Skip to main content

On-demand webinar coming soon...

Blog

Managing AI compliance with ISO 42001

Get an overview of the world's first AI management system standard and how it impacts your organization

Katrina Dalao
Sr. Content Marketing Specialist, CIPM, CIPP/E
June 5, 2024

Paneled meshed roof surface

With the rise of AI technology, ISO 42001 emerges as the world’s first AI management system standard.

Published in December 2023 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO 42001’s primary focus is to establish an AI management system (AIMS) that mitigates the risks associated with the development, implementation, and management of AI. It sets forth guidelines and requirements for establishing, implementing, maintaining, and continually improving AI management practices.

Key components of ISO 42001 include:

  • Guidelines for ethical Al use and governance, ensuring AI systems are designed, deployed and used responsibly

  • Requirements for transparency and accountability in Al operations, promoting trust among users and stakeholders

  • Standards for risk management processes, specifically addressing the unique risks associated with Al technologies

 

Who needs to comply with ISO 42001 

While ISO standards are voluntary, ISO 42001 is applicable for organizations of any size, type and nature that are involved in developing, providing, or using AI-based products or services. The standard is relevant across all industries, including public sector agencies, corporations, or non-profits.

 

Benefits of ISO 42001 compliance

Certain aspects of AI, such as the lack of transparency in decision-making or its ability to continuously learn and adapt, demand a different approach to effectively managing risk. ISO 42001 was designed to help organizations strike the appropriate balance between AI innovation and governance. Adopting the standard can provide the following key benefits: 

  • Responsible AI: Ensures and demonstrates ethical and responsible use of AI

  • Reputation management: Enhances trust, traceability, transparency, and reliability in AI applications

  • AI governance: Supports compliance with legal and regulatory standards

  • Practical guidance: Identifies and manages AI-specific risks and opportunities

  • Identifying opportunity: Encourages innovation within a structured framework

  • Standards alignment: Ensures consistency with other management system standards related to quality, safety, security, and privacy

 

What sets ISO 42001 apart? 

While ISO 42001 is the first international AI management system standard, there are other frameworks and regulations designed to manage the risk and use of AI within organizations. Here is how ISO 42001 compares to similar standards.

 

ISO vs. NIST AI RMF

ISO 42001 and the NIST AI RMF are two relatively new standards that address security, privacy, and ethical concerns related to the use of AI. However, each offers a distinct approach in how it applies to organizations. 

ISO 42001 focuses on helping organizations that develop, provide, or use AI applications do so responsibly and effectively. It provides an integrated approach and guidance to managing AI projects, covering aspects such as leadership commitment, risk assessment, operational planning, performance evaluation, and continual improvement. 

Organizations can opt to become ISO 42001 certified, which involves an audit by accredited third-party bodies. The certification is valid for three years with annual supervision audits.

The NIST AI RMF takes a broader approach to managing risks and promoting trustworthy AI systems across sectors and stakeholders. It consists of four functions – Govern, Map, Measure, and Manage – and prioritizes reducing threats and mitigating harms through AI systems that are ethical, fair, transparent, and trustworthy. 

While the NIST AI RMF doesn’t offer certifications, many organizations often adopt the framework to enhance their existing AI risk management practices.

 

ISO 42001 vs. other ISO standards

  • ISO has multiple standards designed to help mitigate the risks and maximize the rewards of AI. ISO 22989:2022: Includes terminology for AI and describes concepts in the field of AI

  • ISO 23053:2022: Establishes an AI and machine learning (ML) framework for describing a generic AI system using ML technology

  • ISO 23894:2023: Provides guidance on how organizations that develop, produce, deploy or use products, systems, and services that utilize AI can manage its risks

  • ISO DIS 42005: Although currently in draft stage, this document provides guidance for organizations performing AI system impact assessments for individuals and societies that can be affected by an AI system and its intended and foreseeable applications

What distinguishes ISO 42001 from these standards is that it’s a management system standard (MSS), which includes requirements for policies and procedures not just for specific AI applications, but for comprehensive AI risk management across the entire organization. 

 

How does ISO 42001 compare to the popular ISO 27001? While both standards were developed by the ISO to mitigate organizational risks, they prioritize completely different functions. ISO 42001 is specific to managing AI systems and emphasizes ethical use, transparency, and accountability in AI operations. ISO 27001 focuses on information security management systems, providing a framework for keeping information assets secure.

