Skip to main content

How We Work

A structured approach to EU AI Act readiness and ISO/IEC 42001 AIMS — from inventory and discovery through operationalisation, assurance, and continuous improvement.

1

Discovery & Scope

  • Identify AI systems, use cases, and intended purpose
  • Clarify your role (provider/deployer) and markets
  • Confirm whether AI Act readiness, ISO/IEC 42001 AIMS prep, or both
  • Map scope and desired outcomes
→ Scope + AI system inventory + readiness objectives
2

Current-State Review

  • Assess governance, risk processes, documentation, and oversight mechanisms
  • Map current practices to ISO/IEC 42001 expectations
  • Screen for high-risk AI systems and initial risk-tier classification
  • Identify AI Act documentation/evidence gaps for procurement and regulator expectations
→ Gap assessment + prioritised roadmap
3

Design the AIMS

  • Agree the governance model (roles, responsibilities, oversight)
  • Define AI risk method, risk criteria, registers, and reporting
  • Draft the required/proportionate policies and procedures
  • Design documentation and evidence structure (technical docs, transparency, human oversight patterns)
  • Establish supplier/third-party model governance and GPAI usage controls (where relevant)
→ Policy set + risk criteria + governance model + documentation plan
4

Implement & Operationalise

  • Embed the processes (not just documents)
  • Establish evidence capture: meetings, reviews, approvals, risk treatment, monitoring
  • Design change control for AI systems and model updates
  • Establish incident workflow and monitoring for audit readiness
  • Train the people who will run it
→ Operating procedures + evidence templates + training + change control process
5

Assurance & Readiness

  • Internal audit support or readiness checks
  • AI Act readiness review of evidence and documentation (practical, non-legal)
  • Close gaps and strengthen evidence
  • Support for customer/procurement questionnaires and assurance requests
  • Prepare for external audit expectations (where relevant)
→ Audit findings + corrective action tracker + evidence pack
6

Sustain & Improve

  • Management review cycles
  • Ongoing AI inventory updates and governance for new use cases/vendors
  • Periodic evidence hygiene checks
  • Continual improvement actions
  • Ongoing advisory support (if required)
→ Management review pack + improvement log + inventory updates

AI Act readiness and ISO/IEC 42001 AIMS: AI Act readiness is fundamentally about operational governance, documentation, and evidence. Where certification is a goal, ISO/IEC 42001 provides a structured management system to sustain it.

We're not a law firm; we help operationalise governance, documentation, and evidence.

Timeline: A focused AIMS for a small number of AI systems can move quickly (6–12 weeks). Broader enterprise scope takes longer. We'll give you a realistic timeline based on your context.

Ready to start the conversation?

Let's discuss your AI governance needs and find the right approach for your organisation.

Get in Touch