Metadata-Version: 2.4
Name: iso-42001-ai-mcp
Version: 1.0.10
Summary: AI-powered iso 42001 ai MCP server for agents. Supports audit management system, assess ai risk, generate policy template. By MEOK AI Labs.
Project-URL: Homepage, https://csoai.org
Project-URL: Repository, https://github.com/CSOAI-ORG/iso-42001-ai-mcp
Author-email: MEOK AI Labs <nicholas@meok.ai>
License: MIT License
        
        Copyright (c) 2026 CSOAI-ORG / MEOK AI Labs
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
License-File: LICENSE
Keywords: ai-governance,compliance,mcp,meok
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.10
Requires-Dist: mcp>=1.0.0
Description-Content-Type: text/markdown

mcp-name: io.github.CSOAI-ORG/iso-42001-ai-mcp

# ISO 42001 AI MCP

> ISO/IEC 42001:2023 AI Management System compliance — clauses 4–10 audit, Annex A controls, Annex B risk assessment, policy generation, certification readiness, and EU AI Act crosswalks.

[![PyPI](https://img.shields.io/pypi/v/meok-iso-42001-ai-mcp)](https://pypi.org/project/meok-iso-42001-ai-mcp/)
[![npm](https://img.shields.io/npm/v/meok-iso-42001-ai-mcp)](https://www.npmjs.com/package/meok-iso-42001-ai-mcp)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
[![smithery](https://img.shields.io/badge/Smithery-MCP-orange)](https://smithery.ai)

## What This Does

ISO/IEC 42001:2023 is the first international standard for **AI Management Systems (AIMS)**. It specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system. The standard covers 7 management system clauses (4–10), Annex A controls for AI-specific governance (policies, lifecycle, data, transparency, third-party relationships), and Annex B guidance for AI risk assessment across 7 risk categories.

This server audits your AIMS against all clauses, evaluates Annex A controls, performs Annex B risk assessments, generates ISO 42001-compliant policy documents, checks certification readiness, and maps everything to EU AI Act articles — the key dual-compliance feature for organizations operating in the EU.

## Quick Start

```bash
npx meok-setup --pack governance
```

## Tools

| Tool | Description | Parameters |
|------|-------------|------------|
| `audit_management_system` | Audits your AI management system against all 7 ISO 42001 clauses (4–10) and their subclauses. Evaluates organizational context, leadership, planning, support, operation, performance evaluation, and improvement. Returns per-clause conformity scores and certification readiness. Recognizes synergies with existing ISO 27001/9001/27701 certifications. | `organization_description`, `ai_systems_description`, `existing_certifications` |
| `assess_ai_risk` | Performs ISO 42001 Annex B risk assessment across 7 categories: bias & fairness, safety & reliability, transparency & explainability, privacy & data protection, security & resilience, accountability & governance, societal & environmental. Returns risk ratings, treatment priorities, and recommended Annex A controls. | `system_description`, `system_name`, `risk_criteria` |
| `generate_policy_template` | Generates ISO 42001-compliant AI policy documents. Three formats: "comprehensive" (full 12-section policy with governance structure, roles, risk management, lifecycle management), "brief" (executive statement), or "executive" (board-level policy). Addresses clause 5.2 and Annex A.2.2 requirements. | `organization_name`, `ai_scope`, `policy_type` |
| `check_annex_controls` | Evaluates your AI system against all ISO 42001 Annex A controls across 9 sections (A.2–A.10): AI policies, internal organization, resources, impact assessment, lifecycle management, data governance, transparency, AI use, and third-party relationships. Produces a gap analysis suitable for Statement of Applicability. | `system_description`, `system_name`, `implemented_controls` |
| `crosswalk_to_eu_ai_act` | Maps ISO 42001 clauses and Annex A controls to EU AI Act articles. Shows exactly where ISO 42001 conformity satisfies EU AI Act requirements. Covers ~20 clause-to-article mappings with alignment strength ratings (strong/moderate). Essential for dual-compliance programmes. | `iso_clauses`, `focus_area` |
| `create_certification_checklist` | Generates an ISO 42001 certification readiness checklist with pass/fail criteria for each requirement. Covers documentation, processes, and evidence needed for certification audit. | `organization_description`, `ai_systems_description` |
| `quick_scan` | One-line system description to instant ISO 42001 gap assessment. No parameters needed beyond the description. Fast triage tool for initial assessment. | `system_description` |
| `certification_timeline` | Returns ISO 42001 certification steps and typical timelines. No parameters needed. Useful for planning certification journey. | *(none)* |

## Usage Examples

### Audit an AI startup's management system

```
Use the audit_management_system tool with:
  organization_description: "AI startup developing LLM-based customer support chatbots for enterprise clients. 80 employees, no formal AI governance structure, no AI policy documented, ad-hoc risk assessments. Has ISO 27001 certification."
  ai_systems_description: "Three production LLM fine-tuned on client data. Uses RAG architecture. Processes customer PII. Deployed in EU and US."
  existing_certifications: "ISO 27001"
```

**Expected output:** Overall conformity ~25–35% (major_gaps). ISO 27001 synergy recognized for clauses 7.5, 8.2, 9.2. Critical gaps: clause 5 (no AI policy), clause 6 (no formal risk assessment), clause 8 (no impact assessment). Certification readiness: not_ready.

