ISO 42001 on AI Management Systems takes ISO’s penchant for product placement to whole new levels. Whereas prior standards avoided invoking or requiring compliance with other ISO standards, 42001 goes a whole hog on this approach. The JTC group that made the standard called this an “ecosystem,” which is a word consultants like to use when building a cash empire.
From my count, ISO 42001 references a whopping thirty supporting standards. A handful of these aren’t even published yet.
A super-rough estimate suggests you’d have to spend an additional $5,000 to buy the additional standards. But the actual number you’d need would depend largely on the controls that apply to your AI management system.
Here is a handy list of the not-so-handy other standards you may have to buy from ISO to comply with ISO 42001.
Standards referenced in the requirements and controls sections:
- ISO 19011:2018 Guidelines for auditing management systems
- ISO 37002 Whistleblowing Management Systems — Guidelines
- ISO 8000-2 Data Quality – Part 2 Vocabulary
- ISO 9241-210:2019 Ergonomics of human-system interaction
- ISO 9241-210:2019 Ergonomics of human-system interaction Part 210: Human-centered design for interactive systems
- ISO/IEC 22989:2022 Information technology — Artificial intelligence — Artificial intelligence concepts and terminology
- ISO/IEC 22989:2022, Information technology — Artificial intelligence — Artificial intelligence concepts and terminology
- ISO/IEC 23053 Framework for Artificial Intelligence (AI) Systems Using Machine Learning(ML)
- ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
- ISO/IEC 25024:2015 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Measurement of data quality
- ISO/IEC 25059:2023 Software engineering -Systems and software Quality Requirements and Evaluation (SQuaRE)- Quality model for AI systems
- ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements
- ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines
- ISO/IEC 29100:2024 Information technology — Security techniques — Privacy framework
- ISO/IEC 38507:2022 Information technology – Governance of IT – Governance implications of the use of artificial intelligence by organizations
- ISO/IEC 5259-1:2024 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 1: Overview, terminology, and examples
- ISO/IEC 5259-2:2024 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 2: Data quality measures
- ISO/IEC 5259-3:2024 Artificial intelligence — Data quality for analytics and machine learning (ML)ISO/IEC 19944-1:2020 Cloud computing and distributed platforms ─ Data flow, data categories and data use Part 1: Fundamentals
- ISO/IEC 5338:2023 Information technology — Artificial intelligence — AI system life cycle processes
- ISO/IEC CD 5259-5:2023 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 5: Data quality governance framework (in draft)
- ISO/IEC DIS 5259-2:2023 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 2: Data quality measures
- ISO/IEC DIS 5259-4:2023 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 4: Data quality process framework
- ISO/IEC TR 24029-1:2021 Artificial Intelligence (AI) — Assessment of the robustness of neural networks Part 1: Overview
- ISO/IEC TR 24368:2022 Information technology — Artificial intelligence — Overview of ethical and societal concerns
- ISO/IEC TS 4213:2022 Information technology — Artificial intelligence — Assessment of machine learning classification performance
Standards reference only in the definitions section (not really required for compliance)
- ISO Guide 73
- ISO 31000:2018
- ISO/IEC 38500:2015 (but the most recent standard is actually 2024, so ISO 42001 has an obsolete document called out)
- ISO/IEC 27000:2018
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world