From mastepanoski-claude-skills
Evaluates AI governance readiness and gap assessment using ISO/IEC 42001:2023. Assesses risk management, accountability, transparency, security, and continuous improvement.
How this skill is triggered — by the user, by Claude, or both
Slash command
/mastepanoski-claude-skills:iso-42001-ai-governanceThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill enables AI agents to perform a comprehensive **AI governance readiness and gap assessment** based on **ISO/IEC 42001:2023** - the international standard for Artificial Intelligence Management Systems (AIMS).
This skill enables AI agents to perform a comprehensive AI governance readiness and gap assessment based on ISO/IEC 42001:2023 - the international standard for Artificial Intelligence Management Systems (AIMS).
ISO 42001 provides a framework for responsible development, deployment, and use of AI systems, addressing risks, ethics, security, transparency, and regulatory compliance.
Use this skill to evaluate whether AI projects follow international best practices, manage risks effectively, and maintain ethical standards throughout the AI lifecycle.
Certification boundary: This skill can prepare evidence and identify gaps, but it is not a certification audit. Do not claim ISO/IEC 42001 conformance unless a qualified auditor or certification process verifies it.
Combine with security audits, code reviews, or ethical AI assessments for comprehensive AI system evaluation.
Invoke this skill when:
When executing this audit, gather:
ISO 42001 is structured around 10 key clauses plus supporting annexes:
Use ISO/IEC 42001 as the management-system anchor. When the request focuses on social, human, environmental, or lifecycle impact assessment, also reference ISO/IEC 42005:2025 as a companion standard for AI system impact assessments. When the request focuses on risk methodology, consider ISO/IEC 23894 as supporting guidance.
Work through seven steps, each mapped to ISO 42001 clauses. The full control-by-control
checklists — evaluation questions, scoring rubrics, example risks, and the seven AI
lifecycle stages — live in references/audit-procedure.md.
Read the section for the step you are on rather than loading the whole file at once.
| Step | Focus | ISO 42001 Clause | Est. |
|---|---|---|---|
| 1. Context & Scope | AIMS boundaries, stakeholders, EU AI Act risk classification | 4 | 15 min |
| 2. Leadership & Governance | Management commitment, AI policy, roles & responsibilities | 5 | 20 min |
| 3. Planning & Risk Management | Risk categories, assessment process, AI objectives | 6 | 30 min |
| 4. Support & Resources | Resources, competence, awareness, communication, documentation | 7 | 20 min |
| 5. Operation (AI Lifecycle) | Design → data → development → validation → deployment → monitoring → decommissioning | 8 | 40 min |
| 6. Performance Evaluation | KPIs, internal audit, management review | 9 | 20 min |
| 7. Improvement | Nonconformity, corrective action, continual improvement (PDCA) | 10 | 15 min |
For each step: evaluate the documented controls, record evidence vs. gaps, assign a clause score (0–10), and carry the findings into the report.
Assemble findings into the standard ISO 42001 audit report. The copy-ready template
and a clause-by-clause self-assessment checklist are in
references/report-template.md.
The report covers, in order:
ISO 42001 aligns with major AI regulations:
EU AI Act:
GDPR:
NIST AI RMF:
ISO/IEC 42005:2025:
Sector-Specific:
1.0 - Initial release based on ISO/IEC 42001:2023
Remember: ISO 42001 is about building trustworthy AI systems through systematic risk management and governance. It's not a barrier to innovation—it's a framework for responsible innovation that protects both organizations and the people affected by AI.
npx claudepluginhub mastepanoski/claude-skillsAdvises organizations on ISO 42001 AI Management System compliance with gap analysis, risk assessments, policies, controls, Statement of Applicability, and certification checklists for AI providers and users.
Assesses AI risks using NIST AI RMF 1.0 across Govern, Map, Measure, Manage functions for trustworthy AI deployment.
Applies NIST AI RMF 1.0 governance, fairness, robustness, transparency, monitoring, and incident response for AI/ML systems beyond prompt security.