ISO 42001

In ISO 42001, the Statement of Applicability (SoA) outlines the specific Annex A controls your organization has chosen to implement (or omit) based on its AI risk assessment, along with reasons for those decisions​. This document is crucial for ISO 42001 certification, as it demonstrates your organization’s commitment to ethical and compliant AI management by addressing key AI risks (e.g. bias, privacy, transparency) with appropriate controls​.

Conducting an ISO 42001 GAP analysis is a critical first step toward trustworthy and compliant AI systems. With thoroughly examining your organization’s AI governance against the standard’s requirements, you gain clear insight into where you stand and what needs improvement​. This process, when done with a structured approach and the right tools, demystifies the path to ISO 42001 compliance.

ISO/IEC 42001:2023 is the first international standard for Artificial Intelligence Management Systems (AIMS), published in December 2023​. It provides a structured framework for governing AI development, deployment, and use in an ethical and risk-managed way​. Much like ISO 27001 for information security, ISO 42001 uses a plan–do–check–act (PDCA) model and includes defined clauses and an annex of controls to ensure AI systems are trustworthy (transparent, accountable, fair, safe, and reliable)​.