Standards & Regulations
ISO/IEC 42001
The first international standard for AI management systems.
Overview
ISO/IEC 42001 is the first international standard specifically for AI management systems. It follows the ISO management system model (similar to ISO 27001 for information security) and provides a framework for establishing, implementing, maintaining, and continually improving AI management within an organization.
Key Concepts
Management System Approach
ISO 42001 uses the Plan-Do-Check-Act (PDCA) cycle:
- Plan. Establish AI policy, objectives, risk assessment, and treatment plans
- Do. Implement the management system and controls
- Check. Monitor, measure, and audit the system
- Act. Take corrective actions and continually improve
AI-Specific Controls
The standard includes controls for:
- AI policy and leadership commitment
- AI risk assessment
- Data management for AI
- AI system development and operation
- AI system performance evaluation
- Third-party AI relationships
Related ISO Standards
| Standard | Focus |
|---|---|
| ISO/IEC 23894 | AI-specific risk management guidance |
| ISO/IEC 38507 | Governance implications of AI for governing bodies |
| ISO/IEC 22989 | AI concepts and terminology |
| ISO/IEC 23053 | Framework for AI systems using machine learning |
Together with ISO 42001, these form a complete standards backbone.
Using ISO 42001 with This Toolkit
If your organization pursues ISO 42001 certification, this toolkit provides practical artifacts that support compliance:
| ISO 42001 Requirement | Toolkit Artifact |
|---|---|
| AI policy | Principles + Charter |
| Roles and responsibilities | Roles and Membership |
| Risk assessment | Risk Tiering + Impact Assessments |
| AI system documentation | Model Cards + AI Inventory |
| Monitoring and measurement | Monitoring + Reporting |
| Continual improvement | Policy Refresh + Incidents |