Blog News and Events Walking the walk: Thoropass is now ISO 42001 certified October 22, 2024 Amanda Levine As AI becomes increasingly integrated into business operations, maintaining trust, security, and responsibility is paramount. Over the past year, Thoropass has been at the forefront of AI innovation, developing platform enhancements like the GenAI-powered DDQs. Committed to practicing what they preach, Thoropass saw achieving ISO 42001 certification as the next crucial step in solidifying their approach to ethical AI use. Thoropass’s Chief Information Security Officer (CISO), Jay Trinckes, and Mastermind’s Chief Executive Officer (CEO), David Forman, share insights into the certification process and its significance. Why ISO 42001? With the rapid integration of AI across industries, many companies face growing concerns about how to manage potential risks. Thoropass decided to pursue ISO 42001 certification because of its commitment to building trust while leveraging AI within its platform. Jay explains, “We were implementing AI into our product and wanted to ensure we built trust in this process. AI can introduce risks, and ISO 42001 provides the management system to handle those risks in a consistent and efficient manner. We wanted to lead the way with this certification.” AI can introduce risks, and ISO 42001 provides the management system to handle those risks in a consistent and efficient manner. We wanted to lead the way with this certification. Jay Trinckes CISO Thoropass ISO 42001 offers organizations a framework to manage and mitigate AI-related risks, particularly around ethics, transparency, and security. For Thoropass, being an early adopter of this certification is not just about compliance; it’s about setting an industry standard for responsible AI use… “walking the walk” so to speak. The certification journey Achieving ISO 42001 certification is no small feat. According to Trinckes, it took approximately five months from preparation to certification. Thoropass’s journey involved a three-month preparation phase, a month-long internal audit, and another month to complete the external certification. However, because Thoropass had already obtained certifications like ISO 27001 and HITRUST, many of the necessary controls were already in place. This foundation significantly streamlined the process. David Forman, a representative of the issuing certification body Mastermind, shared his perspective: “Thoropass’s information security and governance teams were well-prepared to expand their integrated management system to meet the additional requirements of ISO 42001. Their existing certifications in ISO management system standards, along with regular assessments for SOC 2, HITRUST, and PCI DSS, provided a strong foundation to address AI risks.” Their existing certifications in ISO management system standards, along with regular assessments for SOC 2, HITRUST, and PCI DSS, provided a strong foundation to address AI risks. David Forman CEO Mastermind Assurance In David’s experience, first-time applicants often face significant hurdles, but Thoropass was an exception. “We were able to focus on more in-depth audit trails during the Stage 2 Certification Audit, which felt more like a recertification audit of the management system due to the stringency of the process.” Working with Thoropass’s platform The Thoropass platform, with its existing controls crosswalks, policies library, and Data Rooms, proved invaluable during the audit process. Forman emphasized how the Thoropass platform contributed to a seamless audit experience. “The certification audit was conducted entirely within the Thoropass platform. We utilized features like the Data Rooms to streamline communication and share evidence. It allowed our audit teams to inspect evidence from a recent SOC 2 Type 2 examination and corroborate offline reviews with live walkthroughs led by Thoropass staff, which helped us develop our audit team’s recommendation for certification.” The internal work done during the ISO 42001 certification process laid the groundwork for future platform updates, which will include support for ISO 42001 in late 2024! Leveraging ISO 42001 to drive growth For Thoropass, obtaining ISO 42001 certification is more than just a badge on its website—it’s a critical tool for building customer trust and driving business growth. As more companies integrate AI into their operations, having a solid foundation in responsible AI use will become a differentiator. Jay sees this as a major growth driver for Thoropass, “We plan to leverage this certification to demonstrate our responsible use of AI and build trust with our customers, particularly in how we integrate AI into our platform.” We plan to leverage this certification to demonstrate our responsible use of AI and build trust with our customers, particularly in how we integrate AI into our platform. Jay Trinckes CISO Thoropass With this certification, Thoropass is positioned to lead in an evolving landscape where AI governance will play a central role in corporate compliance. Thoropass’s journey toward ISO 42001 certification reflects the company’s dedication to responsible AI use and the security of its platform. By implementing stringent AI management systems and building on a strong foundation of existing certifications, Thoropass is not only ensuring compliance, but also setting a new industry standard for AI governance. As businesses continue to grapple with the complexities of AI, Thoropass is leading the way, demonstrating that trust and technology can go hand in hand. You can read the full press release here. Does your organization have an AI Governance Policy yet? Get started today with this AI Governance Policy Template. Enter the AI era Explore GenAI for your business, safely and securely Explore the suite of new offerings from Thoropass to help your organization set itself up for success in this new era of GenAI and compliance Learn More icon-arrow Share this post with your network: Facebook Twitter LinkedIn