AIMS Implementation Packages

Roll out a “living system” for AI across your portfolio — often integrated with ISO 27001 / ISO 9001.

If you already have a QMS or ISMS, we reuse that “governance plumbing” and snap AI-specific controls into it: AI policy + scope, AI inventory, risk & impact (AIRA), lifecycle controls, oversight, transparency, supplier/LLM governance, monitoring/evidence, internal audits, and management review inputs.

Book a 30-min Scoping Call See Implementation Tiers
Priced per scope. Typical ranges below help you qualify budget early (final fee depends on number of AI systems, risk level, and existing ISO systems).

What makes this different vs. “policy-only” governance

We don’t stop at documents. We build an audit-ready operating system: lifecycle controls + evidence-by-design (logs, evals, change control, incident lanes), integrated with your QMS/ISMS so it actually runs.

Get a scope estimate
ISO reuse (faster + cheaper)
We reuse CAPA, audits, training, supplier controls, risk registers, incidents.
Risk + controls per AI system
AIRA, intended purpose/boundaries, oversight, transparency, supplier/LLM lanes.
Evidence pack generation
Evidence lists + binder structure so audits aren’t a last-minute scramble.

Implementation tiers (choose your fastest path)

You can start light (Copilot governance), or embed AIMS into existing ISO systems for a full portfolio rollout. Certification support is optional.

AIMS-lite (Copilot governance)

For deployer-only, non-high-risk use (e.g., M365 Copilot). Fast governance baseline + evidence binder.

  • Acceptable-use + transparency standard
  • AI use inventory + DPIA quick-screen
  • Oversight SOP + training + evidence binder
Typical: €12k–€18k · ~6 weeks

AIMS-Plus (Copilot+ ops control)

Adds operational control: change-control playbook, dashboards, waivers workflow, and stronger oversight.

  • Pilot ring / change-control for features
  • Usage + DLP dashboards / queries
  • Waivers workflow with expiry tracking
Typical: €18k–€25k · 6–8 weeks

ISO 9001 → AIMS (embed into QMS)

Full AIMS design + pilot implementation, using your QMS lanes (CAPA, audits, training, mgmt review).

  • AI policy + scope + inventory + AIRA
  • Oversight, transparency, supplier/LLM addenda
  • Internal audit + CAPA (Audit-ready)
Typical: €35k–€60k (Core) · €70k–€110k (Audit-ready)

ISO 9001 + ISO 27001 → AIMS (QMS+ISMS)

Fastest path to a robust AIMS: reuse ISMS controls (risk register, logging, suppliers, incidents) and add AI layers.

  • Compressed phases using existing ISMS “plumbing”
  • Evidence logging + supplier/LLM governance lanes
  • Internal audit + readiness pack (Audit-ready)
Typical: €25k–€45k (Core) · €55k–€90k (Audit-ready)

What you get: Core vs. Audit-ready

Core makes governance run. Audit-ready adds internal audit, CAPA, and certification readiness artifacts.

Core (implementation)

  • AI Policy + AIMS scope (intended purpose & boundaries)
  • AI Use Inventory (provider vs deployer)
  • AIRA templates + 3–5 priority use-cases assessed
  • IFU per AI feature + human oversight SOP
  • Transparency & labeling standard
  • Supplier/LLM governance addendum
  • Monitoring & metrics + evidence list
  • Training + management review inputs

Audit-ready (adds)

  • Clause-by-clause ISO 42001 ↔ ISO 9001/27001 delta map
  • Internal AIMS audit + CAPA log
  • Readiness pack for external certification (optional)
  • Model/feature change control + evaluation harness outline
  • Evidence binder structure + populated artifacts

How the engagement runs (simple phases)

Practical, workshop-driven delivery. We keep momentum with clear milestones and an evidence-first approach.

Phase 0

Scope, roles, reuse map (QMS/ISMS), project charter.

Phase 1

Policy + inventory + IFU templates and ownership set.

Phase 2

AIRA + oversight + transparency + supplier/LLM controls.

Phase 3–4

Embed into QMS/ISMS + KPIs + internal audit (if chosen).

Optional add-ons (only if needed)

Keep the core package lean. Add these when the risk profile or legal context requires it.

DPIA / FRIA facilitation

Workshops + documentation support when triggered by risk or regulatory context.

Typical: €3k–€8k

Supplier / LLM contract remediation

Data-use clauses, change-notice language, and vendor governance addenda.

Typical: €3k–€6k

Tooling & dashboards

Policy portals, evidence dashboards, logging views, and automation for reporting.

Scope-based

Is this the right fit?

Typical clients: mid-sized EU/UK organizations with at least one important AI use case and a desire to operationalize governance (not just write policies).

Good fit if you…

  • Have AI in production (chatbot, scoring, recommendations, copilots)
  • Need a repeatable approach across multiple AI systems
  • Want audit-ready evidence and clear ownership
  • Already run ISO 9001 and/or ISO 27001 and want to extend it

We’ll clarify early if…

  • Your use case triggers high-risk obligations (additional steps may apply)
  • You have many business units / vendors (scope needs staging)
  • You want certification immediately (we’ll propose the fastest lane)

Want a clear scope and a confident fee range?

Book a short scoping call. We’ll confirm your best lane (lite / plus / ISO embed), the number of AI systems to include, and whether “Audit-ready” makes sense now or later.

Book the call