ISO 42001 Free AI Governance Readiness Checklist

ISO 42001 AI governance readiness checklist (free)

Use this free ISO 42001 readiness checklist to assess how mature your AI Management System (AIMS) is across governance, risk, design, monitoring and supplier controls. Quickly see how ready your organisation is for ISO 42001 certification and where to focus next.

Objective

Gauge ISO 42001 AIMS maturity and identify high-value improvements in your AI governance.

Scoring

Yes / Partial / No. Progress and readiness update automatically.

Output

Download a branded PDF with domain breakdown and next-step guidance.

AIMS Governance

Scope, roles/committees, policy set, objectives.

0/0 answered

AIMS scope defined (AI use cases, systems, models, jurisdictions, boundaries)?

AI governance roles & committees defined (owners, reviewers, RACI)?

AI policy set approved (acceptable use, risk, data sourcing, transparency)?

AI objectives/KPIs set and reviewed (accuracy, safety, incidents, drift)?

Risk & Impact Assessment

Inventory, AIRA method, data ethics & provenance.

0/0 answered

Model/Use-case inventory maintained (purpose, risks, data, owners)?

AI risk methodology & impact assessment (AIRA) defined and applied?

Data ethics checks (bias, representativeness, provenance, consent) in place?

Design, Controls & Oversight

Guardrails, human-in-the-loop, evaluation/testing.

0/0 answered

Design controls (guardrails, filters, PII minimisation, security) are implemented?

Human oversight defined (review thresholds, escalation, override/kill-switch)?

Evaluation & testing process (fairness, robustness, red-teaming) documented?

Operations & Monitoring

Monitoring, incident handling, records & logs.

0/0 answered

Runtime monitoring (quality, drift, abuse, incidents) with logs & alerts?

Incident handling (AI issues, bias harms, misuse) and post-incident reviews?

Documentation & records (datasets, versions, configs, decisions) maintained?

Suppliers & Transparency

Third-party AI due diligence and user transparency.

0/0 answered

Third-party AI/vendor controls (due diligence, model cards, SLAs, restrictions)?

Transparency to users (purpose, limitations, human contact) and opt-outs?

Evidence & Improvement

Evidence management, audits and reviews.

0/0 answered

Evidence stored in M365 (SharePoint/Sentinel/Purview) with retention/versioning?

Internal audits/assurance performed; findings & CAPAs tracked to closure?

Management review of AIMS performance, risks, incidents and improvements?

ISO 42001 AI governance readiness checklist (free)

Objective

Scoring

Output

AIMS Governance

Risk & Impact Assessment

Design, Controls & Oversight

Operations & Monitoring

Suppliers & Transparency

Evidence & Improvement

Before you download