ISO 42001 Readiness Checklist

Scope, roles/committees, policy set, objectives.

0/0 answered

AIMS scope defined (AI use cases, systems, models, jurisdictions, boundaries)?

AI governance roles & committees defined (owners, reviewers, RACI)?

AI policy set approved (acceptable use, risk, data sourcing, transparency)?

AI objectives/KPIs set and reviewed (accuracy, safety, incidents, drift)?

Inventory, AIRA method, data ethics & provenance.

0/0 answered

Model/Use-case inventory maintained (purpose, risks, data, owners)?

AI risk methodology & impact assessment (AIRA) defined and applied?

Data ethics checks (bias, representativeness, provenance, consent) in place?

Guardrails, human-in-the-loop, evaluation/testing.

0/0 answered

Design controls (guardrails, filters, PII minimisation, security) are implemented?

Human oversight defined (review thresholds, escalation, override/kill-switch)?

Evaluation & testing process (fairness, robustness, red-teaming) documented?

Monitoring, incident handling, records & logs.

0/0 answered

Runtime monitoring (quality, drift, abuse, incidents) with logs & alerts?

Incident handling (AI issues, bias harms, misuse) and post-incident reviews?

Documentation & records (datasets, versions, configs, decisions) maintained?

Third-party AI due diligence and user transparency.

0/0 answered

Third-party AI/vendor controls (due diligence, model cards, SLAs, restrictions)?

Transparency to users (purpose, limitations, human contact) and opt-outs?

Evidence management, audits and reviews.

0/0 answered

Evidence stored in M365 (SharePoint/Sentinel/Purview) with retention/versioning?

Internal audits/assurance performed; findings & CAPAs tracked to closure?

Management review of AIMS performance, risks, incidents and improvements?

Welcome to Country