ISO/IEC 42001

What is ISO/IEC 42001?

ISO/IEC 42001 is an international standard that provides a governance framework for implementing and continually improving artificial intelligence management systems.

An AI management system (AIMS) is a set of interrelated, risk-based processes and controls for responsibly developing, acquiring, implementing, and maintaining artificial intelligence technology and services to meet organizational goals and objectives.

Once an organization has successfully implemented an AI management system, it can be audited by a third party and (hopefully) receive a certification that verifies the organization’s compliance with the ISO/IEC 42001 standard.

The certification can be used to validate the organization’s commitment to the principles of responsible AI and facilitate compliance with other AI standards and legal frameworks.

ISO/IEC 42001 was developed by the International Organization for Standardization in conjunction with the International Electrotechnical Commission (ISO/IEC) and was published in December 2023.

Techopedia Explains

ISO/IEC 42001 is important because it is the first internationally recognized, certifiable standard for AI management systems (AIMS).

The standard is part of a broader suite of ISO/IEC standards for AI governance, including:

• ISO/IEC 22989: Establishes a common language for discussing AI by standardizing definitions for key AI concepts.
• ISO/IEC 23894: Provides guidance for identifying, assessing, and managing the risks associated with AI development and use.
• ISO/IEC 38507: Provides guidance for the governing body of an organization that is using, or is considering using artificial intelligence.

Benefits

The ISO 42001 standard provides organizations of all sizes (and in every industry) with a common language and standardized approach for developing, implementing, and managing AI systems.

An effective AI management system provides structured directions for establishing objectives, processes, and controls for AI and machine learning (ML) in accordance with the organization’s goals and objectives.

Once an organization establishes its own AI management system, it will be able to do the following things more efficiently and consistently:

• Implement and integrate processes and controls for responsible AI.
• Measure how effectively the organization is balancing AI governance with innovation.
• Facilitate communication and engagement with relevant stakeholders.
• Continuously improve AI risk management.
• Meet the requirements of the ISO/IEC 42001 standard.

ISO 42001 Structure

The ISO/IEC 42001 standard includes clauses for management best practices and system-level AI controls. (System-level controls  are mechanisms implemented at the software or hardware level.)

The framework uses a “proven management systems approach” based on the systems theory of management.

Key characteristics of this approach include:

Plan-Do-Check-Act (PDCA) Cycle: Uses an iterative process that proactively plans for changes and improvements. Also known as the Deming Cycle.

Continuous Improvement: Encourages a culture where employees and other stakeholders at all levels are actively engaged in suggesting and implementing improvements. Also known as kaizen.

Risk Management: Involves the identification, assessment, and mitigation of risks to ensure the stability and reliability of the system.

Record Keeping: Facilitates AI transparency and accountability by encouraging documentation for all AI and ML-related processes, procedures, purchases, and changes.

Integration with Organizational Goals: Aligns the AI management system with the organization’s broader goals, objectives, and values.

Stakeholder Involvement: Facilitates engagement and communication among all relevant stakeholders, including suppliers.

Compliance with Legal and Regulatory Requirements: Aligns efforts for quality management with applicable laws, regulations, and industry standards.

Early Adopters

ISO/IEC 42001 is still new and evolving, but early adopters are beginning to implement the standard. Here are some notable examples:

• AI Clearing is the first technology company to obtain ISO/IEC 42001 certification. According to Michael Mazur, CEO and Co-Founder of AI Clearing, the construction software company is using its certification as a competitive advantage that proves the company’s AI models are trustworthy, thoroughly validated, and verified before release.
• Amazon Web Services (AWS) has collaborated on ISO 42001’s development and is currently in the process of implementing the standard.
• Google SAIF (Secure AI Framework) is designed to complement the NIST AI Risk Management Framework as well as the ISO/IEC 42001 AI Management System Standard.

How To Purchase The ISO/IEC 42001 Standard

ISO/IEC 42001 is available for purchase at the American National Standards Institute (ANSI) and ISO web stores for about $225.00. It can also be purchased as part of an AI standards package that also includes ISO/IEC 22989 and ISO/IEC 23894.

FAQs