Understanding the Organization and Its Context
The organization shall determine external and internal issues relevant to its purpose and its ability to achieve the intended outcomes of its AI management system.
International standard for AI management systems that provides requirements for establishing, implementing, maintaining and continually improving AI management within organizations.
ISO/IEC 42001 is an international standard specifying requirements for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS) within organizations.
Key provisions and requirements of ISO 42001.
The organization shall determine external and internal issues relevant to its purpose and its ability to achieve the intended outcomes of its AI management system.
The organization shall define and document the scope of the AI management system, including its applicability and boundaries.
The organization shall establish, implement, maintain and continually improve an AI management system.
Top management shall demonstrate leadership and commitment with respect to the AI management system and its effectiveness.
Top management shall establish an AI policy that is appropriate to the organization and supports its AI objectives.
Top management shall assign roles, responsibilities and authorities for the AI management system.
The organization shall establish and maintain an AI risk assessment process covering risk identification, analysis and evaluation.
The organization shall establish and maintain an AI risk treatment process, including selecting and implementing the necessary controls.
The organization shall conduct AI system impact assessments that address potential impacts on individuals, groups and society.
The organization shall ensure the competence of people working under its control, based on education, training or experience.
The organization shall determine the internal and external communications relevant to the AI management system.
The organization shall plan, implement and control the processes needed for the AI management system so that outputs meet requirements.
The organization shall perform AI risk assessments at planned intervals and when significant changes occur.
The organization shall determine the monitoring, measurement, analysis and evaluation needed to ensure conformity and effectiveness.
The organization shall conduct internal audits at planned intervals to provide information about the AI management system.
The organization shall review the AI management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness.
The organization shall continually improve the suitability, adequacy and effectiveness of the AI management system.
The organization shall address nonconformities by correcting them, dealing with the consequences and preventing recurrence.