iso-42001-ai-mcp 1.0.8

AI-powered iso 42001 ai MCP server for agents. Supports audit management system, assess ai risk, generate policy template. By MEOK AI Labs.

ISO 42001 AI MCP

ISO/IEC 42001:2023 AI Management System compliance — clauses 4–10 audit, Annex A controls, Annex B risk assessment, policy generation, certification readiness, and EU AI Act crosswalks.

What This Does

ISO/IEC 42001:2023 is the first international standard for AI Management Systems (AIMS). It specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system. The standard covers 7 management system clauses (4–10), Annex A controls for AI-specific governance (policies, lifecycle, data, transparency, third-party relationships), and Annex B guidance for AI risk assessment across 7 risk categories.

This server audits your AIMS against all clauses, evaluates Annex A controls, performs Annex B risk assessments, generates ISO 42001-compliant policy documents, checks certification readiness, and maps everything to EU AI Act articles — the key dual-compliance feature for organizations operating in the EU.

Quick Start

npx meok-setup --pack governance

Tools

Tool	Description	Parameters
audit_management_system	Audits your AI management system against all 7 ISO 42001 clauses (4–10) and their subclauses. Evaluates organizational context, leadership, planning, support, operation, performance evaluation, and improvement. Returns per-clause conformity scores and certification readiness. Recognizes synergies with existing ISO 27001/9001/27701 certifications.	organization_description, ai_systems_description, existing_certifications
assess_ai_risk	Performs ISO 42001 Annex B risk assessment across 7 categories: bias & fairness, safety & reliability, transparency & explainability, privacy & data protection, security & resilience, accountability & governance, societal & environmental. Returns risk ratings, treatment priorities, and recommended Annex A controls.	system_description, system_name, risk_criteria
generate_policy_template	Generates ISO 42001-compliant AI policy documents. Three formats: "comprehensive" (full 12-section policy with governance structure, roles, risk management, lifecycle management), "brief" (executive statement), or "executive" (board-level policy). Addresses clause 5.2 and Annex A.2.2 requirements.	organization_name, ai_scope, policy_type
check_annex_controls	Evaluates your AI system against all ISO 42001 Annex A controls across 9 sections (A.2–A.10): AI policies, internal organization, resources, impact assessment, lifecycle management, data governance, transparency, AI use, and third-party relationships. Produces a gap analysis suitable for Statement of Applicability.	system_description, system_name, implemented_controls
crosswalk_to_eu_ai_act	Maps ISO 42001 clauses and Annex A controls to EU AI Act articles. Shows exactly where ISO 42001 conformity satisfies EU AI Act requirements. Covers ~20 clause-to-article mappings with alignment strength ratings (strong/moderate). Essential for dual-compliance programmes.	iso_clauses, focus_area
create_certification_checklist	Generates an ISO 42001 certification readiness checklist with pass/fail criteria for each requirement. Covers documentation, processes, and evidence needed for certification audit.	organization_description, ai_systems_description
quick_scan	One-line system description to instant ISO 42001 gap assessment. No parameters needed beyond the description. Fast triage tool for initial assessment.	system_description
certification_timeline	Returns ISO 42001 certification steps and typical timelines. No parameters needed. Useful for planning certification journey.	(none)

Usage Examples

Audit an AI startup's management system

Use the audit_management_system tool with:
  organization_description: "AI startup developing LLM-based customer support chatbots for enterprise clients. 80 employees, no formal AI governance structure, no AI policy documented, ad-hoc risk assessments. Has ISO 27001 certification."
  ai_systems_description: "Three production LLM fine-tuned on client data. Uses RAG architecture. Processes customer PII. Deployed in EU and US."
  existing_certifications: "ISO 27001"

Expected output: Overall conformity ~25–35% (major_gaps). ISO 27001 synergy recognized for clauses 7.5, 8.2, 9.2. Critical gaps: clause 5 (no AI policy), clause 6 (no formal risk assessment), clause 8 (no impact assessment). Certification readiness: not_ready.

