Scribd
Upload
235 views62 pages

Iso 42001

Uploaded by

kravchenko.dreamteam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
235 views62 pages

Iso 42001

Uploaded by

kravchenko.dreamteam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 62

INTERNATIONAL ISO/IEC

STANDARD 42001

First edition
2023-12

intelligence — Management system

de management

Reference number
ISO/IEC 42001:2023(E)

© ISO/IEC 2023
ISO/IEC 42001:2023(E)

COPYRIGHT PROTECTED DOCUMENT


© ISO/IEC 2023

Website: www.iso.org

ii © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Contents
Foreword..........................................................................................................................................................................................................................................v
Introduction .............................................................................................................................................................................................................................. vi
1 Scope ................................................................................................................................................................................................................................. 1
2 Normative references ..................................................................................................................................................................................... 1
.................................................................................................................................................................................... 1
4 Context of the organization ...................................................................................................................................................................... 5
..................................................................................................... 5
........................................................... 6
....................................................................................... 6
................................................................................................................................................................... 6
5 Leadership .................................................................................................................................................................................................................. 7
.....................................................................................................................................................
........................................................................................................................................................................................................
..............................................................................................................................
6 Planning ........................................................................................................................................................................................................................ 8
.................................................................................................................
........................................................................................................................................................................................
............................................................................................................................................................
................................................................................................................................................................
.............................................................................................................................. 10
.............................................................................................................. 10
........................................................................................................................................................................ 11
7 Support ........................................................................................................................................................................................................................ 11
................................................................................................................................................................................................. 11
............................................................................................................................................................................................ 11
................................................................................................................................................................................................ 12
................................................................................................................................................................................... 12
........................................................................................................................................................... 12
..................................................................................................................................................................................... 12
.............................................................................. 12
.............................................................................................................. 13
8 Operation .................................................................................................................................................................................................................. 13
...................................................................................................................................... 13
............................................................................................................................................................................ 13
............................................................................................................................................................................... 14
................................................................................................................................................ 14
9 Performance evaluation ........................................................................................................................................................................... 14
.......................................................................................... 14
........................................................................................................................................................................................ 14
..................................................................................................................................................................................... 14
...................................................................................................................................... 14
....................................................................................................................................................................... 15
..................................................................................................................................................................................... 15
................................................................................................................................... 15
.................................................................................................................................. 15
10 Improvement......................................................................................................................................................................................................... 15
............................................................................................................................................................... 15
............................................................................................................................. 16
Annex A Reference control objectives and controls ..................................................................................... 17

© ISO/IEC 2023 – All rights reserved iii


ISO/IEC 42001:2023(E)

Annex B Implementation guidance for AI controls ....................................................................................... 21


Annex C Potential AI-related organizational objectives and risk sources .......................46
Annex D Use of the AI management system across domains or sectors .............................49
Bibliography............................................................................................................................................................................................................................. 51

iv © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Foreword

www.iso.org/directives or
).

www.iso.org/iso/foreword.html .

www.iso.org/members.html
.

© ISO/IEC 2023 – All rights reserved v


ISO/IEC 42001:2023(E)

Introduction

vi © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Compatibility with other management system standards

© ISO/IEC 2023 – All rights reserved vii


INTERNATIONAL STANDARD ISO/IEC 42001:2023(E)

Management system

1 Scope

2 Normative references

https://www.iso.org/obp
https://www .org/
3.1
organization

objectives (3.6)

(3.4).

3.2
interested party
person or organization (3.1

© ISO/IEC 2023 – All rights reserved 1


ISO/IEC 42001:2023(E)

3.3
top management
organization (3.1

(3.4

3.4
management system
organization (3.1 (3.5
objectives (3.6 (

3.5
policy
organization (3.1 (3.3)
3.6
objective

( ).

(3.4 organization (3.1


consistent with the AI (3.5

3.7
risk

3.8
process

of the reference.

2 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

3.9
competence

3.10
documented information
organization (3.1

— the (3.4 (

3.11
performance

(
organizations (3.1).

(3.4

3.12
continual improvement
(3.11)
3.13
effectiveness

3.14
requirement

organization (3.1
(3.2

documented information (3.10).

3.15
conformity
requirement (3.14)
3.16
nonconformity
requirement (3.14)
3.17
corrective action
(3.16

© ISO/IEC 2023 – All rights reserved 3


ISO/IEC 42001:2023(E)

3.18
audit
(

organization (3.1

3.19
measurement
(
3.20
monitoring
(

3.21
control
risk ( )

3.22
governing body

3.23
information security

involved.

3.24
AI system impact assessment

4 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

3.25
data quality

1)

3.26
statement of applicability
controls (3.23

4 Context of the organization

4.1 Understanding the organization and its context

[ The

in this document.

1)

© ISO/IEC 2023 – All rights reserved 5


ISO/IEC 42001:2023(E)

6.2

4.2 Understanding the needs and expectations of interested parties

4.3 Determining the scope of the AI management system

4.1
4.2.

4.4 AI management system

6 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

5 Leadership

5.1 Leadership and commitment

5.2 6.2

5.2 AI policy

6.2

.
.

