ISO/IEC 42001:2023 AIMS Deepdive

Framework Deepdive

Summary

1. Overview

What ISO 42001 Is

ISO/IEC 42001:2023 is the first international management system standard for Artificial Intelligence. Published in December 2023, it specifies requirements for establishing, implementing, maintaining, and continually improving an AI Management System (AIMS). The standard follows the same Annex SL high-level structure as ISO 27001, ISO 27701, and other ISO management system standards — so Clauses 4 through 10 are familiar to anyone who has run an ISMS.

Who It Applies To

Any organization that provides, develops, deploys, or uses AI systems — regardless of sector or AI maturity. The standard is intentionally framework-agnostic and applies to organizations building generative AI products, integrating third-party AI into a SaaS, deploying AI internally for operations, or operating as a downstream user of AI systems. It is particularly relevant to B2B SaaS firms answering enterprise security and procurement questionnaires that increasingly ask about AI governance.

Outcome

An accredited certification by an ISO 42001 certification body, valid for three years with annual surveillance audits and a recertification audit at the three-year mark — identical certification mechanics to ISO 27001.

ISO 42001 supports but does not replace EU AI Act compliance. The two are complementary: ISO 42001 is a voluntary management system standard; the EU AI Act is binding regulation. ISO 42001 evidence populates much of the documentation expected for an EU AI Act conformity assessment, but a certification body audit is not a conformity assessment. See our EU AI Act service for the regulatory side, and our deep-dive blog post How to integrate ISO 42001 with ISO 27001 without rebuilding your ISMS for the practical case for stacking the two standards.

High-Level Goals and Risk Domains

Govern AI systems with documented accountability and risk-based decisions
Address AI-specific risks: bias, fairness, transparency, explainability, safety, security, environmental impact, human rights
Demonstrate AI governance maturity to enterprise customers and regulators
Provide a defensible baseline for AI deployment, lifecycle management, and incident response

‍

2. Scope & Applicability

Typical In-Scope Elements

AI systems developed, deployed, or used by the organization
Training data sources, data preparation pipelines, and provenance records
Model selection, evaluation, and deployment processes
AI system monitoring, logging, and incident response
People involved in AI development, deployment, and oversight
Third-party AI vendors and model providers (foundation model APIs, AI tooling)
Use cases identified as high-risk or sensitive

Common Out-of-Scope Elements

Conventional software not using machine learning or AI techniques
Internal corporate systems unrelated to AI use cases
Statistical analytics not classified as AI under the organization's policy

Roles ISO 42001 Recognizes

The standard distinguishes roles in the AI value chain. An organization can occupy more than one role for different AI systems:

AI provider — develops AI systems and offers them to others
AI producer — develops AI systems for internal use
AI user — uses AI systems supplied by others
AI customer — procures AI systems from providers
AI partner — supplies components, data, or services to the AI value chain
AI subject — the individual or group affected by AI decisions

Scope and applicability decisions cascade from these roles. An AI user has lighter obligations than an AI provider. The Statement of Applicability records which Annex A controls apply for the roles the organization holds.

Assumptions and Dependencies

An information security baseline exists or is being implemented (ISO 27001 is the most common foundation)
Data governance is mature enough to record provenance and lineage
Engineering practices include version control, change tracking, and reproducibility
Senior accountability for AI governance is named (Head of AI Governance, CISO with AI mandate, or DPO with AI extension)

‍

3. Core Principles

ISO 42001 builds on common AI governance principles consistent with the OECD AI Principles, the NIST AI Risk Management Framework, and emerging regulation:

Accountability — clear ownership of AI systems, decisions, and outcomes
Transparency and explainability — appropriate disclosure about AI use and decision logic
Fairness — managing bias across model lifecycle, including data, training, evaluation, and deployment
Safety and security — preventing harm from AI systems, including adversarial misuse
Privacy — handling personal data in AI systems consistent with privacy law and ISO 27701 if applicable
Human oversight — humans in the loop where the risk profile demands it
Reliability and robustness — AI performs as intended across deployment conditions
Lifecycle accountability — governance across the full AI system lifecycle, including retirement

‍

4. Control Breakdown (ISO 42001 Annex A)

Annex A of ISO 42001:2023 contains 38 controls organized into nine control areas (A.2 through A.10). Annex B provides implementation guidance for each control. The Statement of Applicability lists each control with an applicability decision and justification.

