Just a month into 2025, we’re proud to share a major milestone: Scrut has earned the ISO/IEC 42001:2023 certification for AI governance! As one of the first GRC platforms to achieve this certification, we walk the talk when it comes to compliance automation and we were able to achieve this certification using the Scrut platform!
“Getting ISO 42001 certified is a major win for Scrut,” said Aayush Ghosh Choudhury, Co-Founder and CEO at Scrut Automation. “This certification gives us a rock-solid risk management framework that allows us to confidently pursue AI-driven strategies while protecting our stakeholders and retaining their trust. By tackling potential risks head-on, we’re not only safeguarding our technology but also carving out a sustainable competitive advantage that builds the trust of our customers, partners, and investors.
AI models are rapidly becoming an integral part of our everyday lives, and as their influence grows, so does the need for responsible AI governance and risk management.
Case in point: DeepSeek. It has made the news for its groundbreaking AI models but also for a database leak that provided access to one million records, internal data, and even control over database operations.
“ISO 42001 provides a critical framework for systematically identifying, assessing, and mitigating weaknesses in AI systems across our organization. In an era of rapidly evolving AI technologies, this industry certification gives us a structured approach to managing the complex potential risks – from ethical considerations to security vulnerabilities,” said Nick Muy, CISO of Scrut Automation. “It’s not just about checking boxes for compliance; it’s about building a proactive, comprehensive risk management strategy that empowers us to drive AI innovation while upholding the highest standards of responsible development and deployment.”
Also read: 5 Steps for Creating Secure and Transparent AI Systems with ISO 42001
Acquiring this certification has been top priority for us, and we wanted to do this right at each step of the way. We wanted to thank Walter Haydock, Founder and CEO of StackAware, who was as our Implementation Partner. His expert guidance on ISO 42001 has been invaluable. Chadwick Powell was the Independent Auditor who conducted our internal audit and provided us with detailed findings to make our AIMS posture better and ready for the external audit, while Intercert was our External Auditor who streamlined the external audit and certification process.
What does ISO 42001 certification mean for Scrut?
ISO 42001:2023 is the first international standard to outline the requirements for AI governance. It follows the “Plan‐Do‐Check‐Act” methodology to ensure that policies and procedures are implemented to ensure an organization’s sound governance regarding AI.
The certification aims to not only examine the details of AI applications but also to provide a practical way of managing AI-related risks and opportunities across an organization.
Getting ISO 42001 certified means that Scrut has a comprehensive governance system for managing AI-related risks and ensuring the safe and responsible use of AI technologies. We decided to get certified after considering many advantages, including how it:
- Builds credibility: An ISO 42001 certification shows investors, customers, and partners that you take AI governance seriously, which opens new growth opportunities.
- Guides your growth: ISO 42001 has a structured approach to managing AI, covering data privacy and risk assessments, making AI development smoother.
- Mitigates risks: Early identification and resolution of potential AI pitfalls save time and resources.
- Smoothens regulatory compliance: ISO 42001 provides a solid foundation for AI compliance, making it easier to adapt to regional laws as you expand.
A step forward for safe, secure, and responsible AI use
We’re proud to be among the few SaaS platforms in the GRC space to earn this certification. It marks a significant milestone in our journey toward promoting responsible AI practices across the industry, and we achieved it by following these key steps:
- Establish an AI risk assessment and rating process: Carefully evaluate the potential impacts on your business, customers, and society.
- Identify your AI risk sources and assets: Pinpoint issues related to transparency, hardware, software, and data privacy by taking a thorough review of your AI operations from multiple angles.
- Conduct an AI risk assessment: Analyze the effects of AI on your business, individuals, and society as a whole.
- Document and justify your risk assessments: Record each identified risk, explain its significance, and outline your plan for addressing it.
At Scrut, earning this certification underscores our commitment to responsible AI deployment. It demonstrates to our clients, partners, and the entire industry that we are paving the way forward with a focus on safety, ethics, and innovation.
We have something exciting with AI tech, but we promise to do it the right way—by ensuring all necessary guardrails are in place, backed by the certification we have earned and upheld.
