{"id":609154,"date":"2025-12-08T03:22:09","date_gmt":"2025-12-08T11:22:09","guid":{"rendered":"https:\/\/www.genesys.com\/blog\/post\/genesys-achieves-iso-iec-420012023-certification-for-responsible-ai-governance"},"modified":"2025-12-18T22:44:08","modified_gmt":"2025-12-19T06:44:08","slug":"genesys-achieves-iso-iec-420012023-certification-for-responsible-ai-governance","status":"publish","type":"blog","link":"https:\/\/www.genesys.com\/en-gb\/blog\/post\/genesys-achieves-iso-iec-420012023-certification-for-responsible-ai-governance","title":{"rendered":"Genesys achieves ISO\/IEC 42001:2023 certification for responsible AI governance"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_section][vc_row][vc_column][vc_column_text css=&#8221;&#8221;]<span style=\"font-weight: 400;\">Artificial intelligence (AI) is reshaping the customer experience in remarkable ways. What began as simple automation is evolving into systems that can learn, reason, and soon act on behalf of customers and employees. This shift towards agentic AI opens up exciting opportunities to create new value, not just automate existing work. Yet greater autonomy also introduces new risks, heightening the need for credible, independently verified AI governance. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">That\u2019s why we are excited to share that the <a href=\"https:\/\/www.genesys.com\/en-gb\/genesys-cloud\" target=\"_blank\" rel=\"noopener\">Genesys Cloud<\/a><\/span><span style=\"font-weight: 400;\">\u2122<\/span><span style=\"font-weight: 400;\"> platform has achieved ISO\/IEC 42001:2023 certification for our AI Management System (AIMS). This globally recognised standard is the first of its kind focused on managing AI responsibly. It outlines how organisations can establish, operate, and continuously improve an AI management system with structured controls for risk, oversight, and performance.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Earning ISO\/IEC 42001 certification represents a major milestone in our ongoing commitment to<\/span> <a href=\"https:\/\/www.genesys.com\/en-gb\/responsible-ai\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">responsible AI<\/span><\/a><span style=\"font-weight: 400;\">. I recently spoke with Louise Willemse, Principal Product Manager for Security, Privacy, AI and Compliance at Genesys, to discuss the scope of ISO\/IEC 42001 for Genesys Cloud, its value to CX leaders and what lies ahead for AI governance. Below is a recap of our conversation. <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text css=&#8221;&#8221;]<strong>Hi Louise, congratulations to you and the entire team on this achievement. It\u2019s the result of a lot of focused effort over many months. For those who might not be familiar, can you explain what ISO\/IEC 42001 is and what motivated Genesys to pursue this certification? <\/strong><\/p>\n<p><b>Louise Willemse: <\/b><span style=\"font-weight: 400;\">Thank you. It would not have been possible without the contribution of many teams. ISO\/IEC 42001 is the first globally recognised standard that specifies requirements for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS) within organisations. Achieving the certification demonstrates the application of the AIMS principles such as Accountability, Transparency, Fairness, Security and Privacy, as well as the application of ISO\/IEC 42001 controls to ensure responsible development and use of AI systems. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">An AIMS consists of the following key components: <\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\"><strong>Governance structure:<\/strong> Defines roles, responsibilities, and oversight for AI management within the organisation. <\/span><\/li>\n<li><span style=\"font-weight: 400;\"><strong>Policies and procedures:<\/strong> Establishes documented rules for ethical AI design, development, deployment and use. <\/span><\/li>\n<li><span style=\"font-weight: 400;\"><strong>Risk management:<\/strong> Identifies, assesses, and mitigates risks associated with AI systems, including safety and security concerns. <\/span><\/li>\n<li><span style=\"font-weight: 400;\"><strong>Data governance:<\/strong> Ensures data used by AI systems is properly managed, including security, privacy, integrity and compliance. <\/span><\/li>\n<li><span style=\"font-weight: 400;\"><strong>Transparency measures:<\/strong> Enables clear documentation and communication about AI systems, decisions, and outcomes. <\/span><\/li>\n<li><span style=\"font-weight: 400;\"><strong>Continuous improvement:<\/strong> Implements monitoring, review, and update mechanisms for ongoing AI system enhancement and compliance. <\/span><\/li>\n<li><span style=\"font-weight: 400;\"><strong>Stakeholder engagement:<\/strong> Fosters communication with