AI Inventory and Scope. Know what you have before you govern it.
Most organisations are surprised by how many AI systems they actually use. Before you can build an AI Management System, you need a complete, accurate picture of every AI tool, model, and automated process in scope. We find them all.
Six capabilities. One complete AI inventory.
Our AI inventory and scope service gives you everything the certification body needs to validate your AIMS boundary, and everything your governance team needs to manage AI responsibly.
AI System Discovery
Structured workshops and technical interviews to surface every AI tool, model, and automated decision process in use across your organisation.
AI Register Creation
A formal register documenting each AI system, its purpose, data inputs, outputs, risk level, and the teams responsible for it.
Scope Boundary Definition
Clear definition of which AI systems fall within your AIMS scope, with documented rationale for any exclusions that satisfies the certification body.
Regulatory Obligation Mapping
Identification of applicable regulations, sector-specific requirements, and contractual obligations that affect your AI systems.
Stakeholder and Role Mapping
Mapping of AI ownership, accountability, and decision-making authority across business units, IT, and senior leadership.
Third-Party AI Assessment
Review of AI tools and platforms supplied by third parties, including SaaS products with embedded AI, to determine AIMS applicability.
From discovery to signed-off scope. Six structured steps.
Kick-off and Briefing
We brief your project team on what counts as an AI system under ISO 42001, covering everything from large language models to rules-based automation.
Discovery Workshops
Structured sessions with department heads, IT, and operations teams to surface AI tools in use, including shadow AI and unapproved tools.
Technical Inventory Review
We review your software estate, procurement records, and cloud subscriptions to cross-check against workshop findings.
Risk Classification
Each identified AI system is classified by risk level using the ISO 42001 risk framework, informing scope prioritisation.
Scope Document Drafting
We draft the formal AIMS scope statement and AI register in the format required by your certification body.
Scope Sign-off
We present findings to your leadership team, agree the final scope, and prepare the documentation package for the next phase.
Real organisations. Real AI inventories.
Law firm AI audit
A UK law firm using AI for contract review, legal research, and client communications needed a complete inventory before pursuing ISO 42001. We identified 14 distinct AI systems across 6 practice areas, including several tools the IT team were unaware of.
NHS supplier scoping
A healthcare technology supplier to the NHS needed to define which of their AI-assisted diagnostic tools fell within ISO 42001 scope. Our scoping work identified the three systems requiring full AIMS coverage and excluded lower-risk tools with documented rationale.
Fintech AI register
A UK fintech with AI embedded across credit decisioning, fraud detection, and customer service built their first formal AI register with us. The register became the foundation for their ISO 42001 certification and their FCA model risk governance programme.
Find out what AI your organisation is actually using. Book a free scoping call.
Our free scoping call takes 30 minutes. We will assess the likely scale of your AI inventory, identify any obvious gaps in your current governance, and give you a clear view of what Phase 1 involves for your organisation.