Nathan Parker, AI Programme Manager, BSI

One of the core standards to know for any organization implementing AI is ISO/IEC 42001 – Information technology – Artificial intelligence – Management system.

ISO/IEC 42001 is known as a “management system” standard, which sets out the processes an organization needs to follow to meet its objectives and provides a framework of good practice. ISO/IEC 42001 does this specifically for AI: it sets requirements for AI management systems across different types of organizations and promotes success through a structured, risk-based approach.

The standard aims to build trust in the technology, enabling AI to become more widely trusted and deployed to the benefit of the organization as well as wider society. The standard is designed for organizations of all sizes regardless of sector. The standard also aligns with other quality management standards such as ISO/IEC 9001.

Given its cross-cutting applicability, this standard is a key tool for any business looking to implement an AI solution.

BSI recorded a launch event when ISO/IEC 42001 was published:

Why use ISO/IEC 42001?

Standardized terminology: By using ISO/IEC 42001, the terminology you use in your AI deployment will be grounded within other ISO/IEC standards, specifically ISO/IEC 22989 – AI Concepts and Terminology.

Road maps and use cases: The standard sets out a road map for organizations to create a clear, consistent framework for its AI developments and use cases. These frameworks then become embodied in the organization’s management system in a manageable and measurable way.  

Proactive risk management: The standard encourages organizations to define their deployment contexts and use cases and assess their impact and risk to the health, safety and fundamental rights of individuals.

By adhering to ISO/IEC 42001, organizations will be able to demonstrate how they are proactively mitigating a number of concerns with AI:

• Balancing utility with fairness
• The impact of automated decision-making on individuals
• Transparency and explainability
• Human oversight
• Safety considerations

Resources for implementing management system standards

Implementing a management system requires both careful planning and a systematic approach to scoping, planning, implementing and monitoring. BSI’s Executive Briefing on ISO IEC 42001 describes how an organization might implement the standard, as well as highlighting specific pitfalls and challenges in using the standard.

BSI’s White paper on Using EN ISO 9001 and ISO/IEC 42001 together is an additional useful resource for organizations looking to implement management systems. It offers additional guidance for organizations who have used BS EN ISO 9001 previously, including a comparison of the two standards and how an organization may implement the two standards together.