The HumanWox Platform
A detailed look at how HumanWox supports your ISO/IEC 42001 implementation.
Clause-by-Clause Implementation
HumanWox maps every clause of ISO/IEC 42001 from Clause 4 (Context of the Organisation) through Clause 10 (Improvement). Each clause view surfaces the AI systems it affects, the requirements it contains, the controls that satisfy those requirements, and the evidence gaps that remain. Implementation becomes a structured process rather than a guessing game.
The platform supports the logical sequencing of implementation. Clause 4 (understanding your organisation's context) informs Clause 6 (planning), which drives Clause 8 (operational controls). Dependencies are visible, so you know what to work on next.
AI System Registry
The registry is the heart of HumanWox. Every AI system your organisation develops, deploys, or procures is registered with structured metadata: purpose, risk classification, data categories, lifecycle stage, deployment environment, and ownership.
This is not a simple inventory list. Each registered system connects to the controls that govern it, the evidence that demonstrates compliance, and the risks that have been identified and treated. When an auditor asks 'how do you govern this AI system?', the answer is a traceable chain of records, not a folder of documents.
The registry also captures the data needed for EU AI Act compliance: system type, risk category, and intended use, meaning the same governance data serves multiple regulatory frameworks.
Evidence Lifecycle Management
Evidence is not static. Policies expire, risk assessments become outdated, and operational records need periodic review. HumanWox treats evidence as living artefacts with defined lifecycles.
Every piece of evidence has an owner, a review cadence, an effective date, and an expiry date. The platform surfaces stale artefacts before they become audit findings. Evidence links to specific controls and AI systems, so you can trace exactly what each document proves and for which system.
Version history is maintained automatically. When a policy is updated, the previous version is preserved and the new version inherits the same control and system linkages. Auditors see the full history.
Readiness Reporting
The readiness score is not a percentage plucked from thin air. It is computed from the actual state of your governance: control implementation status, evidence completeness, review currency, risk treatment progress, and outstanding obligations.
The score degrades over time as evidence expires and reviews become overdue. This is by design. Certification is a moment in time, but governance is continuous. The readiness report gives leadership and audit teams an honest, real-time view of where the organisation stands.
Export audit-ready reports for certification bodies, board presentations, or customer due diligence responses.