Today, CSA is releasing the official mapping of the AI Controls Matrix (AICM v1.0) to ISO/IEC 42001:2023—with companion references to ISO/IEC 27001 and 27002. This practical guide helps organizations integrate AI-specific controls into existing ISMS programs, accelerate gap analysis, and build confidence in responsible AI.

At the same time, we’re unveiling the next evolution of assurance for AI: STAR for AI 42001—a pragmatic on-ramp to third-party assurance that meets organizations where they are while we continue to create innovative and robust STAR assurance solutions for AI.

What’s new today

AICM ↔ ISO/IEC 42001 mapping (available now)

A clear, control-by-control view of how AICM v1.0 aligns to ISO/IEC 42001:2023, with pointers to ISO/IEC 27001/27002 where compensating controls may close partial gaps. Use it to:

• Spot AI governance gaps quickly
• Integrate AI-specific policies, logging, data quality, and incident response into your ISMS
• Save time with one authoritative reference across AICM, 42001, and 27001/27002

Get the Mapping

Introducing STAR for AI 42001 — a pragmatic on-ramp to AI assurance

Building on your ISO/IEC 42001 foundation, STAR for AI 42001 recognizes real progress while raising the AI bar with CSA’s artifacts and automation:

1) STAR for AI Level 1 (AI CAIQ Self-Assessment)

Release date: October 23, 2025

Publish your AI CAIQ self-assessment to the STAR Registry to establish transparent, standardized disclosures against the AICM.

2) ISO/IEC 42001 Document Support for STAR Registry

Release date: October 23, 2025

Organizations certified to ISO/IEC 42001 can upload their certificates to the STAR Registry. This creates early visibility and prepares you for STAR for AI 42001 recognition.

3) Valid-AI-ted for AI (Scored Self-Assessment)

Release date: November 20, 2025

Run your AI CAIQ through CSA’s Valid-AI-ted scoring engine for structured, explainable feedback and an overall score—bringing consistency and signal to self-assessments.

4) STAR for AI 42001 (Provisional Level 2)

Release date: November 20, 2025

For organizations certified to ISO/IEC 42001: publish your certificate (Step 2) and pair it with a Valid-AI-ted CAIQ (Step 3). You’ll earn STAR for AI 42001, a provisional Level 2 recognition that validates your 42001 AI-MS and makes your AI control posture transparent and comparable via CSA artifacts.

With the release of our AICM mapping to ISO/IEC 42001 and the launch of STAR for AI 42001, we are signaling more than just new tools — we are setting the direction for how trust in AI will be earned. The industry is hungry for clarity, and this roadmap gives organizations a way to demonstrate responsibility today while preparing for the assurance frameworks of tomorrow. By combining the discipline of international standards with CSA’s commitment to transparency and innovation, we are building a foundation for AI that is not only secure and compliant, but also trusted, explainable, and resilient.