A.2 — Policies Related to AI

An AI policy document (or set of integrated policies) covering the organization's commitments, principles, and the AI management system scope. Often integrated into an existing information security policy with AI-specific sections.

A.3 — Internal Organization

Roles, responsibilities, and reporting lines for AI governance. Includes the named senior owner, the cross-functional governance forum, and the escalation path for AI risk decisions.

A.4 — Resources for AI Systems

People, infrastructure, tooling, data, and budget. Documents what is provisioned and the lifecycle of each resource category — including model lifecycle resources distinct from conventional IT resources.

A.5 — Assessing Impacts of AI Systems

The AI System Impact Assessment. Performed per AI system in scope and documented as the central impact artifact, parallel to but distinct from the risk assessment. Required by Clause 6.1.4. See our Risk Assessment service for the underlying methodology.

A.6 — AI System Lifecycle

Controls spanning objectives, design and development, verification and validation, deployment, operation, monitoring, technical documentation, event logging, and decommissioning. Evidence includes model cards, evaluation reports, deployment runbooks, monitoring dashboards, and retirement procedures.

A.7 — Data for AI Systems

Data acquisition, data quality, data provenance, and data preparation specific to AI training and inference. Extends but does not duplicate ISO 27001 controls on information handling.

A.8 — Information for Interested Parties of AI Systems

Disclosure controls — what is communicated to users, AI subjects, regulators, and other stakeholders about the AI systems in operation. Maps closely to transparency obligations in the EU AI Act.

A.9 — Use of AI Systems

Controls governing how AI systems are used in practice: intended use, foreseeable misuse, operational boundaries, monitoring obligations on AI users.

A.10 — Third-Party and Customer Relationships

Supplier and customer arrangements for AI. Extends supplier management with AI-specific due diligence: model provenance, training data origin, performance claims, intellectual property in AI outputs, and AI-specific contractual terms.

‍

5. Minimum Requirements (Non-Negotiable)

Mandatory Documents

AI Management System scope statement
AI policy (standalone or integrated with information security policy)
AI risk assessment methodology including AI-specific risk types (bias, fairness, safety, transparency, environmental, human rights)
AI risk register
AI System Impact Assessment per AI system in scope (Clause 6.1.4)
Statement of Applicability listing all 38 Annex A controls with applicability and justification
Roles and responsibilities matrix
AI system inventory
Model cards or equivalent technical documentation per in-scope AI system
Training data inventory with provenance and quality records
Internal audit plan and management review records

Mandatory Processes

Risk assessment including AI-specific risk types
AI System Impact Assessment per AI system, refreshed at material changes
Internal audit covering all clauses and applicable Annex A controls annually
Management review at least annually
Incident reporting and post-incident analysis specific to AI events
AI system lifecycle controls active across all in-scope systems

Recurrence

Annual risk assessment refresh
AI System Impact Assessment per AI system at design and at material change
Continuous AI system monitoring with documented thresholds
Annual internal audit
Annual management review
Continuous bias monitoring on production AI systems where applicable

‍

6. Technical Implementation Guidance

AI System Inventory

Document every AI system in operation with intended use, AI role(s) you hold, data inputs, model provenance, deployment environment, and named owner
Include third-party AI integrations (foundation model APIs, embedded AI features in SaaS)

Model Cards and Technical Documentation

Maintain a model card per AI system covering intended use, training data, evaluation results, known limitations, and human oversight requirements
Version model cards as models change

Evaluation and Validation

Evaluate models pre-deployment against defined performance, fairness, robustness, and safety metrics
Document results in the model card and retain evidence
Re-evaluate on retraining, on material data drift, and on incidents

Monitoring

Production monitoring for model performance, drift, bias indicators, and operational metrics
Alerting thresholds defined per system and reviewed
Incident playbooks for AI-specific events (model degradation, jailbreak, prompt injection, adversarial input, hallucination at scale)

Data Governance

Provenance records for training data, including consent or lawful basis where applicable
Data quality controls — duplicate detection, drift detection, sensitive-attribute handling
Retention and disposal aligned with privacy obligations (link to GDPR Compliance service if personal data is in training)

