Contact us

ISO 42001 & SMIA support

The ISO 42001 standard provides a framework for AI management by ensuring governance, security, transparency, and ethics, while the AI Act establishes the European legal framework. Our service helps you align your organization with both standards for smooth, sustainable, and proactive compliance with regulatory requirements.

I have a project

Service Objectives

1.

Ensuring Regulatory and Normative Compliance

Guiding you in aligning your AI systems with the requirements of the AI Act and ISO 42001 certification.

2.

Optimizing AI Management

Develop and implement AI management practices that comply with international standards.

3.

Promote Transparency and Ethics

Ensure that your AI practices comply with ethical and transparency principles.

ISO 42001

3 objectives

Comply with current and future regulations (IA ACT)

Meet stakeholder requirements

Develop responsible solutions

Faced with the growing challenges associated with artificial intelligence, the ISO 42001 standard aims to help organizations develop or use AI systems responsibly, integrating quality, security, and risk management.

IA Act

The European AI Regulation (AI ACT) aims to regulate the development, marketing, and use of artificial intelligence systems with a focus on risks to health, safety, and fundamental rights. Penalties for non-compliance are 7% of turnover (up to a limit of €35 million). The AI ACT is based on a risk-based approach:

IA ACT vs ISO 42001

Criteria AI Act ISO 42001
Nature Mandatory legal regulation Voluntary standard for certification
Scope European jurisdiction International application
Requirements Focused on compliance and sanctions Focused on governance and continuous improvement
Auditability External regulatory audit Internal audit and external certification

Similarities

Ethical principles

Transparency, non-discrimination, security, and reliability of AI systems.

Risk management

Identification and mitigation of risks related to algorithmic bias, functional drift, and data security.

Documentation and traceability

Common requirement for transparency in the development and deployment of AI systems.

Steps in the ISO 42001 certification process

Initial framing & audit
We conduct an initial audit to identify opportunities, constraints, and risks and ensure effective deployment aligned with the organization's strategic objectives. It takes place in four phases:
  • model lifecycle,
  • documentation analysis,
  • data security, governance,
  • AI strategy
This audit results in a compliance assessment and allows us to establish a schedule that is more or less extensive depending on your level of ISO advancement. Translated with DeepL.com (free version)
AI risk analysis
We first define the scope (use cases, objectives, stakeholders), then identify technical, legal, ethical, and operational threats. We formalize scenarios and assess their probability and impact in order to prioritize responses. Finally, we define mitigation measures, assign responsibilities, and set up monitoring to ensure long-term risk control.
Design & implementation of the SMIA
An SMIA is the AI Management System that governs policies, processes, and controls for reliable, ethical, and compliant AI (ISO 42001).
  • Governance: formal policy, roles (AI Manager, committee), ethical & regulatory commitments.
  • Operational: documented model lifecycle, transparency/explainability, regular internal controls.
  • Security & performance: GDPR/27001 alignment (encryption, anonymization, etc.), monitoring indicators, periodic reviews.
Development of AI governance policy
Nous définissons une politique formelle de management de l’IA qui établit la vision, lWe define a formal AI management policy that sets out the vision, management commitments, and governance principles. It provides a framework for compliance with the GDPR, the AI Act, and the ISO 42001 standard, while specifying the roles, responsibilities, and objectives of the AI Management System (AMIS). This policy also incorporates ethical, security, model management, and data governance components, thus forming the basis for responsible, transparent, and sustainable management of artificial intelligence.es engagements de la direction et les principes de gouvernance. Elle encadre la conformité au RGPD, à l’AI Act et à la norme ISO 42001, tout en précisant les rôles, responsabilités et objectifs du SMIA. Cette politique intègre également des volets éthiques, de sécurité, de gestion des modèles et de gouvernance des données, constituant ainsi le socle d’un management responsable, transparent et durable de l’intelligence artificielle.
Certification
We take care of the entire ISO 42001 process, ensuring a smooth and hassle-free certification:
  • Pre-audit: organizing the audit, collecting and transferring documents.
  • D-day: managing discussions and providing support during interviews.
  • Post-audit: action plan, updating evidence, and following up on corrections.
Your involvement remains minimal, as our experts take care of everything.
Continuous improvement of the SMIA
Upon completion of certification, we leave you with a structured and sustainable SMIA capable of evolving with your organization and regulatory requirements. We establish a culture of continuous improvement based on regular monitoring, team training, policy updates, and technology watch. The goal: to guarantee the sustainability, performance, and long-term compliance of your AI management system.
Contact us

Why choose us?

Contact us

Specialized Expertise

Our team has in-depth expertise in AI management and regulatory compliance, ensuring effective integration of the required practices.

Personalized Approach

We tailor our support to the specific needs of your organization, taking into account your processes and environment.

Rigorous Management

Rigorous implementation of the standard’s requirements to ensure sustainable compliance.

Comprehensive Support

Assistance at every stage of the process, from initial audit to implementation and ongoing monitoring.

Our articles

Discover the latest news and trends in governance and compliance.

The Domino Effect of Cyber. Why EASA and Part IS require you to monitor your suppliers.

CaRE Program – Area 2: Funding for your medical-social institution

Protecting workstations and infrastructure: a vital issue for hospitals and healthcare organizations

All our articles

Our services

Analyse de risques EBIOS RM

Certification and compliance preparation

Awareness and training

Security policies and internal charters

ISO 42001 & SMIA support

Outsourced CISO​

Supplier evaluation

Organizational Audit

Technical Audit

Phishia CTI

BCP & DRP

Cyber crisis management exercise

Support for employees

Post-incident assistance and remediation

About us

Our blog

Contact us