With the field of artificial Intelligence (AI) continuing to develop and becoming increasingly pervasive throughout our culture and business landscape, the International Organization for Standardization (ISO) has released ISO/IEC 42001:2023, Information technology- Artificial intelligence-Management system Standard.  Published in December 2023, the Standard is aimed at helping organisations responsibly perform their role with respect to AI systems to use, develop, monitor or provide products that utilise AI.  By meeting the requirements of ISO 42001, organisations will be able to generate evidence of responsibility and accountability in respect of AI.

The Standard requires organisations to potentially consider issues such as the use of AI for automatic decision making, the use of data analytics and machine learning to design systems and AI systems performing continuous learning that change behaviour during use.  The Standard addresses topics such as ethical considerations, transparency, fairness and bias, and is applicable across a range of AI applications and contexts.

In time, organisations will be able to certify against ISO 42001, but in the meantime are able to establish, implement, maintain and continually improve an AI management system (AIMS).  ISO 42001 applies the same harmonised structure with clause numbers and titles identical to ISO 27001 and ISO 9001, thereby facilitating integration of management systems.

In comparison to ISO 27001, the main body sets out requirements in the familiar Clauses 4 – 10 format, with reference controls set out in Annex A.  These controls provide references for meeting an organisation’s objectives and addressing risks related to the design and operation of AI systems.  However, unlike ISO 27001, the ISO 42001 Standard includes 3 additional annexes:

Annex B provides implementation guidance in relation to the controls set out in Annex A, while potential organisational objectives, risk sources and descriptions that can be considered when managing risks are outlined in Annex C.   The potential use of an AIMS across domains or sectors are covered within Annexes C and D respectively. Integrating ISO 42001 with standards such as ISO 27001 is also covered in Annex D.

Why URM for ISO 42001?

Track record

While ISO 42001 is a new standard, URM’s extensive experience in supporting organisations conform and certify to existing ISO management system standards, such as ISO 27001 and ISO 22301, means we are uniquely positioned to provide informed and reliable support in helping you meet the requirements of ISO 42001.  Over the last two decades of steady, organic growth as a consultancy and training provider, we have supported over 400 successful ISO certifications without being involved in a single failed certification project.  As such, you can be assured that any guidance you receive from URM is informed by a long history of success stories, and can guarantee the same result for your organisation.  

Tailored solutions

We at URM appreciate that the use and development of AI will never be the same across any two organisations and, therefore, neither will the AIMS.  The unique requirements of your organisation, its industry, size and structure, risk appetite, products and services provided, legal and obligatory requirements, etc. will always shape the approach we take in helping you develop, implement and maintain your AIMS.  Meanwhile, we will ensure the advice and guidance we offer you reflects how you work and your existing culture, enabling you to integrate the AIMS into business-as-usual operations as seamlessly as possible.

Knowledge transfer

One of the most fundamental aspects of the way we work at URM is our ‘real world’ knowledge transfer philosophy. This enables you to benefit from our large team of consultants’ extensive practical experience and knowledge of AI best practice and, ultimately, independently maintain and improve your AIMS by virtue of what you have learned from them, without needing to rely on ongoing consultancy support.