ISO 42001 Certification for Ethical and Responsible AI Development

Security Sales & Integration recently chatted with Gerard Figols, chief operating officer at i-PRO, to discuss what it takes to achieve ISO/IEC 42001 certification for artificial intelligence management systems.

Figols explains what the standard is, why it’s challenging to achieve and why it matters to anyone working with AI-powered technology.

Security Sales & Integration: For those who may not be familiar, what exactly is ISO 42001?

Gerard Figols: ISO/IEC 42001 is the first international standard specifically focused on how organizations manage artificial intelligence. It’s not about how to build an algorithm, it’s about how you run AI as part of your business. The standard lays out best practices for risk management, transparency, accountability and continuous improvement.

It applies to any organization that develops, uses or provides AI systems, whether you’re in healthcare, manufacturing or, in our case, security technology.

SSI: What makes it so difficult for companies to earn this certification?

Figols: A few things. Some companies don’t have a systematic approach to AI development. They may be doing good work, but it’s not formally documented or managed. Others don’t have an existing management system like ISO 9001 to build on, which means they’re starting from scratch. And sometimes leadership doesn’t have a deep understanding of AI-related risks, which makes it harder to create the right governance structure. ISO 42001 is as much about culture and processes as it is about the technology itself.

SSI: Is it helpful for organizations that pursue ISO/IEC 42001 certification to have some type of ethical AI framework in place to make the process smoother?

Figols: Many companies already operate under standards like ISO 9001, which emphasize quality management. Extending those practices to AI projects, through structured design reviews, testing and monitoring, lays a solid foundation.

Ahead of certification, some organizations also create ethical AI frameworks, often expressed as guiding principles for responsible development and use. These are typically supported by oversight bodies, such as internal ethics committees, that ensure principles aren’t just words on paper but are applied in day-to-day development.

For example, embedding ethics reviews into the existing quality management system means every new AI feature is assessed for risk, fairness and social impact, alongside technical performance. By the time an organization begins the ISO/IEC 42001 audit, it already has governance mechanisms, review processes and accountability structures in place, making the path to certification more straightforward.

SSI: The standard talks about “AI-related risk management” across nine categories. Can you give us the big picture?

Figols: Sure. The nine categories cover everything from how leadership sets policy, to how you manage people, to how you handle data. They include risk assessment, impact reviews, transparency, cybersecurity and continuous improvement. Altogether, there are 38 specific measures you have to address. It’s comprehensive because AI touches so many areas of an organization.

SSI: Could you walk us through one example in more detail — something that connects directly to AI ethics?

Figols: A good example is preventing bias in AI models. Say you have a camera that detects humans. You have to make sure it works reliably regardless of clothing color, skin tone or movement patterns.

That means carefully selecting and testing training data, running performance checks in different conditions and having a documented process for fixing any bias you find. ISO 42001 requires you to prove you’re doing that and to keep doing it over time.

SSI: What does the path to ISO/IEC 42001 certification typically involve for a company?

Figols: The process starts with building an AI Management System (AIMS) that captures both policy and operational rules. Companies need to document how they develop, maintain and monitor AI systems and map out the entire AI and data lifecycle.

Internal audits and management reviews are an important step before engaging an accredited third party. From there, organizations undergo an independent audit by a standards body such as the British Standards Institute, which validates that processes meet the requirements of ISO/IEC 42001. While the timeline can vary, most organizations can expect several months of preparation and review before certification is awarded.

SSI: Beyond the achievement itself, why should customers or partners care if a company is ISO 42001 certified?

Figols: Three main reasons. First, it shows the company takes ethical responsibility seriously since they’re actively looking for and addressing risks to privacy, fairness and human rights. Second, it means AI systems are being built and monitored under a clear, structured framework, which reduces the chance of harmful or unintended outcomes.

Third, certification isn’t permanent, meaning you have to maintain it, which forces ongoing improvement.

SSI: Do you think this standard will catch on in the wider security industry?

Figols: It’s still new, so adoption is just starting. But I think it has the potential to raise the baseline for how AI is managed across the industry. In security, where AI can influence safety, privacy and even legal outcomes, that’s important. Being first was a challenge, but hopefully it makes it easier for others to follow.

