AI-powered iso 42001 ai MCP server for agents. Supports audit management system, assess ai risk, generate policy template. By MEOK AI Labs.
Project description
ISO 42001 AI MCP
ISO/IEC 42001:2023 AI Management System compliance — clauses 4–10 audit, Annex A controls, Annex B risk assessment, policy generation, certification readiness, and EU AI Act crosswalks.
What This Does
ISO/IEC 42001:2023 is the first international standard for AI Management Systems (AIMS). It specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system. The standard covers 7 management system clauses (4–10), Annex A controls for AI-specific governance (policies, lifecycle, data, transparency, third-party relationships), and Annex B guidance for AI risk assessment across 7 risk categories.
This server audits your AIMS against all clauses, evaluates Annex A controls, performs Annex B risk assessments, generates ISO 42001-compliant policy documents, checks certification readiness, and maps everything to EU AI Act articles — the key dual-compliance feature for organizations operating in the EU.
Quick Start
npx meok-setup --pack governance
Tools
| Tool | Description | Parameters |
|---|---|---|
audit_management_system |
Audits your AI management system against all 7 ISO 42001 clauses (4–10) and their subclauses. Evaluates organizational context, leadership, planning, support, operation, performance evaluation, and improvement. Returns per-clause conformity scores and certification readiness. Recognizes synergies with existing ISO 27001/9001/27701 certifications. | organization_description, ai_systems_description, existing_certifications |
assess_ai_risk |
Performs ISO 42001 Annex B risk assessment across 7 categories: bias & fairness, safety & reliability, transparency & explainability, privacy & data protection, security & resilience, accountability & governance, societal & environmental. Returns risk ratings, treatment priorities, and recommended Annex A controls. | system_description, system_name, risk_criteria |
generate_policy_template |
Generates ISO 42001-compliant AI policy documents. Three formats: "comprehensive" (full 12-section policy with governance structure, roles, risk management, lifecycle management), "brief" (executive statement), or "executive" (board-level policy). Addresses clause 5.2 and Annex A.2.2 requirements. | organization_name, ai_scope, policy_type |
check_annex_controls |
Evaluates your AI system against all ISO 42001 Annex A controls across 9 sections (A.2–A.10): AI policies, internal organization, resources, impact assessment, lifecycle management, data governance, transparency, AI use, and third-party relationships. Produces a gap analysis suitable for Statement of Applicability. | system_description, system_name, implemented_controls |
crosswalk_to_eu_ai_act |
Maps ISO 42001 clauses and Annex A controls to EU AI Act articles. Shows exactly where ISO 42001 conformity satisfies EU AI Act requirements. Covers ~20 clause-to-article mappings with alignment strength ratings (strong/moderate). Essential for dual-compliance programmes. | iso_clauses, focus_area |
create_certification_checklist |
Generates an ISO 42001 certification readiness checklist with pass/fail criteria for each requirement. Covers documentation, processes, and evidence needed for certification audit. | organization_description, ai_systems_description |
quick_scan |
One-line system description to instant ISO 42001 gap assessment. No parameters needed beyond the description. Fast triage tool for initial assessment. | system_description |
certification_timeline |
Returns ISO 42001 certification steps and typical timelines. No parameters needed. Useful for planning certification journey. | (none) |
Usage Examples
Audit an AI startup's management system
Use the audit_management_system tool with:
organization_description: "AI startup developing LLM-based customer support chatbots for enterprise clients. 80 employees, no formal AI governance structure, no AI policy documented, ad-hoc risk assessments. Has ISO 27001 certification."
ai_systems_description: "Three production LLM fine-tuned on client data. Uses RAG architecture. Processes customer PII. Deployed in EU and US."
existing_certifications: "ISO 27001"
Expected output: Overall conformity ~25–35% (major_gaps). ISO 27001 synergy recognized for clauses 7.5, 8.2, 9.2. Critical gaps: clause 5 (no AI policy), clause 6 (no formal risk assessment), clause 8 (no impact assessment). Certification readiness: not_ready.
