Book a demo
Framework / ISO 42001

ISO 42001 certifies your AI management system.
Prove the agents are managed.

ISO/IEC 42001:2023 asks for operational controls, monitoring, and records over your AI systems. For autonomous agents, AIR supplies the operational evidence — continuous monitoring and a signed record of what each agent did.

ISO/IEC 42001:2023AI management systemoperational controlsmonitoring
Records the controls operate · tamper-evident · durable
AIMS evidence · live
Monitoredagent action · 16 detectors
Accountablebound to a named human
Recordedsigned, continuous
Lifecycledurable, anchored chain
operational evidence · anchored Rekor
✓ the controls operate, on the record
01The stakes
ISO 42001 certification audit
Your AIMS is documented. The certifier asks for proof the agents are actually managed.
ISO 42001 is a management-system standard: policy on paper isn't enough, the auditor wants records that the controls operate. For autonomous agents, that operational evidence is usually missing — AIR produces it continuously and signs it.
02The standard

A management system, not a policy binder.

A management system
first of its kind

ISO/IEC 42001:2023 is the first certifiable AI management system standard. It expects operational controls over your AI systems, not just policy.

Agents are the part of "your AI systems" hardest to evidence.
Operate the controls
monitoring & records

Certification tests that controls operate over time — monitoring, logging, records. AIR runs the monitoring and signs the records for the agent layer.

16 detectors, every agent action.
Across the lifecycle
durable evidence

The AIMS spans the AI lifecycle. A signed, anchored chain gives you durable, tamper-evident records the certifier can trust.

Re-anchored to your retention floor.
03How AIR answers

What an AIMS audit asks of the agent layer.

Are your AI systems monitored in operation?
Monitor16 detectors on every agent action, continuously.
Do you keep records that the controls operate?
ProveSigned in-process, every action, over time.
Can you show accountability for agent actions?
AccountEach action bound to a named human or service.
Are the records tamper-evident for the certifier?
ProveAnchored to a public transparency log.
Mapped to your AIMS, not raw logs?
ReportRecords map to your operational controls.
04The evidence

Operational evidence your certifier can trust.

A signed, monitored, accountable record of what each agent did — durable across the lifecycle and tamper-evident, so the AIMS controls are demonstrably operating, not just documented.

See all framework mappings →
AIMS operational record · agdr/v2
Monitored · agent action read against 16 detectors
Accountable · bound to a named human
Recorded · signed in-process, continuous
Durable · anchored, re-anchored to retention
operational evidence · blake3 · ed25519 · anchored Rekor
✓ controls operating, on the record · search.sigstore.dev
05What you get

The tiers AIMS owners choose.

Enterprise
most teams here
  • Continuous agent-layer monitoring & records
  • Framework reports — ISO 42001 · SOC 2 · EU AI Act
  • Causal graph, query & replay
  • SIEM: Splunk · Datadog · Sentinel · Sumo
  • SSO / OIDC, SLA
Book an agent audit
Air-gapped
regulated · sovereign
Everything in Enterprise, plus
  • On-prem / offline anchoring
  • No phone-home — records never leave
  • Extended retention + PQ re-anchoring
  • Admissibility Pack — FRE 902 + expert support
Talk to us

Make the agent layer part of your AIMS.

A free agent audit shows the operational evidence you'd bring to an ISO 42001 certification today.

Book an agent audit →
ISO/IEC 42001:2023operational controlsmonitoringFRE 902(13)–(14)
Vindicara · project AIR v1.0.1 support@vindicara.io · This page is itself on the record.