internal and external stakeholders to address concerns and feedback. <\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The motivation to pursue this certification goes back to 2024 when it became clear that ISO 42001 provided a clear framework to establish an AI governance programme. <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text css=&#8221;&#8221;]<strong>That\u2019s a great overview. Let\u2019s get a bit more specific about the certification itself. What did Genesys include in scope for the audit and does the certification apply across all Genesys Cloud global regions? <\/strong><\/p>\n<p><b>Willemse: <\/b><span style=\"font-weight: 400;\">The Genesys Cloud ISO\/IEC 42001 certificate scope includes the design, development, and deployment of AI technologies in the Genesys Cloud platform.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The AI technologies used include machine learning algorithms, natural language processing, <\/span><span style=\"font-weight: 400;\">predictive analytics, real-time decision-making algorithms, conversational AI, generative AI and <\/span><span style=\"font-weight: 400;\">large language models (LLMs). These technologies are embedded in the Genesys Cloud platform. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">ISO 42001 is a global certification and our certificate covers nine sites where AI development is concentrated: Galway (Ireland): Menlo Park (California), Durham (North Carolina), Indianapolis (Indiana), Chennai (India), Hyderabad (India), Toronto (Canada), Tel-Aviv (Israel) and Budapest (Hungary). <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text css=&#8221;&#8221;]<strong>Thanks for clarifying what is in scope. Many customers are already familiar with other ISO standards, such as 27001 and 27701. Can you explain how ISO\/IEC 42001 fits alongside those frameworks and where it adds something new?<\/strong><\/p>\n<p><span style=\"font-weight: 400;\"><strong>Willemse:<\/strong> From the start, the intention was to create an integrated management system, building on the management system already in place for ISO 27001\/27017\/27018. The AIMS shares common IMS processes for document control, risk, audit and continual improvement. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">An initial gap analysis reviewed our existing policies, processes, and procedures to identify what needed to change. Whilst some new AI-specific elements were needed, most changes involved adapting what we already had in place. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">One of the learnings along the way was that AI, initially treated as a subset of information security, is its own unique domain, alongside information security and privacy. This also required some organisational changes. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">AI, more so than information security, requires cross-functional teams working together. One of the main challenges has been to make technical engineering teams more aware of human rights and ethical aspects during the design and development of AI systems. One way we achieved this was by involving these teams early in the AI system impact assessments and having them consider the harms and benefits of using their AI systems on individuals, groups, and the organisation. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">The other side of this was educating legal and various cross-functional teams on <a href=\"https:\/\/www.genesys.com\/en-gb\/capabilities\/ai-and-automation\" target=\"_blank\" rel=\"noopener\">Genesys Cloud AI<\/a> systems using our technical documentation. <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text css=&#8221;&#8221;]<b>The connection between standards makes sense, especially since many of our customers already use ISO frameworks in their own operations. From a buyer\u2019s perspective, due diligence is always a big part of vendor selection. How does ISO\/IEC 42001 help customers evaluate and trust their CX partners? <\/b><\/p>\n<p><span style=\"font-weight: 400;\"><strong>Willemse:<\/strong> ISO 42001 certification significantly reduces the due diligence burden for buyers. The painstaking work of evaluating a vendor\u2019s AI controls has been largely removed given it has been independently verified by an external auditor. It provides assurance of our commitment to developing trustworthy, well-governed AI. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">In addition, the detailed transparency reports that Genesys Cloud provides for each of our AI-powered products and AI systems help buyers to evaluate Genesys Cloud AI systems and answer many of the standard due diligence questions. