Coalfire Earns ANAB Accreditation for ISO 42001, Advancing Global AI Governance Standards

Booker young

Booker Young

VP, Coalfire

June 18, 2025
Web Imge ISO 42001 ANAB

As artificial intelligence (AI) reshapes industries and becomes embedded in everything from healthcare and finance to retail and government, trust in AI systems is no longer optional. Organizations must now prove that their AI is not only innovative, but also ethical, secure, and governed responsibly.
That's where AI assurance comes in - and Coalfire is leading the charge.

Coalfire is a certification body accredited by ANAB (ANSI National Accreditation Board) to conform to the ISO/IEC 42001:2023 standard, and now offers AIMS+, a first-of-its-kind program that pairs formal ISO 42001 certification with deep model testing-streamlining governance validation and technical assurance in one. 

“AI is redefining risk. Our AIMS+ solution gives organizations the ability to not only certify their AI governance but also validate how their models actually behave. That dual capability is the foundation of trusted, responsible AI."
— Tom McAndrew, CEO

Why ISO/IEC 42001:2023 Matters 

ISO/IEC 42001:2023, or ISO 42001, is the world’s first certifiable standard for Artificial Intelligence Management Systems (AIMS). It provides a global framework for governing AI across its entire lifecycle, helping organizations demonstrate responsible design, development, deployment, and oversight. 

Key focus areas include: 

  • AI risk management and governance
  • Transparency, explainability, and fairness
  • Secure data and model lifecycle practices
  • Human oversight and accountability 

With ISO 42001, organizations can establish a structured, auditable approach to managing AI risk and aligning with growing regulatory expectations. 

What Is AI Assurance? 

AI assurance is the process of independently evaluating whether an AI system is compliant, trustworthy, and well-governed. It involves technical, operational, and governance-based testing and reporting, and is increasingly expected by customers, regulators, and partners. 

Coalfire offers the most comprehensive suite of AI assurance, assessment, and certification services available, including: (add text cards for interactivity on page on categories below) 

ISO 42001 Readiness + Certification Audits 

  • Gap assessments and full-scope audits for ISO 42001
  • Preparation and support for formal certification
  • Third-party validation for service organizations, partners, and regulators 

AI Model Testing 

  • Deep technical testing of machine learning (ML) and deep learning (DL) systems
  • Evaluation of fairness, robustness, bias, and explainability
  • Identification of vulnerabilities and security risks in AI models 

Framework Alignment + Control Testing 

  • Mapping and evidence alignment across frameworks like: NIST AI RMF
  • HITRUST AI Risk Management Framework PCI DSS (for AI in payment environments) SOC 2 (AI-related controls and disclosures)
  • Operational audits of AI governance and risk controls 

 AI Security Testing 

  • Red-teaming and adversarial testing of AI systems
  • LLM-specific testing for hallucination, misuse, or prompt injection 

AI in Regulated Environments: PCI DSS Spotlight

AI technologies are increasingly integrated into PCI DSS-scoped environments for tasks like fraud detection, behavioral analysis, and chatbots. Coalfire helps organizations evaluate how AI systems interact with cardholder data and fit within compliance boundaries. 

We test and audit: 

  • AI models that access or process sensitive payment data
    • AI-driven logic used in customer service and fraud prevention
    • Governance of AI within risk and change management processes 

"As AI becomes core to payment environments, organizations must treat it with the same rigor as other PCI assets. ISO 42001 gives us a framework to build trust, and Coalfire helps clients implement it effectively." 
— Morgan Player, Managing Principal, Consumer Services Payments Assurance

Client Highlight: Augment Code Achieves ISO 42001 Certification

Augment Code partnered with Coalfire to become one of the first tech firms certified under ISO/IEC 42001:2023. The result: a stronger assurance posture that earned recognition from customers, investors, and regulators. 

"Coalfire was instrumental in helping us align our AI practices with ISO 42001. Their team understood the technical and ethical dimensions of our work and helped us navigate both with precision and care."
— Jon McLachlan, Head of Security, Augment Code

Why Choose Coalfire for AI Assurance? 

With deep experience in cybersecurity, compliance, and audit, Coalfire offers: 

  • Comprehensive deep model testing
  • Expertise across NIST, HITRUST, PCI DSS, and SOC frameworks

  • Full-spectrum AI security testing and model evaluation 

    We bring together auditors, AI risk specialists, and technical testers to deliver an assurance strategy that builds confidence and meets evolving standards. 

    Ready to Get Started? 

    Whether you're preparing for ISO 42001, implementing AI within PCI or HITRUST environments, or needing to evaluate and validate deep learning models, Coalfire is your trusted partner in AI assurance. 

Contact us today to schedule a readiness consultation or explore our end-to-end assessment services for trustworthy AI. 

Contact Us