Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

How to integrate ISO 42001 with other Management Systems

  • Published: October 8, 2025
  • Category: International Standards

Share this post

Headshot of a man with long hair, a beard and glasses, wearing a patterned shirt
Dan York

Share this post

ISO 42001 is the new Management System standard for governing AI systems, specifically the risks they present to your business, and providing a framework for how to make the most of the opportunities they present.

It comprises a set of requirements to establish an AI Management System and a mechanism to be certified to this internationally recognised standard. For organisations looking to integrate ISO 42001 with other standards, understanding these requirements is essential.

However, if you have experience with other Management System standards (such as ISO 9001, ISO 27001, or ISO 13485), the requirements within ISO 42001 may look familiar. Below, we’ll explain why this is the case and how you can integrate ISO 42001 with your current Management Systems to enhance governance and compliance.

Need help with IOS 42001? Book a Call with our Expert Team

Why do ISO Management System standards look the same?

A “Management System” is a technical way of saying the way in which a business operates – whether you have it written down or not, your company has a “Management System”.

ISO Management System standards (like ISO 42001) are intended to give organisations best practice for addressing specific areas within their management system (e.g. AI for ISO 42001, Information Security for ISO 27001).

ISO acknowledges that businesses face many different types of requirements that their Management System should address, so it creates Management System standards that are structured similarly (based on a document called Annex SL).

ISO intends for businesses to apply multiple Management System standards in a joined-up way.

ISO have created Annex SL and a guidance document on how to do it – fortunately, we’ve read these documents, so you don’t have to. They recommend “integrating” aspects of your Management System, not creating siloed Processes and Procedures to address each different aspect of your Management System

Why integrate your Management Systems?

A Management System is the way in which you run your business – integration is about looking for ways to make your processes more efficient by addressing requirements from multiple directions at once.

Creating a single place where documents are stored and agreeing on how to notify relevant people when they are changed, rather than maintaining different storage systems for information security, AI, and customer feedback, would be an example of integrating a Management System.

Is integrating every process essential? Absolutely not, but we frequently come across companies looking for new software systems to address a new regulatory requirement, when existing systems can be adapted to keep fees, maintenance work and duplication of effort down.

But, sometimes, it’s better not to integrate – if two teams have very different requirements from their processes or perform very different tasks, it can be helpful to keep them separate.

The best places to integrate

Often, policies and procedures will expand over time as companies take on new regulatory or compliance requirements, resulting in dozens or even hundreds of these documents. We always recommend a different approach – having 10-20 procedures that outline responsibilities and process flows across and between teams, then having specific guidance documents or templates maintained by key stakeholders only where needed to ensure an effective process – that is a process that delivers what your business wants, not just your auditor!

This means you end up with a single process for (for example) supplier onboarding and evaluation instead of having to refer to the AI supplier policy, the information security supplier policy, the finance supplier policy and all the rest – as well as a single evaluation form (preferably in a configurable system like Jira so you can control the process workflow) rather than multiple assessment forms.

Similarly, Risk Management is a major governance area for many companies, but having different risk assessment methods for different types of risk results in risks being missed or duplicated – why not have a single risk assessment method with different scoring systems for each risk type?

Another high-level place where integration and joined-up thinking can save duplication of effort is when considering resources, tools and infrastructure needed for your organisation. Many management system standards require compliance through recording and monitoring of the human, technological and external resources that the organisation requires to operate effectively. ISO 42001 adds the need to keep specific logs of the data and tooling resources needed for the AI. There’s no reason that these processes shouldn’t be combined into a single log, with careful use of labels and tracking, and any changes to resource requirements or risks posed to the organisation from ineffectively planned resource changes can be mitigated. 

This approach does require setting appropriate accountabilities, as Process Owners will need to interact with Compliance Specialists to ensure their processes deliver what the company and its stakeholders need from them.

How to integrate ISO 42001 into other standards

As ISO 42001 is structured similarly to other ISO Management System standards, simply lining up clauses between the standards can be very helpful. To integrate ISO 42001 into your existing management system, we would recommend:

Step 1

Discuss and bring on board key stakeholders – senior management to assign and support any resources, existing process owners and staff who will have to follow the changes processes. Gaining feedback and input (to a point) should support a smoother transition.

Circular icon with the number 2

Look at where you address clauses of other standards within your existing Management System and look to incorporate AI-specific requirements from ISO 42001 into existing processes rather than creating new processes (and documents) just to address ISO 42001.

Step 3

If you already have a documented regulatory strategy, review it to ensure that making changes to your organisation does not require updating it or making changes to your interactions with external parties such as regulators.

Circular icon with the number 4

Identify the gaps in your existing Management System to create a comprehensive list of the requirements you need to integrate

Don’t just add to Policies and/or Procedures – think about how the process should work and add fields to workforms with relevant guidance.

Step 5

Use the comparison and gap analysis to create an “Implementation Plan” under your existing Management System to integrate the new requirements.

Integrating ISO 42001 How to integrate ISO 42001 with other Management Systems Integrating ISO 42001

Follow the implementation plan to close the identified gaps.

Integrating ISO 42001 How to integrate ISO 42001 with other Management Systems Integrating ISO 42001

Carry out internal audits to assess the impact the changes have had and identify any further improvement work.

How to get ISO 42001 certified

If you’re looking to implement ISO 42001 to get a certificate, you’ll want to engage with your certification body as early as possible, as their timeline for auditing may inform your timeline for implementation.

It may be the case that your current certification body is not accredited to provide an ISO 42001 certificate, in which case, you will need to identify an accredited certification body.

The IAF has a list of accreditation bodies for each country, which in turn can give you a list of certification bodies in your country that can provide ISO 42001 certification. We don’t recommend getting certified by a certification body not accredited by an IAF member.

Need help with IOS 42001? Book a Call with our Expert Team

Top Tip

When speaking to your certification body, if you have integrated ISO 42001 with other standards, mention that you have an Integrated Management System and ask about Integrated Auditing. Some ISO standards allow for reducing auditing time in a certification/surveillance audit if multiple standards are being audited at once – this can reduce the cost of your certification and the number of surveillance visits. If you’ve integrated your Management System well, this can be a significant saving.

We’re the experts that have your back.

Let us help you find a route from from where you are, to where you need to go. We’re here to help.

Book a Call with our Expert Team

Other Articles​

Loading...
How ISO 42001 Compliments Other Regulatory Frameworks

How ISO 42001 Compliments Other Regulatory Frameworks

Read More →

November 26, 2025

FAQ: What is ISO 42001?

Read More →

September 26, 2025
Implementing ISO 27001:

Implementing ISO 27001: Things to Consider

Read More →

May 26, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept