Scope, context and accountability
Define AIMS boundaries, interested parties, roles, delegations and decision authorities before controls are assessed.
A connected implementation and assurance system for organisations that develop, provide, procure or use artificial intelligence. Move from AI inventory and impact assessment to evidence, internal audit and management review without building a second tracking system.
A document can exist while a control fails in practice. The toolkit is designed around traceable decisions: who owns the work, which AI system is affected, what risk or impact is being managed, which evidence exists, how it was tested and who accepted the result.
Define AIMS boundaries, interested parties, roles, delegations and decision authorities before controls are assessed.
Connect every in-scope system to purpose, owner, provider, lifecycle state, users, affected parties and dependencies.
Separate risk scenarios from beneficial and adverse impacts, then preserve assumptions, safeguards and acceptance authority.
Control provenance, rights, fitness, validation, release, monitoring, reassessment, rollback and retirement evidence.
Define where people can intervene and what each audience must know before acting or being affected.
Plan independent tests, manage findings and CAPA, and turn monitoring and management review into controlled decisions.
Each file uses the same controlled identifiers so the management system, operating records and audit conclusions can be followed without manual reconciliation.
A controlled operating model for scope, accountability, decision rights, planning, lifecycle governance, assurance and improvement.
Eighteen controlled documents with purpose, scope, roles, workflow, decision criteria, records, metrics, exceptions and approvals.
The system of record for AI inventory, obligations, risk, impact, applicability, lifecycle, evidence, audit, CAPA and review.
Audit tests, evidence requests, role-based interviews, finding method, management-review inputs and release controls.
Stable identifiers connect requirements, systems, risk, impacts, evidence, audit tests, findings, corrective actions and governance decisions across the complete toolkit.
Identify the source, scope and applicable decision.
Name the process, control, owner and operating condition.
Link current, approved and retrievable records.
Record population, sample, method, result and limitation.
Preserve the issue, exposure, action and escalation.
Assign authority, conditions, due date and effectiveness review.
Start with one representative AI system, test the complete operating loop, resolve usability findings, then scale the method across the approved AIMS portfolio.
Confirm the organisation profile, interested parties, AIMS boundary, accountable roles, decision rights, independence and delegations.
Give each system a stable identifier and record purpose, lifecycle, dependencies, users and affected parties.
Connect legal and contractual inputs to risk scenarios, impact evidence, safeguards and acceptance criteria.
Decide what applies, why it applies, who owns it, what evidence is expected and how effectiveness will be tested.
Run lifecycle, data, supplier, oversight, transparency, incident, competence and monitoring processes; register controlled documents and evidence.
Test real operation, manage findings and CAPA, and preserve management decisions, conditions, exceptions, expiry and effectiveness review.
These are build and file-quality results, not a certification or a conformity decision. Practitioner validation of interpretation and usability remains a release condition.
ISO/IEC 42001:2023, ISO/IEC 23894:2023 and ISO/IEC 22989:2022 were used only to validate structure, identifiers, risk-process coverage, role families, terminology governance and lifecycle architecture. Protected definitions, requirement text, control text, tables and examples are not reproduced.
The same records support governance, risk, engineering, data, security, procurement, legal review, internal audit and management review while preserving ownership and decision boundaries.
Discuss your AIMS use caseClear boundaries matter. The toolkit supports implementation and assurance; it does not replace the standard, professional judgement or evidence that controls operate.
The release candidate includes an AIMS Governance Manual, an 18-document policy and procedure library, a 29-sheet control and assurance workbook, and an audit and implementation toolkit. It also includes controlled deployment guidance, release notes, a single-organisation licence, file manifest and SHA-256 checksum.
The product files and technical quality checks are complete, but checkout remains disabled until the standards-practitioner, legal and commercial release gates are approved. Organisations can request a controlled release review or launch notification.
No. The toolkit is an independent implementation and assurance aid. It does not include, reproduce or replace the official standard. Users need lawful access to the applicable ISO publication and qualified review for final interpretation and mapping.
A basic checklist records answers. This toolkit connects each requirement or control decision to an owner, AI system, risk or impact, obligation, evidence, test, exception, review date and effectiveness decision. It is designed to operate the management system, not only assess document presence.
The workbook contains 38 preloaded control identifiers and original implementation and assurance themes, together with 32 management-system requirement checkpoints. Applicability, interpretation and final correspondence must be validated by an authorised practitioner against a lawfully accessed copy.
Yes. Governance, risk, competence, documented information, supplier assurance, incident management, internal audit, management review and improvement processes can be coordinated. AI-specific impact, data, life-cycle, transparency and human-oversight evidence should remain explicit.
It is designed for AI governance leaders, AIMS managers, risk and compliance teams, internal auditors, product and system owners, data and security teams, procurement, legal specialists and organisations preparing for independent assurance or certification.
The controlled documents use editable DOCX and XLSX formats intended for Microsoft Word and Excel in an approved Microsoft 365 environment. The workbook is macro-free. Buyers should test the files in their own controlled environment before deployment.
Tell us whether you develop, provide, procure or use AI systems and which assurance outcome matters first. We will use that context for controlled release review and launch planning.