Where we have delivered — and what is possible.

The organisation had deployed AI tools including a custom RAG-based GPT and was building a bilingual customer chatbot — without any formal AI governance structure, policy, or risk assessment in place.

• Developed full ISO 42001 AI Management System documentation
• Created AI policy aligned with Clause 5.2 requirements
• Conducted AI risk assessment covering all AI systems in scope
• Deployed bilingual chatbot in English and Japanese on WhatsApp Business
• Established human oversight mechanisms and third-party governance
• Built Statement of Applicability across all Annex A controls

Five AI systems identified operating without formal risk assessment, policy, or oversight. The organisation had significant exposure as a critical infrastructure provider — and no visibility of its AI governance gaps.

• Conducted structured stakeholder meetings across all departments
• Designed and deployed an organisation-wide online survey
• Performed full ISO 42001 gap analysis across all clauses
• Completed contextual analysis covering internal and external environment
• Defined preliminary AIMS scope across three boundary types
• Delivered formal findings report with prioritised recommendations
• Presented findings directly to top management

Building an AI agent that genuinely helps startups — while ensuring transparency, ethical use, and responsible AI principles are embedded by design rather than added as an afterthought.

• Designed and built AI agent on curated knowledge base using RAG architecture
• Embedded transparency disclaimers and ethical AI guidelines
• Implemented responsible use framework aligned with ISO 42001 principles
• Deployed publicly for global startup community access
• Established ongoing monitoring and knowledge base maintenance process

Three AI systems in production — none with formal risk assessment, policy, or accountability structure. Regulatory environment tightening. Board seeking assurance that AI use was defensible and compliant.

• Conducted AI systems inventory and risk classification
• Developed ISO 42001-aligned AI policy approved by board
• Completed risk assessment for all three AI systems
• Built Statement of Applicability with Annex A control justifications
• Established AI governance committee with defined roles
• Delivered staff AI awareness training program

AI diagnostic systems classified as high-risk under emerging regulation. Patient data privacy obligations. No human oversight mechanisms documented. Clinical staff using AI outputs without formal guidance on when to override.

• AI risk assessment with high-risk classification applied throughout
• Developed patient data governance controls aligned with privacy obligations
• Designed human oversight protocol for clinical AI use
• Built incident reporting and corrective action process
• Established AIMS monitoring and measurement framework
• Prepared organisation for ISO 42001 certification

Leadership had attended AI training that was too technical to apply. Multiple AI tools purchased with limited results. No business mapping, no governance, no clear link between AI spend and business growth.

• Delivered AI awareness workshop for leadership and operations team
• Completed full business process mapping to identify AI opportunities
• Introduced three targeted AI tools aligned to mapped processes
• Aligned AI adoption with business growth plan and expansion strategy
• Established basic AI governance appropriate to SME scale
• Provided ongoing retainer advisory for first six months