An international standard for AI management systems (AIMS), ISO 42001 follows the Plan-Do-Check-Act structure of other ISO management system standards (like ISO 27001 for information security), making it integrable with existing compliance programs. The standard covers AI system lifecycle management, risk assessment and impact evaluation, data governance, third-party supplier oversight, and 38 specific controls in its annexes. Organizations already certified to ISO 27001 can leverage significant structural overlap.
ISO/IEC 42001
C
R
See: AI governance; Audit; ISO/IEC 27001; NIST AI RMF (AI Risk Management Framework); Risk assessment; SOC 2