Unit 1 of 4

2.1 — What is ISO/IEC 42001?

ISO/IEC 42001:2023, published in December 2023, is the world's first international management system standard for Artificial Intelligence. It specifies requirements for establishing, implementing, maintaining, and continually improving an AI Management System (AIMS) within an organization.

◆AI Management System (AIMS)

An AIMS is a set of interrelated or interacting elements of an organization that establishes policies, objectives, and processes to achieve those objectives in relation to the responsible development, provision, or use of AI systems. It provides the organizational structure for governing AI throughout its lifecycle.

The standard follows the Harmonized Structure (HS) common to all ISO management system standards (like ISO 27001, ISO 9001), making it straightforward to integrate into existing management systems. It uses the Plan-Do-Check-Act (PDCA) cycle as the foundation for continual improvement.

Plan-Do-Check-Act (PDCA) Cycle

PLAN

Establish objectives, policies, and processes. Conduct risk assessments. Define the AIMS scope.

→

Implement the planned processes. Apply Annex A controls. Manage AI lifecycle activities.

→

CHECK

Monitor, measure, audit, and review performance. Evaluate AIMS effectiveness.

→

ACT

Address nonconformities. Take corrective actions. Drive continual improvement.

↩

ISO 42001 is certifiable — organizations can undergo third-party audits to achieve certification, demonstrating to stakeholders, regulators, and customers that they manage AI responsibly. Certification is conducted by accredited certification bodies and is valid for three years with annual surveillance audits.

The standard applies to any organization that provides or uses AI — regardless of size, type, or sector. It covers the entire AI lifecycle from conception through decommissioning.

ISO AI Standards Landscape

Dec 2023

ISO/IEC 42001 Published

First international AI management system standard (certifiable).

2023

ISO/IEC 23894

Guidance on AI risk management — complements 42001 with detailed risk processes.

2022

ISO/IEC 38507

Governance implications of AI — guidance for governing bodies.

2023–2024

ISO/IEC 42005, 42006

AI impact assessment (42005) and requirements for certification bodies auditing AIMS (42006).

Ongoing

ISO/IEC 5338, 5339

AI lifecycle processes (5338) and AI risk taxonomy (under development).

Key Points

First international AI management system standard (December 2023)

Certifiable — third-party audits available

Follows Harmonized Structure (compatible with ISO 27001, 9001)

Uses Plan-Do-Check-Act cycle

Covers full AI lifecycle

Part of a broader family of ISO AI standards

CREATE YOUR CHARACTER ON THE PREP INDEX PAGE TO UNLOCK CHALLENGES

← Module overview Next unit →