Govern your AI to the world's first certifiable AI management system standard. PICMS ships all 38 ISO 42001 Annex A controls with an AI-narrated Statement of Applicability, automatic evidence-to-clause mapping and gap analysis — and runs ISO 42001 alongside ISO 9001 and 27001 as one integrated system.
ISO/IEC 42001:2023 does for artificial intelligence what ISO 27001 did for information security — a structured, auditable management system for governing the risks of AI.
ISO/IEC 42001:2023 is the Artificial Intelligence Management System (AIMS) standard — the first management-system standard an organisation can be certified against for how it develops, provides or uses AI. Like every modern ISO management-system standard, it is built on the Annex SL high-level structure: clauses 4 to 10 cover context of the organisation, leadership, planning, support, operation, performance evaluation and improvement. If you already run ISO 9001 or ISO 27001, that backbone will be familiar.
What makes ISO 42001 specific to AI is Annex A — a reference set of 38 controls grouped around responsible-AI governance: an AI policy and roles, AI impact assessment, the AI system life cycle, data management and quality, transparency and information for users, and human oversight of automated decisions. As with ISO 27001, you produce a Statement of Applicability declaring which of the 38 controls apply to your organisation and how each one is implemented.
Context, leadership, planning, support, operation, performance evaluation, improvement — shared with ISO 9001 and 27001.
ANNEX AAI policy, impact assessment, life-cycle controls, data management, transparency and human oversight.
SoADeclares which of the 38 controls apply and how each is implemented — the spine of an ISO 42001 audit.
AI has moved from experiment to embedded — in customer service, in product features, in the back office. The moment a small business puts AI in front of customers or uses it to make decisions, the questions follow: How is that AI governed? What happens when it gets something wrong? Who is accountable? What data trained it, and is it accurate and fair? Those questions now arrive in procurement questionnaires, supplier-assurance reviews and insurer due-diligence, not just from regulators.
ISO 42001 gives a UK SME a recognised, defensible answer. Working to the standard means you have:
It also sits naturally beside the standards you may already hold. ISO 42001 dovetails with ISO 27001 information security and with UK GDPR obligations — the same governance discipline, extended to the specific risks of AI.
PICMS turns the hardest part of ISO 42001 — documenting 38 controls from scratch — into a review exercise, then keeps the evidence behind them live.
Every ISO 42001 Annex A control is pre-loaded. Set applicability and status, and PICMS drafts a narrated justification for each — you review and edit rather than starting from a blank page. Download the finished Statement of Applicability as an auditor-ready document.
Upload an AI policy, impact assessment or model card and PICMS identifies it and links it automatically to the right ISO 42001 control and clause — the SoA points straight through to the records behind it.
See exactly which of the 38 controls you have evidence for, which are partial, and which still need work — before the certification body does. Create corrective actions directly from any gap.
Because ISO 42001 shares Annex SL clauses 4–10 with ISO 9001 and 27001, PICMS runs them together — one context analysis, one risk process, one internal audit, one management review for everything in scope.
PICMS records AI resource usage — input and output tokens, bias-check status and result — giving you a running evidence trail for the AI-governance controls that ask you to monitor your own systems.
Per-control readiness scoring and a mandatory-document checklist so you know your audit risk for ISO 42001 well before the visit — empty controls score zero, not a false pass.
ISO/IEC 42001:2023 is the world's first certifiable management-system standard for artificial intelligence — the AI Management System (AIMS) standard. It follows the same Annex SL high-level structure as ISO 9001 and ISO 27001 (clauses 4 to 10) and adds Annex A, a reference set of 38 controls covering AI governance topics such as AI policy, roles and responsibilities, impact assessment, data management, transparency and human oversight. An organisation produces a Statement of Applicability declaring which of the 38 controls apply and how each is implemented.
As UK SMEs embed AI into products, customer service and operations, customers, insurers and procurement teams increasingly ask how that AI is governed. ISO 42001 gives a recognised framework for demonstrating responsible-AI governance: documented AI policy, AI impact and risk assessment, data-quality controls, transparency to users, and human oversight of automated decisions. For a small business, it is a credible answer to the question "how do you manage the risks of your AI?" — and it sits naturally alongside ISO 27001 information security and UK GDPR obligations.
PICMS ships all 38 ISO 42001 Annex A controls pre-loaded. For each control you set applicability and implementation status, and PICMS's AI drafts a narrated justification you can review and edit — turning a blank-page exercise into a review exercise. The completed Statement of Applicability is downloadable as an auditor-ready document. Evidence you upload is mapped automatically to the relevant control, so the SoA links straight through to the records behind it.
Yes. Because ISO 42001, ISO 9001 and ISO 27001 share the Annex SL clauses 4 to 10, PICMS runs them as one integrated management system rather than three separate ones — a single context analysis, one risk process, one internal audit programme and one management review covering every standard in scope. The Professional tier (£449/month) includes three standards; the Certification tier (£699/month) includes five. AI evidence mapping and gap analysis work across all of them at once.
No. ISO certification is issued only by accredited certification bodies following an independent audit. PICMS does not issue certificates and does not replace third-party audits or legal advice. What it does is help you demonstrate alignment with ISO 42001 and keep your AI-governance evidence audit-ready — so that when the certification audit happens, the Statement of Applicability, impact assessments and AI audit logs the auditor needs are already in one place, current and traceable.
What PICMS does is give you, your team and your auditor a single source of truth for ISO 42001 — so the certification visit verifies a system that is already in good order.
14 days free, full feature access, no credit card surprise. All 38 Annex A controls pre-loaded, AI-narrated, and integrated with the rest of your ISO management system.