© ISO/IEC 2023 – All rights reserved 7


ISO/IEC 42001:2023(E)

5.3 Roles, responsibilities and authorities

.
.

6 Planning

6.1 Actions to address risks and opportunities

6.1.1 General

4.1 4.2

4.1.

b) how to:

8 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

mentioned in

6.1.2 AI risk assessment

5.2 6.2
6.1.2
6.1.4.

6.1.1

6.1.3 AI risk treatment

process to:

NOTE 1

c) consider the controls from

© ISO/IEC 2023 – All rights reserved 9


ISO/IEC 42001:2023(E)

. The

6.2

6.1.4 AI system impact assessment

(see 6.1.2). A.5 in

6.2 AI objectives and planning to achieve them

5.2

10 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

. Control

controls is provided in .

6.3 Planning of changes

7 Support

7.1 Resources

7.2 Competence

provided in .

© ISO/IEC 2023 – All rights reserved 11


ISO/IEC 42001:2023(E)

7.3 Awareness

5.2

7.4 Communication

7.5 Documented information

7.5.1 General

— the competence of persons.

7.5.2 Creating and updating documented information

12 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

7.5.3 Control of documented information

controlled to ensure:

8 Operation

8.1 Operational planning and control

6.1.3

controls).

provides

8.2 AI risk assessment


6.1.2

© ISO/IEC 2023 – All rights reserved 13


ISO/IEC 42001:2023(E)

8.3 AI risk treatment


6.1.3
effectiveness.

6.1.3

6.1.3

8.4 AI system impact assessment


6.1.4

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

9.2 Internal audit

9.2.1 General

9.2.2 Internal audit programme

14 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

9.3 Management review

9.3.1 General

9.3.2 Management review inputs

9.3.3 Management review results

10 Improvement

10.1 Continual improvement

© ISO/IEC 2023 – All rights reserved 15


ISO/IEC 42001:2023(E)

10.2 Nonconformity and corrective action

16 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Annex A

Reference control objectives and controls

A.1 General

implement their own controls (see 6.1.3).


.

Table A.1 — Control objectives and controls


A.2 Policies related to AI

Topic Control
A.2.2 -

A.2.3 -

A.2.4

A.3 Internal organization


-

Topic Control
A.3.2 -

A.3.3 Reporting of concerns

A.4 Resources for AI systems

Topic Control
A.4.2

A.4.3

A.4.4 Tooling resources

© ISO/IEC 2023 – All rights reserved 17


ISO/IEC 42001:2023(E)

Table A.1 (continued)


A.4.5

A.4.6

A.5 Assessing impacts of AI systems

Topic Control
A.5.2
process -

A.5.3 -
-
od.
A.5.4 -
-

A.5.5

A.6 AI system life cycle

Topic Control
A.6.1.2 Objectives for responsible develop-

A.6.1.3 -

Topic Control
A.6.2.2 - -

A.6.2.3
-

A.6.2.4 -
tion

A.6.2.5

18 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Table A.1 (continued)


A.6.2.6 -
ing

A.7 Data for AI systems


Objective: -

Topic Control
-

methods to be used.
A.8 Information for interested parties of AI systems

Topic Control
- -

A.9 Use of AI systems

Topic Control

Objectives for responsible use of AI

© ISO/IEC 2023 – All rights reserved 19


ISO/IEC 42001:2023(E)

Table A.1 (continued)

A.10 Third-party and customer relationships

Topic Control
A.10.2
-

A.10.3 Suppliers

A.10.4 Customers -

20 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Annex B

Implementation guidance for AI controls

B.1 General
. It

6.1.3).

6.1.3

B.2 Policies related to AI

B.2.1 Objective

B.2.2 AI policy
Control

Implementation guidance

6.1.4).
5.2):

© ISO/IEC 2023 – All rights reserved 21


ISO/IEC 42001:2023(E)

6.1.4

B.2.3 Alignment with other organizational policies


Control

Implementation guidance

Other information

B.2.4 Review of the AI policy


Control

Implementation guidance

B.3 Internal organization

B.3.1 Objective

B.3.2 AI roles and responsibilities


Control

22 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Implementation guidance

perform their duties.

B.3.3 Reporting of concerns


Control

Implementation guidance

4.4

© ISO/IEC 2023 – All rights reserved 23


ISO/IEC 42001:2023(E)

Other information

B.4 Resources for AI systems

B.4.1 Objective

B.4.2 Resource documentation


Control

Implementation guidance

).

Other information

B.4.3 Data resources


Control

24 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Implementation guidance

2)

B.4.4 Tooling resources


Control

Implementation guidance

limited to:

Other information

B.4.5 System and computing resources


Control

2)

© ISO/IEC 2023 – All rights reserved 25


ISO/IEC 42001:2023(E)

Implementation guidance

B.4.6 Human resources


Control

Implementation guidance

B.5 Assessing impacts of AI systems


B.5.1 Objective

B.5.2 AI system impact assessment process


Control

26 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Implementation guidance

— societies.

