Under ISO 42001, organizations must assess not only likelihood and severity of AI risks, but also their impact, particularly in areas such as human rights, bias, safety, compliance, etc. This goes beyond the CIA focus we have in ISO 27001.

Currently in Secfix:

We had to document impact domains outside the platform, which is inefficient and time consuming.

Add an “Impact Domain (ISO 42001)” field to the Risk Register (multi-select, similar to CIA or a text field).

This would improve audit readiness and ensure complete AI risk assessment within the platform.