Know Where You Stand
Sound decisions start with a clear picture of where things stand. An assessment maps the current state, identifies what works and where the gaps are. The result: documented findings, a grounded evaluation and prioritised recommendations.
Assessing AI Readiness
Before investing in AI or scaling a pilot, an organisation needs clarity on its own readiness. Three dimensions determine whether an AI initiative can realistically succeed:
-
Data and infrastructure. Data that works for reporting often cannot support AI. Granularity, timeliness and traceability determine which initiatives are realistic.
-
Processes and governance. AI systems require decision paths and control mechanisms that most organisations have not yet established. Spotted early, existing structures can be extended rather than rebuilt.
-
Competence and organisation. Developing an AI system demands different capabilities than operating, monitoring and evolving it. Many organisations underestimate the gap.
Validating Management Systems
A management system that fails its audit has missed the point. Better to find the gaps before the auditor does:
-
Gap analysis against ISO 27001 and ISO 42001. Documentation, processes and control environment assessed systematically against the standard. For existing ISMS, the analysis also shows which AI-specific requirements fit into the current control structure and where new controls are needed.
-
Audit preparation. Prioritised actions to close gaps before the audit.
What is the difference between an assessment and an audit for AI and data?
An audit checks against a fixed standard and ends with a formal conformity statement. An assessment evaluates the current state more broadly, across maturity, risks and areas for action, and delivers recommendations for next steps without a certification claim. Both formats complement each other: an assessment uncovers gaps that a subsequent audit can confirm or examine in depth.
What is the difference between an assessment and ongoing advisory on data and AI?
An assessment delivers a point-in-time baseline with concrete findings and recommendations. Ongoing advisory accompanies open decisions over a longer period and embeds outcomes in day-to-day operations. Often, an assessment marks the starting point for a broader engagement.
What does an AI readiness assessment actually measure?
An AI readiness assessment measures an organisation’s preparedness along three axes: data maturity (quality, availability, governance), organisational maturity (roles, processes, decision paths for AI) and technical maturity (infrastructure, integration capability, operational readiness). The result is not a score but a differentiated evaluation showing where the organisation is ready and where investment has the greatest leverage.
How does a gap analysis differ from an internal audit?
An internal audit checks whether existing processes are followed. A gap analysis against ISO 27001 or ISO 42001 checks whether the processes themselves meet the standard’s requirements. The distinction matters: an internal audit finds deviations from what is defined, a gap analysis questions whether what is defined is sufficient.
What happens after an assessment on data and AI?
Assessment results are a basis for decisions, not a final report. Documented findings and prioritised recommendations go to the people who make decisions and allocate resources. Some organisations continue on this basis internally; others use the assessment as a starting point for ongoing advisory.