Question 1

What is ISO 42001 and who published it?

Accepted Answer

ISO 42001 is the international standard for Artificial Intelligence Management Systems (AIMS), published by the International Organization for Standardization in December 2023. It provides a framework for establishing, implementing, maintaining, and continually improving AI governance within an organisation, applicable to any sector or size.

Question 2

How does ISO 42001 relate to the EU AI Act?

Accepted Answer

ISO 42001 is expected to become a recognised technical standard under the EU AI Act, meaning that certification could be used as evidence of conformity for certain high-risk AI obligations. KaitoSec maintains a live mapping between ISO 42001 controls and EU AI Act requirements, so organisations building an AIMS are simultaneously making progress on regulatory compliance.

Question 3

Can we certify to ISO 42001 like we can with ISO 27001?

Accepted Answer

Yes. ISO 42001 is an auditable management system standard with the same high-level structure as ISO 27001, ISO 9001, and ISO 14001. Third-party certification bodies can perform audits against ISO 42001 and issue certificates. KaitoSec prepares your documentation and evidence to the level required by accredited certification bodies.

Question 4

What is the difference between ISO 42001 and ISO 27001 for AI?

Accepted Answer

ISO 27001 covers information security management broadly and includes controls relevant to AI systems as assets. ISO 42001 is AI-specific and covers AI lifecycle management, impact assessment, responsible AI practices, and AI-specific risk categories that are outside the scope of ISO 27001. KaitoSec supports both standards and cross-maps overlapping controls.

Question 5

What do AI Impact Assessments under ISO 42001 cover?

Accepted Answer

ISO 42001 Annex B defines AI impact categories including impacts on individuals (such as bias and discrimination), society (such as job displacement), and the environment (such as energy consumption). Annex C provides corresponding controls. KaitoSec's impact assessment templates are structured around these annexes and require documented decisions on each impact category for every AI system in scope.

ISO 42001 as the fourth management system, alongside BCMS, ISMS and DSMS

AI Lifecycle Management

AI Risk Management Framework

EU AI Act Pre-Alignment

AI Management System Dashboard

AI Impact Assessment Workflows

Cross-Framework Alignment View

FAQ

Product

Frameworks

Solutions

Services

Resources

Company

Legal