ISO 42001

ISO/IEC 42001:2023 is the international standard for an AI Management System (AIMS). Follows the same management system structure as ISO 27001 (ISMS) and ISO 9001 (QMS).

Structure

Clause 4: Context of the organization. Clause 5: Leadership. Clause 6: Planning (risk assessment, objectives). Clause 7: Support (resources, competence). Clause 8: Operation (AI system lifecycle). Clause 9: Performance evaluation. Clause 10: Improvement.

Key Annexes

Annex A: AI-specific controls (risk, development, monitoring)
Annex B: Implementation guidance
Annex C: AI-specific objectives and risk sources
Annex D: Use of AIMS across domains

Certification

Organizations can be certified against ISO 42001 by accredited certification bodies, similar to ISO 27001 certification.

Integration with ISO 27001

Organizations with an existing ISMS can integrate AI-specific controls from ISO 42001 into their existing management system rather than building from scratch.

AI Security Book

ISO 42001

Structure

Key Annexes

Certification

Integration with ISO 27001