### Assess AI risk for a hiring tool

```
Use the assess_ai_risk tool with:
  system_description: "Automated CV screening and candidate ranking system for graduate recruitment. Trained on 5 years of historical hiring data. Scores candidates on predicted job performance. Uses NLP to parse resumes and analyze video interviews. Affects employment decisions for 10,000+ applicants annually."
  system_name: "GraduateRecruit AI"
```

**Expected output:** Risks identified in bias & fairness (HIGH — hiring decisions, protected classes), transparency (HIGH — black-box scoring), privacy (MODERATE — biometric video analysis). Recommended controls: A.5.2 (impact assessment), A.6.3 (responsible design), A.6.4 (testing), A.8.2 (transparency). Statement of Applicability needed.

### Generate a comprehensive AI policy

```
Use the generate_policy_template tool with:
  organization_name: "Acme AI Ltd"
  ai_scope: "Development and deployment of machine learning models for financial services, including credit scoring, fraud detection, and customer analytics"
  policy_type: "comprehensive"
```

**Expected output:** Full 12-section policy document (~2000 words) covering AI principles (safety, fairness, transparency, accountability, privacy, security, human oversight), governance structure with RACI matrix, risk management framework, lifecycle management process, competence requirements, and documentation obligations. Ready for customization and board approval.

### Crosswalk ISO 42001 to EU AI Act

```
Use the crosswalk_to_eu_ai_act tool with:
  iso_clauses: "all"
```

**Expected output:** ~20 mappings showing where ISO 42001 clauses align with EU AI Act articles. Strong alignment: clause 6.1 → Art. 9 (risk management), clause 8.4 → Art. 27 (fundamental rights impact), clause 7.2 → Art. 4 (AI literacy). Key insight: ISO 42001 certification provides substantial EU AI Act coverage but Articles 5, 49, 50, 62 require additional measures.

## Installation

### Claude Desktop

Add to `claude_desktop_config.json`:

```json
{
  "mcpServers": {
    "iso-42001-ai": {
      "command": "npx",
      "args": ["-y", "meok-iso-42001-ai-mcp"]
    }
  }
}
```

Or install via Smithery:
```bash
npx smithery mcp add nicholastempleman/iso-42001-ai-mcp
```

### Cursor

Add to `.cursor/mcp.json`:

```json
{
  "mcpServers": {
    "iso-42001-ai": {
      "command": "npx",
      "args": ["-y", "meok-iso-42001-ai-mcp"]
    }
  }
}
```

### VS Code

Add to `.vscode/mcp.json`:

```json
{
  "servers": {
    "iso-42001-ai": {
      "command": "npx",
      "args": ["-y", "meok-iso-42001-ai-mcp"]
    }
  }
}
```

### pip

```bash
pip install meok-iso-42001-ai-mcp
```

## Related Servers

| Server | Purpose |
|--------|---------|
| [iso-27001-ai](../iso-27001-ai-mcp/) | Information security management (93 Annex A controls, ISO 27005 risk) |
| [gdpr-compliance-ai](../gdpr-compliance-ai-mcp/) | GDPR DPIA, data subject rights, breach notification |
| [eu-ai-act-compliance](../eu-ai-act-compliance-ai-mcp/) | EU AI Act risk classification and Annex IV documentation |
| [nist-rmf-ai](../nist-rmf-ai-mcp/) | NIST AI Risk Management Framework risk profiles |
| [csoai-governance-crosswalk](../csoai-governance-crosswalk-ai-mcp/) | 12 compliance frameworks mapped through 52 articles |

## Pricing

- **Free tier:** 10 calls/day per tool
- **Pro:** £79/mo — unlimited calls + cryptographically signed compliance attestations

## License

MIT © [MEOK AI Labs](https://meok.ai)

<!-- BUY-LADDER:START -->

## 💸 Try MEOK in 30 seconds — instant buy ladder

| Tier | Price | What you get | Stripe |
|---|---|---|---|
| Smoke test | **£1** | Signed sample MCP-Hardening report + Article 50 PDF | <https://buy.stripe.com/dRmcN75ScdQS7oh1Uc8k90U> |
| Quick Kit | **£9** | EU AI Act Article 50 implementation guide (C2PA + EU-Icon) | <https://buy.stripe.com/cNi00la8s1460ZT0Q88k90V> |
| Founder Call | **£29** | 30-min 1-on-1 with the founder | <https://buy.stripe.com/8x228ta8s6oqbExaqI8k90W> |

> Refundable. UK Stripe — VAT-clean. Builds on the 81-MCP MEOK fleet.
> Verify any signed report at <https://meok.ai/verify>.

<!-- BUY-LADDER:END -->