Compare ISO 42001 auditors

BSI Group is a global standards body and certification firm, accredited to issue ISO/IEC 42001 AI Management System certifications — one of the first accredited bodies globally for this standard.

Embedding trust across the AI lifecycle with a multidimensional framework Deloitte's Trustworthy AI™ practice spans seven trust dimensions—transparent, fair, robust, privacy-respecting, safe, secure, and accountable—embedded across strategy, governance, model risk management, and engineering. The practice offers AI Audit and Assurance services alongside regulatory advisory, AI model risk management, and agentic AI governance. Deloitte is ranked #1 globally in Security Consulting by Gartner and a Leader in Worldwide AI Services by IDC. **Notable work:** Developed Trustworthy AI™ framework spanning seven trust dimensions; aligned practice to US AI Bill of Rights and SB 53 frontier AI law; ranked #1 in Security Consulting globally by Gartner

Human-led and AI-powered assurance spanning governance, risk, controls, and client diagnostics EY's AI assurance practice offers diagnostics, governance assessments, risk management, and controls services to help clients navigate AI-enabled transformations responsibly. The suite—spanning AI diagnostics, governance, risk management, and controls—is backed by EY's own deployment of responsible AI across 160,000 global audit engagements on the EY Canvas platform. EY has joined the Stanford University Institute for Human-Centered Artificial Intelligence Industrial Affiliates Program and is a recognized 'Frontier Firm' in Microsoft's Frontier Firm AI Initiative. **Notable work:** Launched enterprise-scale agentic AI across 160,000 global audit engagements; named Frontier Firm by Microsoft/Harvard Digital Data Design Institute; joined Stanford HAI Industrial Affiliates Program

Trusted AI framework powering gap assessments, model validation, and attestation KPMG's AI Assurance practice, launched in September 2025, provides AI model risk assessments, model validation, real-time systems assessments (RTSA), and formal AI assurance and attestation against standards including SOC, FedRamp, SWIFT, and HiTrust. The practice builds on KPMG's broader AI Trust services—covering governance frameworks, security, regulatory compliance, and AI inventory—all mapped to KPMG's Ethics and Trusted AI Framework. KPMG has also helped Microsoft develop and enhance its responsible AI tools and Responsible AI program. **Notable work:** Expanded AI Trust services with new AI Assurance capabilities in September 2025; helped Microsoft develop and enhance its Responsible AI program for partners and customers

First to market with AICPA-standard independent assurance over AI systems and governance PwC's Assurance for AI is performed under AICPA standards and provides independent assurance over AI governance, oversight, and operation—addressing bias, model drift, security, and third-party risk. The service can be aligned with NIST AI RMF, ISO 42001, EU AI Act, and other leading frameworks, and is produced at intervals suited to stakeholder needs. PwC also offers broader Responsible AI advisory spanning governance program assessments, SOX-relevant AI controls reviews, and regulatory readiness. **Notable work:** Launched 'Assurance for AI'—described as a first-to-market solution providing formal independent assurance over AI systems under AICPA standards

Proprietary AI Governance Framework for responsible adoption in the middle market RSM US offers comprehensive AI governance consulting services through its proprietary, continuously-evolving AI Governance Framework that incorporates elements from NIST AI RMF, ISO/IEC 42001, COSO, and other best-practice frameworks. Services include AI governance and strategy risk assessments, control design, monitoring program development, and audit-readiness preparation. RSM has also published detailed analysis of COSO's generative AI guidance and its implications for internal control. RSM's 4,000+ assurance professionals use the firm's AI-powered RSM Luca audit ecosystem. **Notable work:** Published COSO GenAI governance analysis linking AI risk to internal control framework (2026); launched Ask Luca GenAI tool across 4,000+ assurance professionals (January 2026); committed $1 billion over three years to AI strategy and digital transformation

Independent algorithmic audits and certifications ensuring global AI regulatory compliance Founded in 2018 by Dr. Shea Brown, BABL AI is a global algorithmic auditing firm offering independent third-party audits, ISO/IEC 42001 certification, EU AI Act conformity assessments, NYC Local Law 144 bias audits, NIST AI RMF readiness assessments, and AI auditor training. BABL's audit methodology aligns with international assurance standards (ISAE 3000) used by Big Four firms, and has been recognized in academic research from the Centre for the Governance of AI and University of Cambridge as a credible frontier AI compliance reviewer. **Notable work:** Recognized by Cambridge/Oxford Martin study as qualified frontier AI compliance reviewer; founding member of International Association of Algorithmic Auditors (IAAA); first published recommendations to European Commission on DSA/AIA audit methodology