Other information

© ISO/IEC 2023 – All rights reserved 27


ISO/IEC 42001:2023(E)

process.

B.5.3 Documentation of AI system impact assessments


Control

Implementation guidance

B.5.4 Assessing AI system impact on individuals or groups of individuals


Control

Implementation guidance

28 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Other information

B.5.5 Assessing societal impacts of AI systems


Control

Implementation guidance

Other information

to these instruments?

© ISO/IEC 2023 – All rights reserved 29


ISO/IEC 42001:2023(E)

B.6 AI system life cycle

B.6.1 Management guidance for AI system development

B.6.1.1 Objective

B.6.1.2 Objectives for responsible development of AI system


Control

Implementation guidance
6.2

Other information

B.6.1.3 Processes for responsible design and development of AI systems

Control

30 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Implementation guidance

the following:

B.6.2 AI system life cycle

B.6.2.1 Objective

Control

Implementation guidance

© ISO/IEC 2023 – All rights reserved 31


ISO/IEC 42001:2023(E)

Other information

B.6.2.3 Documentation of AI system design and development

Control

Implementation guidance

Other information

Control

Implementation guidance

32 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

B.6.2.5 AI system deployment


Control

Implementation guidance

B.6.2.6 AI system operation and monitoring

Control

© ISO/IEC 2023 – All rights reserved 33


ISO/IEC 42001:2023(E)

Implementation guidance

metrics.

Other information

F1

34 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

F1

B.6.2.7 AI system technical documentation

Control

Implementation guidance

© ISO/IEC 2023 – All rights reserved 35


ISO/IEC 42001:2023(E)

B.6.2.8 AI system recording of event logs


Control

Implementation guidance

limited to:

36 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Other information

B.7 Data for AI systems

B.7.1 Objective

B.7.2 Data for development and enhancement of AI system


Control

Implementation guidance

B.7.3 Acquisition of data


Control

Implementation guidance

© ISO/IEC 2023 – All rights reserved 37


ISO/IEC 42001:2023(E)

Other information

B.7.4 Quality of data for AI systems


Control

Implementation guidance

Other information
2)

B.7.5 Data provenance


Control

Implementation guidance

B.7.6 Data preparation


Control

Implementation guidance

38 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

series2)

B.8 Information for interested parties


B.8.1 Objective

B.8.2 System documentation and information for users


Control

Implementation guidance

© ISO/IEC 2023 – All rights reserved 39


ISO/IEC 42001:2023(E)

B.8.3 External reporting


Control

Implementation guidance

B.8.4 Communication of incidents


Control

Implementation guidance

40 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Other information

B.8.5 Information for interested parties


Control

Implementation guidance

B.9 Use of AI systems

B.9.1 Objective

B.9.2 Processes for responsible use of AI systems


Control

Implementation guidance

© ISO/IEC 2023 – All rights reserved 41


ISO/IEC 42001:2023(E)

B.9.3 Objectives for responsible use of AI system


Control

Implementation guidance

). The

42 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Other information

B.9.4 Intended use of the AI system


Control

Implementation guidance

B.10 Third-party and customer relationships

B.10.1 Objective

B.10.2 Allocating responsibilities


Control

Implementation guidance

. The
) for the AI

© ISO/IEC 2023 – All rights reserved 43


ISO/IEC 42001:2023(E)

B.10.3 Suppliers
Control

Implementation guidance

for the suppliers.

).

B.10.4 Customers
Control

Implementation guidance

44 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

© ISO/IEC 2023 – All rights reserved 45


ISO/IEC 42001:2023(E)

Annex C

Potential AI-related organizational objectives and risk sources

C.1 General

objectives.

C.2 Objectives

C.2.1 Accountability

C.2.2 AI expertise

C.2.3 Availability and quality of training and test data

C.2.4 Environmental impact

C.2.5 Fairness

persons or groups of persons.

C.2.6 Maintainability

C.2.7 Privacy

46 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

C.2.8 Robustness

C.2.9 Safety

C.2.10 Security

C.2.11 Transparency and explainability

C.3 Risk sources

C.3.1 Complexity of environment

driving).

C.3.2 Lack of transparency and explainability

C.3.3 Level of automation

C.3.4 Risk sources related to machine learning

C.3.5 System hardware issues

C.3.6 System life cycle issues

© ISO/IEC 2023 – All rights reserved 47


ISO/IEC 42001:2023(E)

C.3.7 Technology readiness

48 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Annex D

Use of the AI management system across domains or sectors

D.1 General

D.2 Integration of AI management system with other management system


standards

© ISO/IEC 2023 – All rights reserved 49


ISO/IEC 42001:2023(E)

its objectives.

50 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

Bibliography

chain

2)

and services

AI aided decision making

societal concerns

© ISO/IEC 2023 – All rights reserved 51


ISO/IEC 42001:2023(E)

https:// .org/ DDI 3.3/

https://www.nist .gov/itl/

52 © ISO/IEC 2023 – All rights reserved


ISO/IEC 42001:2023(E)

© ISO/IEC 2023 – All rights reserved

You might also like