Assess AI risk for a hiring tool
Use the assess_ai_risk tool with:
system_description: "Automated CV screening and candidate ranking system for graduate recruitment. Trained on 5 years of historical hiring data. Scores candidates on predicted job performance. Uses NLP to parse resumes and analyze video interviews. Affects employment decisions for 10,000+ applicants annually."
system_name: "GraduateRecruit AI"
Expected output: Risks identified in bias & fairness (HIGH — hiring decisions, protected classes), transparency (HIGH — black-box scoring), privacy (MODERATE — biometric video analysis). Recommended controls: A.5.2 (impact assessment), A.6.3 (responsible design), A.6.4 (testing), A.8.2 (transparency). Statement of Applicability needed.
Generate a comprehensive AI policy
Use the generate_policy_template tool with:
organization_name: "Acme AI Ltd"
ai_scope: "Development and deployment of machine learning models for financial services, including credit scoring, fraud detection, and customer analytics"
policy_type: "comprehensive"
Expected output: Full 12-section policy document (~2000 words) covering AI principles (safety, fairness, transparency, accountability, privacy, security, human oversight), governance structure with RACI matrix, risk management framework, lifecycle management process, competence requirements, and documentation obligations. Ready for customization and board approval.
Crosswalk ISO 42001 to EU AI Act
Use the crosswalk_to_eu_ai_act tool with:
iso_clauses: "all"
Expected output: ~20 mappings showing where ISO 42001 clauses align with EU AI Act articles. Strong alignment: clause 6.1 → Art. 9 (risk management), clause 8.4 → Art. 27 (fundamental rights impact), clause 7.2 → Art. 4 (AI literacy). Key insight: ISO 42001 certification provides substantial EU AI Act coverage but Articles 5, 49, 50, 62 require additional measures.
Installation
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"iso-42001-ai": {
"command": "npx",
"args": ["-y", "meok-iso-42001-ai-mcp"]
}
}
}
Or install via Smithery:
npx smithery mcp add nicholastempleman/iso-42001-ai-mcp
Cursor
Add to .cursor/mcp.json:
{
"mcpServers": {
"iso-42001-ai": {
"command": "npx",
"args": ["-y", "meok-iso-42001-ai-mcp"]
}
}
}
VS Code
Add to .vscode/mcp.json:
{
"servers": {
"iso-42001-ai": {
"command": "npx",
"args": ["-y", "meok-iso-42001-ai-mcp"]
}
}
}
pip
pip install meok-iso-42001-ai-mcp
Related Servers
| Server | Purpose |
|---|---|
| iso-27001-ai | Information security management (93 Annex A controls, ISO 27005 risk) |
| gdpr-compliance-ai | GDPR DPIA, data subject rights, breach notification |
| eu-ai-act-compliance | EU AI Act risk classification and Annex IV documentation |
| nist-rmf-ai | NIST AI Risk Management Framework risk profiles |
| csoai-governance-crosswalk | 12 compliance frameworks mapped through 52 articles |
Pricing
- Free tier: 10 calls/day per tool
- Pro: £79/mo — unlimited calls + cryptographically signed compliance attestations
License
MIT © MEOK AI Labs
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iso_42001_ai_mcp-1.0.7.tar.gz.
File metadata
- Download URL: iso_42001_ai_mcp-1.0.7.tar.gz
- Upload date:
- Size: 41.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2d15d99014c2b1e51e06de5abe6af1073db4948fcad7bd4895fc370196d82f20
|
|
| MD5 |
ff9ae7f33c5b9fdfe3c846487b720bd0
|
|
| BLAKE2b-256 |
0d87464f34f6bcf93dec957bf332421757cf7944832bb3fde969628b520e09d1
|
File details
Details for the file iso_42001_ai_mcp-1.0.7-py3-none-any.whl.
File metadata
- Download URL: iso_42001_ai_mcp-1.0.7-py3-none-any.whl
- Upload date:
- Size: 33.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44b6f70e6acb64e3b87f23ba3c5c08962ecb0f430e53570cdc2eb8f90c16aa6f
|
|
| MD5 |
d8035598350e6cbf828a5aa4af7050d8
|
|
| BLAKE2b-256 |
a48cf53ccdbccd605e1b18a95a8e10fd29fac2709d2681409af3802966e5d554
|