ISO 42001-certified RAI consulting across strategy, governance, testing, and culture BCG's Responsible AI practice offers a battle-tested five-pillar RAI framework covering strategy, governance, key processes, technology, and culture—delivered through RAI maturity assessments, bias-testing frameworks, GenAI evaluator tools (ARTKIT), and AI impact transparency tools (FACET). In January 2026, BCG became one of the first 100 organizations worldwide—and the only premium consulting firm—to achieve ISO/IEC 42001 certification for its AI Management System. Chief AI Ethics Officer Steven Mills leads the practice. **Notable work:** One of first 100 organizations worldwide—and only premium consulting firm—to achieve ISO/IEC 42001 certification (January 2026); developed open-source ARTKIT GenAI evaluation library; BCG and MIT Sloan Management Review joint study on GenAI and responsible AI maturity

Enterprise AI governance platform enabling continuous, contextual compliance and audit Founded in 2020, Credo AI is an enterprise AI governance platform named a Leader in the Forrester Wave™ for AI Governance Solutions (Q3 2025) and recognized in Gartner's Market Guide for AI Governance Platforms (2025). The platform offers pre-built policy packs for EU AI Act, NIST AI RMF, ISO/IEC 42001, and SOC 2, with automated evidence generation, shadow AI discovery, continuous risk monitoring, and audit-ready documentation. Clients include Mastercard and Principal Financial Group. **Notable work:** Named Leader in Forrester Wave™: AI Governance Solutions Q3 2025 with 12 perfect scores; recognized in Gartner Market Guide for AI Governance Platforms 2025; World Economic Forum Technology Pioneer; actively contributed to EU AI Act, NIST AI RMF, and ISO 42001 frameworks; Mastercard and Principal Financial Group deployments

End-to-end AI governance platform with bias, privacy, and robustness audits Founded in 2020 by Dr. Adriano Koshiyama and Dr. Emre Kazim at University College London, Holistic AI provides an enterprise AI governance platform and third-party AI audit services covering bias, efficacy, robustness, privacy, and explainability. The firm has completed 200+ AI audits (including a program for Unilever spanning 300+ AI initiatives with 50% risk mitigation outcomes) and offers regulation-specific assessments for EU AI Act, NYC Local Law 144, and ISO/IEC 42001. Holistic AI founders collaborate with NIST AI Safety Institute, the UN AI Advisory Body, and the EU AI Act GPAI Code of Practice working groups. **Notable work:** Completed 200+ AI audits; Unilever engagement spanning 300+ AI initiatives with 50% risk mitigation rate; founders active in NIST AI Safety Institute, UN AI Advisory Body, OECD Network of Experts on AI, and EU AI Act GPAI Code of Practice

AI/ML security assessments combining penetration testing expertise with governance reviews NCC Group's AI security practice offers AI readiness assessments, AI/ML threat modeling, bias and toxicity testing, secure development lifecycle testing, red teaming (including OWASP LLM Top 10 methodology), and cloud security reviews for AI/ML infrastructure. The practice maps to ISO 42001, NIST AI Risk Management Framework, and EU AI Act. NCC Group has conducted AI security research for Google (AI hardware security, 2024) and is recognized as a Strong Performer in the Forrester Wave™: Cybersecurity Consulting Services in Europe, Q1 2024. **Notable work:** Conducted AI hardware security analysis for Google (April–May 2024); Strong Performer in Forrester Wave™ Cybersecurity Consulting Services in Europe Q1 2024; published AI/ML threat model analysis whitepaper

Standards-aligned third-party AI verification, independent badging, and enterprise governance frameworks Founded in 2016, the Responsible AI Institute (RAI Institute) is an independent non-profit providing third-party assurance through its TrustX and OMA verification programs, which are aligned to 17 global standards including ISO/IEC 42001, NIST AI RMF, and the EU AI Act. Rather than issuing certifications, RAI Institute issues independently verified badges covering AI security, governance, regulatory compliance, workforce impact, and sustainability. Enterprise membership (from $50,000/year) includes access to AI governance frameworks, working groups, and co-created thought leadership. **Notable work:** TrustX program aligned to 17 global standards; RAISE Pathways program powered by 1,100+ AI controls; member of World Economic Forum Global AI Action Alliance (GAIA); only independent non-profit providing third-party AI assurance verification