ISO/IEC 42001 Crosswalk

Protective Computing adds a human-instability layer to AI governance by requiring negative claims, vulnerability-aware threat boundaries, and release-bound evidence.

Protective control	ISO 42001 concern	Translation	Evidence
Boundary clarity	AI system scope and intended use	Requires explicit publication of what the system is not safe for.	boundary page, reference packet
Human vulnerability controls	Lifecycle risk treatment	Adds coercion, degraded infrastructure, and institutional pressure as first-class deployment risks.	threat models

Evidence Bundle for This Crosswalk

What Protective Computing Is Not — negative-claims boundary for intended-use and non-safety statements
PainTracker Reference Packet — release-bound implementation evidence for governance review
Threat Models, Coercion Boundary Matrix, and Degraded Mode Implementation Spec — lifecycle risk treatment evidence under human instability
Independent Review — external critique path for governance and lifecycle claims
Audit This Site — reviewer entry point for validating published evidence surfaces