MEG's ISO/IEC 42001:2023 certification, issued by Citation ISO Certification β the international standard for Artificial Intelligence Management Systems. MEG achieved certification with 17 positive observations and zero nonconformances.
As a quality management software provider built exclusively for healthcare organisations, MEG has always believed that technology used in clinical governance, compliance, and patient safety must be held to the highest standard. That belief does not stop at our quality management software - it extends to how we build, govern, and deploy Artificial Intelligence features that power it.
That is why we are proud to announce that MEG has achieved ISO/IEC 42001:2023 certification - the international standard for AI Management Systems. Our audit was completed with 17 positive observations and zero nonconformances, a result that reflects the depth of work our team has put into building responsible AI governance from the ground up.
What ISO 42001 Certification Means for AI Governance in Healthcare
ISO/IEC 42001:2003 is the world's first internationally recognised, certifiable standard for AI management systems. Published in December 2023, it provides a structured framework for organisations that develop, provide, or use AI systems, setting out requirements for how AI should be governed, monitored, and continuously improved.
In practical terms, certification means an independent third party has verified that MEG has the policies, processes, and controls in place to manage AI responsibly across the full lifecycle; from how risks are identified and mitigated, to how decisions made by AI systems are documented, reviewed, and accountable.
The standard addresses some of the most pressing concerns around AI in regulated industries: transparency, bias, ethical use, data governance, and human oversight. It's designed not just as a compliance exercise, but as an operational framework that embeds responsible AI into how an organisation actually works, using the βPlan-Do-Check-Actβ methodology familiar from other ISO management system standards.
For healthcare organisations, AI management systems provide a structured approach to governing AI safely and consistently. As AI becomes increasingly embedded in clinical, operational, and quality processes, AI management systems in healthcare help organisations establish clear accountability, manage risks, and demonstrate that AI is being developed and used responsibly. ISO 42001 certification provides an internationally recognised framework for achieving this.
MEG was independently assessed and approved by Citation ISO Certification Limited.
Why AI Management Systems Matter in Healthcare
Healthcare is one of the most AI-sensitive environments in the world. Decisions informed by technology can affect patient safety, clinical outcomes, and organisational accountability. The stakes for getting AI governance wrong are not abstract.
For quality managers, compliance officers, and clinical governance leads, AI governance in healthcare is becoming a practical assurance question. When AI is embedded into operational systems, organisations need confidence that vendors can demonstrate transparency, oversight, risk management, and accountability.
For MEG's customers: quality and compliance teams in hospitals, health systems, and regulated healthcare organisations, the question of whether their software vendor governs AI responsibly is increasingly not a nice-to-have. It is a procurement consideration, a governance question, and in many cases, a trust issue. ISO 42001 certification gives our customers a clear, independently verified answer: Yes! MEG has a structured, audited system in place for responsible AI.
A Rare Distinction
While awareness of ISO/IEC 42001:2003 is growing rapidly, adoption remains limited. As of mid-2026, it is estimated that between 350 and 500 organisations worldwide have achieved this certification. For context, there are thousands of organisations globally holding ISO 27001 (information security) certification.
We are proud to be among this early group and to be one of the few healthtech companies to have achieved it. In a sector where trust is everything, we think that distinction matters.
What ISO 42001 Certification Means for MEG Customers
For existing MEG customers, this certification reinforces what you already know about how we work: with rigour, with transparency, and with your regulatory environment firmly in mind.
For organisations evaluating quality management software, it is a signal worth taking seriously. ISO 42001 certification gives healthcare organisations a clear signal: MEGβs quality management system has been independently assessed against an internationally recognised framework for responsible AI. As AI becomes more deeply embedded in the tools healthcare teams use every day, the governance behind those tools matters as much as the features.
We are committed to maintaining and building on this certification as our AI capabilities grow - and as the regulatory landscape around AI in healthcare continues to evolve.
βAt MEG, we have treated AI governance and ethics as enablers of innovation, not obstacles to it, from the outset. By embedding this principle, we have built a strong AI foundation for responsible growth. Achieving ISO 42001 certification validates this approach in practice. This is just the beginning, and we will continue building on this foundation.β
FAQβs
-
ISO/IEC 42001:2023 is the world's first international standard for Artificial Intelligence Management Systems (AIMS). It provides organisations with a structured framework for governing, developing, deploying, monitoring, and continually improving AI systems responsibly.
-
ISO 42001 certification means an independent certification body has verified that an organisation has implemented an AI Management System that meets the requirements of ISO/IEC 42001:2023. Certification demonstrates that the organisation has documented policies, governance processes, risk controls, human oversight, and continual improvement practices in place to manage AI responsibly throughout its lifecycle.
-
Healthcare organisations increasingly rely on AI to support quality management, clinical governance, operational efficiency, and decision-making. Because AI can influence patient safety, regulatory compliance, and organisational accountability, robust governance is essential. ISO 42001 provides a recognised framework for managing AI risks while promoting transparency, human oversight, ethical use, and continuous improvement.
-
An AI Management System (AIMS) is a structured set of policies, processes, responsibilities, and controls that enables an organisation to govern AI consistently and responsibly. Similar to how ISO 27001 manages information security or ISO 9001 manages quality, ISO 42001 helps organisations integrate AI governance into everyday business operations.
-
Being AI responsible means designing, deploying, and governing AI in a way that is transparent, accountable, secure, and aligned with ethical and regulatory expectations. Responsible AI goes beyond technology itself, it includes human oversight, risk assessment, data governance, bias mitigation, documentation, monitoring, and continual improvement.
-
Healthcare organisations should ask software vendors how AI is governed, not just what AI features are available. Key questions include:
Does the organisation have a documented AI governance framework?
How are AI risks identified, assessed, and monitored?
What human oversight exists for AI-supported decisions?
How are bias, transparency, and accountability addressed?
Has the organisation been independently assessed against recognised standards such as ISO/IEC 42001:2023?
-
As AI becomes increasingly embedded in healthcare software, organisations need confidence that vendors have appropriate governance processes in place. ISO/IEC 42001:2023 certification provides independent evidence that a vendor has established structured controls for managing AI responsibly, helping support procurement decisions, regulatory compliance, and organisational trust.
-
Although both are international ISO management system standards, they address different areas of organisational governance.
ISO 27001 focuses on information security management, helping organisations protect the confidentiality, integrity, and availability of information.
ISO 42001 focuses specifically on AI governance, helping organisations manage the unique risks associated with developing, deploying, and using artificial intelligence.
-
No. ISO/IEC 42001:2023 is a voluntary international standard. However, as AI regulation evolves and organisations place greater emphasis on responsible AI, certification can demonstrate a strong commitment to recognised best practices and provide assurance to customers, regulators, and other stakeholders.
-
While ISO 42001 does not guarantee compliance with the EU AI Act or other regulations, it provides organisations with a structured governance framework that supports many of the management, risk, documentation, and accountability practices expected under emerging AI regulations.