Framework Guide

ISO 42001

International standard for AI management systems that provides requirements for establishing, implementing, maintaining and continually improving AI management within organizations.

ISO 42001 Overview

ISO/IEC 42001 is an international standard specifying requirements for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS) within organizations.

Key Provisions

Key provisions and requirements of ISO 42001.

4.1

Understanding the Organization and Its Context

The organization shall determine external and internal issues relevant to its purpose and its ability to achieve the intended outcomes of its AI management system.

4.3

Determining the Scope of the AI Management System

The organization shall define and document the scope of the AI management system, including its applicability and boundaries.

4.4

AI Management System

The organization shall establish, implement, maintain and continually improve an AI management system.

5.1

Leadership and Commitment

Top management shall demonstrate leadership and commitment with respect to the AI management system and its effectiveness.

5.2

AI Policy

Top management shall establish an AI policy that is appropriate to the organization and supports its AI objectives.

5.3

Roles, Responsibilities and Authorities

Top management shall assign roles, responsibilities and authorities for the AI management system.

6.1.2

AI Risk Assessment

The organization shall establish and maintain an AI risk assessment process covering risk identification, analysis and evaluation.

6.1.3

AI Risk Treatment

The organization shall establish and maintain an AI risk treatment process, including selecting and implementing the necessary controls.

6.1.4

AI System Impact Assessment

The organization shall conduct AI system impact assessments that address potential impacts on individuals, groups and society.

7.2

Competence

The organization shall ensure the competence of people working under its control, based on education, training or experience.

7.4

Communication

The organization shall determine the internal and external communications relevant to the AI management system.

8.1

Operational Planning and Control

The organization shall plan, implement and control the processes needed for the AI management system so that outputs meet requirements.

8.2

AI Risk Assessment (Operational)

The organization shall perform AI risk assessments at planned intervals and when significant changes occur.

9.1

Monitoring, Measurement, Analysis and Evaluation

The organization shall determine the monitoring, measurement, analysis and evaluation needed to ensure conformity and effectiveness.

9.2

Internal Audit

The organization shall conduct internal audits at planned intervals to provide information about the AI management system.

9.3

Management Review

The organization shall review the AI management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness.

10.1

Continual Improvement

The organization shall continually improve the suitability, adequacy and effectiveness of the AI management system.

10.2

Nonconformity and Corrective Action

The organization shall address nonconformities by correcting them, dealing with the consequences and preventing recurrence.

ISO 42001 Complete Guide | Tynapse AI Regulation