ISO-42001
ISO/IEC 42001:2023 — AI Management Systems
- I. ISO/IEC 42001:2023 AI Management System Requirements
- Ch. I — Context, Leadership, and Planning (Clauses 4-6)
- Art. 4.1. Understanding the organization and its context (8)
- Art. 4.2. Understanding the needs and expectations of interested parties (4)
- Art. 4.3. Determining the scope of the AI management system (9)
- Art. 4.4. AI management system (12)
- Art. 5.1. Leadership and commitment (10)
- Art. 5.2. AI policy (8)
- Art. 5.3. Roles, responsibilities and authorities (10)
- Art. 6.1.1. General (actions to address risks and opportunities) (7)
- Art. 6.1.2. AI risk assessment (13)
- Art. 6.1.3. AI risk treatment (6)
- Art. 6.1.4. AI system impact assessment (5)
- Art. 6.2. AI objectives and planning to achieve them (12)
- Art. 6.3. Planning of changes (7)
- Ch. II — Support and Operation (Clauses 7-8)
- Art. 7.1. Resources (9)
- Art. 7.2. Competence (5)
- Art. 7.3. Awareness (6)
- Art. 7.4. Communication (3)
- Art. 7.5. Documented information (9)
- Art. 8.1. Operational planning and control (10)
- Art. 8.2. AI risk assessment (operational) (6)
- Art. 8.3. AI risk treatment (operational) (6)
- Art. 8.4. AI system impact assessment (operational) (13)
- Ch. III — Performance Evaluation and Improvement (Clauses 9-10)
- Art. 9.1. Monitoring, measurement, analysis and evaluation (4)
- Art. 9.2. Internal audit (10)
- Art. 9.3. Management review (10)
- Art. 10.1. Continual improvement (9)
- Art. 10.2. Nonconformity and corrective action (10)
- Ch. IV — Annex A Controls — Policies and Organization (A.2-A.3)
- Art. A.2.2. AI Policy (9)
- Art. A.2.3. Responsible AI Topics in AI Policy (4)
- Art. A.3.2. Roles and Responsibilities for AI (6)
- Art. A.3.3. Reporting of AI Concerns (9)
- Art. A.3.4. Impact of Organizational Changes (6)
- Ch. V — Annex A Controls — Resources and Impact Assessment (A.4-A.5)
- Art. A.4.2. Resources Related to AI Systems (5)
- Art. A.4.3. Competencies Related to AI Systems (4)
- Art. A.4.4. Awareness of Responsible Use of AI Systems (4)
- Art. A.4.5. Consultation (6)
- Art. A.4.6. Communication About the AI System (6)
- Art. A.5.2. AI System Risk Assessment (5)
- Art. A.5.3. AI System Impact Assessment (8)
- Art. A.5.4. Impact of AI System Documentation (4)
- Ch. VI — Annex A Controls — AI System Life Cycle (A.6)
- Art. A.6.2.2. Design and Development of AI System (5)
- Art. A.6.2.3. Training and Testing AI Model (14)
- Art. A.6.2.4. Verification and Validation of AI System (7)
- Art. A.6.2.5. Deployment of AI System (10)
- Art. A.6.2.6. Operation and Monitoring of AI System (10)
- Art. A.6.2.7. Retirement of AI System (10)
- Art. A.6.2.8. Responsible AI System Integration (9)
- Art. A.6.2.9. AI System Documentation (7)
- Art. A.6.2.10. Defined Use and Misuse of AI System (5)
- Art. A.6.2.11. Management of Third-Party AI System Components (6)
- Ch. VII — Annex A Controls — Data, Information, and Relationships (A.7-A.10)
- Art. A.7.2. Data for Development and Enhancement of AI System (11)
- Art. A.7.3. Data Quality for ML and Data for AI System (11)
- Art. A.7.4. Data Preparation (11)
- Art. A.7.5. Data Acquisition and Collection (6)
- Art. A.7.6. Data Provenance (7)
- Art. A.8.2. Informing Interested Parties About AI System Interaction (6)
- Art. A.8.3. Informing Interested Parties About AI Outcomes (4)
- Art. A.8.4. Access to Information About AI System Interaction (5)
- Art. A.8.5. Enabling Appropriate Human Actions in Response to AI Outputs (7)
- Art. A.9.2. Objectives for Responsible Use of AI System (6)
- Art. A.9.3. Intended Use of AI System (4)
- Art. A.9.4. Processes for Responsible Use of AI System (7)
- Art. A.9.5. Human Oversight Aspects (11)
- Art. A.10.2. Suppliers of AI System Components (8)
- Art. A.10.3. Shared ML Models (14)
- Art. A.10.4. Provision of AI System to Third Parties (5)
Title I — ISO/IEC 42001:2023 AI Management System Requirements
Chapter I — Context, Leadership, and Planning (Clauses 4-6)
Article 4.4. AI management system
2 obligations
ISO42001-4.4-11
Requirement
Determine needed resources
The organization must determine and identify all resources needed for AI management system processes.
