Tech News
← Back to articles

I implemented an ISO 42001-certified AI Governance program in 6 months

2025-11-15 | original
read original related products more articles

Nov 14, 2025

As the AI-hype props the Economy, trust in AI capabilities has become central for end users and customers of B2B SaaS companies alike. After all, AI brings many promises, but also threats.

Without trust, there is no business. How do you build trust about systems whose marketing rely on mysticism? Do we need to think of something new and follow the “visionaries” of the Tech industry while they compulsively reinvent the wheel?

Or can we follow the decades of experiences built when developing new technologies like planes, trains, and automobiles? 🦃 Indeed, we can. As with any other types of products, we can build trust by implementing standards of quality management and safety, as well as demonstrating compliance with regulatory bodies, and building a culture of incident management. Henceforth the dawn of AI Governance.

The easiest part of AI Governance is understanding what it is. AI Governance is the process organizations implement to manage standards of quality and safety in their AI systems (internal or product alike). AI Governance frameworks abound, and each of them will tell you what you should implement. The difficult part of AI Governance is how to implement those processes.

From January to June 2025, I threw myself at the task of implementing an AI Governance program, which was externally audited in July 2025, leading to Zendesk becoming one of the first CX companies ISO 42001-certified. That means that our AI Governance program complied with the standards of a good AI management system, as viewed by ISO. Thus, I have a thing or two to say about effective implementation of AI Governance.

AI Governance, the What is Easier than the How

I will cut through the chase: most AI Governance frameworks overlap each others significantly, and my preference goes to the NIST AI Risk Management Framework (NIST AI RMF) for several reasons.

It is a well-rounded AI Governance framework, it doesn’t overly focus on cybersecurity or compliance; NIST AI RMF is open source, all their playbooks and documentation is freely available on their website. Their documentation is very digestible (a mere 40 pages 😬); Like other NIST frameworks, it is well regarded and recognized in the US and by some global customers. If your AI Governance program aligns with NIST, you are 90% of the way there for ISO 42001. It also aligns very well with the EU AI Act.

An Overview of NIST AI RMF in 60 Seconds or Less

... continue reading

Related:
5 ways to use your Chromecast TV beyond streaming shows (including a smart home hack)
So, you want to design your own language? (2017)
Designing a Language (2017)
Supergreens powder and supplements recalled nationwide after Salmonella outbreak sickens people in 7 states
Don't turn your brain off

© 2025 GoKawiil