Compliance Resource

ISO/IEC 42001 Compliance Checklist

The world's first AI Management System (AIMS) standard. Use this checklist to assess your organization's readiness for ISO 42001 certification.

What is ISO/IEC 42001?

ISO/IEC 42001:2023 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations.

It provides a systematic approach to managing AI-related risks while ensuring the responsible development and use of AI systems. The standard is designed to be compatible with other ISO management system standards like ISO 27001.

Main Clauses Checklist

ISO 42001 follows the high-level structure (HLS) common to all ISO management system standards.

4

Context of the Organization

Understanding the organization and its context
Understanding the needs and expectations of interested parties
Determining the scope of the AIMS
AI management system
5

Leadership

Leadership and commitment
AI policy
Organizational roles, responsibilities and authorities
6

Planning

Actions to address risks and opportunities
AI objectives and planning to achieve them
AI risk assessment
AI risk treatment
7

Support

Resources
Competence
Awareness
Communication
Documented information
8

Operation

Operational planning and control
AI system impact assessment
AI system life cycle processes
Third-party and customer relationships
9

Performance Evaluation

Monitoring, measurement, analysis and evaluation
Internal audit
Management review
10

Improvement

Continual improvement
Nonconformity and corrective action

Annex A Controls

Annex A provides a reference set of AI-specific controls that organizations can select based on their risk assessment.

A.2 - AI Policies

AI policy
Review of AI policies

A.3 - Internal Organization

Roles and responsibilities
Segregation of duties
Contact with authorities

A.4 - Resources for AI Systems

Resources for AI development
Resources for AI operation
Competence management

A.5 - Assessing Impacts

AI system impact assessment
Documentation of impact assessment
Review of impact assessment

A.6 - AI System Life Cycle

Design and development
Verification and validation
Deployment
Operation and monitoring
Retirement

A.7 - Data for AI Systems

Data quality
Data provenance
Data protection

A.8 - Information for Interested Parties

Transparency
Explainability
Communication

A.9 - Use of AI Systems

Appropriate use
Human oversight
Monitoring in production

A.10 - Third-Party Relationships

Third-party assessment
Agreements with third parties
Monitoring third parties

Benefits of ISO 42001 Certification

Regulatory Alignment

Demonstrate compliance with emerging AI regulations globally

Risk Management

Systematic approach to identifying and managing AI risks

Trust & Transparency

Build stakeholder confidence in your AI practices

Competitive Advantage

Differentiate your organization as a responsible AI leader

Operational Excellence

Improve AI development and deployment processes

Integration

Seamlessly integrate with ISO 27001 and other standards

Track Your ISO 42001 Compliance

AI-Guard Lite provides automated tracking of ISO 42001 controls, gap analysis, and evidence collection for certification audits.

Start Free Trial