Leading the Way: How Qualifacts Set the Standard for ISO 42001 AI Management System (AIMS) in Behavioral Health

When our team at MJD Advisors sat down with the Qualifacts team to discuss their ISO 42001 journey, one theme surfaced immediately: they didn’t approach this certification because they had to; they pursued it because it aligned with their mission. As the first electronic health record (EHR) provider to achieve ISO 42001 certification, they weren’t responding to regulators, customers, or market expectations. They simply believed it was the right thing to do.

‍

In behavioral healthcare, trust is everything. As VP of Product Compliance, Hope Winkowski often reminds her team, “We’re not building widgets. We’re impacting patients’ lives every day.” That perspective drove their decision-making and set the tone for the entire engagement. And from our position as their audit partner, that intentionality was evident from day one.

‍

By the time their internal AI governance committee began guiding the development of their AI-enabled product suite and vetting third-party AI tools for internal use, the Qualifacts team recognized the need for a formal, scalable framework. They wanted clarity, consistency, and a documented system that could support internal decisions while meeting rising expectations across the healthcare landscape. And because of the successful relationship we’ve built over the last couple of years, they wanted our help guiding them on their ISO 42001 readiness journey.

‍

Why ISO 42001 and Why Move Early

‍

During our conversations, Qualifacts shared that their organization already had many of the right pieces in place: AI acceptable use and development policies, a cross-functional governance committee, and an established focus on responsible innovation. But they wanted a more structured foundation, one that would validate the work they had done and support the growth of their AI program.

‍

Hope explained it well:

“ISO helped us take the 50 flavors of AI regulation and standardize them—operationalize them for our team and be able to build on it as we face additional regulations.”

‍

Rather than waiting for customer demand or regulatory requirements to mature, Qualifacts chose to lead. This proactive approach is something we consistently see in organizations that prioritize long-term trust and readiness over short-term convenience.

‍

A Culture of Alignment

‍

One of the most notable aspects of this engagement was the alignment across the Qualifacts organization. Strong internal coordination is one of the clearest predictors of success in ISO 42001, and Qualifacts demonstrated it at every stage.

‍

Across Product Compliance, Information Security, Engineering, and Leadership teams, we saw shared priorities, direct communication, openness to feedback, and a genuine commitment to implementing the framework with integrity.

‍
As MJD Senior Manager Chris Giles noted:

“The buy-in was very clear across the organization. They weren’t looking for shortcuts. They wanted to do it the right way.”

‍

This level of engagement helped the project advance quickly without overwhelming teams, another sign of a strong governance culture.

‍

Product leader Nicholas Chepesiuk added:

“It didn’t slow us down, which is important because we have an aggressive roadmap.”

‍

This level of engagement reduced friction and allowed the project to move forward efficiently, an outcome we see when governance is treated as strategic rather than administrative.

‍

And in explaining why organizations like Qualifacts stand out, MJD Founder Mike DeKock put it simply: “ISO 42001 isn’t like completing your SOC 2 report; it isn’t table stakes yet. Early adopters do it because they want to lead with maturity and transparency. And demonstrating responsible AI is a clear differentiator.”

‍

Turning ISO 42001 Into Action

‍

ISO 42001 doesn’t need to be intimidating when organizations have the right tools and support. For most organizations, the largest challenge with ISO 42001 isn’t the work itself; it’s interpreting a standard that is intentionally broad. ISO 42001 outlines outcomes but leaves room for interpretation, which often results in the same question we heard from Qualifacts:

‍

“What does this actually mean in practice?”
— Chad Strange, Senior Director of Information Security, Risk, and Compliance

‍

Our role was to bring clarity to that uncertainty. Together, we translated the standard into a practical, actionable framework, including:

‍

• Roadmap showing what compliance looks like in real operational terms
• Structured workbook for describing their artificial intelligence management system
• Documentation templates and evidence examples
• Custom request list tailored to their control environment

‍

As Hope shared:

‍

“The templates MJD created were incredibly helpful and greatly reduced the time to certification readiness.”

‍

Once the ambiguity disappeared, Qualifacts gained immediate momentum. The ISO framework became a tool for alignment and improvement, not a burden or roadblock to AI innovation.

‍

The Payoff: Trust, Speed, and Strategic Advantage

‍

Hearing how the certification is already benefiting Qualifacts reinforced what we believe about ISO 42001: its value extends far beyond compliance.

‍

Nicholas described certification as a clear maturity signal:

“This is a huge credential for us. It shows a level of maturity that earlier-stage competitors haven’t achieved.”

‍

It also streamlined procurement and sales conversations:

“Instead of spending a week answering questionnaires, we can hand over the ISO report. It speeds everything up.”

‍

Externally, ISO 42001 provides reassurance to customers. Internally, it strengthens alignment across the organization. And from a brand standpoint, the validation matters. As marketing leadership noted, certification:

‍

• adds clarity across product lines
• reinforces responsible AI messaging
• demonstrates operational rigor to both partners and customers
  

‍

In a sector where trust is closely tied to patient outcomes, ISO 42001 equips organizations with a tangible, credible way to demonstrate responsible AI practices.

‍

A Model for Responsible AI Governance

‍

Qualifacts approached ISO 42001 with purpose, alignment, and a willingness to do the work the right way. Their journey reinforces something we emphasize with every client:

‍

Responsible AI isn’t a checkbox—it’s a culture.

‍

It requires cross-functional engagement, transparency, and a commitment to continuous improvement. Qualifacts demonstrated all three, and their certification reflects not only compliance but readiness, maturity, and long-term vision.

‍

For us at MJD, it was a privilege to partner with a team deeply committed to leading with responsible, ethical AI. Their experience serves as a roadmap for organizations looking to build trust in an AI-driven future.