ISO 42001 · NIST AI RMF · ISO 27001
Four AI standards, side by side, in plain English
The standards reader you can hand to your audit committee without further translation.
How the reader reads
You can compare ISO 42001, NIST AI RMF, ISO 27001 and the EU AI Act on the same page across the same controls. The mapping is open-source and updated quarterly.
Where two standards say the same thing in different language, the ledger says so and lists the control once. Audit clients save approximately 40 per cent of their first-year ISO 42001 implementation cost when an existing ISO 27001 baseline is mapped first.
We will not sell you a certification. We will sell you the controls a certification body will accept.
Cross-standard mapping
| Control | NIST AI RMF | ISO/IEC 27001 | ||
|---|---|---|---|---|
| Risk management | Clause 6 | MAP / MEASURE | A.6.1 | Article 9 |
| Documentation | Clause 7.5 | GOVERN | A.5 | Annex IV |
| Human oversight | Clause 9.3 | MANAGE | A.5.36 | Article 14 |
| Data governance | Clause 8.2 | MAP-2.3 | A.5.34 | Article 10 |
| Post-market monitoring | Clause 10 | MEASURE | A.8.16 | Article 17 |
“Most of the work is already done in your existing 27001 file.”