ISO/IEC 42001:2023
ISO/IEC 42001 is the international standard for AI management systems. It provides a framework for organizations to establish, implement, maintain, and continually improve their management of AI. AGLedger provides the accountability layer that generates certification-ready evidence as a byproduct of operations.
AGLedger provides the records and audit trail. Your organization provides the management system and decisions.
Clause-by-clause mapping
| Clause | AGLedger provides | Enterprise owns |
|---|---|---|
| 4 — Context of the organization | Federation and custom schemas document inter-organizational AI system boundaries. Risk level and domain classification per mandate. | Determining organizational context, stakeholder needs, and AI management system scope. |
| 5 — Leadership | Role-based access with principal, performer, and accessor roles. Authority scope and designation date recorded per mandate. | Leadership commitment, policy establishment, and role assignment decisions. |
| 6 — Planning | Mandate structure captures objectives, constraints, deadlines, and tolerance bounds before work begins. Risk fields per mandate. | Risk assessment methodology, AI objectives, and planning decisions. |
| 7 — Support | SDKs (TypeScript, Python), native API, and MCP integration. Documentation exports in JSON, CSV, NDJSON formats. | Resource allocation, competence requirements, communication strategy. |
| 8 — Operation | Structured lifecycle (mandate → receipt → verdict) with 17-state machine. Append-only audit vault records every state change. | Operational planning, control implementation, and risk treatment execution. |
| 9 — Performance evaluation | Tolerance-band enforcement on numeric criteria. Timeliness evidence on every state transition. Reputation scoring for agent reliability. Drift detection across model updates (most useful in federated deployments). Audit vault queryable for cross-mandate analysis of acceptance, rejection, and revision rates. | Monitoring program design, internal audit scope, management review. |
| 10 — Improvement | 3-tier dispute resolution. Remediation states and revision workflow. Full chain preserved for nonconformity analysis. | Corrective action decisions, continual improvement strategy. |