Skip to content
Encor
PricingSign inStart free
How Encor works

How Encor models ISO/IEC 42001

ISO 42001 establishes one AI Management System (AIMS) per organization. The AIMS governs many AI systems. Encor's product is structured the same way — so the work you do here maps directly to what an auditor will look at.

AIMS-wide

One per organization

Done once for the whole org. Edit in Encor's main workflow.

  • AI Policy Clause 5.2
  • AIMS scope statement Clause 4.3
  • Roles & responsibilities Clause 5.3
  • AI objectives Clause 6.2
  • Risk management procedure Clause 6.1.1
  • Statement of Applicability Clause 6.1.3 + Annex A
  • Internal audit programme Clause 9.2
  • Management review Clause 9.3
  • Nonconformity & corrective action Clause 10.2
  • Concern reporting channel Annex A.3.3
  • Change-management procedure Clause 6.3 + Annex A.6.2.6
  • Supplier register Annex A.10
  • Training records Clause 7.2
Per AI system

One per system

Done for each AI system you list in onboarding. Edit from the per-system dashboard.

  • Risk register entries Clause 6.1.2
  • AI Impact Assessment Clause 6.1.4 + Annex A.5.4
  • A.5.x / A.7.x applicability overrides Annex A
  • Lifecycle records Annex A.7
  • Per-system change log Clause 6.3 + Annex A.6.2.6
  • Operational evidence Clauses 8 + 9.1

Multiple legal entities = multiple Encor orgs

If you operate as a holding company with subsidiaries that hold their own ISO 42001 certifications, each subsidiary is a separate AIMS — and a separate Encor organization. One legal entity = one AIMS = one Encor org with N AI systems inside.

Where to do each per-system task

From any AI system's dashboard at /systems/[id]:

Risk register entries
6.1.2

Click 'View risks' on the system dashboard, or jump to /risks?systemId=X. AI suggests starter risks + mitigating controls per system.

AI Impact Assessment
6.1.4 + A.5.4

Click 'Run impact assessment' on the system dashboard. 12-question form with AI-drafted answers based on the system's purpose, criticality, and your org's role.

A.5.x / A.7.x applicability
Annex A

On the system dashboard, the 'System-specific controls' section lets you override applicability for controls that legitimately vary per system.

Per-system change log
6.3 + A.6.2.6

From the system dashboard's 'Change log' section, or the org-wide /ai-system-changes register filtered by system.

Per-system concern reports
A.3.3

From the system dashboard's 'Concerns' section, or the org-wide /concern-reports register filtered by system.

Operational evidence (uploads)
Clause 8 + 9.1

Open any audit, nonconformity, incident, supplier review, etc. and use the attachments block on each row. The /evidence page hosts the 3-month playbook + a roll-up of files across registers.

Transparency

Want to verify the coverage claims?

We publish a clause-by-clause and Annex-A-by-control matrix of what Encor covers, with the artifact slug and register types that back each row. No login required.

See the full clause-by-clause coverage matrix →

Ready to map your AIMS?

Free 14-day trial. No card.

Start free trial →