ISO 42001
Road to audit readiness
Audit criteria

Audit criteria

Road to audit readiness
Conducting a gap analysis Implementation of AI lifecycle controls Risk analysis and impact assessment AI incident response Audit criteria Getting through an internal audit
ISO/IEC 42001:2023, the standard for Artificial Intelligence Management Systems (AIMS), follows a certifiable structure similar to ISO 27001. Audit criteria focus on verifying conformity with the mandatory clauses and the effective implementation of applicable controls. The primary audit criteria include: Core Clauses (4–10): These are fully auditable and form the foundation of the AIMS. Annex A Controls: A reference list of AI-specific controls (for example, policies for responsible AI, data management, transparency, bias mitigation, and incident reporting). Organizations must:
  • Determine applicability based on AI risk treatment (Clause 6.1.3 requires comparing needed controls against Annex A to ensure none are omitted).
  • Produce a Statement of Applicability (SoA) documenting selected controls and justifications.
  • Demonstrate effective implementation through evidence (not all controls are mandatory if justified).
Internal Audits (required per Clause 9.2): Organizations must conduct regular internal audits against the above criteria. External Certification Audits (by accredited bodies, per ISO 17021):
  • Stage 1: Review AIMS design, documentation, scope, policies, and risk assessments.
  • Stage 2: Evaluate operational effectiveness, evidence of control implementation, interviews, and sampling of processes/records.
  • Surveillance audits (annual): Focus on changes, Clauses 8–10, and sampled Annex A controls.
  • Recertification: Every 3 years.
Getting through an internal audit

Download the SOC 2 prepkit for free.

We’ve consolidated all the basics. Check where you stand, and access ready-made templates to kickstart your SOC 2 journey.
soc 2 light shadow

The Sprinto advantage

The SOC 2 certification process can feel overwhelming. Sprinto simplifies this journey by automating up to 80% of the work, making it up to 5X faster and saving up to 60% of costs. Beyond just passing the audit, it maintains continuous compliance through real-time monitoring of security controls with 200+ integrations.  

With Sprinto doing the heavy lifting, you can focus on growing your business with the confidence that your security and compliance are always one step ahead.
Schedule Demo Start Now
hub-soc-2-dark

SOC Frameworks Overview

SOC 2 Basics

SOC 2 Compliance Process

SOC 2 Compliance Process

Sprinto: Your ally for all things compliance, risk, governance
Schedule Demo
support-team