ESProfiler now supports ISO 42001 | ESProfiler Changelog

Every customer trust review now ends with a question about AI. Every supplier questionnaire has a new section for it. Every regulator is sharpening one. ISO/IEC 42001 is the first answer that comes with a certificate. As of today, ESProfiler customers can map their entire security and AI stack against the world's first AI Management System standard — in minutes.

What is ISO/IEC 42001?

Published in December 2023, ISO/IEC 42001 is the world's first international standard for an Artificial Intelligence Management System (AIMS). If ISO 27001 is how you prove you manage information security, ISO 42001 is how you prove you govern AI — same management-system DNA, same Plan-Do-Check-Act spine, same path to a certificate auditors and procurement teams already know how to read.

The standard's substance sits across four annexes:

Annex A — 42 control objectives across 9 topics (A.2–A.10), covering policies, internal organisation, resources, AI lifecycle, data, third parties, and impact assessment
Annex B — implementation guidance for each Annex A control, including data management practices
Annex C — AI-specific organisational objectives and risk sources: bias, transparency, robustness, accountability, privacy
Annex D — guidance for using the standard across sectors and domains

The Annex A controls map cleanly to the AI lifecycle — Inception, Design & Development, Verification & Validation, Deployment, and Operation & Monitoring — so the framework follows your AI systems from idea to retirement, rather than treating "AI risk" as a single moment.

Why it matters for you

ISO 42001 turns AI governance from a slide into a system. In practice that means:

A certifiable, internationally recognised proof of AI governance that customers, partners, and regulators understand
A management-system structure your existing ISO 27001 programme already knows how to operate
Lifecycle-aware controls, so the framework keeps applying as your AI use cases evolve

It's also already showing up where ISO 27001 does — in procurement, insurance, and M&A diligence — and that pressure is only going to get louder.

Map your stack in minutes — and see exactly where you stand

Mapping a security and AI stack to a new framework by hand is usually a multi-week spreadsheet exercise. In ESProfiler, it isn't.

ISO/IEC 42001 is now live alongside MITRE ATT&CK, MITRE F3, NIST CSF, the NIST AI RMF, ISO/IEC 27001, the Insider Threat Matrix, and every other framework in the platform. Point ESProfiler at your existing tools and you'll see:

Coverage in minutes, not weeks — your stack mapped automatically across all 42 Annex A controls and the AI lifecycle stages
Gaps at a glance — the AI governance controls no tool in your environment addresses, surfaced and prioritised
Overlaps you're paying for twice — controls duplicated across vendors, ranked by spend

If you already run an ISO 27001 programme, ESProfiler shows you exactly where 42001 reuses your existing controls — and where it asks something new.

Get started

If you're an existing customer, ISO/IEC 42001 is already live in your tenant — open the Frameworks view to start mapping.

If you're not, book a demo and we'll show you your AI governance coverage gaps in the time it usually takes to schedule the kickoff meeting.