ISO-STANDARD.app

AI governance software for ISO 42001 and the EU AI Act

The first international AI management standard meets the world's first horizontal AI law. ISO-STANDARD.app gives you one workspace to govern AI systems against both — risks, controls, impact assessments and evidence, all linked.

Why AI governance just got hard

Two things changed AI governance in 2024–2025. ISO/IEC 42001 was published as the first certifiable AI management system standard, with 39 Annex A controls covering policy, roles, lifecycle, data and impact. And the EU AI Act entered force, classifying systems as prohibited, high-risk, limited-risk or minimal-risk, and imposing concrete duties on providers and deployers of high-risk AI.

Most teams now juggle three things at once: an internal model inventory, a security stance for AI suppliers, and a regulatory mapping for the AI Act. Spreadsheets do not cope. And generic GRC tools treat AI as a side-tab on a SOC 2 dashboard.

An AI governance platform built for the new rules

ISO-STANDARD.app is AI governance software designed around ISO 42001's lifecycle and mapped to the EU AI Act risk tiers from day one. Each AI system you onboard is classified, scored, linked to the Annex A controls that treat its risks, and tracked through development, deployment and decommissioning.

When the AI Act asks for a fundamental rights impact assessment, the workspace generates it from the data you already captured. When ISO 42001 asks for evidence of objective monitoring, it is already there.

What's in the box

AI system inventory

Every model, every use case, every supplier — with risk tier, data sources, owner and lifecycle stage. The thing the EU AI Act asks for first.

EU AI Act tiering

Built-in classification against prohibited / high-risk / limited / minimal. Each tier unlocks the duties that apply — no more "is this Article 6 or Annex III?" guesswork.

ISO 42001 Annex A controls

All 39 controls pre-loaded. Mark in or out of scope with justification; the AIMS Statement of Applicability assembles itself.

AI impact assessment

Structured AIIA covering fundamental rights, bias, transparency and human oversight — tailored to the system's tier.

AI risk register

AI-specific risk taxonomy: bias, drift, prompt injection, training data leakage, hallucination — linked to the controls that mitigate each.

Cross-mapping to ISO 27001 & NIST AI RMF

Re-use evidence across standards. Stop documenting access control three times.

Who it's for

AI-native product teams shipping into the EU

Pain: The customer's procurement team wants AI Act compliance evidence and you have a Notion page.

With ISO-STANDARD.app: A live AIMS with system inventory, impact assessments and Annex A controls — ready to share with reviewers.

Enterprises governing third-party AI

Pain: Every department signed up a different LLM vendor. Nobody knows where customer data flows.

With ISO-STANDARD.app: A central register of every AI system, its tier, its data and its controls — with supplier review baked in.

Regulated industries (finance, health, public sector)

Pain: ISO 42001 certification is on the roadmap and the board wants a credible plan, not a deck.

With ISO-STANDARD.app: An AIMS that maps cleanly to your existing ISO 27001 and NIST controls — no rebuild required.

Why ISO-STANDARD.app

  • Purpose-built for ISO 42001 — not a generic risk tool with an AI checkbox.
  • EU AI Act mapping included — Articles, Annexes and obligations linked to controls.
  • Re-uses your ISO 27001 evidence — one workspace, two standards, no duplication.
  • Live the day you sign up — no $50k implementation project.

Get ahead of ISO 42001 and the AI Act

Start a free AIMS workspace today. Inventory your AI systems, classify them against the AI Act, and produce the Annex A evidence reviewers expect.

Start free See pricingTalk to us

Prefer a conversation? Email hello@iso-standard.app — a practitioner responds within one business day.

← Browse guidesPricing →