Download our comprehensive eBook to learn more about ISO 27001.

 

How OneTrust helps

The OneTrust platform includes the latest guidance and out-of-the-box content to help with ISO 42001 compliance. 

Alongside more than 40 other frameworks on our platform, ISO 42001 enables users to take advantage of its overlap with various existing frameworks. Our solution includes assessment questions to help you define the scope, bringing together all relevant policies, controls, implementation guidance, evidence tasks, and other elements needed to demonstrate the design, implementation, and operational aspects of control activities.

Book a demo to learn more.


You may also like

Webinar

AI Governance

From build to buy: Exploring common approaches to governing AI

In this webinar, we'll navigate the intricate landscape of AI Governance, offering guidance for organizations whether they're developing proprietary AI systems or procuring third-party solutions.

July 10, 2024

Learn more

Webinar

Privacy Management

Scaling to new heights with AI Governance

Join OneTrust experts to learn about how to enforce responsible use policies and practice “shift-left” AI governance to reduce time-to-market.

June 25, 2024

Learn more

Webinar

AI Governance

AI Governance Leadership Webinar: Best Practices from IAPP AIGG with KPMG

Join out webinar to hear about the challenges and solutions in AI governance as discussed at the IAPP conference, featuring insights and learnings from our industry thought leadership panel.

June 18, 2024

Learn more

Webinar

AI Governance

Colorado's Bill on AI: Protecting consumers in interactions with AI systems

Colorado has passed landmark legislation regulating the use of Artificial Intelligence (AI) Systems. In this webinar, our panel of experts will review best practices and practical recommendations for compliance with the new law.

June 11, 2024

Learn more

Webinar

AI Governance

Governing data for AI

In this webinar, we’ll break down the AI development lifecycle and the key considerations for teams innovating with AI and ML technologies.

June 04, 2024

Learn more

Report

AI Governance

GRC strategies for effective AI Governance: OCEG research report

Download the full OCEG research report for a snapshot of what organizations are doing to govern their AI efforts, assess and manage risks, and ensure compliance with external and internal requirements.

May 22, 2024

Learn more

Report

AI Governance

Global AI Governance law and policy: Jurisdiction overviews

In this 5-part regulatory article series, OneTrust sponsored the IAPP to uncover the legal frameworks, policies, and historical context pertinent to AI governance across five jurisdictions: Singapore, Canada, the U.K., the U.S., and the EU.

May 08, 2024

Learn more

Webinar

AI Governance

Embedding trust by design across the AI lifecycle

In this webinar, we’ll look at the AI development lifecycle and key considerations for governing each phase.

May 07, 2024

Learn more

Webinar

AI Governance

Navigating AI policy in the US: Insights on the OMB Announcement

This webinar will provide insights for navigating the pivotal intersection of the newly announced OMB Policy and the broader regulatory landscape shaping AI governance in the United States. Join us as we unpack the implications of this landmark policy on federal agencies and its ripple effects across the AI ecosystem.

April 18, 2024

Learn more

Webinar

AI Governance

Data privacy in the age of AI

In this webinar, we’ll discuss the evolution of privacy and data protection for AI technologies.

April 17, 2024

Learn more

Resource Kit

AI Governance

OneTrust's journey to AI governance resource toolkit

What actually goes into setting up an AI governance program? Download this resource kit to learn how OneTrust is approaching our own AI governance, and our experience may help shape yours.

April 11, 2024

Learn more

Interactive Tool

Privacy Management

OneTrust Data Privacy Maturity Model self-assessment

This self-assessment will help you to gauge the maturity of your privacy program and understand the areas the areas of improvement that can further mature your privacy operations.

April 01, 2024

Learn more

Webinar

AI Governance

AI in (re)insurance: Balancing innovation and legal challenges

Learn the challenges AI technology poses for the (re)insurance industry and gain insights on balancing regulatory compliance with innovation.

March 14, 2024

Learn more

Webinar

Privacy Management

Fintech, data protection, AI and risk management

Watch this session for insights and strategies on buiding a strong data protection program that empowers innovation and strengthens consumer trust.