Integration with ISO 27001 and ISO 27701

Reuse identity, access, change, and incident processes already in the ISMS
Extend the supplier process with AI-specific due diligence
For services handling personal data in AI: extend ISO 27701 PIMS controls into the AI lifecycle

‍

7. Policy & Procedure Requirements

Typical documents include:

AI Policy (or integrated information security and AI policy)
AI Risk Management Procedure
AI System Impact Assessment Procedure
AI System Lifecycle Procedure (objectives, design, development, evaluation, deployment, operation, decommissioning)
AI Data Governance Procedure (acquisition, provenance, quality, preparation)
AI Incident Response Procedure
Third-Party AI Risk Procedure
Model Documentation Standard (model card template, evaluation report template)
Statement of Applicability for ISO 42001 Annex A

For organizations holding ISO 27001, all of these extend the existing ISMS rather than replace it. The integration approach is covered in detail in our ISO 42001 + ISO 27001 integration deep dive.

‍

8. Audit Evidence & Verification

Mandatory Artifacts

AIMS scope statement and AI policy
AI risk methodology, register, and treatment plan
AI System Impact Assessment per system, signed and dated
Statement of Applicability with all 38 Annex A controls addressed
AI system inventory with current owners and intended use
Model cards / technical documentation
Training data records with provenance and quality evidence
Evaluation reports per model release
Monitoring dashboards and incident records
Internal audit reports and management review minutes

What Certification Body Auditors Test

Clauses 4–10 — applied to AIMS scope
Each applicable Annex A control — design and operation
Evidence that AI System Impact Assessments are performed and refreshed
Evidence of internal audit completion across the cycle
Evidence of management review with documented outputs

Common Remediation Items

Risk register treats AI risks as security risks only — bias, fairness, and societal impact missing
AI System Impact Assessment not performed, or treated as a single org-wide document instead of per-system
Statement of Applicability lists Annex A controls as "applicable" but evidence repository points to security artifacts
Model cards are inconsistent or missing for production AI
Third-party AI use not inventoried (foundation model APIs, embedded AI in SaaS)

‍

9. Implementation Timeline Considerations

Typical Duration

Starting from a mature ISO 27001 ISMS: 4–6 months to readiness, plus the certification audit timeline (typically Stage 1 + Stage 2 over 6–10 weeks)
Starting from no prior management system: 9–12 months, since ISO 42001 assumes underlying information security capability that ISO 27001 provides

Milestones

Scoping — define AIMS scope, AI roles held, in-scope AI systems
Gap assessment against Clauses 4–10 and Annex A
Risk methodology extension or design
AI System Impact Assessments per AI system in scope
Policy and procedure development
Statement of Applicability
Annex A control implementation
Evidence collection
Internal audit
Management review
Stage 1 certification audit
Stage 2 certification audit and certificate

Dependencies

Senior accountability named (Head of AI Governance / CISO / DPO with AI mandate)
AI system inventory complete
Certification body accredited for ISO 42001 (not all are yet — confirm with your existing cert body)
Engineering practices support reproducibility and model versioning

‍

10. Ongoing BAU Requirements

AI System Impact Assessment refresh on new AI systems and on material changes
Continuous AI system monitoring with documented thresholds
Quarterly AI governance forum reviewing risks, incidents, and lifecycle decisions
Annual internal audit covering Clauses 4–10 and Annex A
Annual management review
Continuous model documentation maintenance as models change
Continuous third-party AI risk monitoring
Annual training on AI governance and ethics for relevant roles

‍

11. Maturity Levels

Minimum Compliance

AIMS documented but lightly integrated with the rest of the business
AI System Impact Assessments produced reactively at audit time
Model documentation inconsistent across AI systems
Annex A controls implemented but not automatically evidenced

Intermediate

AI governance integrated with ISMS rhythms (single management review, single audit cycle)
AI System Impact Assessment template applied consistently across all in-scope systems
Model cards versioned alongside model releases
Continuous monitoring with documented thresholds and on-call response

Advanced

AI risk fully integrated into enterprise risk management
Real-time bias and drift monitoring with auto-rollback
AI evidence captured automatically through MLOps tooling
Integrated ISO 27001 + ISO 27701 + ISO 42001 evidence and audit cycle

‍

12. FAQs

Can I get ISO 42001 certified without ISO 27001?

