Governance · Assurance · Trust

The standards behind the self-driven promise.

Five international management standards, clipped together into a single integrated management system. Each answers one question about how a trustworthy organisation should behave — and each is backed not by paperwork alone, but by tamper-evident, cryptographically verifiable evidence.

5
international standards
1
integrated management system
4
certifiable · 1 guiding framework
24/7
continuous, witnessed evidence
The five pillars

Each standard answers one question.

Modern ISO management-system standards share a common backbone — the Harmonised Structure (Annex SL). That shared architecture is what lets these five operate as one system rather than five silos: the same context, leadership, planning, support, operation, evaluation and improvement clauses, applied to five different concerns.

Certifiable
ISO 9001:2015 · Quality Management

Consistently delivers value

The delivery layer

ISO 9001 ensures the organisation consistently delivers value — meeting commitments and improving, every time, not occasionally.

A process-based system built on Plan–Do–Check–Act: define what good looks like, do it repeatably, measure it, and correct course. For the Foundation, this is the discipline that keeps every programme, product and partnership dependable rather than heroic.

On the horizon: ISO 9001:2026 reaches publication in September 2026, adding quality culture, ethical behaviour and clearer risk-and-opportunity clauses — an evolution, not a rebuild.
Certifiable
ISO/IEC 27001:2022 · Information Security

Protects information and trust

The protection layer

ISO/IEC 27001 protects information and the trust placed in it — confidentiality, integrity and availability, managed by design.

An Information Security Management System (ISMS) that treats security as an ongoing risk-managed programme, not a checklist. Its 93 Annex A controls span people, process and technology — and map directly onto selfdriven's identity-first architecture.

selfdriven enforcement: where 27001 asks for policy, KERI/ACDC provides architectural enforcement — passwordless identity, witnessed key events, and evidence that can't be quietly altered.
Certifiable
ISO/IEC 42001:2023 · AI Management

Governs the responsible use of AI

The AI governance layer

ISO/IEC 42001 governs the responsible use of AI — the world's first certifiable AI Management System (AIMS).

It brings AI under the same disciplined lifecycle as quality and security: accountability, transparency, human oversight, and continuous risk assessment across every model and agent. Essential for an organisation where AI agents do real work under real authority.

Paired with NIST AI RMF: the US framework's Govern · Map · Measure · Manage functions run alongside 42001, giving both a certifiable system and a voluntary, widely-recognised risk method.
Certifiable
ISO 22301:2019 · Business Continuity

Ensures resilience under disruption

The resilience layer

ISO 22301 ensures resilience under disruption — the ability to keep delivering when something goes wrong, and to recover deliberately.

A Business Continuity Management System built around impact analysis, recovery objectives and tested response plans. It turns "we hope we'd cope" into a rehearsed, evidenced capability that stakeholders can rely on.

selfdriven advantage: distributed witnesses and Cardano-anchored records mean continuity isn't dependent on a single provider or datacentre — trust survives even when infrastructure doesn't.
Guiding framework · not certified
ISO 31000:2018 · Risk Management

The decision-making framework for managing uncertainty

The reasoning layer — beneath all the others

ISO 31000 provides the decision-making framework for managing uncertainty. It is guidance, not a certifiable requirement — because it isn't a box to tick, it's how the whole organisation thinks.

Every one of the standards above is risk-based at its core. ISO 31000 is the shared reasoning that runs underneath them: identify what's uncertain, understand it, decide proportionately, and treat it. It's the operating system; quality, security, AI governance and continuity are the applications that run on top.

Why it matters here: a self-driven organisation makes many decisions without a person in every loop. ISO 31000 gives both human conductors and AI agents a consistent, defensible way to weigh uncertainty — so autonomy never means recklessness.
One system, not five

How the stack fits together.

Risk is the substrate. Four disciplines stand on it. Trust is what the whole structure produces.

Assurance & Trust
A stakeholder can rely on the Foundation — and verify why.
9001
Quality
Delivers value
27001
Security
Protects trust
42001
AI
Governs autonomy
22301
Continuity
Sustains delivery
ISO 31000
Risk — the reasoning layer
Every decision above is made on this shared foundation for managing uncertainty.

Because four of the five share the Harmonised Structure (Annex SL), they don't compete for attention — they reuse the same leadership, planning, evaluation and improvement machinery. One internal audit, one management review, one risk register, one culture. That's the difference between running five certificates and running one integrated management system.

The selfdriven difference

Standards describe the discipline.
We make the discipline verifiable.

Conventional assurance rests on documents and an annual audit — you trust that what's written down reflects what actually happened. selfdriven closes that gap. The management system defines what good looks like; KERI/ACDC produces the evidence; a human conductor stays accountable for the judgement. Assurance stops being a yearly snapshot and becomes a continuous property of the system.

01 · THE STANDARD

Defines what good looks like

ISO 9001, 27001, 42001, 22301 and 31000 set the requirements and the reasoning — the agreed-upon definition of a well-run, trustworthy organisation.

// requirement
02 · THE EVIDENCE

Proves it actually happened

Key decisions, controls and events are recorded as witnessed KERI key events and ACDC credentials, anchored to Cardano — append-only, tamper-evident, independently verifiable.

// KEL · ACDC · anchor
03 · THE ACCOUNTABILITY

Keeps a human answerable

Under the Human Conductor model, a named person owns the judgement in each Area of Focus. AI agents operate under scoped, time-limited, KERI-delegated authority — never unaccountable.

// conductor · delegated AID
Where it lives

Mapped onto how we're organised.

The Foundation runs on 8 Areas of Focus, each led by a human conductor. The assurance stack isn't a separate compliance function bolted on the side — it threads through the areas that carry it.

01

Direction

Strategy, governance and risk appetite. Sets the tolerance for uncertainty that ISO 31000 then operationalises.

maps → ISO 31000 · 9001 (leadership)
04

Protocols

Identity infrastructure and technical standards — the KERI/ACDC layer that turns policy into architectural enforcement.

maps → ISO/IEC 27001 · 42001
06

Processes

Operations, service delivery and incident management — the day-to-day where quality and continuity are actually earned.

maps → ISO 9001 · 22301
07

Accountability

Compliance, audit trails, transparency and reporting. Where the witnessed evidence becomes something a stakeholder can inspect.

maps → all five
05

Sustainability

Resource stewardship and long-term viability — resilience as a design goal, not an afterthought.

maps → ISO 22301 · 31000
03

Enablement

Education and onboarding so the system is understood and lived — culture is where standards either take hold or don't.

maps → ISO 9001 · 42001
Assurance you can inspect

Trust, offered as evidence.

Whether you're a philanthropic partner, a government stakeholder or a fellow builder, we'd welcome the chance to walk you through the assurance stack — and show you the difference between being told to trust an organisation and being able to verify one.