AI Management System Readiness for Canadian employers.
Customers, boards, and procurement teams now ask whether your AI is governed before they buy or renew. 1205 builds the AI management system, evidence, and governance an accredited certification body will assess against ISO/IEC 42001 — the framework buyers point to. We prepare you for the review; the accredited body issues the certificate, not us. Nothing here is legal advice.
Already worried about AI in your hiring process? Start with the AI Hiring Compliance Check.
— Readiness Scorecard from $3,500 · One business-day reply
To be clear: 1205 is not an accredited certification body and does not certify, audit, or issue ISO 42001 certification. We build the AI management system, evidence, and governance an accredited body (such as BSI, Schellman, DNV, or A-LIGN) will assess — and that independent body issues the certificate, not 1205. We are not a certified partner, and we do not guarantee certification. Nothing here is legal advice.
The question is already in your inbox.
A security questionnaire asks how your AI is governed. A board member wants to know your AI risk posture. An enterprise customer makes AI governance a condition of renewal. And inside, the reality is scattered: policies in three places, no current AI inventory, no risk register, and no roadmap to a defensible assessment.
The reference point everyone is converging on is ISO/IEC 42001, the international standard for an AI management system. It is voluntary — not a Canadian law — but the commercial pressure behind it is real. You need a partner who gets you ready for that standard, and who is deliberately not the body that certifies it.
Built to the framework. Ready for the assessment.
Clause-by-clause gap assessment
We map where you stand today against the ISO 42001 framework, clause by clause, and produce a prioritized list of what is missing. You see exactly how far you are from a defensible assessment before you commit to one.
Framework: ISO/IEC 42001 — the reference, not the hook.
AI inventory & risk register
Most organizations cannot say, in one place, where AI operates and what could go wrong. We build the inventory and a risk register that names each system, its purpose, its data, and its exposure — the backbone of any governed AI program.
Held under NDA. See data-handling below.
Governance & human-oversight design
We design the policies, roles, and human-in-the-loop controls that keep a person accountable for consequential AI decisions — the governance an assessor, a board, or a customer will look for.
A person on the hook, by design.
Internal-audit dry-run
Before the real assessment, we run an internal dry-run against the same criteria, surface what would fail, and give you a remediation plan with owners — so the certification body does not find it first.
Find the gaps before the assessor does.
Everything an assessor will ask to see.
The pack is the assembled record of a governed AI program — the inventory, the risks, the policies, and the proof they are real. We build it; an accredited certification body assesses it; that body certifies, not 1205.
AIMS gap report
Where your AI management system stands against each area of the framework, with every gap named, sized, and prioritized.
AI system inventory
A single, current record of every place AI operates in your organization — system, owner, purpose, and the data it touches.
AI risk register
The risks each AI system carries and how they are controlled, kept current as a living record rather than a one-time snapshot.
Governance & oversight policy set
The policies, roles, and human-in-the-loop controls that govern how AI is built, bought, and used — and who is accountable.
Readiness map
A Statement-of-Applicability-style map showing how your controls line up to the framework, so the assessment has a clear starting point.
Certification-body evidence pack
The assembled, organized evidence an accredited certification body will assess — plus a human-attestation cover statement from a named reviewer.
Your AI inventory is sensitive. We treat it that way.
An AI inventory and risk register describe where AI touches your business and where it could go wrong. That is exactly the kind of material you would not want loose — so we hold it to a clear posture from the first conversation.
- NDA first. We sign a mutual non-disclosure agreement before any inventory or risk work begins — not after.
- Named-access only. Your inventory, risk register, and evidence are accessible only to the named practitioners on your engagement.
- Your data stays yours. We do not reuse your information to train models, and your evidence stays in your control.
- You direct the handoff. Nothing goes to a certification body or any third party except as you direct.
Start with the scorecard. Scope the rest after a call.
The entry scorecard is a fixed fee so you can start without a long sales cycle. The full readiness engagement varies with your AI footprint, so we scope it after a short call — no anchored number you would have to discount later.
AI Governance Readiness Scorecard
A fixed-fee diagnostic. We score your AI management system against the framework, hand you a prioritized gap list, and tell you whether certification timing makes sense yet. The fastest way to know where you stand.