Yes, ISO 42001 is a standalone management system standard. In practice, almost all organizations pursuing ISO 42001 either already hold ISO 27001 or are pursuing both. Many Annex A controls in ISO 42001 assume an underlying information security baseline that ISO 27001 provides; standalone ISO 42001 typically ends up re-creating that baseline under different labels.

How long does ISO 42001 take if we have ISO 27001?

For an organization with a mature ISMS, expect 4–6 months of additional work to reach ISO 42001 readiness, plus the certification audit cycle. Most of the procedural backbone is reused; new effort concentrates in Clause 6.1.4 (AI System Impact Assessment) and Annex A controls without ISO 27001 analogs (model lifecycle, data provenance for AI, transparency disclosures).

Does ISO 42001 satisfy the EU AI Act?

ISO 42001 supports EU AI Act compliance but does not satisfy it on its own. The EU AI Act requires conformity assessment for high-risk AI systems under Article 43, which is a regulatory process distinct from ISO 42001 certification. ISO 42001 evidence reduces the gap to EU AI Act readiness, but a certification body audit is not a conformity assessment. See our EU AI Act service for the regulatory path.

Do we need ISO 42001 if we only use third-party AI (not develop our own)?

Possibly. ISO 42001 recognizes the AI user role, and obligations are lighter than for AI providers but not absent. An AI user must still inventory the AI systems they use, manage third-party risk, monitor for incidents, and operate within the AI provider's intended use boundaries. Enterprise customers increasingly ask AI users for governance evidence in security questionnaires.

What auditors are qualified to audit ISO 42001?

An expanding number of certification bodies have accredited ISO 42001 schemes, but accreditation varies by national accreditation body and cert body. Confirm with your existing ISO 27001 certification body whether they offer ISO 42001 audits and whether their auditors carry the required competencies. If not, decide early whether to wait or switch.

What's the AI System Impact Assessment, and how is it different from a DPIA?

The AI System Impact Assessment (required by Clause 6.1.4) is a parallel artifact to the risk assessment, focused on the consequences of an AI system for individuals, groups, and society. It is closer in shape to a GDPR Article 35 DPIA than to a security risk assessment, but distinct from both. Output is documented evaluation of impacts — not just risks — including intended use, foreseeable misuse, and stakeholder views.

How many controls does ISO 42001 Annex A have?

38 controls organized into 9 areas (A.2 through A.10). All 38 are addressed in the Statement of Applicability — each is either applied, marked not applicable with justification, or marked as inherited from a parent organization.

What's Annex B for?

Annex B provides implementation guidance for each Annex A control. It is informative rather than normative — useful for implementation teams designing the controls, less critical at audit time than the Annex A control statements themselves.

Do we need separate management review meetings for ISO 27001 and ISO 42001?

No. An integrated management system runs one management review meeting covering both standards. The agenda template extends to include both ISMS-specific items (security objectives, incidents, audit findings) and AIMS-specific items (AI management objectives, AI system performance, AI risks, impact assessment outcomes). This is one of the larger time savings of the integrated approach — covered in our integration deep dive.

What does ISO 42001 certification cost?

Two components. The certification body audit typically runs $20,000–$60,000 for Stage 1 and Stage 2 combined, depending on scope and the number of AI systems. Consulting and remediation costs depend on the gap from current state to readiness — scoped after the initial gap assessment.

‍

13. Summary

ISO 42001 provides a structured, certifiable framework for governing AI systems through their lifecycle. Success requires defining a realistic AIMS scope, extending the risk methodology with AI-specific risk types, performing AI System Impact Assessments per system, implementing the applicable Annex A controls, and integrating governance with the rest of the management system.

For B2B SaaS firms already holding ISO 27001, ISO 42001 is best implemented as a structural extension of the existing ISMS, not as a parallel system. The integration decision in the first two weeks shapes the next six months — done correctly, you run one risk process, one audit cycle, and one Statement of Applicability covering both standards.

To scope an engagement, book a call from the ISO 42001 consulting service page, or talk to us about combining ISO 42001 with ISO 27001, ISO 27701, and EU AI Act readiness. For the full integration argument, see our deep-dive blog post How to integrate ISO 42001 with ISO 27001 without rebuilding your ISMS.

‍

Share this post