.svg){kind=logo}
Six weeks into what was supposed to be a documentation sprint, a CISO's team had drafted the AI risk assessment policy, updated the vendor management framework, and written procedures for each of the 38 Annex A controls. Then the internal auditor ran a pre-certification readiness check and asked for the per-system impact assessments. There were none.
The team had built the documents that describe the system. They had not built the system that generates the documents. Those are not the same thing, and an ISO/IEC 42001 auditor will not confuse them.
ISO/IEC 42001:2023 implementation is an operational build, not a documentation project. The standard is written for auditors. It describes what conforming organizations must demonstrate. This post translates those requirements into what you actually have to build, clause by clause, and what a phased implementation looks like for a regulated enterprise — from gap assessment through external certification audit.
If you have not read the first post in this series on why a responsible AI policy is not the same as an AI governance program, the short version is this: a policy satisfies one clause's input requirements. The remaining clauses require an operating management system that generates auditable evidence. Building that system and taking it through to certification is the subject of this post.
InterSec built its own AIMS and was audited against ISO/IEC 42001:2023 before advising clients on the standard. What that process surfaced is the basis of everything that follows: which clauses take longer than expected, which Annex A controls require more iteration than scoped, and where the distance between intent and auditable evidence is largest in practice.
Building the documents without building the structure is not implementation. It is the appearance of implementation, which is precisely what an auditor is trained to distinguish from the real thing.
An AI Management System (AIMS) is an organizational structure, not a document library. It has defined roles who own specific processes, repeatable processes that run on a regular cycle, and evidence-producing controls that confirm the processes are working. Building documentation that describes those roles and processes without actually assigning them and running them produces an impressive binder and a failed audit.
An AIMS produces documents as a byproduct of operating. You cannot produce the byproduct without the operating system running.
Implementation requires three things in sequence. First, assign ownership. Define who is responsible for AI risk assessment, impact assessment, internal audit, and management review. Second, build the processes that generate evidence. Develop the risk assessment methodology, the impact assessment procedures, and the audit program. Third, execute those processes against every AI system in scope. The third step is where most organizations discover their scope is larger than expected.
Clause 6 is where the foundational infrastructure gets built first. It requires documented, repeatable AI risk assessment processes tied to specific AI systems. Not a general risk management section in a policy document. Not a one-time exercise conducted before the first audit. A process with defined inputs, evaluation criteria, documented outputs, and treatment decisions recorded for each system assessed.
Repeatable is the operative word. The process must run again when AI systems change materially, when new systems enter production, and when the risk context shifts. A 450-person insurance technology firm implementing ISO/IEC 42001 in Q3 2025 discovered in their scope exercise that Clause 6 required more infrastructure than they had scoped. They had assumed one risk assessment per year. The standard requires a trigger mechanism for reassessment, not just a calendar cadence. That distinction required an additional process layer.
The Clause 6 infrastructure that needs to exist is a risk register with per-system entries, a documented assessment methodology with defined criteria, an assigned risk owner per system, and a trigger mechanism for reassessment when systems or contexts change materially. None of that infrastructure lives in a policy document.
Clause 8 is where the most time-intensive work concentrates, because it scales with the number of AI systems in scope.
Clause 8.2 requires AI system impact assessments covering each system's purpose, its operational complexity, and the sensitivity of the data it processes across its full lifecycle. These are per-system artifacts. An organization with five AI systems in production needs five assessments, maintained and updated as those systems evolve.
Think of it as a structural inspection for each AI system you operate. A single building code does not substitute for inspecting each building. An AI policy does not substitute for assessing each system.
Building Clause 8 compliance means developing a reusable impact assessment template, assigning assessment responsibility per system, and establishing a process for keeping assessments current as systems change. The template is reusable. The assessment work scales with your AI portfolio. Organizations that underscope their AI system inventory before starting Clause 8 consistently find the work takes longer than planned once the full scope is visible.
Clause 9 cannot be fully implemented until Clauses 6 and 8 are operational. That sequencing matters for planning. You cannot audit a system that does not yet exist. This is the clause where organizations that try to run all phases simultaneously run into structural problems.
Clause 9.2 requires internal audits at planned intervals with a defined scope, established criteria, a documented methodology, and a process for tracking findings to closure. The audits verify that the AIMS conforms to the organization's own AI policies and procedures and to the ISO/IEC 42001 standard's requirements. An organization that has not built the Clause 6 and 8 processes has no conforming system to audit.
Clause 9.3 requires management review. It mandates a documented cadence of senior leadership reviews covering AIMS performance data, internal audit findings, and decisions made in response. This is an ongoing operational obligation, not a one-time deliverable. It creates the formal accountability loop between the AIMS and senior leadership that an auditor will confirm is operating.
