AIMS Blueprint & Mock Audit
A 6–8 week engagement to design your AI Management System (ISO/IEC 42001-aligned), define roles & lifecycle controls, and run a mock audit so you know exactly what to fix before external certifiers (or regulators) ask.
A practical AIMS foundation + a real readiness check
We build the essentials of an AI Management System and validate it with a mock audit, so your leadership and engineering teams can move with clarity.
Blueprint deliverables (core)
You leave with a structured set of documents, controls and an evidence plan that can be extended into full ISO/IEC 42001 implementation.
- Role model: owners, responsibilities, decision rights (who signs off what)
- Policy set: AI policy + key supporting procedures (fit to your maturity)
- Lifecycle controls: design → build → test → deploy → monitor → change/rollback
- Templates: registers & checklists you can reuse (systems, risks, changes, incidents)
- Evidence plan: what to capture, where it lives, and who produces it
What you get by week 8
Clear direction, less ambiguity, faster execution.
What’s included
Three pillars that turn “governance” into something teams can actually run.
ISO/IEC 42001-aligned foundation
Roles, policies, and process map — tailored to your actual AI use cases and maturity.
- AI management objectives & governance model
- Core policy + supporting procedures
- Lifecycle process map (build → run → change)
Mock audit & evidence planning
We pressure-test your readiness and define what proof you should be able to show.
- Mock audit interview pack & “expected questions”
- Evidence kit checklist (who/what/where)
- Prioritized remediation list
Operational controls (the “moat”)
Governance that connects to engineering reality: change control, testing, monitoring, rollback.
- Release/change controls for AI updates
- Basic evaluation expectations (what “good enough” means)
- Logging, incident handling, and rollback readiness
How it works (6–8 weeks)
A structured flow that keeps momentum and avoids “documentation theatre”.
Scope & kickoff (week 1)
- Select scope (systems, teams, locations)
- Confirm target: internal readiness / external certification timeline
- Agree on what “evidence” means in your environment
Build the AIMS blueprint (weeks 2–5)
- Role model + governance workflow
- Policy set + minimal procedures
- Lifecycle controls and templates
Mock audit (weeks 5–7)
- Interview + document review (auditor-style)
- Evidence gaps and “what’s missing” mapped to owners
- Prioritized remediation list
Close-out & next sprint plan (week 8)
- Blueprint package handover
- Evidence plan + “who delivers what” checklist
- Implementation roadmap for the next 8–12 weeks
Who this is for
Best fit if you:
- Operate in / sell into the EU or UK
- Have 1–5 meaningful AI systems in production or near-production
- Want a path to ISO/IEC 42001 certification (or strong internal audit readiness)
- Prefer practical controls that connect to engineering workflows
Pricing
Priced per scope (so you don’t pay for a one-size-fits-all package).
- # AI systems and whether they share data/pipelines
- Existing ISO 27001/9001 maturity (we can reuse a lot)
- Availability of existing documentation and system owners
- How deep you want the “Ops layer” in this phase
Tip: If you want a low-risk first step, start with a Readiness Snapshot for one system, then expand into the Blueprint.
Want to see if you’re ready for a mock audit?
In a free 30-minute call, we’ll confirm scope, likely effort, and whether Blueprint is the right next step (or if you should start with the Snapshot first).
Book a Free 30-min Call