| A | B | |
|---|---|---|
1 | Question | Answer |
2 | What is the timeline and process for achieving ISO 42001 certification? | A sample timeline is available here. |
3 | How do you perform AI risk and impact assessments? | We use four primary sources of data for risk assessments: 1) Customer-provided documentation 2) Interviews with key stakeholders 3) Publicly-available information 4) Penetration testing and technical validation (optional) We then follow this approach to analyze this information to create risk and impact assessments. |
4 | Can you implement ISO 42001 using our existing governance, risk, and compliance (GRC) software (e.g. Vanta, Drata, ISMS Online). | Yes. While our experience has shown that many of these platforms have feature gaps that would prevent full implementation of ISO 42001 using one alone, we will build as much of your AIMS as possible using your software of choice. |
5 | For the interviews and other obligations, what should we expect? How much time will it take? | Please see this breakdown of stakeholders, expected time commitment, and sample questions. We will tailor this specifically for your company and business requirements. |
6 | Do you only evaluate internally-developed AI systems? Or do you include third-party ones? | StackAware does not draw bright lines between internally-developed and third-party systems and models (neither does ISO 42001). This allows for a holistic risk management approach. Check out this LinkedIn post for deeper analysis. |
7 | Do you offer continuous monitoring or ongoing support after the initial engagement? | Yes. StackAware offers a post-engagement retainer that keeps your AI Management System continuously updated by: - Monitoring for regulatory developments applicable to your company. - Tracking AI risks relevant to your technology stack and automatically notifying you. - Updating and maintaining all StackAware-developed documentation. |
8 | Will you execute a business associate agreement (BAA) with our company? | Yes. StackAware will execute a BAA for an additional fee. |
9 | What types of companies has StackAware worked with, and what results have they achieved? | StackAware's most successful customers are in healthcare and B2B SaaS. All publicly-available case studies are available on our blog, here. |
10 | Can I see some examples of StackAware deliverables? | A mapping of many ISO 42001 requirements against sample deliverables is available here. |
11 | Framework questions | |
12 | What is an AI Management System? | According to ISO 42001, an AI Management System (AIMS) is a "set of interrelated or interacting elements of an organization to establish policies and objectives, as well as processes to achieve those objectives" with respect to the use of Artificial Intelligence. An AIMS is the key mechanism for how you govern artificial intelligence and manage any resulting risk. |
13 | What is the re-certification process like for ISO 42001 audits? | An ISO 42001 certification is good for 3 years. The process requires a comprehensive 2-stage audits for initial certification, followed by two smaller annual surveillance audits. This is different from a SOC 2 audit, where you essentially need to re-do the process every year. |
14 | Can we "inherit" controls from our vendors for ISO 42001 audit purposes? | ISO 42001 does not lay out a clear inheritance framework, meaning that you (or StackAware, working on your behalf) will need to develop a defensible approach. See the LinkedIn post for details. |
15 | How should I think about scoping my ISO 42001 certification? | Please see this guide for scoping considerations. |
16 | What are the differences and relationships between various AI governance frameworks (e.g., NIST AI RMF, ISO 42001, EU AI Act)? | This guide compares and contrasts common AI governance frameworks. |
17 | How does your AI governance program integrate with existing governance or compliance frameworks (e.g., NIST CSF, ISO 27001, HITRUST)? | We have experience building AI governance programs that integrate with a wide range of existing compliance and security frameworks. StackAware will tailor all deliverables to fit seamlessly into your existing requirements. |
18 | Can you also assist with ISO 27001 implementation and internal audit? | Yes, we have experience implementing ISO 27001 and have trained ISO 27001 lead auditors available. |
19 | What is the internal audit required by ISO 42001? | Clause 9.2 of the standard requires that certified organizations "plan, establish, implement and maintain (an) audit programme." This means and objective and impartial auditor (not involved in control design) must review the implementation of the AI Management System on a regular basis (at least annually). StackAware can either have an expert who was not involved in control design conduct the internal audit, or train one of your employees to conduct it. |
20 | If StackAware does our internal audit, what does the report look like? | See a template of the report format here. We can also provide a version that can be uploaded to Jira, if desired. |
21 | What type of report do we get at the end of an ISO 42001 external audit? | ISO 42001 certification is a binary outcome: either you have it or you do not. This is different from SOC 2 attestations, where the auditor provides an opinion and supporting information. An ISO 42001 certificate simply makes reference to the scope assessed and the relevant statement of applicability (which defines which controls you implemented). Here are examples of real certificates provided upon certification. |
22 | Penetration testing and red-teaming | |
23 | Do you offer penetration testing or red teaming services for AI applications? | Yes. StackAware partners with both manual and automated penetration testing providers to technically evaluate your AI applications. We price these engagements on a per-application basis. |
