Skip to content

Whistic Achieves ISO 42001 Certification, Setting New Standard for Responsible AI in Third-Party Risk Management

Salt Lake City, UT – May 28, 2025 – Whistic, the pioneer of AI-first third-party risk management (TPRM), today announced it has achieved ISO 42001 certification by meeting the rigorous international standards for Artificial Intelligence Management Systems (AIMS), setting a new benchmark for AI governance in the TPRM industry. 

ISO 42001 is the world's first international standard for AI management systems, providing a structured approach to ensuring the ethical, transparent, and secure use of artificial intelligence. At a time when organizations face mounting pressure to ensure trustworthy and secure AI systems, this certification underscores Whistic's commitment to responsible AI governance and reinforces the company's significant strategic investments in developing market-leading AI capabilities.

"As AI becomes increasingly central to how businesses operate, questions of transparency, security, and governance are rightfully at the forefront," said Nick Sorensen, CEO at Whistic. "Achieving ISO 42001 certification is a significant milestone that provides assurance to our customers that the AI powering their TPRM and Compliance Programs adheres to the highest standards.” 

Whistic's AI-First TPRM™ approach has transformed how enterprises assess and manage third-party risk by automating the assessment process and providing deeper insights. The company's AI Copilot, which seamlessly integrates AI end-to-end into the vendor assessment workflow, meets the rigorous standards of ISO 42001, ensuring:

  • Transparent AI decision-making: Full visibility into how AI generates responses, including confidence scores and source citations
  • Ethical AI principles: Safeguards to minimize bias and ensure fair, accurate assessments
  • Robust risk management: Structured approach for identifying and mitigating risks with accuracy
  • Enhanced Governance Controls: Rigorous policies, monitoring mechanisms, and oversight procedures that maintain AI integrity and accountability

"The legacy approach to TPRM is built on spreadsheets and manual reviews that simply don’t scale," said John Finizio, Whisitc’s VP of Security, Risk & Compliance. "We didn’t just automate an outdated process, we reimagined a new one with AI at the center, without sacrificing transparency or control. This certification shows our AI capabilities aren’t just innovative, they're responsible, trustworthy, and aligned with the highest standards of AI governance."

As AI adoption grows, organizations in regulated industries like finance, healthcare, and insurance increasingly require Governance Committee approval. Whistic’s certification provides built-in assurance, often eliminating that step entirely. 

David Forman, Chief Executive Officer at Mastermind, performed the audit and said, “We have audited nearly half of all ISO 42001 certifications issued globally to date. Whistic’s program stood out for how well it translated policy into practical controls. Their work sets a clear benchmark for how AI can be governed responsibly at scale. It reflects the kind of credible, systems-based thinking that this certification was designed to validate.”

Whistic's ISO 42001 certification complements its existing SOC 2 and ISO 27001 certifications. The latest certification covers all AI components within the Whistic platform, including the Assessment Copilot engine, Vendor Smart Search, SOC 2 Summary, Vendor Summary, and Vendor Insights features.

About Whistic

Whistic eliminates the slow, manual steps of "legacy" third-party risk management (TPRM) with industry-leading AI at every stage of the process. Modernize your TPRM with automated assessments, on-demand vendor insights, and continuous risk monitoring — in a fraction of the time. Kill the Questionnaire™ and learn more about the Whistic platform here.