ISO 42001 AIMS Integration Readiness Assessment

📋 1. Current ISMS Maturity

Assess your organization's current Information Security Management System implementation status and maturity level.

ISO 27001 Certified - Fully certified with active certificate Implementation in Progress - Working towards certification Basic ISMS Established - Security policies exist but not formally certified No Formal ISMS - Starting from scratch

🤖 2. AI Systems Inventory

Identify the types of AI systems currently deployed or planned in your organization.

Machine Learning Models (classification, regression, clustering) Large Language Models (ChatGPT, Claude, custom LLMs) AI-powered Chatbots and Virtual Assistants Recommendation Engines Fraud Detection Systems Computer Vision / Image Recognition Predictive Analytics Natural Language Processing Systems

📑 3. Existing Security Policies

Which security and governance policies are currently documented and enforced in your organization?

Acceptable Use Policy Data Classification Policy Third-Party Risk Management Policy Change Management Policy Incident Response Policy Access Control Policy Data Privacy Policy (GDPR/CCPA compliant)

👥 4. AI Governance & Roles

Assess your current AI governance structure and assigned responsibilities.

AI Risk Committee or Subcommittee exists AI Product Owner role defined Model Risk Manager assigned Ethics Reviewer role established Data Scientists/ML Engineers part of security council Legal/Privacy stakeholders involved in AI decisions

⚠️ 5. Risk Assessment Capabilities

Evaluate your organization's ability to identify and assess AI-specific risks.

Risk register maintained and regularly updated AI-specific risks already identified (bias, model poisoning, etc.) Threat modeling performed for AI systems Impact assessments conducted for AI deployments Shadow AI use monitoring in place

💾 6. Asset & Model Lifecycle Management

How are AI models and training datasets tracked and managed?

AI models registered in asset inventory Training data lineage documented Model version control implemented Model ownership clearly defined Change management process covers AI model updates

🎓 7. Training & Awareness Programs

What training exists for AI risks and responsible AI use?

Regular security awareness training conducted AI-specific risk training provided Responsible AI use training Training on prompt safety and data leakage risks Bias and fairness awareness training

🔍 8. Audit & Compliance Readiness

Assess your internal audit capabilities and compliance documentation.

Regular internal audits performed AI-specific audit checklist exists Bias testing documented for models Control mapping matrix maintained (ISO 27001/42001) Comprehensive documentation for AI systems

🛡️ ISO 42001 AIMS Integration Readiness Assessment