Know exactly where your AI governance gaps are, before an auditor, customer, or regulator finds them.

A fixed-scope, fixed-price assessment that tells you precisely what stands between your AI product and ISO 42001 readiness, and what to do about it, in order.

The Problem

Canadian SaaS companies with AI in the product are increasingly hitting the same wall: an enterprise prospect, a procurement team, or a regulator asks “show us your AI governance program”, and there’s nothing to show. PIPEDA already governs how that AI handles customer data, whether or not you’ve mapped it. ISO 42001 is becoming the answer enterprises expect when they ask the question, and if you’re selling beyond Canada, the EU AI Act sets an even higher bar that’s coming regardless.

Most teams don’t know where they stand relative to ISO 42001, which means they can’t tell a prospect how close they are, can’t budget the work, and can’t sequence it.

The Offer

A fixed-scope, fixed-price gap analysis: $8,000–$12,000, 2–3 weeks from kickoff to delivered roadmap.

What you get

  • A scored assessment of your current state against ISO 42001 control requirements
  • A prioritized gap list, what's missing, what's partial, what's already in place
  • A sequenced roadmap (what to fix first, and why), not a 100-item checklist with no order
  • One direct working session to walk through findings with your team

This is not a Big 4 audit engagement. It’s practitioner-level, fast, and scoped to give you a clear answer, not a 200-page report that sits in a drive.

Use cases by role

If you’re a CTO

You need to know what engineering work this creates, how big it is, and how to sequence it against your roadmap, without guessing.

If you’re a VP Engineering / Eng Lead

You need a defensible answer when a prospect’s security questionnaire asks about AI governance, and a plan your team can actually execute against.

Why this firm

  • Founder is a certified ISO 42001 Lead Auditor and ISO 27001 Lead Auditor, not a generalist consultant repackaging a framework they've never been audited against
  • Founder-run, you work directly with the person doing the assessment, not a junior assigned to your account
  • Built on the same assessment methodology (IL-CAA) used in full security architecture engagements, this gap analysis draws from a deeper, tested playbook, not a generic template

Next Step

Book your gap analysis.

One scoped engagement. A scored assessment, a prioritized gap list, and a sequenced roadmap, in your hands in 2-3 weeks.

Get Your AI Governance Roadmap →