Free Tool

ISO 42001 SoA Builder

Build your ISO/IEC 42001 Statement of Applicability: work through all 38 Annex A controls across the 9 objectives, mark each applicable or excluded with an implementation status, and export a scored SoA to Markdown or CSV.

Comparing AI governance platforms? See the best EU AI Act compliance software guide.

Implementation maturity: 0%

Assessed 0/38 · 0 gaps

A.2 Policies related to AI

AI policy

A.2.2

Alignment with other organizational policies

A.2.3

Review of the AI policy

A.2.4

A.3 Internal organization

AI roles and responsibilities

A.3.2

Reporting of concerns

A.3.3

A.4 Resources for AI systems

Resource documentation

A.4.2

Data resources

A.4.3

Tooling resources

A.4.4

System and computing resources

A.4.5

Human resources

A.4.6

A.5 Assessing impacts of AI systems

AI system impact assessment process

A.5.2

Documentation of AI system impact assessments

A.5.3

Assessing AI system impact on individuals or groups

A.5.4

Assessing societal impacts of AI systems

A.5.5

A.6 AI system life cycle

Objectives for responsible development of AI systems

A.6.1.2

Processes for responsible design and development

A.6.1.3

AI system requirements and specification

A.6.2.2

Documentation of AI system design and development

A.6.2.3

AI system verification and validation

A.6.2.4

AI system deployment

A.6.2.5

AI system operation and monitoring

A.6.2.6

AI system technical documentation

A.6.2.7

AI system recording of event logs

A.6.2.8

A.7 Data for AI systems

Data for development and enhancement of AI systems

A.7.2

Acquisition of data

A.7.3

Quality of data for AI systems

A.7.4

Data provenance

A.7.5

Data preparation

A.7.6

A.8 Information for interested parties of AI systems

System documentation and information for users

A.8.2

External reporting

A.8.3

Communication of incidents

A.8.4

Information for interested parties

A.8.5

A.9 Use of AI systems

Processes for responsible use of AI systems

A.9.2

Objectives for responsible use of AI systems

A.9.3

Intended use of the AI system

A.9.4

A.10 Third-party and customer relationships

Allocating responsibilities

A.10.2

Suppliers

A.10.3

Customers

A.10.4

Prioritised gaps

38 item(s) to address

AI policy — Not assessed
Alignment with other organizational policies — Not assessed
Review of the AI policy — Not assessed
AI roles and responsibilities — Not assessed
Reporting of concerns — Not assessed
Resource documentation — Not assessed
Data resources — Not assessed
Tooling resources — Not assessed
System and computing resources — Not assessed
Human resources — Not assessed
AI system impact assessment process — Not assessed
Documentation of AI system impact assessments — Not assessed
+ 26 more in the export.

Export your scored assessment and prioritised gap list. Everything stays in your browser — nothing is uploaded.

All 38 Annex A Controls

Every ISO/IEC 42001 Annex A control (A.2 to A.10) pre-loaded, grouped by the nine control objectives an auditor works through.

The First Artifact an Auditor Opens

Mark each control applicable or excluded with its status and justification, and export the Statement of Applicability your Stage 1 audit asks for.

Maps to Runtime Controls

Controls like impact assessment, logging and human oversight map onto policy gates and sealed evidence — the SoA doubles as your runtime control plan.

Disclaimer: This tool helps you draft an ISO/IEC 42001 Statement of Applicability. It does not make your organisation certified and is not legal or certification advice. Confirm control applicability and implementation with your auditor.