QueryPie Achieves ISO/IEC 42001 Certification for Its AI Management System

QueryPie has achieved ISO/IEC 42001:2023 certification for the AI management system applied to QueryPie AIP. The certification demonstrates that QueryPie AIP, as an enterprise AI platform, has an operating framework based on an international standard for managing AI services responsibly and reliably.

Background

QueryPie believes that as AI becomes connected to enterprise work systems, data, tools, and agents, trust, control, and auditability become as important as technical performance. To apply AI in real business operations, enterprises need more than fast adoption. They need a system for managing what data and systems AI can access and how AI is operated.

From this perspective, QueryPie has achieved ISO/IEC 42001:2023 certification, the international standard for AI management systems. Based on the LRQA Limited certificate issued on June 2, 2026, the certification scope covers the Artificial Intelligence Management System applied to QueryPie AIP (Enterprise AI Platform) services in QueryPie's role as an AI Provider.

What ISO/IEC 42001 Means

ISO/IEC 42001:2023 is the international standard for an Artificial Intelligence Management System, or AIMS. It provides criteria for assessing whether an organization that develops, provides, or uses AI technology manages AI systems in a responsible and trustworthy way.

The standard does not evaluate only the performance of AI technology. It examines how AI systems are governed by policies and procedures inside an organization, how AI-related risks are identified, assessed, and controlled, and whether elements such as data, security, transparency, accountability, and human oversight are reflected in actual operations.

ISO/IEC 42001 is designed to help organizations balance AI opportunities and risks in a rapidly changing AI environment. As AI services are applied across more business and industry domains, the certification can become an important signal that an enterprise has a management system for operating AI continuously and responsibly, beyond simple adoption.

QueryPie AIP Certification Scope and Significance

The ISO/IEC 42001:2023 certification means that QueryPie AIP has established a management system for operating AI services systematically and reliably as an enterprise AI platform. The scope covers QueryPie AIP (Enterprise AI Platform) services and includes AI-enabled services provided by QueryPie in its role as an AI Provider.

QueryPie AIP helps enterprises build and manage LLM usage, MCP (Model Context Protocol)-based business-system integration, RAG-based knowledge use, and AI agent operations in an integrated way. AIP is not simply an AI chat tool. It supports enterprise-level controls such as authorization, audit, DLP, and usage management as organizations connect AI to real work environments.

The certification scope includes enterprise AI operations related to AIP services, including multi-LLM orchestration, RAG-based AI assistant services, AI agent management, and MCP-based SaaS and infrastructure integration. It also covers how AI services are managed and controlled in environments that use commercial LLM services.

This shows that QueryPie is not only providing AI features but also establishing and operating a management system that covers AI service planning, operations, security, risk management, accountability, and continual improvement. For enterprise customers, it is especially meaningful that QueryPie AIP has a management framework based on an international standard in areas they consider critical: reliability, security, governance, and operational transparency.

QueryPie's AI Operating Framework

To achieve ISO/IEC 42001 certification, an organization operating AI services must show not only that AI policies and procedures are documented, but also that they are consistently applied in real operations.

Organizations must first define the purpose and scope of their AI systems. QueryPie defined the core functions and operating scope of its enterprise AI platform around QueryPie AIP, including multi-LLM orchestration, RAG-based assistants, AI agent management, and MCP-based SaaS and infrastructure integration.

Organizations must also identify and assess AI-related risks and establish controls for them. AI services can involve a wide range of risks, including data security, privacy protection, prompt and response handling, use of external LLM services, AI agent permissions and actions, external system integration, user logs, and audit traceability.

During certification preparation, QueryPie defined the purpose and scope of AIP services, its role as an AI Provider, technology and data boundaries, and stakeholder requirements. It also reviewed AI impact assessment, security and privacy controls, and operational stability management activities.

QueryPie has continued to refine its AI governance framework, security and privacy management, AI service operating processes, risk assessment and controls, internal reviews, and improvement activities to provide AI services safely and reliably. These efforts became the foundation for helping enterprise customers use AI safely in real work environments and led to this ISO/IEC 42001 certification.

What This Means for Customers

For customers, ISO/IEC 42001 certification can be an important criterion for judging whether a company manages AI services in a trustworthy way.

AI services go beyond ordinary software features and are closely connected to enterprise data, business processes, decisions, and external system integration. When selecting an AI service, customers consider not only functional convenience but also the standards under which the service is managed, how AI-related risks are controlled, and whether issues can be traced and addressed.

This trust foundation is especially important for an enterprise AI platform such as QueryPie AIP, which provides multiple LLMs, RAG, AI agents, and MCP-based integration. Customers can use QueryPie AIP to introduce AI in a safer and more controllable way and expect an AI usage environment that reflects internal security and compliance requirements.

In summary, this certification gives customers the following signals.

• External validation, from the perspective of an international standard, of the AI management system applied to QueryPie AIP services
• Stronger authorization, audit, DLP, risk management, traceability, and response structures when connecting AI to business systems, data, tools, and agents
• An enterprise AI operating foundation that considers security, compliance, and AI governance together
• Greater manageability and auditability when expanding AI adoption from experimentation to real business operations

Representative Message

In a message shared directly with key business partners, QueryPie founder and CEO Brant Hwang said, "In addition to the security and compliance framework we have built over time, QueryPie AI has now received third-party validation of its AI management system through ISO/IEC 42001 certification." He added, "Certification itself is not the goal. We see it as part of our continuing effort to provide services that customers can use with confidence."

Connection to Existing Security and Compliance Programs

QueryPie has continued to maintain security and compliance management programs including SOC 2 Type II, PCI DSS, ISO/IEC 27001, ISO 27701, ISO 27017, ISO 27018, CSA STAR, and ISMS-P. With ISO/IEC 42001 certification, QueryPie has further strengthened its management framework from the perspective of AI management systems.