Customer Support: +1 416-401-8730

Login to i2i Subscription Intertek.com
  • Shopping Cart
    There are no items in your cart
Please enter a keyword to search
Advanced search
Home
Resources
Blog
Understanding ISO 42001:2023
5 min read

Understanding ISO/IEC 42001:2023

ISO 42001:2023 is the world’s first artificial intelligence management system standard that provides a framework to develop, manage and continuously improve artificial intelligence management systems (AIMS) that can be independently certified for assurance purposes. ISO 42001’s scope is broad, encompassing all AI systems, including machine learning, deep learning, natural language processing, and computer vision.
Topics: Information and Communication Technology Standards

lady pointing at a computer screen

By providing a framework for AIMS, ISO 42001 helps organisations of all sizes and sectors reduce risk factors, build trust, and safely and ethically realise opportunities associated with AI.

Intertek Inform is a trusted distribution partner of ISO Standards and provides easy online access to ISO/IEC 42001:2023 and identical international equivalents, such as AS ISO/IEC 42001:2023.

 


Background and Development of ISO 42001:2023

ISO 42001 was developed to address the need for a Standard framework for the safe and ethical development of AI systems. ISO 42001 encourages and guides responsible AI development and use throughout the world while addressing ethical considerations, data privacy and security risks.

ISO 42001 is supported by several Standards (developed before the release of ISO 42001). These international Standards will be helpful in the development of AIMS:

ISO/IEC 23894:2023 - Artificial Intelligence - Guidance on risk management 

ISO/IEC 38507:2022 - Governance implications of the use of AI

ISO/IEC 22989:2022 - Artificial Intelligence concepts and terminology

 


Key Organisations Involved

The ISO 42001 Standard was first published in December 2023 through the collaborative efforts of key organisations in the international Standard community. A joint committee between ISO and IEC, known as the ISO/IEC JTC 1, facilitated this collaboration.

Member bodies of the joint committee include representatives from producers, governmental and public agencies, academia, businesses and experts from diverse fields, including information security, privacy, quality management, and AI ethics. This diversity of members gives an open and balanced representation in Standards development.

 


Core Components and Requirements of ISO/IEC 42001:2023

ISO 42001 contains several core components and compliance requirements for developing and effectively managing AI systems. ISO 42001 introduces specific safeguards tailored to the unique characteristics of AI systems throughout the AI system lifecycle.

 


Main Components

The primary components of the ISO 42001 Standard are:

  • Risk-Based Approach to AI Management: A comprehensive risk assessment is included to identify and reduce risk throughout the AI lifecycle.
  • Impact Assessment of AI Systems: To evaluate the consequences of the AI system, intended or otherwise, on individuals and society.
  • Unique Safeguards for AI Systems:  Safeguards are included throughout the AI system lifecycle, tailored to the unique characteristics of AI systems. These safeguards protect AI systems and users of AI systems against threats.
  • Quality assurance of AI Systems: By harmonising with Standards like ISO 27001, ISO 9001, and ISO 27701, ISO 42001 promotes a comprehensive approach to organisation governance and compliance across multiple domains.
  • Environmental considerations of AI Systems: To identify and address any potential impact of AI technologies on the environment.

 


Compliance Requirements

ISO 42001 is structured to enable conformity assessment, which means organisations can attain compliance certification for this Standard. While presently optional for AIMS, specific applications, such as high-risk applications for chatbots and facial recognition systems, may need mandatory accreditation in the future.

 

To comply with the ISO 42001 Standard, organisations need to:

  • Demonstrate transparency in AI operations: Stakeholders must be informed about the functionality and limitations of the AI system. For instance, a company using AI for customer service must communicate how the AI interacts with customers and the data it collects.
  • Commit to continuous learning: To ensure AI systems continue to work safely and ethically​​, organisations must monitor and manage changes in AI behaviour through reviews, impact assessments, and updates to safety controls. 
  • Demonstrate rigorous data governance practices: To ensure compliance with data protection legislation, organisations must ensure robust data collection, data storage, and data processing.
  • Consider environmental impact: Organisations must address the impact of AI systems on the environment and promote sustainable practices in AI development and usage.

 

To reach ISO 42001:2023 compliance, organisations should:

  • Conduct a gap analysis: Identify changes needed by reviewing current practices against ISO 42001.
  • Develop an AIMS: Integrate the with your organisational processes, ensuring continuous improvement and alignment with Standards.
  • Implement Ethical AI Practices: Develop policies and procedures to address AI ethics, data protection, and privacy.
  • Conduct audits and risk assessments: Continually assess AI systems for potential risks and impacts on individuals and society.
  • Establish documentation and record-keeping processes and prepare for the external certification audit.

 


Benefits of Implementing ISO 42001:2023

Implementing ISO 42001 demonstrates your organisation's commitment to secure and ethical AI. Organisations can also benefit from:

  • Improved trust and transparency: Organisations can build consumer trust. by ensuring AI systems are used responsibly and ethically, 
  • Fair and ethical use: Organisations can align systems with society's values and legislation by ensuring their AIMS deal with bias and unfair practices.
  • Improved data quality and security: Organisations can improve data quality and protect sensitive information from breaches and unauthorised access​​. 
  • Ease of compliance with other Standards and legislation: Organisations can reduce the complexity and cost of managing multiple Standards and legislation.​

 

team meeting with two people facing the screen an one person presenting

 

How Intertek Inform provides access to ISO/IEC 42001:2023

Intertek Inform helps organisations navigate the complexities of AIMS and achieve compliance with ISO 42001 through easy access to Standards information through our online store and subscription service.

On our website, you can purchase individual ISO/IEC 42001:2023 in digital PDF or printed (hardcopy) formats. Or you may wish to manage your Standards with i2i, our secure, configurable, cloud-based platform, made available through our subscription service


Tailored Access to Information through i2i

i2i helps organisations access the necessary Standards to comply with ISO 42001 and other relevant Standards by providing tailored access to Standards information. Your organisation can get unlimited customised Standards collections to suit specific roles, projects, and departments, as well as publications made available in multiple product formats. Our platform integrates into your organisational workflows to provide real-time updates and insights.



Conclusion

In a rapidly evolving environment, ISO 42001 addresses the international need for a governance framework to develop and manage AIMS. ISO 42001 balances innovation with responsibility by effectively identifying and managing AI-associated risks.

ISO 42001 is relevant for any organisation developing an in-house AI system or buying and using a third-party AI platform or application. With ISO 42001 accreditation, organisations can get to market faster, build consumer trust, and improve their product or service quality.

Ready to transform your Standards Management?
Let's chat