Skip to main content
AegisPlane
What is ISO 42001?

ISO 42001 evidence,

built on every request.

ISO 42001 is the first certifiable standard for AI management systems. AegisPlane connects its clauses to live controls on your traffic. You get the continuous, traceable records an audit asks for, without the manual bookkeeping.

No code changes. Live on your traffic in a day.

AIMSManagement system
CertifiableInternational standard
0Code changes
12frameworks & standards checked
11LLM providers, one gateway
Article-levelpolicy engine (OPA)
Every requestlogged as evidence

One control sits in front of every model your teams already call, checking each request against the standards your auditors recognize.

The framework

What is ISO 42001?

Most AI governance is a policy no one can prove. ISO/IEC 42001:2023 is the first certifiable management-system standard for AI. Like ISO 27001 for security, it defines how you run an AI management system (AIMS): risk assessment, operational controls, and performance evaluation.

  • Defines an AI management system (AIMS) with the Plan-Do-Check-Act cycle.
  • Requires documented AI risk assessment and treatment (Clause 6.1).
  • Mandates operational controls and documented information.
  • Certifiable by accredited third parties, signalling governance maturity.
What it requires

What ISO 42001 requires

An AI management system runs on documented, repeatable controls. AegisPlane supplies the operational half.

1

AI policy and objectives

Governance expressed as versioned config, compiled into a signed, auditable bundle.

2

Risk and impact assessment

Clause 6.1 requires documented assessment before deployment. Requests without it are flagged.

3

Operational controls

Clause 8 controls run inline on every request through the policy engine.

4

Performance evaluation

Clause 9 monitoring is backed by telemetry, drift, and burn-rate alerts, feeding continual improvement.

See it work

One request, checked in real time

Here is one interaction. AegisPlane classifies the request, checks it against the framework, blocks what it must, and logs the decision as evidence. It happens in milliseconds, on live traffic.

Business value

  • Improves organization-wide AI governance maturity.
  • Links governance to real operations.
  • Builds stakeholder and customer confidence.
In the AI Control Plane

How AegisPlane supports your ISO 42001 AIMS

AegisPlane links AIMS clauses to live controls in the AI Control Plane (AICP), so the management system is backed by real operational data instead of static documents.

01

Policy as config

AI policies and operational controls are expressed as versioned config-as-code and compiled into signed bundles, the documented information Clause 7.5 expects.

02

Controls at the gateway

Operational controls (Clause 8) are enforced inline by the OPA policy engine on every request, so the AIMS is exercised continuously.

03

Performance evaluation

OpenTelemetry metrics, drift detection, and burn-rate alerts feed the monitoring and measurement Clause 9 requires.

04

Continual improvement

Logged decisions and alerts surface where controls need tuning, supporting the improvement loop of Clause 10.

FAQ

Frequently asked questions

No. Certification is issued by accredited certification bodies. AegisPlane supplies the operational controls and continuous records that make an audit against the standard far easier to pass.

Config maps to Clause 7.5 documented information, gateway enforcement to Clause 8 operational controls, telemetry to Clause 9 evaluation, and logged findings to Clause 10 improvement.

No. ISO 42001 addresses AI-specific management concerns that ISO 27001 does not, and the two are designed to coexist. AegisPlane can enforce both.

No. Controls run at the gateway around your existing models; there is no retraining or application code change.

Versioned policy bundles, per-request enforcement logs, performance telemetry, and improvement findings, all exportable.

Why now

Continuous checks and evidence, not a stale annual assessment

AI due-diligence questionnaires increasingly ask for ISO 42001 alignment. Every selected framework is checked on live AI traffic and the decision is logged as evidence, so audit prep stops being a fire drill. No code changes.