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Overall, it helps to accelerate vendor selection and procurement since buyers can point to independent third-party validation. <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text css=&#8221;&#8221;]<b>That perspective on customer value is helpful. I imagine the process also taught us a lot internally. What did we learn about AI risk and impact as we worked through the certification requirements? <\/b><\/p>\n<p><b>Willemse: <\/b><span style=\"font-weight: 400;\">Back in 2023, when the EU AI Act was still on the horizon and only the draft ISO 42001 was published, a business case was developed to comply with the EU AI Act. At this stage we had completed a small proof of concept for identifying and assessing AI risk for one of our existing more mature traditional AI systems. It was clear that we faced several foundational challenges: <\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<ol>\n<li><span style=\"font-weight: 400;\">No common AI language or AI naming standards across teams <\/span><\/li>\n<li><span style=\"font-weight: 400;\">An incomplete AI inventory, including third-party AI components <\/span><\/li>\n<li><span style=\"font-weight: 400;\">Incomplete technical documentation on AI systems, models, and datasets used <\/span><\/li>\n<li><span style=\"font-weight: 400;\">Existing risk management policies and procedures that did not take the complexity of AI risk into account <\/span><\/li>\n<li><span style=\"font-weight: 400;\">Varying levels of knowledge about AI governance<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">All of these were absolutely essential to have effective AI risk management as part of broader AI governance and required strong cross-functional cooperation between teams.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We realised early on that our customers would also have obligations to carry out AI risk assessments and AI system impact assessments under the EU AI Act. To enable our customers to complete these tasks, we needed to be transparent and make our AI product and AI system cards available to customers. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">The work we put in to address these challenges has also given us many internal opportunities, including broad visibility and insights into our AI ecosystem. And that has resulted in closer collaboration on AI projects between all internal teams. <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text css=&#8221;&#8221;]<b>I know the ink is barely dry on the ISO\/IEC 42001 certification, but what\u2019s up next for Genesys AI governance? <\/b><\/p>\n<p><b>Willemse: <\/b><span style=\"font-weight: 400;\">Having the ISO 42001 certification is an amazing achievement and a great start for our AI journey. The next phase will focus on maturing our AI governance framework, continuing to improve our technical documentation for customers, raising AI literacy for all employees, and automating AI-related workflows (i.e. AI System Impact Assessments). <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Whilst ISO 42001 for Genesys Cloud is a huge step in the right direction, there is more to be done to comply fully with the EU AI Act for all Genesys. This work is ongoing. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Other focus areas for 2026 and beyond are: <\/span><\/p>\n<ol>\n<li><span style=\"font-weight: 400;\">Strengthening the current privacy framework (working towards ISO 27701 certification), in particular in relation to AI data and the data lifecycle. <\/span><\/li>\n<li><span style=\"font-weight: 400;\">Sustainability, with many new directives coming up and AI\u2019s huge demand for computing resources. Environmental impact assessments with real tools for measuring carbon emissions for AI models are not currently available and need to be developed. <\/span><\/li>\n<li><span style=\"font-weight: 400;\">Business continuity is already a huge priority for Genesys through new regulations like DORA. Embedding AI-related risks and failures into the business impact assessments will be another important focus. <\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Lasty, Genesys will continue to prioritise certifications and regulatory assurances to keep pace with the evolving AI governance landscape. <\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text css=&#8221;&#8221;]<\/p>\n<h2><span style=\"font-weight: 400;\">The Path Forward for Genesys Cloud AI <\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Agentic AI represents the next leap in CX; and trust is what will define its success. The path forward lies in scaling AI responsibly, instilling confidence in the technology as it becomes more capable and autonomous. <\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span> <span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">The Genesys ISO\/IEC 42001 certification provides a solid foundation for that trust through a