Article 4.1. Understanding the organization and its context

2 obligations

ISO42001-4.1-07 Monitoring

Monitor issues at planned intervals

The organization must monitor the identified external and internal issues at planned intervals to ensure the AI manageme

ISO42001-4.1-08 Monitoring

Review issues at planned intervals

The organization must review the identified external and internal issues at planned intervals to ensure the AI managemen

Article 4.2. Understanding the needs and expectations of interested parties

1 obligation

ISO42001-4.2-03 Monitoring

Monitor interested party requirements

The organization must establish ongoing monitoring of the requirements from interested parties to ensure they remain cur

Article 6.1.1. General (actions to address risks and opportunities)

1 obligation

ISO42001-6.1.1-06 Monitoring

Evaluate Effectiveness of Risk and Opportunity Actions

The organization must evaluate the effectiveness of the actions taken to address risks and opportunities in the AI manag

Article 6.1.4. AI system impact assessment

1 obligation

ISO42001-6.1.4-05 Monitoring

Review impact assessments upon significant changes

Impact assessments must be reviewed when there are significant changes to the AI system or its operational context.

Article 6.2. AI objectives and planning to achieve them

1 obligation

ISO42001-6.2-05 Monitoring

Monitor AI objectives

The organization must establish and implement monitoring processes to track progress and performance against the establi

Article 6.3. Planning of changes

1 obligation

ISO42001-6.3-07 Monitoring

Verify changes achieve intended effect without adverse impact

The organization must verify that implemented changes to the AI management system accomplish their intended purpose and

Article 7.2. Competence

1 obligation

ISO42001-7.2-04 Monitoring

Evaluate effectiveness of competence acquisition actions

The organization must evaluate the effectiveness of actions taken to acquire necessary competence for personnel affectin

Article 8.1. Operational planning and control

1 obligation

ISO42001-8.1-08 Monitoring

Review consequences of unintended changes

The organization must review the consequences of unintended changes to the AI management system.

Article 8.4. AI system impact assessment (operational)

1 obligation

ISO42001-8.4-02 Monitoring

Conduct impact assessments at planned intervals

The organization must perform AI system impact assessments at predetermined, scheduled intervals as part of ongoing moni

Article 9.1. Monitoring, measurement, analysis and evaluation

1 obligation

ISO42001-9.1-01 Monitoring

Determine monitoring and measurement scope for AI management system

The organization must identify and determine what aspects of the AI management system and its AI systems need to be moni

Article 9.2. Internal audit

1 obligation

ISO42001-9.2-01 Monitoring

Conduct internal audits at planned intervals

The organization must conduct internal audits at planned intervals to provide information on whether the AI management s

Article A.2.3. Responsible AI Topics in AI Policy

1 obligation

ISO42001-A.2.3-04 Monitoring

Periodically Review AI Policy for Continued Relevance

The organization must review the AI policy periodically to ensure continued relevance as AI technologies and societal ex

Article A.3.3. Reporting of AI Concerns

1 obligation

ISO42001-A.3.3-07 Monitoring

Track reported AI concerns

The organization must maintain a tracking system for all reported concerns related to AI systems to monitor patterns and

Article A.4.3. Competencies Related to AI Systems

1 obligation

ISO42001-A.4.3-04 Monitoring

Review and update competency requirements as AI evolves

The organization must regularly review and update the identified competency requirements to ensure they remain current a

Article A.6.2.5. Deployment of AI System

1 obligation

ISO42001-A.6.2.5-04 Monitoring

Verify monitoring mechanisms are operational

The organization must verify that monitoring mechanisms are operational before deployment of AI systems.

Article A.6.2.6. Operation and Monitoring of AI System

4 obligations

ISO42001-A.6.2.6-02 Monitoring

Monitor System Performance Metrics

Organizations must implement monitoring that includes tracking of system performance metrics as part of their ongoing AI

ISO42001-A.6.2.6-03 Monitoring

Detect Data Drift and Model Degradation

Organizations must implement monitoring capabilities to detect data drift and model degradation in their AI systems.

ISO42001-A.6.2.6-05 Monitoring

Observe System Behavior in Production

Organizations must implement monitoring to observe AI system behavior while the system is operating in production enviro

ISO42001-A.6.2.6-06 Monitoring

Collect Feedback from Users and Affected Parties

Organizations must implement processes to collect feedback from users and affected parties as part of their AI system mo

Article A.6.2.10. Defined Use and Misuse of AI System

1 obligation

ISO42001-A.6.2.10-05 Monitoring

Monitor for Actual Instances of Misuse During Operation

The organization must establish and maintain monitoring processes to detect actual instances of AI system misuse during

Article A.6.2.11. Management of Third-Party AI System Components

1 obligation

ISO42001-A.6.2.11-05 Monitoring

Monitor Third-Party Component Performance and Compliance

The organization must continuously monitor the performance and compliance of third-party AI components during their oper

Article A.7.3. Data Quality for ML and Data for AI System

2 obligations

ISO42001-A.7.3-03 Monitoring

Implement Data Quality Measurement Processes

The organization must implement processes to measure data quality for ML and AI systems.

ISO42001-A.7.3-04 Monitoring

Implement Data Quality Monitoring Processes

The organization must implement processes to monitor data quality for ML and AI systems on an ongoing basis.

Article A.7.6. Data Provenance

2 obligations

ISO42001-A.7.6-06 Monitoring

Use provenance information for incident investigation

The organization must utilize provenance information to support incident investigation activities related to AI systems.

ISO42001-A.7.6-07 Monitoring

Use provenance information for audit activities

The organization must utilize provenance information to support audit activities related to AI systems.

Article A.9.2. Objectives for Responsible Use of AI System

1 obligation

ISO42001-A.9.2-04 Monitoring

Monitor progress toward achieving objectives

The organization must monitor progress toward achieving the established objectives for responsible use of AI systems.

Article A.9.3. Intended Use of AI System

1 obligation

ISO42001-A.9.3-04 Monitoring

Implement Controls to Detect and Prevent Misuse

The organization must implement controls to detect and prevent use of AI systems outside the defined scope of their inte

Article A.9.4. Processes for Responsible Use of AI System

1 obligation

ISO42001-A.9.4-07 Monitoring

Monitor effectiveness of responsible AI processes

The organization must monitor the effectiveness of the processes for responsible AI use.

Article A.9.5. Human Oversight Aspects

1 obligation

ISO42001-A.9.5-03 Monitoring

Enable monitoring of AI system operation

Human oversight measures must enable qualified individuals to monitor the AI system's operation.

Article A.10.2. Suppliers of AI System Components

1 obligation

ISO42001-A.10.2-08 Monitoring

Monitor supplier performance throughout relationship duration

The organization must continuously monitor supplier performance and compliance with agreed requirements for the entire d