Compliance · Sprint · MODULE ISO
ISO 42001 + PDPA Readiness Sprint
ISO 42001 readiness in 28 days — without hiring a compliance team
A focused 4-week sprint: we build your AI system inventory, risk register, Statement of Applicability, baseline policies (acceptable use, data handling, incident response), and ISO 42001 audit-ready evidence pack. Includes PDPA readiness (DPO appointment, DPIA template, data subject access portal).
4 weeks
Sprint duration · fixed
RM 14,999
Fixed-price · no scope creep
ISO 42001
AI management systems standard
WHAT THIS FIXES
The exact problems ISO 42001 + PDPA Readiness Sprint is built around.
- Your enterprise customer just asked for ISO 42001 — you have 8 weeks before the procurement RFP closes.
- PDPA enforcement is ramping in 2027. ≥ 20K data records means you need a DPO and a documented DPIA — you have neither.
- External consultants quote RM 60K-120K for ISO 42001 readiness and take 4-6 months.
- You don't know what you don't know — there's no template for "what does ISO 42001 actually want from us?".
HOW IT WORKS
The pipeline, end to end.
- 1
Week 1 — Inventory + scoping
AI system register (all LLM, ML, automation use). Scope decisions for ISO 42001 (typically: AI dev + AI use). PDPA data inventory (personal data flows, retention, processors).
- 2
Week 2 — Risk register + SoA
AI risk assessment per system (bias, hallucination, data leak, drift, regulatory). ISO 42001 Statement of Applicability with 50+ controls scoped in/out per system.
- 3
Week 3 — Policies + procedures
Acceptable AI use policy, data-handling SOP, incident response runbook, vendor AI risk assessment, DPIA template, DPO appointment letter (PDPA s.20 compliant).
- 4
Week 4 — Evidence pack + handover
Evidence pack assembled (audit log samples, control test results, training records). Audit-readiness review with you + your audit lead. Sprint deliverables handed over as a single zip + Notion workspace.
- 5
Post-sprint — 30 days warranty
Within 30 days of handover, we answer auditor questions and clarify any deliverable at no extra cost. After 30 days, ongoing support is /modules/ISO Maintain (RM 1,499/mo, optional).
WHAT'S INCLUDED
Every capability shipped, named.
- ISO 42001 (AI Management Systems) readiness
- PDPA compliance (data inventory, DPIA, DPO appointment, data subject portal)
- AI system register with risk assessment per system
- Statement of Applicability (SoA) for all 50+ ISO 42001 controls
- 7 baseline policies (acceptable use, data handling, incident response, vendor AI, retention, training, change control)
- Audit-ready evidence pack (logs, test results, training records)
- 30-day post-sprint warranty (auditor question support)
- Optional Maintain tier for ongoing compliance ops
- Cross-mappable to SOC 2, ISO 27001, MyDigital ID requirements
- Built by Malaysian team — knows MY regulatory context
PRICING
Plans that scale with use, not seats.
All prices in MYR, exclusive of SST. 14-day refund on monthly, pro-rated refund on annual. PDPA-aligned. Cancel anytime.
Sprint + Maintain
RM 14,999 + RM 1,499/mo
Sprint + ongoing compliance ops · quarterly audit prep · policy updates
Talk to sales →WHAT YOU RECEIVE
The artefacts that land in your hands.
Audit-ready evidence pack
Zip + Notion workspace with: AI inventory + risk register + SoA + 7 policies + DPIA + DPO appointment + evidence samples. Ready for ISO 42001 external auditor.
Implementation playbook
Day-by-day plan for the 4 weeks. You see what we're doing, when, with what dependencies. No "black box" — full transparency.
Audit-readiness review
End-of-sprint review with you + your audit lead. Walkthrough every deliverable. Q&A. 30-day warranty starts here.
FREQUENTLY ASKED
The questions buyers ask first.
Does this guarantee certification?
No — ISO 42001 certification is awarded by accredited certification bodies (DNV, Bureau Veritas, etc.) after their audit. Module ISO gets you ready for that audit; we don't replace it.What's NOT included?
Surveillance audits, certification fees (paid to the certification body), and changes to your operational systems. The sprint produces the documentation + evidence; you operationalise.PDPA vs ISO 42001 — different things?
Yes — different. PDPA is Malaysian data-protection law (mandatory). ISO 42001 is a voluntary international standard for AI management. The sprint covers both because they overlap heavily on data governance.4 weeks — is that really enough?
For most SMEs (< 100 employees, < 5 AI systems): yes. For larger orgs or complex multi-system estates: Group Sprint adds time. We scope on the discovery call.What if my auditor asks something the sprint didn't cover?
30-day post-sprint warranty: we answer their question at no extra cost. After 30 days, optional Maintain tier covers ongoing audit prep.When should I start?
If your customer's procurement clock starts in 6 months, start now. ISO 42001 certification typically takes 2-3 months AFTER readiness — Module ISO gets you to readiness in 4 weeks.
Try ISO 42001 + PDPA Readiness Sprint on your real business.
14-day trial. No credit card. PDPA-aligned. Built for Malaysian SMEs by a Malaysian team in KL. Reginald and ONSET team reply within one business hour, Mon–Fri 9am–6pm MYT.
- PDPA-aligned
- Cancel anytime
- 14-day refund
- 1 business hour reply
SEE OTHER AI EMPLOYEES
The other 24 modules in the platform.
Each AI Employee is independently usable, but they compose. Run a demo and we'll show you which combination fits your business.