Assent Risk Management has maintained a long-standing relationship with Darktrace, a global leader in cybersecurity AI, providing support for their ISO 27001 and ISO 27018 certifications through internal audits and ongoing consultancy services. This foundation of trust and collaboration positioned Assent as a natural partner when Darktrace sought to become an early adopter of the newly published ISO 42001 standard in 2025.
Challenge
ISO 42001, the first international standard for AI management systems, introduces a structured framework for the responsible governance of artificial intelligence. While it aligns closely with existing information security standards like ISO 27001 and ISO 27018, it introduces new requirements —particularly around AI ethics, transparency, and accountability.
One of the most significant challenges in this project was demonstrating the competence of individuals involved in the AI management system. Given the relative infancy of AI governance, establishing clear evidence of relevant skills and experience required a creative and rigorous approach.
Our Approach
Assent began the engagement with a comprehensive gap analysis to assess Darktrace’s readiness for ISO 42001. Leveraging our deep understanding of ISO management systems and our familiarity with Darktrace’s existing ISMS, we mapped the new requirements against their current controls and practices.
Key steps included:
- Collaborative Planning: Working closely with Darktrace’s internal teams, including their AI Ethics Committee, to align the new standard with existing governance structures.
- Competence Mapping: Developing a framework to evidence the competence of personnel involved in the AI lifecycle, including data scientists, engineers, and oversight bodies.
- Documentation and Integration: Ensuring that ISO 42001 requirements were integrated seamlessly into the existing ISMS, minimising duplication and maximising efficiency.
- Certification Support: Providing hands-on support throughout the certification process with BSI, including readiness assessments and audit preparation.
Outcome
Darktrace successfully achieved ISO 42001 certification, becoming one of the first organisations globally to do so. This milestone not only reinforces their leadership in ethical AI but also demonstrates their commitment to transparency, accountability, and continuous improvement in AI governance.
Quote from Assent Consultant
“It has been a privilege to work with Darktrace over the last few years, supporting their journey through ISO 27001 and ISO 27018, and seeing the organisation grow both in scale and in the maturity of its governance practices. Darktrace has always been forward-thinking, embracing innovation while keeping security at the heart of everything they do, so it was no surprise when they set their sights on becoming one of the first to achieve ISO 42001 certification.
Implementing this new standard required a collaborative and flexible approach, particularly in areas like competence and ethical oversight—concepts that go beyond traditional information security. Thanks to our established relationship, we were able to build on their existing management system and integrate the new requirements efficiently and effectively.
Achieving ISO 42001 is a significant milestone for Darktrace and a clear reflection of their leadership in responsible AI. I’m proud to have played a part in this achievement and look forward to continuing to support them as their governance and compliance frameworks evolve.”
Garry Renton,
Consultant, Assent Risk Management
Quote from Darktrace Representative
“Darktrace set its sights on becoming one of the first AI cybersecurity vendors to achieve ISO 42001:2023 – a standard that the industry was still trying to get it’s head around at the time we started our journey.
Assent’s support in both implementing a new [AI] management system, and auditing against the requirements of the newly published ISO 42001 standard played a vital role in ensuring Darktrace was ready to proceed with the Stage 1 and Stage 2 audits, and ultimately, achieve certification with the British Standards Institution (BSI), amongst some of the first in our industry.
Thanks to our long-standing relationship with Garry Renton and the team at Assent, we were able to comprehensively break down and implement the requirements of the standard and use Garry’s existing knowledge of our management system to our advantage. This helped speed up the process by drawing out any issues and closing gaps early on. ISO 42001 is a critical milestone for Darktrace as we continue to mature our governance and compliance framework. This achievement expands Darktrace’s current certified compliance framework, which includes our ISO 27001:2022 and ISO 27018:2019 certifications – all of which Assent has been instrumental in providing support, expertise and auditing over the years.”
William Booth
Director, Cybersecurity Compliance
Key Learnings
- Competence is Critical: Demonstrating the competence of individuals involved in AI governance is essential—and challenging. Organisations must think beyond traditional qualifications and consider practical experience, ethical awareness, and interdisciplinary collaboration.
- Leverage Existing Systems: Organisations with mature ISMS frameworks can build on these foundations to meet ISO 42001 requirements more efficiently.
- Early Adoption Pays Off: Being an early adopter of ISO 42001 positions organisations as leaders in responsible AI, enhancing trust with stakeholders and regulators alike.
Looking to achieve to ISO 42001 certification
See some of our other case studies
