ISO/IEC 42001
How Scrydon supports an AI Management System under ISO/IEC 42001 — the AI-specific counterpart to ISO 27001.
ISO/IEC 42001 is the international standard for AI management systems. It complements ISO 27001 by adding AI-specific lifecycle, risk, and governance requirements.
This page maps Scrydon's controls to ISO 42001's clauses.
Scope
ISO 42001 governs how an organisation manages its AI systems — risk, lifecycle, transparency, post-deployment monitoring. Like ISO 27001, the standard is organisational. Scrydon provides the platform-side artefacts that make conformance evidenceable.
Clause coverage
Clause 6 — Planning
| Requirement | Scrydon support |
|---|---|
| 6.1.2 AI risk assessment | Structured impact-and-risk assessment artefacts per workflow / agent. See AI governance. |
| 6.1.3 AI risk treatment | Rego policies, mask strategies, guardrails block. See DLP. |
| 6.1.4 AI system impact assessment | Per-system impact assessment template. See AI governance → Impact assessment. |
Clause 7 — Support
| Requirement | Scrydon support |
|---|---|
| 7.3 Awareness | Inline help, doc cross-references, hover-tooltips on every governance control. |
| 7.4 Communication | Audit log forwarder, change-management events. |
| 7.5 Documented information | This documentation site + machine-readable manifests for every component. |
Clause 8 — Operation
| Requirement | Scrydon support |
|---|---|
| 8.2 AI lifecycle | Workflow versioning, ontology branches, deployment events. See Branches & proposals. |
| 8.3 Data quality | Managed-table profiles, classification, evaluator block. See Schema inference. |
| 8.4 Bias / fairness | Bias-fairness evaluation hooks. See AI governance → Bias & fairness. |
| 8.5 Transparency | Per-instance provenance from the ontology layer. See Bindings. |
Clause 9 — Performance evaluation
| Requirement | Scrydon support |
|---|---|
| 9.1 Monitoring | Platform metrics + workflow run logs + audit log. |
| 9.2 Internal audit | Audit log queryable with structured filters. See Audit logging. |
| 9.3 Management review | Decisions log + quarterly review template. See AI governance. |
Clause 10 — Improvement
| Requirement | Scrydon support |
|---|---|
| 10.1 Continual improvement | Continuous-improvement record template. |
| 10.2 Nonconformity & corrective action | Findings + action-items template. |
AI-specific artefacts
ISO 42001 expects evidence specific to AI systems. The platform provides templates and emits some automatically:
| Artefact | What it captures |
|---|---|
| AI system inventory | Every deployed workflow + its capabilities, owner, classification |
| Impact assessment | The business impact, affected stakeholders, mitigations |
| Risk assessment | The AI-specific risks (hallucination, bias, data leakage) and treatments |
| Validation record | Pre-deployment validation outcomes (evaluator scores, test runs) |
| Post-deployment monitoring | Run logs, evaluator scores, anomaly detection signals |
| Decommissioning record | When and why a workflow was retired |
These templates live in the AI governance section and are auditable through the audit log.
Related
- AI governance — the AI-specific lifecycle artefacts.
- ISO 27001 — the information-security baseline.
- EU AI Act — overlaps significantly with 42001's risk and transparency controls.
- NIST AI RMF — alternative AI risk framework.