March 13, 2024

Learn more

Webinar

Privacy Management

Managing cybersecurity in financial services

Get the latest insights from global leaders in cybersecurity managment in this webinar from our Data Protection in Financial Services Week 2024 series.

March 12, 2024

Learn more

Webinar

AI Governance

Government keynote: The state of AI in financial services

Join the first session for our Data Protection in Financial Services Week 2024 series where we discuss the current state of AI regulations in the EU.

March 11, 2024

Learn more

White Paper

AI Governance

Getting started with AI governance: Practical steps and strategies

Download this white paper to explore key drivers of AI and the challenges organizations face in navigating them, ultimately providing practical steps and strategies for setting up your AI governance program.

March 08, 2024

Learn more

Webinar

AI Governance

Revisiting IAPP DPI Conference – Key global trends and their impact on the UK

Join OneTrust and PA Consulting as they discuss key global trends and their impact on the UK, reflecting on the topics from IAPP DPI London.

March 06, 2024

Learn more

Webinar

AI Governance

AI regulations in North America

In this webinar, we’ll discuss key updates and drivers for AI policy in the US; examining actions being taken by the White House, FTC, NIST, and the individual states. 

March 05, 2024

Learn more

In-Person Event

Responsible AI

Data Dialogues: Implementing Responsible AI

Learn how privacy, GRC, and data professionals can assess AI risk, ensure transparency, and enhance explainability in the deployment of AI and ML technologies.

February 23, 2024

Learn more

AI Governance

Catch it Live: See the All-New Features in OneTrust's Winter Release

See the latest OneTrust platform features that improve on customers' ability to build trust, ensure compliance, and manage risk.

February 22, 2024

Learn more

Webinar

AI Governance

Global trends shaping the AI landscape: What to expect

In this webinar, OneTrust DataGuidance and experts will examine global developments related to AI, highlighting key regulatory trends and themes that can be expected in 2024.

February 13, 2024

Learn more

eBook

Privacy Management

Understanding the Data Privacy Maturity Model

Data privacy is a journey that has evolved from a regulatory compliance initiative to a customer trust imperative. This eBook provides an in-depth look at the Data Privacy Maturity Model and how the business value of a data privacy program can realised as it matures.

February 07, 2024

Learn more

Webinar

AI Governance

The EU AI Act

In this webinar, we’ll break down the four levels of AI risk under the AI Act, discuss legal requirements for deployers and providers of AI systems, and so much more.

February 06, 2024

Learn more

Webinar

Responsible AI

Preparing for the EU AI Act: Part 2

Join Sidley and OneTrust DataGuidance for a reactionary webinar to unpack the recently published, near-final text of the EU AI Act.

February 05, 2024

Learn more

Data Sheet

Privacy Automation

An overview of the Data Privacy Maturity Model

Data privacy is evolving from a regulatory compliance initiative to a customer trust imperative. This data sheet outlines the four stages of the Data Privacy Maturity Model to help you navigate this shift.

February 05, 2024

Learn more

Checklist

AI Governance

Questions to add to existing vendor assessments for AI

Managing third-party risk is a critical part of AI governance, but you don’t have to start from scratch. Use these questions to adapt your existing vendor assessments to be used for AI.

January 31, 2024

Learn more

Webinar

AI Governance

Getting started with AI Governance

In this webinar we’ll look at the AI Governance landscape, key trends and challenges, and preview topics we’ll dive into throughout this masterclass.

January 16, 2024

Learn more

Webinar

AI Governance

First Annual Generative AI Survey: Business Rewards vs. Security Risks Panel Discussion

OneTrust sponsored the first annual Generative AI survey, published by ISMG, and this webinar breaks down the key findings of the survey’s results.

January 12, 2024

Learn more

Report

AI Governance

ISMG's First annual generative AI study - Business rewards vs. security risks: Research report

OneTrust sponsored the first annual ISMG generative AI survey: Business rewards vs. security risks.

January 04, 2024

Learn more

Webinar

AI Governance

Building your AI inventory: Strategies for evolving privacy and risk management programs

In this webinar, we’ll talk about setting up an AI registry, assessing AI systems and their components for risk, and unpack strategies to avoid the pitfalls of repurposing records of processing to manage AI systems and address their unique risks. 

