Combines AI-powered Procurement Orchestration with Rigorous Commitment to Governance and Data Security and Privacy

ORO Labs, creator of a market-leading no-code procurement orchestration platform, announced today it has received the world’s first ISO/IEC 42001:2023 certification issued with accreditation for an Artificial Intelligence Management System (AIMS). The first certifiable scheme of its kind, ISO/IEC 42001:2023, commonly referenced as “ISO 42001,” specifies requirements for establishing, implementing, maintaining, and continually improving AI systems. The certification marks the latest milestone in ORO Labs’ ongoing commitment to AI governance, including stringent data privacy and security policies.

The certification was issued by Mastermind under its accreditation maintained by the International Accreditation Service (IAS), a member of the International Accreditation Forum and recognized signatory of the Multilateral Recognition Arrangement (MLA), who were observers to the initial audit of ORO Labs.

“At ORO Labs, we see GenAI as a real game-changer for procurement. It delivers an easy, walk-up user experience and scales compliance in a big way. When we chat with our large, multinational customers, they all agree: improving user experiences with GenAI is a must for better data quality and process efficiency. They also see the need for solid governance and strict audit controls,” said Lalitha Rajagopalan, ORO Labs co-founder. “Building AI capabilities isn’t just about the tech. It’s about creating smart workflows that automate compliance with the right safeguards for AI-powered recommendations and process automation. Trusting AI means having humans step in when a judgment call is needed.”

Published in December 2023, the ISO 42001 standard describes practices for the responsible development and use of AI systems. It provides critical requirements for addressing the unique challenges AI technologies present, such as ethical and transparency considerations, and establishes a structured approach to managing risks, opportunities, and impacts associated with AI, balancing innovation with operational control. It applies to all organizations that engage with AI systems, including entities that produce large language models (LLM), and extend to both service providers and users of AI-based products or services.

“Our team shares the excitement with ORO Labs as it is awarded the world’s first accredited certificate for an AIMS scope meeting the requirements of ISO 42001,” said David Forman, founder and CEO of Mastermind Assurance. “ORO Labs was the ideal candidate to efficiently uplevel its existing systems and governance to this new benchmark, given the company’s long history of third-party assessments and compliance with similar information security and data protection frameworks. We look forward to observing the continued success of ORO Labs as they champion the adoption of ISO 42001 as the de facto standard for building trust with AI systems.”

To become the first to earn an accredited ISO 42001 certification, ORO Labs completed a rigorous internal audit of its management system, conducted by Geels Norton. ORO Labs was well-prepared for the audit due to its continuous testing and monitoring of security controls that are routinely evaluated throughout the year against third-party assessments including an annual SOC 1 Type 2 examination, an annual SOC 2 Type 2 examination, and a certified Information Security Management System conforming to the requirements of the latest revision of ISO/IEC 27001.

“Geels Norton is proud to support ORO’s achievement of ISO 42001 certification,” said Nick Norton, co-founder and chief visionary, Geels Norton. “In a world where reliance on trusted third parties is integral to business operations, ORO’s ISO 42001 certification complements their existing SOC 1 Type 2 report, SOC 2 Type 2 report, and ISO 27001 certification. We have observed ORO’s commitment to continually maturing their internal controls environment over the past three years, demonstrating their focus on protecting customer information and addressing key risks presented by emerging technologies such as AI.”

Some of the processes audited within ORO’s platform offerings include:

  • AI system lifecycle
  • Acquisition of data used in AI systems
  • External reporting and communication of incidents related to AI systems to interested parties
  • Utilization of external suppliers to support organizational use cases for AI systems
  • Policies related to AI
  • Processes for responsible AI system design and development
  • Responsible and intended use cases of AI
  • Assessing impacts of AI on individuals, groups of individuals, as well as societal impacts

ORO’s platform helps customers coordinate people, processes, and systems in a way that streamlines the end-to-end procurement process and balances business needs with user expectations for seamless workflows and interactions. The platform includes many GenAI-powered features to further enhance the user experience by enabling increased simplicity and efficiency.

About ORO Labs

ORO Labs is a procurement orchestration company on a mission to humanize the procurement experience by coordinating teams, systems, and processes so employees get what they need without frustration. ORO’s GenAI-powered no-code platform is purpose-built to deliver effortless user experiences that enable businesses to reduce cycle times, decrease risk through end-to-end process visibility, and increase agility in response to change. ORO is trusted by Fortune 500 companies and fast-growing global organizations to automate processes, improve cross-team collaboration, and scale procurement operations. To learn more, visit www.orolabs.ai.

About Mastermind

Mastermind is the most exclusively focused and expert-driven certification body on the planet, specializing in information security, privacy, and the responsible use of artificial intelligence in the cloud. Mastermind’s services comprise the assessment and accredited certification of management system scopes conforming to ISO 27001, ISO 27017, ISO 27018, ISO 27701, and ISO 42001, as well as CSA STAR. https://mastermindassurance.com.

About Geels Norton

Geels Norton is an industry-leading security compliance and advisory firm focused on helping high-achieving companies continue to set themselves apart. With a reputation for delivering white-glove experiences and world-class expertise, Geels Norton specializes in quality-driven SOC 1, SOC 2, ISO 27001 and ISO 27701 services, is a Preferred Assessor for Microsoft’s Supplier Security and Privacy Assurance (SSPA) program, and serves as strategic advisor for clients navigating the world of cybersecurity and compliance. https://www.geelsnorton.com.

Joe Livarchik Voxus PR for ORO Labs ORO@voxuspr.com