SSI: If you had to sum it up, what’s the biggest takeaway about ISO 42001 for our readers?

Figols: It’s about trust. Whether you’re selling, installing or using AI-powered systems, you want to know they’re built and run in a way that’s safe, fair and accountable. ISO 42001 gives you a way to prove that. And, in an industry like ours, that proof matters.

ISO 42001 in Plain Language: 9 Ways AI Risks Are Managed

The ISO 42001 standard breaks AI risk management into nine big areas. Here’s what they mean without the jargon.

  1. Leadership and Oversight
    Top management must set the rules for how AI is used and make sure the right people are responsible for following them.
  2. People and Skills
    Staff working with AI need clear roles, proper training and the resources to do their jobs well.
  3. Data Handling
    Controls are in place for collecting, cleaning, storing, using and securely deleting data.
  4. AI System Lifecycle
    AI systems are managed from start to finish — design, development, testing, daily use, updates and retirement.
  5. Risk Checks
    Possible harms are identified, measured and addressed before they cause problems.
  6. Impact Reviews
    AI’s effects on people and the environment are evaluated before and after deployment.
  7. Transparency and Accountability
    AI decisions are documented so they can be explained to users, regulators or auditors.
  8. Cybersecurity
    Systems are protected from hacking, tampering or misuse.
  9. Continuous Improvement
    Processes and systems are regularly reviewed and updated to make them safer and more effective over time.

Editor’s Note: i-PRO obtained ISO/IEC 42001 certification for its AI Management Systems on May 10, 2025.

The post ISO 42001 Certification for Ethical and Responsible AI Development appeared first on Security Sales & Integration.



from Security Sales & Integration https://www.securitysales.com/insights/iso-42001-certification-ethical-responsible-ai-development/614283/
via CCTV

Comments

Post a Comment

Popular posts from this blog

Future of Dental and Medical Practices CCTV in 2026 - UK trends and technology

Image
Welcome to Gary Pearce Home Services' authoritative guide on Future of Dental and Medical Practices CCTV in 2026 - UK trends and technology . 1. The Regulatory Landscape for Clinical CCTV in 2026 As we move through 2026, medical and dental practices across the UK face unprecedented scrutiny regarding patient privacy and physical security. Clinical environments require a delicate balance: maintaining absolute patient confidentiality while ensuring robust protection against theft, vandalism, and false liability claims. The Information Commissioner’s Office (ICO) has updated its strict codes of practice to reflect advances in AI-driven edge surveillance. For dental and medical practices to remain compliant, any newly deployed CCTV system must strictly adhere to the ICO CCTV Code , UK GDPR , and the industry-recognised BS EN 62676 standard for video surveillance systems. To achieve SSAIB Grade 2 or Grade 3 certification, practice owners must ensure that security data i...
Read more

The 8K Resolution Era: Why Forensic CCTV is Now the Residential Standard

# The 8K Resolution Era: Why Forensic CCTV is Now the Residential Standard For years, 4K (8-Megapixel) resolution was considered the "ceiling" for residential security. But as we move into 2026, the demand for **Forensic Clarity** has pushed 8K (32-Megapixel) sensors into the mainstream. At **CCTV Systems**, we are seeing a massive shift towards 8K installations for homeowners who require more than just "vague shapes"
Read more

Why Weapons Detection Systems Fail Without Proper Planning

The weapons detection market has exploded over the past three years, driven by heightened security concerns across every vertical market. Healthcare facilities, educational institutions, corporate campuses, and entertainment venues are all investing in advanced weapons screening technology. For security integrators, this represents significant opportunity – and significant risk. Unlike traditional security systems that can be “set and forget,” weapons detection implementations succeed or fail based on factors that extend far beyond technical installation. The difference between a profitable, referral-generating project and a costly support nightmare often comes down to understanding challenges that don’t appear in any technical manual. The False Promise of “Plug and Play” Vendors market their systems as simple to deploy and operate. The reality is more complex. Advanced detection technology may be sophisticated, but successful implementation requires integrators to think beyond netw...
Read more