ISO/IEC 4200165
ISO/IEC 42001 Annex A controls for AI management system governance, including risk, impact, lifecycle, and third-party AI oversight.
Requirements in this framework
- Acquisition of data
- Actions to address risks and opportunities — General
- AI management system
- AI objectives and planning to achieve them
- AI policy
- AI policy
- AI risk assessment
- AI risk assessment
- AI risk treatment
- AI risk treatment
- AI roles and responsibilities
- AI system deployment
- AI system impact assessment
- AI system impact assessment
- AI system impact assessment process
- AI system operation and monitoring
- AI system recording of event logs
- AI system requirements and specification
- AI system technical documentation
- AI system verification and validation
- Alignment with other organizational policies
- Allocating responsibilities with third parties
- Assessing AI system impact on individuals or groups
- Assessing societal impacts of AI systems
- Awareness
- Communication
- Communication of incidents
- Competence
- Continual improvement
- Customers
- Data for development and enhancement of AI systems
- Data preparation
- Data provenance
- Data resources
- Determining the scope of the AI management system
- Documentation of AI system design and development
- Documentation of AI system impact assessments
- Documented information
- External reporting
- Human resources
- Information for interested parties
- Intended use of the AI system
- Internal audit
- Leadership and commitment
- Management review
- Monitoring, measurement, analysis and evaluation
- Nonconformity and corrective action
- Objectives for responsible development of AI systems
- Objectives for responsible use of AI systems
- Operational planning and control
- Planning of changes
- Processes for responsible AI system design and development
- Processes for responsible use of AI systems
- Quality of data for AI systems
- Reporting of concerns about AI systems
- Resource documentation
- Resources
- Review of the AI policy
- Roles, responsibilities and authorities
- Suppliers of AI system components
- System and computing resources
- System documentation and information for users
- Tooling resources
- Understanding the needs and expectations of interested parties
- Understanding the organization and its context