
ISO 42001
Implementing ISO 42001 without stalling delivery
How to build an AI Management System inside an active delivery cadence, without freezing your roadmap for six months.
Most ISO 42001 programs fail in the same way. A consultancy arrives with a controls library, runs a parallel workstream against the delivery organisation, and twelve months later hands over a binder that no engineer has read. The certificate appears on the wall. The way the company builds and ships AI has not changed at all. When the first serious incident hits, the binder is irrelevant, and the organisation is no better protected than it was before the program started.
It does not have to work that way. ISO 42001 is, at its core, a description of how a serious organisation should manage AI: an inventory of systems, a way of classifying risk, named owners, review cadences, change control, supplier oversight, and a feedback loop from incidents back into design. Almost every functioning engineering organisation already does most of these things for other classes of risk. The work of implementation is mostly mapping and tightening, not invention. The reason it so often becomes a parallel construction project is structural, not technical.
Why parallel programs fail
When a governance program is run as a separate workstream, three things happen, in order. First, the delivery teams treat it as a tax. They answer questionnaires, attend workshops, and otherwise route around it. Second, the governance team, starved of real signal, builds its artefacts from interviews and assumption rather than from the system as it actually runs. Third, the artefacts diverge from reality, and by the time of the audit the two pictures of the organisation no longer match.
The audit then becomes a translation exercise. The governance team explains to the auditor what the delivery team meant. The delivery team is surprised to learn what it apparently committed to. Findings are raised, remediation plans are written, and the cycle begins again. The cost is enormous, the protective value close to zero.
The frameworks that survive contact with an organisation share three traits. They were built inside the delivery cycle, not next to it. They map controls onto rituals teams already run. And they were authored by people who have shipped software before, and who therefore know which rituals will hold under load and which will not.
Start with two sprint reviews, not a kickoff
We do not begin an ISO 42001 engagement with a kickoff workshop. We begin by sitting inside two consecutive sprint reviews and one incident retrospective. We do not introduce a single control until we know how a ticket moves from intake to production, who looks at it, what they approve, and where the implicit decisions are made. Most organisations are already exercising six or seven of the controls the standard will eventually require. They simply do not have a name for them.
Only after that observation period do we begin to design the AI Management System, and we design it around the motion the organisation already has. The risk review becomes part of the architecture review that already happens before significant work begins. The model card becomes part of the launch checklist that the team already runs. The escalation path uses the same Slack channel and the same on-call rotation that handles every other class of production issue. Nothing new is invented unless something genuinely missing has been identified.
Map controls to existing rituals
Clause by clause, the standard asks for things that already have a home. Clause 6 risk assessment maps onto the architecture review. Clause 8 operational controls map onto the change management process. Clause 9 monitoring maps onto the observability stack that already alerts on production behaviour. Clause 10 improvement maps onto the post-incident review process that mature teams already run.
The mapping work is unglamorous and slow. It is also where the entire value of the program is generated. A control that lives inside a ritual the team owns will be exercised every week. A control that lives in a separate tool, owned by a separate team, will be exercised only when an auditor asks for evidence. The first protects the organisation. The second protects the certificate.
Write evidence as a by-product, not an artefact
Auditors do not need bespoke artefacts. They need to trace a decision from the point it was made to the controls that governed it. If your architecture review minutes are stored in the same place as every other engineering decision, and they reference the risk assessment, the model card, and the approval, the audit trail is already complete. No separate evidence pack is needed. The work of the program is to make sure these references actually exist, not to manufacture parallel documents.
This has a second effect. When evidence is a by-product of normal work, it stays current. When it is a separate artefact, it goes stale within a quarter. The first time a stale artefact is presented to an auditor, the entire program loses credibility, and rebuilding that credibility costs more than the original implementation.
Govern the suppliers, not just the systems
The most common gap we see, by a wide margin, is supplier oversight. Most organisations have a procurement process that captures security and data protection commitments at the point of purchase. Almost none have a process that re-examines those commitments when the supplier ships a new model version, changes its training data policy, or adjusts its retention rules. ISO 42001 is unambiguous on this point: supplier governance is continuous, not a moment-in-time check.
The fix is rarely a new tool. It is a quarterly review, owned by a named individual, that takes each material AI supplier and walks through a short checklist: what has changed in their model, their data handling, their incident history, and their own governance posture. The review takes ninety minutes per supplier. It is the single highest-leverage control most organisations are missing.
The result
Done this way, an ISO 42001 implementation looks unremarkable from the inside. The teams ship at roughly the same pace they did before. The architecture review has two extra items on its checklist. The change management process has a new tag. The supplier review is on the calendar. The risk register lives in the same tool as the engineering backlog, and the same people who own the engineering work own the risk entries.
The result is governance that an engineer can describe in a single sentence, and an auditor can trace in a single click. That is what the standard is actually asking for. The binder is optional.



