WisdomPrompt checklist

ISO 42001 Evidence Checklist

Use this checklist to pressure-test whether your AI management system has the evidence an internal reviewer, customer, or auditor will ask for. It is written for teams that need usable proof, not just policy language.

AI system inventory

  • System owner and accountable business unit
  • Intended use, prohibited use, and user groups
  • Models, agents, tools, data sources, vendors, and integrations
  • Current approval status and review cadence

Risk and impact evidence

  • Initial AI risk assessment and treatment decision
  • Privacy, security, safety, and bias considerations
  • Supplier and model dependency risks
  • Open findings, accepted risks, and remediation owners

Operating controls

  • Human review and escalation points
  • Access permissions and change approvals
  • Monitoring signals and incident response process
  • Evidence of recurring management review

Audit package

  • Control-to-evidence mapping
  • Named evidence records with owner and timestamp
  • Missing evidence list with due dates
  • Exportable summary for auditors, customers, or leadership

WisdomPrompt keeps AI inventories, evidence records, gaps, findings, approvals, and exports in one audit-ready workspace.