verified framework for accountability, transparency, and continuous improvement. It reinforces our commitment to delivering AI that enhances experiences without introducing risk and gives our customers the confidence to scale responsibly. <\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">To learn more about Genesy Cloud global compliance, visit our <\/span><a href=\"https:\/\/www.genesys.com\/trust-center\/compliance\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Trust Centre<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Check out the Genesys<\/span> <a href=\"https:\/\/www.genesys.com\/en-gb\/responsible-ai\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Responsible AI<\/span><\/a><span style=\"font-weight: 400;\"> page to get an understanding of our commitment to developing AI responsibly.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Obtain a copy of the Genesys Cloud ISO\/IEC 42001:2023 certificate, at the<\/span> <a href=\"https:\/\/spc.genesys.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Security, Privacy and Compliance<\/span><\/a><span style=\"font-weight: 400;\"> portal. Portal access is restricted to Genesys Cloud customers and partners. <\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][\/vc_section]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_section][vc_row][vc_column][vc_column_text css=&#8221;&#8221;]Artificial intelligence (AI) is reshaping the customer experience in remarkable ways. What began as simple automation is evolving into systems that can learn, reason, and soon act on behalf of customers and employees. This shift towards agentic AI opens up exciting opportunities to create new value, not just automate existing work. Yet greater autonomy [&hellip;]<\/p>\n","protected":false},"author":260,"featured_media":607084,"template":"","tax_priority":[54],"tax_blogtype":[17751],"tax_blogcategory":[15939,13125],"tax_contenttheme":[14850],"tax_bundle":[],"tax_contenttheme2":[16186],"tax_capability_sitewide":[16209],"tax_products_programs":[16489,17531],"tax_buying_job":[16735],"tax_buyer_persona":[16881,18584,16900],"tax_sector":[],"tax_segment":[17096,17121,17123],"class_list":["post-609154","blog","type-blog","status-publish","has-post-thumbnail","hentry","tax_priority-54","tax_blogtype-genesys-en-gb","tax_blogcategory-ai-and-machine-learning-en-gb","tax_blogcategory-cloud-en-gb","tax_contenttheme-improve-customer-experience-en-gb","tax_contenttheme2-level-up-your-technology-en-gb","tax_capability_sitewide-ai-and-automation-en-gb","tax_products_programs-genesys-ai-en-gb","tax_products_programs-genesys-cloud-cx-en-gb","tax_buying_job-job-5-validation-en-gb","tax_buyer_persona-business-en-gb","tax_buyer_persona-technical-en-gb-2","tax_buyer_persona-technical-en-gb","tax_segment-enterprise-en-gb","tax_segment-midsized-en-gb","tax_segment-smb-en-gb","tax_content_type-blog-en-gb"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/blog\/609154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/users\/260"}],"version-history":[{"count":5,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/blog\/609154\/revisions"}],"predecessor-version":[{"id":609159,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/blog\/609154\/revisions\/609159"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/media\/607084"}],"wp:attachment":[{"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/media?parent=609154"}],"wp:term":[{"taxonomy":"tax_priority","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_priority?post=609154"},{"taxonomy":"tax_blogtype","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_blogtype?post=609154"},{"taxonomy":"tax_blogcategory","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_blogcategory?post=609154"},{"taxonomy":"tax_contenttheme","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_contenttheme?post=609154"},{"taxonomy":"tax_bundle","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_bundle?post=609154"},{"taxonomy":"tax_contenttheme2","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_contenttheme2?post=609154"},{"taxonomy":"tax_capability_sitewide","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_capability_sitewide?post=609154"},{"taxonomy":"tax_products_programs","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_products_programs?post=609154"},{"taxonomy":"tax_buying_job","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_buying_job?post=609154"},{"taxonomy":"tax_buyer_persona","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_buyer_persona?post=609154"},{"taxonomy":"tax_sector","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_sector?post=609154"},{"taxonomy":"tax_segment","embeddable":true,"href":"https:\/\/www.genesys.com\/en-gb\/wp-json\/wp\/v2\/tax_segment?post=609154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}