//ISO/IEC 42001 — AI MANAGEMENT SYSTEM CERTIFICATION

Demonstrate Responsible AI Management Through International Standards

ISO/IEC 42001 is the world’s first certifiable international standard for Artificial Intelligence Management Systems, published in December 2023. As organisations increasingly deploy AI, ISO 42001 provides a structured framework for managing AI responsibly, ethically, and securely — using the same Plan-Do-Check-Act methodology as ISO 27001 and ISO 9001.

Periculo guides you through implementing your AI Management System (AIMS) and preparing for certification. We build the framework, the documentation, and the evidence your chosen accredited certification body needs to award you ISO 42001 certification.

WHY ISO/IEC 42001 CERTIFICATION MATTERS

WHAT ISO/IEC 42001 COVERS

ISO 42001 AND THE EU AI ACT

HOW IT WORKS

READY TO START YOUR ISO 42001 JOURNEY?

Why ISO/IEC 42001 Certification Matters

INDEPENDENT VERIFICATION OF AI GOVERNANCE

ISO 42001 certification provides third-party verification that your organisation manages AI systems responsibly. An accredited certification body independently audits your AIMS and awards certification — providing far more credible assurance to clients, partners, and regulators than self-attestation.

REGULATORY PREPARATION — INCLUDING THE EU AI ACT

AI regulation is accelerating globally. The EU AI Act became legally binding in August 2024, with requirements phasing in through 2027 for high-risk AI systems. ISO 42001 implementation supports many of the governance, risk management, documentation, and transparency requirements of the EU AI Act.
However, it is important to understand the relationship accurately: ISO 42001 is not yet formally harmonised under the EU AI Act, meaning certification does not automatically confer presumption of conformity under the Act. Think of ISO 42001 as building the governance foundation — the EU AI Act adds specific legal obligations on top. Organisations operating in the EU should implement ISO 42001 as a foundation and address EU AI Act-specific requirements in parallel.

WHAT ISO/IEC 42001 COVERS

ISO/IEC 42001

is the international standard for an Artificial Intelligence Management System (AIMS). It provides a roadmap for organisations to develop, provide, or use AI systems responsibly and effectively.

ISO 42001 AND THE EU AI ACT

EU AI Act

Sets the mandatory legal requirements, safety standards, and penalties for using AI in the European market

ISO 42001

Provides the global management system (AIMS) that companies use to actually meet those legal requirements.

HOW IT WORKS

1. Discovery Call

We start by understanding your device, your submission timeline, and where you currently stand on cybersecurity documentation. No forms, no discovery questionnaires — just a direct conversation with someone who knows the FDA guidance inside out.

2. Gap Assessment

We map your current position against FDA requirements and produce a clear, prioritised list of what needs to be done. You'll know exactly what's missing and what it will take to fix it.

3. Documentation & Remediation

We get to work. Depending on your needs, this means threat modelling, SBOM development, policy drafting, architecture review, or the full package. We work to your timeline, not ours.

4. Submission Support

We review your final submission documentation, flag any remaining risk, and make sure what goes to the FDA is as strong as it can be. If Q-Sub feedback comes back, we help you respond.

READY TO START YOUR ISO 42001 JOURNEY?

LEGISLATIVE AUTHORITY: SECTION 524B FD&C ACT

If your submission window is approaching, start the conversation now.

FAQ’s

What is the difference between DCC and Cyber Essentials?

Conducting a thorough hazard analysis is crucial for ensuring the safety and compliance of medical devices. Hazard analysis identifies potential risks and evaluates their impact on patient safety and device performance. At Periculo, we offer expert hazard analysis services to help you systematically identify, assess, and mitigate risks throughout the product lifecycle. Our approach includes detailed risk assessments, failure mode and effects analysis (FMEA), and the development of robust mitigation strategies. With Periculo’s support, you can ensure that your medical devices meet regulatory standards, enhance patient safety, and maintain high levels of performance and reliability.

Do I need Cyber Essentials Plus for Level 1?

What happens if I fail the assessment?

How long does a certification last?

Would an assessor be able to implement and audit my DCC certification?

What happens if I fail the assessment?

Does DCC apply to my subcontractors?

How does DCC differ from ISO 27001?

What is the cost of certification?

What is the “Scope” of the certification?

How long does the assessment take?