Does the inspection-layer architecture provide all the evidence ISO 42001 requires?

The inspection layer provides the operational evidence for the runtime controls (the per-decision records, the policy enforcement, the data classification, the responsible-use controls). The standard also requires evidence for the management-system processes (the leadership commitment, the planning, the competence, the internal audit, the management review), which the inspection layer does not produce. The full evidence base combines the inspection-layer audit records with the management-system documentation and the process records.

What is the cost of ISO 42001 certification for a mid-market organization?

The cost breaks down across the implementation (internal staff time plus optional consulting), the certification body fees (the stage 1 and stage 2 audit fees plus the surveillance audits in years one and two), and the recertification at year three. The implementation cost ranges from $50,000 to $200,000 for a mid-market organization depending on the prior management-system maturity and the use of consulting. The certification body fees typically run $20,000 to $50,000 per year. The total three-year cost runs roughly $150,000 to $400,000.

How does the certification body's stage 2 audit sample the AI inspection layer's records?

The auditor selects a sample of AI-decision events from the audit record series across the audit period. For each sampled event, the auditor reconstructs the policy that applied, the data flow that produced the inputs, the impact assessment classification, the responsible-use controls that fired, and the disclosure the interested parties received. The auditor verifies the records' cryptographic integrity and confirms the write-path independence. The sample size and the sampling methodology follow the certification body's procedure under ISO/IEC 17021. The audit record series supports the sampling because the records are queryab

ISO 42001 Implementation Guide: How to Stand Up an AI Management System That Passes Certification

Q: Can an organization with ISO 27001 certification transfer controls to ISO 42001?

The management-system structure transfers because both standards use the Annex SL Harmonized Structure. The information security controls under ISO 27001 Annex A overlap with the security-of-AI-systems controls under ISO 42001 Annex A. The competence, communication, and documented information processes transfer with modifications. The transfer reduces the implementation effort by roughly 30 to 40 percent for a typical mid-market organization. The companion article iso-42001-vs-iso-27001 walks through the control overlap in detail.

ISO/IEC 42001:2023 is the first international management-system standard for artificial intelligence. The standard published in December 2023 and applies the ISO management-system structure (the Annex SL Harmonized Structure used in ISO 9001, ISO 27001, and ISO 14001) to organizations that develop, provide, or use AI systems. Certification requires a documented AI management system (AIMS) covering scope, leadership, planning, support, operations, performance evaluation, and improvement, plus the Annex A controls relevant to the organization's AI context. The certification body audits the AIMS against the standard and issues the certificate against the documented scope.

I want to walk through the certification path step by step, the Annex A controls that have to be operational, the audit evidence the certification body expects, the implementation timeline a typical mid-market organization runs, and where the AI-specific controls intersect the inspection-layer architecture that produces the audit evidence.

What ISO 42001 actually requires

Clause 4 requires the organization to determine the context of the AI management system: the internal and external issues, the interested parties and their requirements, the scope of the AIMS, and the interactions between the AIMS processes. The scope statement identifies the AI systems the AIMS covers, the boundary of the management system, and the exclusions.

Clause 5 requires leadership commitment: top management has to demonstrate commitment to the AIMS, establish an AI policy, assign roles and responsibilities, and ensure the resources are available. The AI policy reflects the organization's commitment to responsible AI and the framework for setting AI objectives.

Clause 6 requires planning: actions to address risks and opportunities, AI objectives consistent with the policy, and the planning of changes to the AIMS. The AI risk assessment under Clause 6.1.2 is the load-bearing artifact. The standard expects the organization to identify AI-specific risks (bias, reliability under adversarial pressure, transparency, security, privacy) and to evaluate them against the organization's risk criteria.

Clause 7 requires support: resources, competence, awareness, communication, and documented information. The competence requirement covers the personnel involved in AI development and operation. The awareness requirement covers everyone whose work affects the AIMS.

Clause 8 requires operational planning and control: the organization has to plan, implement, and control the processes needed to meet the AI requirements. The operational controls implement the actions identified in the risk assessment under Clause 6 and the requirements identified in Clauses 4 and 5.

Clause 9 requires performance evaluation: monitoring, measurement, analysis, evaluation, internal audit, and management review. The performance evaluation cycle produces the input to the improvement cycle.

Clause 10 requires improvement: the organization has to determine and select opportunities for improvement and implement actions to achieve the intended outcomes.

The Annex A controls (the equivalent of ISO 27001's Annex A) cover AI-specific controls in areas like AI policies, internal organization, resources for AI systems, AI impact assessment, AI system lifecycle, AI system data, information for interested parties, and AI use.

The certification path step by step

The certification path runs in roughly four phases over six to nine months for a mid-market organization that has not previously implemented an ISO management system.

The first phase is the gap analysis. The organization assesses its current state against the standard's requirements and identifies the documented information, the operational controls, and the processes that have to be added or modified. The output is a gap report with a remediation plan.

The second phase is the implementation. The organization develops the AIMS documented information, implements the Annex A controls the risk assessment identified as applicable, runs the operational processes, and collects the records the certification body will audit. This phase typically runs three to five months.

The third phase is the internal audit and management review. The organization runs an internal audit against the standard, identifies nonconformities, implements corrective actions, and runs the management review against the performance data. This phase typically runs four to six weeks before the certification body's stage 1 audit.

