ISO 42001 on AI Management Systems takes ISO’s penchant for product placement to whole new levels. Whereas prior standards avoided invoking or requiring compliance with other ISO standards, 42001 goes a whole hog on this approach. The JTC group that made the standard called this an “ecosystem,” which is a word consultants like to use when building a cash empire.

From my count, ISO 42001 references a whopping thirty supporting standards. A handful of these aren’t even published yet.

A super-rough estimate suggests you’d have to spend an additional $5,000 to buy the additional standards. But the actual number you’d need would depend largely on the controls that apply to your AI management system.

Here is a handy list of the not-so-handy other standards you may have to buy from ISO to comply with ISO 42001.


Standards referenced in the requirements and controls sections:

  • ISO 19011:2018 Guidelines for auditing management systems
  • ISO 37002 Whistleblowing Management Systems — Guidelines
  • ISO 8000-2 Data Quality – Part 2 Vocabulary
  • ISO 9241-210:2019 Ergonomics of human-system interaction
  • ISO 9241-210:2019 Ergonomics of human-system interaction Part 210: Human-centered design for interactive systems
  • ISO/IEC 22989:2022 Information technology — Artificial intelligence — Artificial intelligence concepts and terminology
  • ISO/IEC 22989:2022, Information technology — Artificial intelligence — Artificial intelligence concepts and terminology
  • ISO/IEC 23053 Framework for Artificial Intelligence (AI) Systems Using Machine Learning(ML)
  • ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
  • ISO/IEC 25024:2015 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Measurement of data quality
  • ISO/IEC 25059:2023 Software engineering -Systems and software Quality Requirements and Evaluation (SQuaRE)- Quality model for AI systems
  • ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements
  • ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines
  • ISO/IEC 29100:2024 Information technology — Security techniques — Privacy framework
  • ISO/IEC 38507:2022 Information technology – Governance of IT – Governance implications of the use of artificial intelligence by organizations
  • ISO/IEC 5259-1:2024 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 1: Overview, terminology, and examples
  • ISO/IEC 5259-2:2024 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 2: Data quality measures
  • ISO/IEC 5259-3:2024 Artificial intelligence — Data quality for analytics and machine learning (ML)ISO/IEC 19944-1:2020 Cloud computing and distributed platforms ─ Data flow, data categories and data use Part 1: Fundamentals
  • ISO/IEC 5338:2023 Information technology — Artificial intelligence — AI system life cycle processes
  • ISO/IEC CD 5259-5:2023 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 5: Data quality governance framework (in draft)
  • ISO/IEC DIS 5259-2:2023 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 2: Data quality measures
  • ISO/IEC DIS 5259-4:2023 Artificial intelligence — Data quality for analytics and machine learning (ML) Part 4: Data quality process framework
  • ISO/IEC TR 24029-1:2021 Artificial Intelligence (AI) — Assessment of the robustness of neural networks Part 1: Overview
  • ISO/IEC TR 24368:2022 Information technology — Artificial intelligence — Overview of ethical and societal concerns
  • ISO/IEC TS 4213:2022 Information technology — Artificial intelligence — Assessment of machine learning classification performance

Standards reference only in the definitions section (not really required for compliance)

  • ISO Guide 73
  • ISO 31000:2018
  • ISO/IEC 38500:2015 (but the most recent standard is actually 2024, so ISO 42001 has an obsolete document called out)
  • ISO/IEC 27000:2018

 

Advertisements

Surviving ISO 9001 Book