As AI becomes embedded in more products and workflows, Omny is focusing on an issue many organizations are only beginning to explore: how should it be governed?
This is the key question behind the company's recent completion of Stage 1 of the ISO/IEC 42001 certification process, the world’s first international standard for AI management systems. While the company’s certification journey is still underway, the decision to pursue it reflects where Omny believes the industry is heading.
"ISO 42001 is still relatively new and pursuing it as one of the first gives Omny an advantage that we hope to pass on to our customers," says Raymund Hoseña, Director of Governance, Risk, and Compliance at Omny.
If all goes according to plan, Omny expects to be among the first companies in Norway to complete the full certification process.
Much of the conversation around AI focuses on what the technology can do. For Hoseña, the more important discussion is how it is implemented and governed.
When customers request new AI-powered capabilities within the Omny Platform, the goal is to respond constructively while still applying the right level of control. Each request is evaluated through Omny’s secure software development process, including an AI impact assessment that looks at risk, data handling, and appropriate measures.
“New feature requests that have something to do with AI need to go through different layers of checks as part of the secure software development lifecycle,” says Hoseña. “That impact assessment is part of the overall AI governance.”
It’s an approach that reflects Omny’s roots as an industrial cybersecurity company.
"Security is at the forefront of everything that we do, and that includes the use of new technology like AI."
The relationship between governance and innovation is often misunderstood. For engineering teams, a clear framework can reduce uncertainty by making the decision-making process easier to follow.
"There will always be conflicts," says Hoseña. "Engineering would always want to implement things fast, but on the compliance side I always have to ask them, 'Are we doing this responsibly?'”
That tension is healthy. As AI becomes a larger part of software development, teams need a consistent way to define what must be assessed, which safeguards are required, and what evidence is needed before new capabilities reach customers.
For Omny, that means AI development can move forward with greater confidence while keeping security and trust built into the process.
Hoseña believes AI governance will follow a similar path to information security standards such as ISO 27001. Today, organizations routinely ask vendors about their security certifications and controls. In the future, he expects customers to ask similar questions about AI.
"You may not see the value right now compared to other ISO standards, but there will come a day when customers make this a baseline requirement before they engage vendors, similar to ISO 27001."
For Omny, that is the real value of starting now.
Certification provides an important external benchmark, but the broader value lies in the structures, oversight, and accountability Omny is putting in place. For industrial organizations, that means greater transparency into how AI is managed today and the confidence that the platform is being developed with future requirements in mind.