The fourth phase is the certification body audit. The stage 1 audit reviews the documented information, the scope, and the AIMS readiness for certification. The stage 2 audit reviews the implementation effectiveness, samples the records, and tests the controls against the standard. The certification body issues the certificate after the stage 2 audit closes any nonconformities.

The recertification cycle runs every three years with surveillance audits at year one and year two.

The Annex A controls that the AI inspection layer maps to

The Annex A controls cover the AI-specific risk areas. Several controls map directly to the inspection-layer architecture for organizations that operate AI systems in production.

A.6.2.4 (AI system impact assessment) requires the organization to assess the potential impacts of AI systems on individuals, groups, and society. The assessment feeds into the risk treatment under Clause 6.1.2 and the operational controls under Clause 8. The audit record series the inspection layer commits produces the per-decision evidence the impact assessment can verify against.

A.7.2 (AI system data) requires the organization to consider the data used for AI systems, including data quality, data lifecycle, and data provenance. The inspection-layer prompt classification and the retrieval source identification produce the per-call data provenance the standard expects.

A.7.4 (AI system requirements) requires the organization to identify and document the requirements for the AI system, including the functional and the non-functional requirements. The inspection-layer policy bundle is the operational artifact that codifies the AI system requirements: per-route policies, per-role policies, per-tool authorization, response classification rules. The policy bundle versions on the audit record so the certification body can reconstruct the requirements that applied at the moment of each decision.

A.8.2 (responsible use of AI systems) requires the organization to establish controls for the responsible use of AI systems, including controls for the user's interaction with the system. The inspection layer enforces the per-caller authorization at the request boundary and produces the per-call evidence that the responsible-use controls fired.

A.8.4 (information for interested parties) requires the organization to provide appropriate information to interested parties about the AI systems. The audit record series supports the disclosure workflow for data subjects (GDPR Article 22), regulators (EU AI Act Article 12 and DORA Article 19), and customers (B2B SaaS security review).

The audit evidence the certification body expects

The certification body's stage 2 audit samples the records against the controls. The auditor selects a sample of AI-decision events from the audit record series and traces each event through the AIMS: the policy that applied, the data flow that produced the inputs, the impact assessment that classified the system, the responsible-use controls that fired, and the disclosure that the interested parties received.

The audit fails on three patterns most often. The first is the gap between the documented information and the operational reality: the AIMS documentation describes a control the implementation does not run, or the implementation runs a control the documentation does not describe. The second is the absence of records: the controls fire in production but the records do not capture the events the auditor wants to sample. The third is the lack of write-path independence: the records exist but the organization that produces the AI decisions also controls the records, which fails the independence test the auditor applies to evidence integrity.

The inspection-layer architecture addresses each pattern. The policy bundle is the documented requirement and the operational implementation in the same artifact, which removes the documentation-vs-operation gap. The audit record series captures every AI decision with the field set the auditor expects. The write path runs through the inspection layer's credential, which the application does not have access to, satisfying the independence requirement.

The timeline a typical mid-market organization runs

A mid-market organization (200 to 2,000 employees) with no prior ISO management system runs the implementation in roughly nine months. The schedule breaks down as: gap analysis (month one), AIMS documentation and operational controls (months two through five), internal audit and management review (month six), stage 1 audit (month seven), stage 2 audit and certification (months eight and nine).

An organization with an existing ISO 27001 certification can compress the timeline because the management-system structure transfers. The information security controls under ISO 27001 Annex A overlap with the security-of-AI-systems controls under ISO 42001 Annex A. The competence, communication, and documented information processes transfer with modifications. The compressed timeline runs roughly six months end-to-end.

An organization with an existing SOC 2 or HITRUST program transfers some of the operational controls but has to add the AIMS structure on top. The compressed timeline runs roughly seven to eight months.

DeepInspect

This is the gap DeepInspect closes for ISO 42001 implementations. DeepInspect sits inline between the calling application and any HTTP LLM endpoint and produces the operational artifacts the AIMS requires. The policy bundle codifies the AI system requirements (A.7.4) and the responsible-use controls (A.8.2) in a versioned, auditable form. The prompt-level classification produces the per-call data provenance (A.7.2). The per-decision audit record series produces the evidence the auditor samples for the AI system impact (A.6.2.4) and the information to interested parties (A.8.4).

The architecture satisfies the write-path independence the auditor expects for evidence integrity. The policy bundle versions on every record. The cryptographic integrity signature and the hash chain pointer support the auditor's evidence-integrity verification. The deployment integrates as a single HTTP hop with no application code change beyond the base URL.

If your organization is targeting ISO 42001 certification and the AI operational evidence is the gap, let's talk.

ISO 42001 is a voluntary international management-system standard that organizations adopt to demonstrate responsible AI governance. The EU AI Act is a binding EU regulation that applies to AI systems placed on the EU market or whose output is used in the EU. The standard is process-oriented (the AIMS structure, the controls, the management review cycle). The regulation is requirement-oriented (the risk classification, the deployer and provider obligations, the conformity assessment). The two can coexist: an organization with an ISO 42001 AIMS uses the management system to operationalize the EU AI Act compliance program, but the AIMS certification does not substitute for the AI Act conformity assessment.