Back to ISO 42001

What are the main requirements to get ISO 42001-certified? (clauses 4–10 + Annex A)

To become ISO 42001-certified, your organization must implement and operate an AIMS that satisfies the standard’s management system requirements and your selected Annex A control set—then pass audit by an accredited certification body.

Related: ISO 42001 controls guide · Checklist


Key takeaways

  • Clauses 4–10 define how you run AI governance (context, leadership, risk, operations, improvement).
  • Annex A provides AI-specific controls you tailor via risk and Statement of Applicability.
  • Certification is third-party—not self-attested.
  • Many teams map ISO 27001/SOC 2 evidence into the AIMS.

AIMS management clauses (4–10)

Clause theme What you demonstrate
Context AI use cases, stakeholders, legal drivers
Leadership Accountability, policy, roles
Planning AI risks, objectives, change planning
Support Resources, competence, awareness
Operation Lifecycle controls, suppliers, incidents
Performance Monitoring, internal audit, management review
Improvement Nonconformities, continual improvement

Annex A AI controls

Annex A catalogs controls for policies, data, models, monitoring, transparency, and third-party AI. You implement controls proportional to risk and document applicability.


Certification process

Typical path: gap assessment → implement AIMS → internal audit → Stage 1/2 certification audits → certificate + surveillance.

See timeline guide.


Disclaimer (legal note)

Certification body requirements may vary. Not legal or audit advice.

Need compliance without the complexity?

SecureSlate automates ISO 27001, SOC 2, GDPR, HIPAA, and more. Built for growing teams. See it in action.

No credit card required

Filed under:

Author: SecureSlate Team

4.9(409 reviews)

Keep reading

Jul 5, 2026 · ISO 42001

ISO 42001 framework guide: AI management system certification in 2026

Jun 29, 2026 · ISO 42001

ISO 42001 automated compliance testing: 7 risk domains and how to run them in SecureSlate

Jun 25, 2026 · ISO 42001

ISO 42001 Controls

View more posts
Jamie
Virtual Agent

Hi! I'm Jamie. Curious about your current compliance challenges and how automation might help your team?