I am often asked what would be the first step to approach ISO (either information security or artificial intelligence certification).
🥇The first step is the gap audit and training for everyone in the company. A gap audit is a shorter, less expensive audit from an auditor with real ISO audit experience, kind of like a mock audit with one particular goal: to understand where you are right now and how close you are to the successful certification audit. What you need to do: estimate the volume of work and timeline needed for your company to achieve the ISO goal.
🥈Second is the AI compliance training (usually a 3-day training for the entire company management) if you don’t want to be the only person in the company who does all the work.
🤫Big secret insight:
You need to organize training for the management for another reason: somebody else with the ability to explain things to management should bring them to your level of understanding of how important AI governance and compliance is, and the urgency of it.
No one will spend money on that or pay you bonuses or acknowledge your pioneering that challenging direction until everyone is on the same page — training is how they will understand the importance.
📆Small tips for planning:
the best training is in-person training;
the most cost-effective is for many people at the same time.
I do training for top management of the most famous companies in the world all the time — if their management finds time for training, surely you can find it too.
The biggest obstacle is my schedule: I plan my time 2 months ahead.
It’s always easier to find 1 day for a gap audit and then book 3 days for the training, but I can’t promise you free days next week.
From the moment of training to the full implementation cycle to the successful audit and ISO certification, the process usually takes 9-12 months. If you have another ISO, it could be 3-6 months
