Adopt the new, auditable standard for global AI governance
ISO 42001 is positioned to be the first global auditable standard to enable organizations to demonstrate trustworthiness in their AI systems.
What is ISO 42001?
ISO 42001 is a voluntary standard for organizations to implement an artificial intelligence (AI) management system. Under ISO 42001, an organization’s AI management system sets policies, procedures, and objectives for their AI systems. ISO 42001 is intended to set a baseline governance standard for all AI systems within an organization, rather than focusing on specific types of AI systems (i.e., high-risk AI).
Key Requirements of ISO 42001
Engaged Senior Management
An organization’s senior management is expected to be thoroughly engaged in the process of establishing and updating AI-related policies and procedures.
Planning Regular Reviews
A process must be established to regularly test AI systems, conduct applicable assessments, as well as determine when updates are necessary to AI policies and procedures.
An organization is expected to assess the risks posed by AI systems to individuals, the organization, and society, as well as establish an AI risk treatment process.
AI policies and procedures are expected to be communicated across the organization, as well as clearly communicating roles and responsibilities to all individuals in the organization.
An organization is expected to assess the impact of their AI system’s development and deployment on individuals and society, such as the effects on the legal position or life opportunities of individuals and universal human rights.
Every aspect of the AI management system must be documented and available for review by an organization’s internal and external stakeholders.
Navigate ISO 42001 with Trustible
RISK & IMPACT ASSESSMENTS
Identify, manage, measure, and mitigate potential risks or harms in your AI systems.
Develop and enforce AI policies that protect your organization, users, and society.
Centralize your AI documentation in a single source of truth.
Who is the intended audience?
ISO 42001 was designed for any organization that develops, deploys, and/or uses AI. While the requirements are more prescriptive than other existing AI governance and risk management frameworks, ISO 42001 is meant to be scalable for organizations of any size.
Is this an enforceable standard?
While ISO 42001 is voluntary, it is not uncommon for components of voluntary standards to become legal requirements. Policymakers, especially in the EU, may gravitate towards ISO 42001 as an enforceable standard for AI governance.
How can I comply with ISO 42001?
ISO 42001 includes annexes that map the requirements to a series of controls and implementing guidance. The additional guidance is meant to provide a more granular roadmap for organizations seeking to comply with the standard.