We’re going for it.

StackAware is under contract with Schellman to pursue ISO/IEC 42001 certification!

After analyzing the standard in depth and figuring out how it would fit into the StackAware AI governance platform, it just made sense to go through the process ourselves.

We’re going to keep building in public

A lot of organizations are very risk-averse when it comes to talking about their own security and compliance posture. Especially with AI, though, being tight-lipped can actually end up burning you (like Zoom and others found out). So along the way, I’ll be documenting:

• Best practices

• The policies and procedures we use

• How to integrate ISO 42001 with existing AI governance frameworks

I’ve created a new tag on Substack, so you can see all of the articles in one place.

Policy-as-code will be the only effective way to achieve AI compliance

We are also integrating what we learn into StackAware’s policy-as-(no-)code software. There are already many regulations and standards applicable to AI, on top of ISO 42001, like:

• U.S. Health Insurance Portability and Accountability Act (HIPAA)

• (Proposed) Securities and Exchange Commission AI rules

• EU General Data Protection Regulation (GDPR)

• California Consumer Privacy Act (CCPA)

• NIST Cybersecurity Framework

• NIST AI RMF

• EU AI Act

Companies need a control center for staying on top of these complex and changing requirements.

And we are building it.

Need help preparing for your ISO 42001 certification?

We’ll be mostly heads down going through the audit while also still serving existing customers. But for the right companies who are interested in their own ISO 42001 certification, I’m going to open 3 slots for advisory engagements to help them prepare.

Interested?

Sign up here