ISO 42001 Readiness Checklist
Free 10-point self-assessment for ISO 42001 AI Management System (AIMS) certification readiness. Covering organizational context, leadership, planning, support, operations, and improvement.
1. Organizational Context
AI system scope and boundaries defined
Have you documented the scope of your AI Management System, including which AI systems are in scope, their intended use cases, and the organizational boundaries?
Governance mapping: HUMMBL's governance bus captures the scope and intent of every AI system as structured metadata, preventing scope creep.
Interested parties identified and needs documented
Have you identified all interested parties (customers, regulators, employees, affected individuals) and documented their requirements and expectations for AI systems?
Governance mapping: The delegation token system encodes stakeholder concerns into capability scopes, ensuring every agent action respects documented interests.
2. Leadership & Commitment
Top management demonstrates commitment to AIMS
Is there documented evidence of top management commitment to the AI Management System, including resource allocation, policy establishment, and regular review?
Governance mapping: HUMMBL's cost governor provides concrete evidence of resource allocation for AI governance, with automatic halt at budget ceiling.
AI policy established and communicated
Have you established an AI policy that aligns with organizational objectives, includes commitments to fairness and transparency, and is communicated to all relevant personnel?
Governance mapping: The governance bus serves as an immutable record of policy communication and acknowledgment across the agent fleet.
3. Risk & Opportunity Planning
AI risks and opportunities assessed
Have you identified and assessed risks and opportunities related to AI systems, including technical, ethical, legal, and reputational dimensions?
Governance mapping: HUMMBL's kill switch provides graduated risk response (4 escalation modes) that can be configured to match organizational risk tolerance.
Risk treatment plans implemented
Have you developed and implemented risk treatment plans with clear objectives, responsible parties, timelines, and monitoring mechanisms?
Governance mapping: The circuit breaker automatically treats operational risks by isolating failing adapters and logging treatment actions to the governance bus.
4. Resources & Competence
Competence requirements defined and met
Have you defined competence requirements for personnel involved in AI system design, deployment, and monitoring? Are training and awareness programs in place?
Governance mapping: The identity registry ensures only approved, qualified agents (with documented capabilities) can perform governance actions.
Information and documentation controlled
Do you have documented procedures for controlling AI-related information, including version control, access control, and retention policies?
Governance mapping: The governance bus provides append-only, immutable documentation of all AI system decisions and their provenance.
5. Operational Planning & Control
AI system lifecycle processes defined
Have you defined and implemented processes for the AI system lifecycle, including design, development, validation, deployment, monitoring, and retirement?
Governance mapping: The circuit breaker integrates into every operational phase by wrapping external adapters and providing automatic failure isolation across the lifecycle.
6. Performance Evaluation & Improvement
Internal audit program established
Do you have a planned and documented internal audit program for the AI Management System, with defined scope, frequency, and responsibilities?
Governance mapping: Governance bus logs enable longitudinal audit trails. Every control action, delegation, and escalation is recorded with full provenance for auditor review.
Need a detailed gap analysis?
Our interactive ISO 42001 Readiness Assessment provides 12 detailed questions with control-level remediation recommendations and a downloadable report.
Take the Interactive Assessment →