AIMS Manual (ISO/IEC 42001)

Digisoul Artificial Intelligence Management System (AIMS) Manual

This AIMS Manual provides an overview of how Digisoul structures, implements, and continuously improves its Artificial Intelligence Management System in alignment with the principles and requirements of ISO/IEC 42001. It consolidates our key AI-related policies, roles, and processes into a single, transparent framework for clients, partners, and auditors.

This Manual is a high-level guide. Detailed procedures, records, and internal tools are maintained within Digisoul’s internal systems and are available for review under appropriate confidentiality where relevant.

1. Context & Scope

Digisoul operates as an AI-native digital agency delivering AI-powered marketing, content, experience, and automation solutions for clients across multiple regions. Our AIMS focuses on ensuring these solutions are safe, compliant, ethical, and aligned with our strategic objectives and stakeholder expectations.

  • Internal & External Issues: rapid AI evolution, data protection laws, platform dependencies, client regulatory constraints, reputational risk.
  • Interested Parties: clients, end-users, partners, regulators, staff, technology providers.
  • AIMS Scope: all AI-related services, components, and processes defined in our AI Governance & AIMS Policy.

2. Leadership & Governance

Digisoul’s leadership endorses the AI Governance & AIMS Policy and ensures that AI use aligns with our values, legal obligations, and client commitments.

  • AI Governance Council (AIGC): sets direction, allocates resources, reviews risks and performance.
  • AIMS Lead: coordinates implementation, monitoring, and reporting.
  • Policies: AI Governance & AIMS Policy, AI Data & Vendor Governance Policy, Privacy Policy, Cookie Policy, Accessibility Statement, Social Responsibility & Ethical AI Statement.

3. Planning & Risk Management

Planning within the AIMS focuses on setting measurable objectives and addressing AI-specific risks and opportunities.

  • AIMS Objectives: trustworthy AI, client protection, regulatory alignment, measurable value, continuous improvement.
  • Risk Framework: AI Risk & Safety Framework assessing privacy, bias, security, misuse, explainability, and business impact.
  • Integration: AI risk linked with enterprise risk, security, and data-protection processes.

4. Support (People, Competence, Data & Vendors)

  • Competence: mandatory training for relevant staff on responsible AI, AIMS processes, privacy, and security.
  • Awareness: internal guidance, playbooks, and regular updates on AI risks, controls, and best practices.
  • Communication: dedicated channels (aims@digisoul.io, privacy@digisoul.io, ethics@digisoul.io) for concerns and clarifications.
  • Documented Information: maintained in internal repositories: policies, SOPs, templates, risk registers, system inventories, incident logs.
  • Data & Vendor Governance: AI Data & Vendor Governance Policy defines selection criteria, DPAs/SLAs, safeguards, and ongoing reviews.

5. Operation (AI Lifecycle Controls)

Operational controls ensure that all AI systems in scope follow a defined lifecycle.

  • Use Case Intake: document purpose, legal basis, data, impact, owner.
  • Design & Build: privacy-by-design, security-by-design, bias-aware design, vendor alignment.
  • Testing: functional, safety, bias, robustness, and compatibility checks.
  • Deployment: controlled release with approvals and documentation.
  • Monitoring: logging, KPI tracking, incident detection, periodic reviews.
  • Change Management & Decommissioning: structured process for updates and controlled retirement of AI components.

6. Performance Evaluation

  • Monitoring: track AI performance, reliability, safety flags, and user feedback.
  • Internal Reviews: scheduled AIMS reviews by AIGC and AIMS Lead.
  • Client & Partner Feedback: incorporated into improvements where AI is part of contracted services.
  • Audits: internal audits of high-risk use cases, vendors, and processes.

7. Improvement & Incident Handling

  • Nonconformities: gaps in controls or policy adherence logged and corrected.
  • AI Incidents: defined, investigated, remediated, and escalated via AI Governance and security processes.
  • Corrective Actions: updates to models, prompts, configs, vendors, training, or policies.
  • PDCA Loop: lessons learned feed back into planning and operations.

Annex: ISO/IEC 42001 Alignment Matrix (High-Level)

The matrix below provides an indicative mapping between ISO/IEC 42001 thematic requirements and Digisoul’s internal framework. It is designed to support readiness assessments and client due diligence. Thematic groups are indicative and do not reproduce the standard’s text; detailed clause-level mapping is maintained internally.

  • Context & Scope — AI Governance & AIMS Policy and AIMS Manual; key processes: scope definition, stakeholder analysis, AI use case register.
  • Leadership — AI Governance & AIMS Policy; key processes: AIGC charter, AIMS Lead role, policy approvals.
  • Planning & Risk — AI Risk & Safety Framework and AI Data & Vendor Governance; key processes: risk assessment, risk register, treatment plans.
  • Support — Internal Training Guidelines and Communication Plan; key processes: competence management, awareness, documentation control.
  • Data & Vendors — AI Data & Vendor Governance Policy and Privacy Policy; key processes: vendor due diligence, DPAs/SLAs, data classification.
  • Operation — AI Governance & AIMS Policy and Solution Playbooks; key processes: use case intake, lifecycle controls, change management.
  • Performance — AIMS Manual and Internal Review Records; key processes: monitoring, KPIs, internal audits, management review.
  • Improvement — Incident & Nonconformity Procedures; key processes: incident handling, corrective actions, PDCA loop.

Last updated: 8 November 2025