75 days of growth

I took a break from hitting send on this newsletter in July, but it was not for lack of things to share.

Excuse the temporary writing hiatus as I have been reallocating some of the “scrappy” available to this startup and shifted brainpower to a few alternate but timely initiatives.

Let’s get caught up while revisiting milestones from July.

Professional things (Rating: A-)

• Attended 53 virtual meetings and 4 in-person meetings

• Sent proposals for 20 new projects

• Delivered 7 customer audits

• Guest on the CSA Security Update podcast hosted by the Cloud Security Alliance

• Recorded an episode with One Golden Nugget, the collaboration spearheaded by Joe Foster (founder of Reebok)

• Closed the books on June 2024 – we are officially profitable! 💸

 Personal highlights (Rating: B+)

• Went to an Atlanta Braves game with my Dad

• Long weekend in Highlands, NC with my family and our dog Bear after the Fourth of July holiday

• Prioritized physical fitness: continued a twice weekly program with a personal trainer

And, the most remarkable achievement from the last 30 days is announcing our award as the world’s first certification body to support ISO 42001 under accreditation. 🚀

It’s time to #CertifyAI

For those unfamiliar with this space, ISO 42001 is an International Standard that details requirements and technical controls for organizations that produce, develop, provide, or use artificial intelligence (AI) systems as part of their service offerings.

TL;DR: ISO 42001 is at least partially applicable to nearly every company that slaps AI as a buzzword on their marketing material or quarterly financial reports – it’s a big deal.

The homepage Lottie animation on our website succinctly displays our core certification schemes, including ISO 27001 (information security management), ISO 27017 (cloud security), ISO 27018 (cloud privacy), ISO 27701 (privacy management), and a related extension scheme published by the Cloud Security Alliance.

ISO 42001 (AI management) easily supplements these core offerings since security and data privacy continue to be core tenets of strong AI governance.

This standard was published by ISO in December 2023, just after the draft EU AI Act legislation text leaked. It quickly gained attention from cybersecurity and legal professionals as AI technologies' rapid growth outpaced regulatory oversight.

ISO 42001 is currently the only AI certification mechanism available for companies, allowing major cloud service providers like Salesforce, PayPal, and Oracle to engage independent vendors like Mastermind to assess their compliance. The audit results in a pass/fail certification issued by the independent auditor if the organization meets the requirements of the ISO 42001 standard.

Several laws already require periodic, independent reviews of AI technologies, with some (e.g., EU AI Act, Art. 17) demanding a management system for continuous control. ISO 42001 certification helps service providers meet these emerging legal requirements, providing trust to consumers and businesses, especially those using these AI services within their supply chains.

At Mastermind, we are that independent vendor — and now, we can formally assess and issue certification for this new standard. In fact, we are the first in the world to be authorized for ISO 42001. Officially, this is known as an accreditation expansion; however, you can think of it as an additional business license. It’s a temporary distinction as other audit vendors will earn the same accreditation in the coming months, but we think it’s a fricking cool milestone to add to our credibility in the early innings of Mastermind.

Creating a multiplier effect

To support our customers that utilize AI systems, Mastermind is partnering with various industry experts to create a resource network that can address questions pertaining to consultancy and systems implementation. This initiative aims to accelerate the adoption of AI governance standards.

Editor’s Note: Mastermind never accepts commissions, referral fees, or kickbacks with partners – it's simply a curated list of service providers for our customers to explore!

Today, Mastermind announces one such partnership with StackAware, who helps organizations manage AI-related cybersecurity, privacy, and compliance risks.

There are plenty of similarities between Mastermind and StackAware – a narrow focus on a limited group of service offerings allowing for deep specialization. Additionally, StackAware is dogfooding its own service and slick API tool as an early adopter of ISO 42001. StackAware is also nearing formal certification to ISO 42001 for its itself with an alternate auditor.

Check them out here to receive 1 month free.

It's been 75 days since our launch, and our momentum is on fire.

Our vision is starting to take shape as we highlight the advantages of being a pure-play certification body. This focus enables Mastermind to move faster and innovate more effectively than other audit providers juggling busier interests.

While we don't expect to remain the only vendor in the U.S. to recognize this advantage, we remain confident we'll be the best at what we do.

David 🧠