A structured framework that gives your organisation clear governance, accountability, and risk control over AI systems you use.

You can start capturing these benefits immediately by building the framework and ensuring compliance with EU AI Act – ISO certification is a separate decision.

Arked guides you to readiness — step by step, based on where you stand.

Get Started Contact us About ISO 42001

Why Now? Why Arked?

ARKED’S SOLUTION

We build minimal viable governance: everything you need to be compliant, nothing you don’t. No gold-plated frameworks or theoretical overkill. Just practical governance — compliant and built for how you actually work.

Phase 1

Current State Gap Assessment

We map every AI system in use across your organisation, assess your current practices against all mandatory ISO 42001 clauses, and produce a prioritised gap report with a clear action plan.

Phase 2

AIMS
Implementation

Leverage our tested, scalable frameworks and build principles based on your company strategy.

We create AI Management System (AIMS) that turns fragmented chaos into clear roles, responsibilities, and common ways of working.

Phase 3 (optional)

Audit Readiness & Certification

We run an internal audit against ISO 42001 requirements, facilitate the management review, compile the full evidence package, and prepare your team for the external certification audit.

HOW TO GET STARTED

Four steps from first contact to a governance framework that is live and working.

01

Book a Discovery Call

A 30-minute conversation to understand your AI landscape, your timeline, and what you actually need from AI Management System and ISO 42001.
Free – No Commitment

02

Receive a Tailored Proposal

Within one week you get a fixed-scope proposal — engagement path, timeline, team effort, and a clear price. No open-ended consulting.
Within 1 week

03

Kick Off & Assess

We map your AI systems, run a structured gap analysis against ISO 42001, and hand you a prioritised action plan — all in the first three weeks.
Weeks 1-3

04

Build, review & Decide

We build your governance framework together. At the end you decide: keep the framework as-is, or proceed to certification — on your own schedule.
Weeks 4–12+

The Standard

ISO 42001 follows the same high-level structure as ISO 27001 and ISO 9001 — seven mandatory clauses plus an Annex A of controls. Here is what each part requires of your organisation.

4 Context of the Organisation

Define the scope of your AI Management System. Identify all AI use cases, internal and external stakeholders, and the business context in which AI operates.

5 Leadership

Top management must demonstrate commitment to the AIMS. This clause requires a formal AI policy, defined governance roles, and clear accountability at leadership level.

6 Planning

Identify risks and opportunities related to your AI systems. Set measurable AI objectives and plan how to achieve them — including managing changes to the system.

7 Support

Ensure the right resources, competencies, and awareness are in place. Covers staff training, internal communications, and maintaining documented information.

8 Operation

The core operational requirements: AI risk assessment, AI impact assessment (including societal impacts), and controls across the full AI system lifecycle — from design to decommission.

9 Performance Evaluation

Monitor and measure how well the AIMS is performing. Requires periodic internal audits and a formal management review to assess the system’s ongoing effectiveness.

10 Improvement

Address nonconformities with corrective actions and drive continual improvement of the AIMS — ensuring the system evolves as your AI landscape changes.

WHY NOW

Every AI system you deploy without governance is an unmanaged risk — to security, to compliance, to your reputation.

Enterprise procurement is requires governance. ISO 42001 is appearing in vendor due diligence questionnaires at large organisations.
It directly accelerates EU AI Act compliance. ISO 42001’s governance, risk assessment, and documentation controls map directly to EU AI Act obligations.
AI adoption is outpacing internal governance. Tools are being adopted across departments without shared accountability, risk review, or documentation.
First movers earn a durable advantage. Responsible AI governance is becoming a trust signal — to customers, partners, and regulators.

WHY ARKED

We are AI practitioners, not just standards auditors. That distinction matters when you’re trying to build governance that actually works.

Practical over theoretical

We focus on what the standard actually requires — not gold-plating. Our Minimum Viable Governance approach means no unnecessary overhead or bureaucracy.

Fast Delivery

Sized for organisations without a compliance department. Fast, focused, and built around your team’s real capacity — typically 3–5 hours per week.

AI expertise, not just standard expertise

We understand AI systems from the inside. Our risk assessments reflect how AI actually behaves — not how a clause checklist assumes it does.

Bounded scope, clear pricing

No open-ended retainers. The engagement has a defined scope, a clear end state, and a fixed timeline. You know exactly what you are buying.

CONTACT US

Book a meeting

Book a meeting with us, give us a call, or send us an email to learn more.

Arked Oy
Business ID: (3473667-3)

Viipurinkatu 12 L
00510 Helsinki

Samuli Pöntinen

MANAGING PARTNER

+358 40 9611 662

samuli.pontinen@arked.fi

ISO 42001 readiness

FROM SCATTERED AI PRACTICES TO
CERTIFIED AND TRUSTED governance

01

02

03

04

Book a meeting

Samuli Pöntinen

MANAGING PARTNER

ISO 42001 readiness

FROM SCATTERED AI PRACTICES TO CERTIFIED AND TRUSTED governance

01

02

03

04

CONTACT US

Book a meeting

Samuli Pöntinen

MANAGING PARTNER

FROM SCATTERED AI PRACTICES TO
CERTIFIED AND TRUSTED governance