December 19, 2023

Learn more

Webinar

Responsible AI

Preparing for the EU AI Act

Join Sidley and OneTrust DataGuidance for a reactionary webinar on the EU AI Act.

December 14, 2023

Learn more

Webinar

Consent & Preferences

Marketing Panel: Balance privacy and personalization with first-party data strategies

Join this on-demand session to learn how you can leverage first-party data strategies to achieve both privacy and personalization in your marketing efforts.

December 04, 2023

Learn more

Webinar

AI Governance

Revisiting IAPP DPC: Top trends from IAPP's privacy conference in Brussels

Join OneTrust and KPMG webinar to learn more about the top trends from this year’s IAPP Europe DPC. 

November 28, 2023

Learn more

eBook

Responsible AI

Conformity assessments under the proposed EU AI Act: A step-by-step guide

Conformity Assessments are a key and overarching accountability tool introduced by the EU AI Act. Download the guide to learn more about the Act, Conformity Assessments, and how to perform one.

November 17, 2023

Learn more

eBook

AI Governance

Navigating the EU AI Act

With the use of AI proliferating at an exponential rate, the EU rolled out a comprehensive, industry-agnostic regulation that looks to minimize AI’s risk while maximizing its potential. 

November 17, 2023

Learn more

Webinar

Responsible AI

OneTrust AI Governance: Championing responsible AI adoption begins here

Join this webinar demonstrating how OneTrust AI Governance can equip your organization to manage AI systems and mitigate risk to demonstrate trust.

November 14, 2023

Learn more

White Paper

AI Governance

AI playbook: An actionable guide

What are your obligations as a business when it comes to AI? Are you using it responsibly? Learn more about how to go about establishing an AI governance team. 

October 31, 2023

Learn more

Infographic

AI Governance

The Road to AI Governance: How to get started

AI Governance is a huge initiative to get started with for your organization. From data mapping your AI inventory to revising assessments of AI systems, put your team in a position to ensure responsible AI use across all departments.

October 06, 2023

Learn more

White Paper

AI Governance

How to develop an AI governance program

Download this white paper to learn how your organization can develop an AI governance team to carry out responsible AI use in all use cases.

October 06, 2023

Learn more

eBook

Responsible AI

AI Chatbots: Your questions answered

We answer your questions about AI and chatbot privacy concerns and how it is changing the global regulatory landscape.

August 08, 2023

Learn more

Webinar

Responsible AI

Unpacking the EU AI Act and its impact on the UK

Prepare your business for EU AI Act and its impact on the UK with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more

Webinar

Responsible AI

AI, chatbots and beyond: Combating the data privacy risks

Prepare for AI data privacy and security risks with our expert webinar. We will delve into the evolving technology and how to ensure ethical use and regulatory compliance.

June 27, 2023

Learn more

Webinar

AI Governance

The EU's AI Act and developing an AI compliance program

Join Sidley and OneTrust DataGuidence as we discuss the proposed EU AI Act, the systems and organizations that it covers, and how to stay ahead of upcoming AI regulations.

May 30, 2023

Learn more

White Paper

AI Governance

Data protection and fairness in AI-driven automated data processing applications: A regulatory overview

With AI systems impacting our lives more than ever before, it's crucial that businesses understand their legal obligations and responsible AI practices.  

May 15, 2023

Learn more

Webinar

AI Governance

AI regulation in the UK – The current state of play

Join OneTrust and their panel of experts as they explore Artificial Intelligence regulation within the UK, sharing invaluable insights into where we are and what’s to come.

March 20, 2023

Learn more

Regulation Book

AI Governance

AI Governance: A consolidated reference

Download this reference book and have foundational AI governance documents at your fingertips as you position your organization to meet emerging AI regulations and guidelines.

Learn more

Webinar

AI Governance

AI governance masterclass

Navigate global AI regulations and identify strategic steps to operationalize compliance with the AI governance masterclass series.

Learn more

Webinar

AI Governance

Mature your data privacy program

OneTrust DataGuidance and Sidley are joined by industry experts for the annual Data Protection in Financial Services Week.

Learn more

AI Governance Demo: Tooling and Considerations to Champion and Implement an AI Governance Program Webinar | Resources | OneTrust

Learn more