Organizations that have worked seriously with NIST AI RMF will find ISO/IEC 42001 implementation faster. They will still need to build the evidence layer. NIST AI RMF (AI 100-1, 2023) is a voluntary reference framework organized around four functions: GOVERN, MAP, MEASURE, and MANAGE. It is not certifiable and does not require auditable evidence. ISO/IEC 42001 is a certifiable management system standard. Conformance requires specific auditable artifacts at the clause level. NIST AI RMF alignment is useful preparation for ISO/IEC 42001 implementation but does not substitute for building the evidence layer the standard requires.
For a regulated enterprise with 500 to 2,000 employees and a defined AI system portfolio, implementation typically moves through four phases.
Timelines depend on organizational complexity and the number of AI systems in scope. Organizations with NIST AI RMF foundations typically complete Phases 1 through 4 in four to six months. Organizations building governance infrastructure from scratch tend toward six to eight.
Phase 4 closes the internal loop. Certification requires an external one.
The certification body conducts a two-stage audit. Stage 1 is a documentation review. The auditor examines whether your documented AIMS meets the structural requirements of ISO/IEC 42001, checking whether the right documents exist, whether roles are assigned, and whether the management system on paper is complete. Stage 1 produces a readiness assessment and a list of any areas requiring clarification before Stage 2.
Stage 2 is the conformance audit. The auditor examines whether the AIMS you documented is actually operating. They will pull clause-level evidence: the risk register entries tied to specific AI systems, the per-system impact assessments, the internal audit findings from Clause 9.2, and the management review outputs from Clause 9.3. The question at every step is whether the evidence matches the documentation and whether the documentation reflects what is actually operating.
The most common Stage 2 finding in first-time ISO/IEC 42001 audits is not a documentation gap. It is an execution gap. The process was documented but the first cycle had not been run for all in-scope AI systems. The organization that completes Phase 3 against every system in scope before Stage 2 eliminates the most common finding before the auditor arrives.
Successful Stage 2 produces the ISO/IEC 42001:2023 certificate. The certificate is valid for three years, subject to annual surveillance audits that confirm the AIMS remains operational. This is not a one-time event. It is the entry point to an ongoing management discipline.
An organization that completes the full build and certification audit has a functioning AIMS with a third-party verified certificate. The risk assessments are per-system and current. The impact assessments are per-system and maintained. The internal audit cycle has run at least once and produced findings that were tracked to closure. The management review record exists and names the decisions made in response to audit findings.
When an auditor sits down, the answer to 'Can I see your AI system impact assessments?' is this: here are five of them, one per production system, each covering purpose, complexity, and data sensitivity, each maintained since the system was deployed. That is not a policy. That is a management system.
The phases that take longer than expected, the Clause 8 assessments that require more iteration, and the Stage 2 findings that appear in organizations that rush Phase 3 are patterns InterSec knows from its own certification process.
For most regulated enterprises, Clause 8 is the most time-intensive because it scales directly with the number of AI systems in production. Each system requires its own documented impact assessment covering purpose, complexity, and data sensitivity across the full lifecycle. Organizations that underscope their AI system inventory before starting Clause 8 consistently find the work takes longer than planned. Clause 6 is often the most infrastructure-intensive, requiring a repeatable risk assessment process with defined triggers, methodology, and ownership rather than a single annual exercise.
NIST AI RMF is a voluntary risk management framework. It is not certifiable and does not require auditable evidence artifacts. ISO/IEC 42001 is a certifiable management system standard that requires clause-level evidence an external auditor can examine. Organizations with NIST AI RMF foundations have done the right risk management thinking. What they typically lack is the evidence layer that makes that work verifiable to an auditor or enterprise buyer. ISO/IEC 42001 implementation builds that layer.
Stage 2 is a conformance audit. The auditor examines clause-level evidence that the AIMS is operating: risk register entries for each in-scope AI system, per-system impact assessments, internal audit findings and closure records from Clause 9.2, and management review documentation from Clause 9.3. Stage 2 typically runs one to three days depending on organizational size and AI portfolio scope. Findings from Stage 2 must be addressed before the certificate is issued.
For an organization with 500 to 2,000 employees and a defined AI portfolio of three to ten production systems, a phased implementation typically runs four to eight months from gap assessment through first successful internal audit cycle. Organizations with NIST AI RMF foundations tend toward the shorter end. Organizations building governance infrastructure from scratch tend toward the longer end. Add two to three months for the external Stage 1 and Stage 2 certification audit process after Phase 4 is complete.
Schedule an ISO 42001 readiness assessment with InterSec to see where your current build stands against Stage 1 and Stage 2 requirements.
Expert Cybersecurity Solutions for Federal, State and Commercial Organizations