24 | How do you define a single "application" from a pricing perspective. | From a pricing perspective, an application that we would penetration test consists of the entire offering advertised to an internal or external customer. Thus, a single application can consist of multiple application programming interface (API) endpoints but has a single business purpose. For example, a chatbot exposed to customers that calls multiple different APIs would count as one application. If there were two different chatbots that served different purposes or had different target audiences, however, these would count as two applications. StackAware offers bulk pricing discounts for multiple applications to be tested. |
25 | How many resources will you consume as part of the penetration test? | For customers with large language model-based applications, we estimate 500,000 tokens of expenditure. Other application types will vary. |
26 | What StackAware Does | |
27 | How will StackAware protect my data? | As a security company, we take data protection extremely seriously. In addition to having undergone multiple successful external ISO 42001 audits, we maintain a detailed Trust and Security Center and make most of our AI Management System documentation publicly available for inspection. |
28 | Do you compete with governance, risk, and compliance (GRC) platforms like Vanta and Drata? | No. StackAware's software platform does not provide the same features as, or overlap with, a traditional GRC platform. StackAware provides the following things they do not: 1. Continuous risk management. Aside from high-level information (like identifying a risk of "software vulnerabilities" and providing a treatment of "regular patching"), most GRC platforms do not provide actionable guidance for managing risk out-of-the-box. Furthermore, most platforms only allow for assessment of risk with qualitative labels (like "low" or "critical"), which makes it impossible to compare risk magnitude with the cost(s) of applying controls. StackAware not only provides detailed, quantitative, and continuously-updated risk information for specific systems but also continuously updates customers regarding changes in the risk picture as a result of technical or regulatory developments. 2. Asset inventory and supply chain analysis. Using its existing library of assessments, and custom-building ones for any new customer systems, StackAware can map known data subprocessors throughout a given supply chain. This allows for full understanding of the data classification, residency, and business continuity implications of using a given vendor, service, or component. 3. External issue tracking and alerting. While most GRC platforms allow for recording "external issues" (to use ISO 42001/27001 terminology), they rarely provide detailed guidance regarding specific laws and regulations. Especially in the case of artificial intelligence, these rules are constantly changing. StackAware provides up-to-date monitoring of all relevant external issues for a given customer's management system through its application programming interface (API), as well as email alerts. StackAware also maps individual laws to specific systems, and how customers use them, to fully illuminate the risk surface. For example, if a company is using an AI-powered recruiting tool to hire employees in New York City (NYC), this would trigger an analysis of whether the company meets the requirements of NYC Local Law 144. If not, StackAware would provide actionable steps for ensuring compliance. |
29 | Are you focused on mitigating AI-powered threats (malware, phishing, etc.)? | No. StackAware is focused on enabling the secure use of AI technologies and systems, not defending against AI-powered threats. |
30 | We think we have been hacked. Do you do incident response or forensics? | No. StackAware is focused entirely on preventing AI-related cybersecurity incidents. We do not manage incident responses or post-breach investigations. We do, however, have referral partners whom we can recommend. |
31 | How to engage | |
32 | I don't have the budget for an AI risk assessment. How should I pitch this internally? | Ask your engineering, product, and finance colleagues the following questions: - "Do we have budget to lose deals to competitors because we cannot explain our AI security posture to prospects (while you are also blasting out blogs and social posts about how we use AI throughout the company!)?" - "Do we have budget to address lost competitive advantage from employees unintentionally training SaaS generative AI models on our intellectual property like Amazon did, losing nearly $1.5 million?" - "Do we have budget to jump through our a** before our next audit to document how we are meeting compliance requirements while using AI?" |
33 | Shouldn't we wait until we have finished our AI project(s) before engaging you? | If you would prefer engineering and product teams to start deploying AI-powered products rapidly, without worrying about cybersecurity or privacy, then this makes sense. But what are you going to do after they have already: - Been using ChatGPT every day for years? - Integrated open source AI libraries into their code? - Connected workflows to SaaS-hosted LLMs? If you think you are going to be able to apply guardrails after all of this is already done, think again. Even the forward-leaning companies we have already helped had to battle some inertia because of the previous pace of AI-related development. Security teams often get left out of discussions about new product and feature development, so the time is now (frankly, yesterday) to start talking about how you are going to: - Meet regulatory obligations - Classify and govern data - Threat model - Vet vendors |
34 | Ok, so what level of sophistication with AI does my company need to have for you to conduct a risk assessment? | StackAware can do an AI risk assessment and ISO 42001 gap analysis at any stage of development or maturity. The process is designed to be flexible and can even incorporate future roadmap plans. This means that even if development or rollout is in its early stages, an assessment can still provide valuable insights for strategic planning and development. In fact, this is the best time to start! |
35 | Miscellaneous | |
36 | Where can I learn about how StackAware protects customer data? | Please see our Trust and Security Center. |
37 | Does StackAware partner with or subcontract to vCISOs or security consultants? | No. |