ISO 42001 Readiness & Evidence Pack
The full engagement: gap assessment, AI inventory and risk register, governance and oversight design, internal-audit dry-run, and a certification-body-ready evidence pack. Scoped to your AI footprint and complexity.
AIMS Maintenance Retainer
Keep the management system current between annual surveillance assessments — quarterly governance review, risk-register refresh, and evidence upkeep as your models, policies, and AI footprint change.
The Human-Attested standard
AI in the workflow. A person on the hook.
AI assists. It never decides.
We use AI to move faster on research, drafting, and pattern-finding. It is a tool in the workflow — not the analyst, not the judgment, and not the author of what we deliver.
A senior human reviews and owns the work.
Every deliverable is reviewed and stood behind by a senior 1205 practitioner. The findings, the recommendations, and the file are human work product — attributable to a named person, not a model.
We escalate when the matter needs it.
Where a question crosses into regulated territory, we say so and route it to an accredited ISO/IEC 42001 certification body. We would rather hand off than overreach.
We are clear about our boundaries.
1205 prepares your AI management system, evidence, and governance for assessment — it does not certify, audit, or issue ISO 42001 certification, and it is not an accredited certification body or a certified partner. The certificate is issued by an independent accredited certification body, not by 1205.
See how 1205 handles AI-assisted work, human review, regulated partner routing, and confidentiality in the Human-Attested Trust Pack.
Where AI governance also shows up.
AI Hiring Compliance
If AI touches how you source, screen, or assess candidates, that is a governance hotspot of its own. Run an operational compliance review before a complaint or audit finds it first.
AI Hiring Compliance CheckThe Human-Attested standard
How 1205 uses AI in the workflow, keeps a named human accountable for every deliverable, routes regulated work to the right partner, and protects your confidential information.
Read the Trust PackStraight answers on readiness.
Does 1205 certify our AI management system?
No. 1205 is not a certification body and does not certify, audit, or issue ISO 42001 certification. ISO/IEC 42001 certificates are issued by independent accredited certification bodies. What 1205 does is prepare the AI management system, evidence, and governance that body will assess — so you arrive at the review ready, not scrambling. We do not certify on your behalf, and nothing we provide is legal advice.
What is the difference between readiness and certification?
Readiness is the work of building and documenting an AI management system — the inventory, risk register, policies, human-oversight design, and evidence — so it can withstand an independent assessment. Certification is the formal assessment itself, performed only by an accredited certification body, which issues the certificate if you pass. 1205 does the readiness. The accredited body does the certification. The two are deliberately separate.
What is ISO 42001, and do we need it if Canada has no AI law?
ISO/IEC 42001 is a voluntary international standard for an AI management system — a structured way to govern how your organization builds, buys, and uses AI. It is not a Canadian law, and Canada has no AI statute in force today. The pressure is commercial, not regulatory: enterprise customers, boards, and procurement teams increasingly ask whether your AI is governed before they buy or renew. ISO 42001 is becoming the reference framework they point to. We help you be ready for that conversation.
How sensitive is the information we share, and how do you handle it?
Very. Your AI inventory and risk register describe where AI touches your business and where it could go wrong — exactly the kind of detail you would not want loose. We work under a signed NDA before any inventory or risk work begins, restrict access to the named practitioners on your engagement, and keep your AI inventory, risk register, and evidence in your control. We do not reuse your data to train models, and we do not share it with the certification body except as you direct.
What does it cost?
The entry AI Governance Readiness Scorecard starts at CA$3,500 — a fixed-fee diagnostic that scores your AI management system against the framework and tells you whether you are close. The full ISO 42001 Readiness and Evidence Pack is a scoped engagement, typically CA$28,000–$60,000 depending on how many AI systems you run and how complex your organization is. Ongoing maintenance ahead of annual surveillance is available as a retainer. We quote the core after a short call.
Who actually does the work — a person or a model?
A named senior practitioner reviews and stands behind every deliverable. We use AI to move faster on research and drafting, but it never makes the judgment calls and it is never the author of your evidence pack. The readiness work, the findings, and the human-attestation cover statement are human work product attributable to a named reviewer — which is exactly what an accredited assessor expects to see.
Know where you stand before the assessment.
Tell us where AI operates and what is prompting this, and we will scope an AI Governance Readiness Scorecard. We reply within one business day. We prepare you for the standard — we do not certify, and nothing here is legal advice.
— Readiness Scorecard from $3,500