ISO42001-4.4-12
Requirement
Determine responsibilities and authorities for processes
The organization must determine and assign the responsibilities and authorities for all AI management system processes.
Article 5.1. Leadership and commitment
10 obligations
ISO42001-5.1-01
Requirement
Demonstrate leadership and commitment to AI management system
Top management must actively demonstrate leadership and commitment with respect to the AI management system through thei
ISO42001-5.1-02
Requirement
Establish AI policy compatible with strategic direction
Top management must ensure that an AI policy is established and that it is compatible with the organization's strategic
ISO42001-5.1-03
Requirement
Establish AI objectives compatible with strategic direction
Top management must ensure that AI objectives are established and that they are compatible with the organization's strat
ISO42001-5.1-04
Requirement
Integrate AI management system requirements into business processes
Top management must ensure that the requirements of the AI management system are integrated into the organization's busi
ISO42001-5.1-05
Requirement
Ensure availability of resources for AI management system
Top management must ensure that adequate resources needed for the AI management system are available.
ISO42001-5.1-06
Requirement
Promote continual improvement of AI management system
Top management must actively promote continual improvement of the AI management system.
ISO42001-5.1-07
Requirement
Communicate importance of effective AI management
Top management must communicate the importance of effective AI management throughout the organization.
ISO42001-5.1-08
Conformity
Communicate importance of conformity with AI management system requirements
Top management must communicate the importance of conformity with AI management system requirements throughout the organ
ISO42001-5.1-09
Requirement
Direct persons to contribute to AI management system effectiveness
Top management must direct persons within the organization to contribute to the effectiveness of the AI management syste
ISO42001-5.1-10
Requirement
Support persons to contribute to AI management system effectiveness
Top management must support persons within the organization to contribute to the effectiveness of the AI management syst
Article 5.2. AI policy
8 obligations
ISO42001-5.2-01
Requirement
Establish AI Policy
Top management must establish an AI policy that is appropriate to the organization's purpose and context and provides a
ISO42001-5.2-02
Requirement
Commit to Satisfy Applicable Requirements
The AI policy must include a commitment to satisfy applicable requirements.
ISO42001-5.2-03
Requirement
Commit to Responsible AI Development and Use
The AI policy must include a commitment to responsible development and use of AI.
ISO42001-5.2-04
Requirement
Commit to Continual Improvement
The AI policy must include a commitment to continual improvement of the AI management system.
ISO42001-5.2-05
Requirement
Address Key AI Topics in Policy
The AI policy must address topics such as transparency, fairness, accountability, safety, privacy, and security of AI sy
ISO42001-5.2-06
Documentation
Document AI Policy
The AI policy must be available as documented information.
ISO42001-5.2-07
Transparency
Communicate AI Policy Within Organization
The AI policy must be communicated within the organization.
ISO42001-5.2-08
Transparency
Make AI Policy Available to Interested Parties
The AI policy must be made available to relevant interested parties as appropriate.
Article 5.3. Roles, responsibilities and authorities
5 obligations
ISO42001-5.3-01
Requirement
Assign responsibilities and authorities for relevant roles
Top management must assign the responsibilities and authorities for relevant roles within the AI management system
ISO42001-5.3-02
Requirement
Communicate responsibilities and authorities for relevant roles
Top management must communicate the responsibilities and authorities for relevant roles throughout the organization
ISO42001-5.3-03
Requirement
Ensure understanding of responsibilities and authorities
Top management must ensure that the responsibilities and authorities for relevant roles are understood within the organi
ISO42001-5.3-04
Conformity
Assign responsibility for AI management system conformity
Top management must assign responsibility and authority for ensuring that the AI management system conforms to the requi
ISO42001-5.3-05
Reporting
Assign responsibility for AI management system performance reporting
Top management must assign responsibility and authority for reporting on the performance of the AI management system