

Clause 6 Planning

✓

—

Clause 8 Operation

✓

—

A.6 AI lifecycle

✓

—

A.7 Data

✓

•

✓

—

A.9 Use & oversight

✓

—

•

—

•

Clause 6 Planning

SoA

v3 · sealed

Approvedopen file →

MAPPING

Clause by clause.

Obligation
What it requires
Hael control / file
Status

Clause 6.1AI risk and system inventorySystem InventoryApproved

Clause 8Operational controlsAnnex A Control EvidenceApproved

A.6AI system lifecycleAI Management System PolicyApproved

A.7Data for AI systemsData Governance RecordIn progress

A.9Responsible use and oversightOversight Control RecordDraft

REUSE

Author once. Satisfy many.

The Statement of Applicability and control evidence you build for ISO 42001 map directly onto the EU AI Act's risk-management duties and the NIST functions — and feed your buyer-facing Trust Center.

→ shared evidenceEU AI ActNIST AI RMFSOC 2

Trust & Security

SOC 2 Type IIISO/IEC 27001EU & US data residencySSO / SCIMEncryption in transit & at restAudit logging

On record before the audit, not assembled the week before it.

Hael generates the Statement of Applicability and Annex A control evidence — ready for the two-stage certification audit.

Book a demo Explore the platform