ISO 42001
Gaining your ISO 42001 Certification
Gaining your ISO 42001 Certification

External audit stage 1: Review of AIMS documentation

Gaining certification
External audit stage 1: Review of AIMS documentation External audit stage 2: Certification audit for AI systems Addressing non-conformities Running a surveillance audit ISO 42001 recertification
This initial 1–2 day audit verifies that your foundational AIMS elements are in place and aligned with ISO 42001 clauses 4–10 and Annex A controls. Auditors review documents remotely or on-site to confirm readiness for full certification, flagging Areas of Concern (AOCs) that must be addressed before Stage 2.​ Key focus areas include:
  • AIMS scope, policy, and context documentation (clauses 4–5), with clear boundaries for AI systems, risks, and obligations.
  • Risk treatment plans, AI impact assessments, and Statement of Applicability (SoA) showing Annex A control selections and justifications.​
  • Core procedures for lifecycle management, monitoring, oversight, and incident response, along with supporting evidence such as model cards, risk registers, and sample logs, to demonstrate the existence of a structured approach.​
  • Governance setup: roles, training records, and internal audit results to demonstrate leadership commitment and competence.​
Expect a closing meeting with AOCs (potential nonconformities) and a report outlining fixes needed; unresolved issues can become majors in Stage 2.
External audit stage 2

Download the SOC 2 prepkit for free.

We’ve consolidated all the basics. Check where you stand, and access ready-made templates to kickstart your SOC 2 journey.
soc 2 light shadow

The Sprinto advantage

The SOC 2 certification process can feel overwhelming. Sprinto simplifies this journey by automating up to 80% of the work, making it up to 5X faster and saving up to 60% of costs. Beyond just passing the audit, it maintains continuous compliance through real-time monitoring of security controls with 200+ integrations.  

With Sprinto doing the heavy lifting, you can focus on growing your business with the confidence that your security and compliance are always one step ahead.
Schedule Demo Start Now
hub-soc-2-dark

SOC Frameworks Overview

SOC 2 Basics

SOC 2 Compliance Process

SOC 2 Compliance Process

Sprinto: Your ally for all things compliance, risk, governance
Schedule Demo
support-team