ISO 42001 Readiness Checklist

Free 10-point self-assessment for ISO 42001 AI Management System (AIMS) certification readiness. Covering organizational context, leadership, planning, support, operations, and improvement.

Last updated June 14, 2026 · Interactive assessment →

Disclaimer: This checklist is for self-assessment and educational purposes. It does not constitute legal advice. ISO 42001 is a voluntary but certifiable standard. Consult a qualified auditor or compliance professional before pursuing certification.
Clause 4 — Context

1. Organizational Context

1

AI system scope and boundaries defined

Have you documented the scope of your AI Management System, including which AI systems are in scope, their intended use cases, and the organizational boundaries?

Governance mapping: HUMMBL's governance bus captures the scope and intent of every AI system as structured metadata, preventing scope creep.

2

Interested parties identified and needs documented

Have you identified all interested parties (customers, regulators, employees, affected individuals) and documented their requirements and expectations for AI systems?

Governance mapping: The delegation token system encodes stakeholder concerns into capability scopes, ensuring every agent action respects documented interests.

Clause 5 — Leadership

2. Leadership & Commitment

3

Top management demonstrates commitment to AIMS

Is there documented evidence of top management commitment to the AI Management System, including resource allocation, policy establishment, and regular review?

Governance mapping: HUMMBL's cost governor provides concrete evidence of resource allocation for AI governance, with automatic halt at budget ceiling.

4

AI policy established and communicated

Have you established an AI policy that aligns with organizational objectives, includes commitments to fairness and transparency, and is communicated to all relevant personnel?

Governance mapping: The governance bus serves as an immutable record of policy communication and acknowledgment across the agent fleet.

Clause 6 — Planning

3. Risk & Opportunity Planning

5

AI risks and opportunities assessed

Have you identified and assessed risks and opportunities related to AI systems, including technical, ethical, legal, and reputational dimensions?

Governance mapping: HUMMBL's kill switch provides graduated risk response (4 escalation modes) that can be configured to match organizational risk tolerance.

6

Risk treatment plans implemented

Have you developed and implemented risk treatment plans with clear objectives, responsible parties, timelines, and monitoring mechanisms?

Governance mapping: The circuit breaker automatically treats operational risks by isolating failing adapters and logging treatment actions to the governance bus.

Clause 7 — Support

4. Resources & Competence

7

Competence requirements defined and met

Have you defined competence requirements for personnel involved in AI system design, deployment, and monitoring? Are training and awareness programs in place?

Governance mapping: The identity registry ensures only approved, qualified agents (with documented capabilities) can perform governance actions.

8

Information and documentation controlled

Do you have documented procedures for controlling AI-related information, including version control, access control, and retention policies?

Governance mapping: The governance bus provides append-only, immutable documentation of all AI system decisions and their provenance.

Clause 8 — Operation

5. Operational Planning & Control

9

AI system lifecycle processes defined

Have you defined and implemented processes for the AI system lifecycle, including design, development, validation, deployment, monitoring, and retirement?

Governance mapping: The circuit breaker integrates into every operational phase by wrapping external adapters and providing automatic failure isolation across the lifecycle.

Clause 9 — Improvement

6. Performance Evaluation & Improvement

10

Internal audit program established

Do you have a planned and documented internal audit program for the AI Management System, with defined scope, frequency, and responsibilities?

Governance mapping: Governance bus logs enable longitudinal audit trails. Every control action, delegation, and escalation is recorded with full provenance for auditor review.

Need a detailed gap analysis?

Our interactive ISO 42001 Readiness Assessment provides 12 detailed questions with control-level remediation recommendations and a downloadable report.

Take the Interactive Assessment →