Assess AI risk for a hiring tool

Use the assess_ai_risk tool with:
  system_description: "Automated CV screening and candidate ranking system for graduate recruitment. Trained on 5 years of historical hiring data. Scores candidates on predicted job performance. Uses NLP to parse resumes and analyze video interviews. Affects employment decisions for 10,000+ applicants annually."
  system_name: "GraduateRecruit AI"

Expected output: Risks identified in bias & fairness (HIGH — hiring decisions, protected classes), transparency (HIGH — black-box scoring), privacy (MODERATE — biometric video analysis). Recommended controls: A.5.2 (impact assessment), A.6.3 (responsible design), A.6.4 (testing), A.8.2 (transparency). Statement of Applicability needed.

Generate a comprehensive AI policy

Use the generate_policy_template tool with:
  organization_name: "Acme AI Ltd"
  ai_scope: "Development and deployment of machine learning models for financial services, including credit scoring, fraud detection, and customer analytics"
  policy_type: "comprehensive"

Expected output: Full 12-section policy document (~2000 words) covering AI principles (safety, fairness, transparency, accountability, privacy, security, human oversight), governance structure with RACI matrix, risk management framework, lifecycle management process, competence requirements, and documentation obligations. Ready for customization and board approval.

Crosswalk ISO 42001 to EU AI Act

Use the crosswalk_to_eu_ai_act tool with:
  iso_clauses: "all"

Expected output: ~20 mappings showing where ISO 42001 clauses align with EU AI Act articles. Strong alignment: clause 6.1 → Art. 9 (risk management), clause 8.4 → Art. 27 (fundamental rights impact), clause 7.2 → Art. 4 (AI literacy). Key insight: ISO 42001 certification provides substantial EU AI Act coverage but Articles 5, 49, 50, 62 require additional measures.

Installation

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "iso-42001-ai": {
      "command": "npx",
      "args": ["-y", "meok-iso-42001-ai-mcp"]
    }
  }
}

Or install via Smithery:

npx smithery mcp add nicholastempleman/iso-42001-ai-mcp

Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "iso-42001-ai": {
      "command": "npx",
      "args": ["-y", "meok-iso-42001-ai-mcp"]
    }
  }
}

VS Code

Add to .vscode/mcp.json:

{
  "servers": {
    "iso-42001-ai": {
      "command": "npx",
      "args": ["-y", "meok-iso-42001-ai-mcp"]
    }
  }
}

pip

pip install meok-iso-42001-ai-mcp

Related Servers

Server	Purpose
iso-27001-ai	Information security management (93 Annex A controls, ISO 27005 risk)
gdpr-compliance-ai	GDPR DPIA, data subject rights, breach notification
eu-ai-act-compliance	EU AI Act risk classification and Annex IV documentation
nist-rmf-ai	NIST AI Risk Management Framework risk profiles
csoai-governance-crosswalk	12 compliance frameworks mapped through 52 articles

Pricing

• Free tier: 10 calls/day per tool
• Pro: £79/mo — unlimited calls + cryptographically signed compliance attestations

License

MIT © MEOK AI Labs

💸 Try MEOK in 30 seconds — instant buy ladder

Tier	Price	What you get	Stripe
Smoke test	£1	Signed sample MCP-Hardening report + Article 50 PDF	https://buy.stripe.com/dRmcN75ScdQS7oh1Uc8k90U
Quick Kit	£9	EU AI Act Article 50 implementation guide (C2PA + EU-Icon)	https://buy.stripe.com/cNi00la8s1460ZT0Q88k90V
Founder Call	£29	30-min 1-on-1 with the founder	https://buy.stripe.com/8x228ta8s6oqbExaqI8k90W

Refundable. UK Stripe — VAT-clean. Builds on the 81-MCP MEOK fleet. Verify any signed report at https://meok.ai/verify.