5-10 days
ISO 42001 is certifiable today. Your buyers' vendors already are.
An independent advisory practice for regulated technology teams.
What models you build, buy or embed, what data reaches them, and which providers touch it. An AI management system needs a defined boundary before anything else is worth doing.
Clauses 4-10 and the Annex A controls, plus the AI system impact assessment at 6.1.4 and 8.4 - the duty to assess impact on third parties and society, which is what 42001 adds over ISO 27001.
Whether the AI Act reaches your product at all, and if so where. We are explicit that ISO 42001 is not AI Act conformity and cannot be one - it is a head start, not a substitute.
A gap register and roadmap, with the ISO 27001 overlap mapped where you already run an ISMS, so you build one management system rather than two.
This is for you if
Not for you if
Where our responsibility ends
ISO 42001 certification is not EU AI Act conformity and cannot be - a harmonised standard must be a European standard adopted on a Commission request, and ISO/IEC standards are not eligible. We scope AI Act applicability honestly; we do not sell 42001 as a substitute for it.
We tell you what will block ISO 27001 certification before the certification body does.
Learn more →5-15 daysReadiness finds the blockers. The Remediation Sprint helps remove them.
Learn more →3-7 daysWe organise your ISO 27001 evidence so your team can show the right proof, in the right order.
Learn more →Certification is issued by accredited certification bodies; DORA supervision is performed by regulators. Kellwick prepares you for these processes; it does not perform them and cannot guarantee their outcome.
Kellwick is an independent advisory practice. We are not a certification body and do not issue ISO certifications. Certification decisions are made only by accredited certification bodies.