TheArtOfService
Back to Frameworks

ISO/IEC 42001:2023

Self-Assess
International
v2023
18 domains
80 controls

ISO/IEC 42001:2023 Artificial Intelligence Management System (AIMS), the first AI-specific ISO management system standard.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (18)

Annex A AIMS controls - A.10 Third-party and customer relationships

3 controls
Controls in the Annex A AIMS controls - A.10 Third-party and customer relationships domain of ISO/IEC 42001:20233 controls
CodeTitle
A.10.2Confidentiality obligations of personnel
A.10.3Restriction of creation of hardcopy material
A.10.4Control and logging of data restoration

Annex A AIMS controls - A.2 Policies related to AI

3 controls
Controls in the Annex A AIMS controls - A.2 Policies related to AI domain of ISO/IEC 42001:20233 controls
CodeTitle
A.2.2AI policy
A.2.3Alignment with other organizational policies
A.2.4Review of the AI policy

Annex A AIMS controls - A.3 Internal organization

2 controls
Controls in the Annex A AIMS controls - A.3 Internal organization domain of ISO/IEC 42001:20232 controls
CodeTitle
A.3.2AI roles and responsibilities
A.3.3Reporting of concerns

Annex A AIMS controls - A.4 Resources for AI systems

5 controls
Controls in the Annex A AIMS controls - A.4 Resources for AI systems domain of ISO/IEC 42001:20235 controls
CodeTitle
A.4.2Resource documentation
A.4.3Data resources
A.4.4Tooling resources
A.4.5System and computing resources
A.4.6Human resources

Annex A AIMS controls - A.5 Assessing impacts of AI systems

4 controls
Controls in the Annex A AIMS controls - A.5 Assessing impacts of AI systems domain of ISO/IEC 42001:20234 controls
CodeTitle
A.5.2AI system impact assessment process
A.5.3Documentation of AI system impact assessments
A.5.4Assessing AI system impact on individuals or groups
A.5.5Assessing societal impacts of AI systems

Annex A AIMS controls - A.6 AI system life cycle

9 controls
Controls in the Annex A AIMS controls - A.6 AI system life cycle domain of ISO/IEC 42001:20239 controls
CodeTitle
A.6.1.1Objectives for responsible development of AI systems
A.6.1.2Processes for responsible AI system design and development
A.6.2.2AI system requirements and specification
A.6.2.3Documentation of AI system design and development
A.6.2.4AI system verification and validation
A.6.2.5AI system deployment
A.6.2.6AI system operation and monitoring
A.6.2.7AI system technical documentation
A.6.2.8AI system event logging

Annex A AIMS controls - A.7 Data for AI systems

5 controls
Controls in the Annex A AIMS controls - A.7 Data for AI systems domain of ISO/IEC 42001:20235 controls
CodeTitle
A.7.2Data for development and enhancement of AI systems
A.7.3Acquisition of data
A.7.4Quality of data for AI systems
A.7.5Data provenance
A.7.6Data preparation

Annex A AIMS controls - A.8 Information for interested parties of AI systems

4 controls
Controls in the Annex A AIMS controls - A.8 Information for interested parties of AI systems domain of ISO/IEC 42001:20234 controls
CodeTitle
A.8.2System documentation and information for users
A.8.3External reporting
A.8.4Communication of incidents
A.8.5Information for interested parties

Annex A AIMS controls - A.9 Use of AI systems

3 controls
Controls in the Annex A AIMS controls - A.9 Use of AI systems domain of ISO/IEC 42001:20233 controls
CodeTitle
A.9.2Processes for responsible use of AI systems
A.9.3Objectives for responsible use of AI system
A.9.4Intended use of the AI system

Annex SL management section

0 controls

Clause A – ISO/IEC 42001:2023

9 controls
Controls in the Clause A – ISO/IEC 42001:2023 domain of ISO/IEC 42001:20239 controls
CodeTitle
iso-iec-42001-2023::A.10Third-party and customer relationships
iso-iec-42001-2023::A.2Policies related to AI
iso-iec-42001-2023::A.3Internal organization
iso-iec-42001-2023::A.4Resources for AI systems
iso-iec-42001-2023::A.5Assessing impacts of AI systems
iso-iec-42001-2023::A.6AI system life cycle
iso-iec-42001-2023::A.7Data for AI systems
iso-iec-42001-2023::A.8Information for interested parties of AI systems
iso-iec-42001-2023::A.9Use of AI systems

Context of the organization – ISO/IEC 42001:2023

4 controls
Controls in the Context of the organization – ISO/IEC 42001:2023 domain of ISO/IEC 42001:20234 controls
CodeTitle
iso-iec-42001-2023::4.1Understanding the organization and its context
iso-iec-42001-2023::4.2Understanding the needs and expectations of interested parties
iso-iec-42001-2023::4.3Determining the scope of the management system
iso-iec-42001-2023::4.4Management system

Improvement – ISO/IEC 42001:2023

2 controls
Controls in the Improvement – ISO/IEC 42001:2023 domain of ISO/IEC 42001:20232 controls
CodeTitle
iso-iec-42001-2023::10.1Continual improvement
iso-iec-42001-2023::10.2Nonconformity and corrective action

Leadership – ISO/IEC 42001:2023

3 controls
Controls in the Leadership – ISO/IEC 42001:2023 domain of ISO/IEC 42001:20233 controls
CodeTitle
iso-iec-42001-2023::5.1Leadership and commitment
iso-iec-42001-2023::5.2Policy
iso-iec-42001-2023::5.3Roles, responsibilities and authorities

Operation – ISO/IEC 42001:2023

7 controls
Controls in the Operation – ISO/IEC 42001:2023 domain of ISO/IEC 42001:20237 controls
CodeTitle
iso-iec-42001-2023::8.1Operational planning and control
iso-iec-42001-2023::8.2AI system impact assessment
iso-iec-42001-2023::8.3AI system lifecycle management
iso-iec-42001-2023::8.4Data for AI systems
iso-iec-42001-2023::8.5Information for interested parties of AI systems
iso-iec-42001-2023::8.6Use of AI systems
iso-iec-42001-2023::8.7Third-party and customer relationships

Performance evaluation – ISO/IEC 42001:2023

3 controls
Controls in the Performance evaluation – ISO/IEC 42001:2023 domain of ISO/IEC 42001:20233 controls
CodeTitle
iso-iec-42001-2023::9.1Monitoring, measurement, analysis and evaluation
iso-iec-42001-2023::9.2Internal audit
iso-iec-42001-2023::9.3Management review

Planning – ISO/IEC 42001:2023

6 controls
Controls in the Planning – ISO/IEC 42001:2023 domain of ISO/IEC 42001:20236 controls
CodeTitle
iso-iec-42001-2023::6.1Actions to address risks and opportunities
iso-iec-42001-2023::6.1.1General
iso-iec-42001-2023::6.1.2Risk assessment
iso-iec-42001-2023::6.1.3Risk treatment
iso-iec-42001-2023::6.1.4AI system impact assessment
iso-iec-42001-2023::6.2Objectives and planning to achieve them

Support – ISO/IEC 42001:2023

8 controls
Controls in the Support – ISO/IEC 42001:2023 domain of ISO/IEC 42001:20238 controls
CodeTitle
iso-iec-42001-2023::7.1Resources
iso-iec-42001-2023::7.2Competence
iso-iec-42001-2023::7.3Awareness
iso-iec-42001-2023::7.4Communication
iso-iec-42001-2023::7.5Documented information
iso-iec-42001-2023::7.5.1General
iso-iec-42001-2023::7.5.2Creating and updating
iso-iec-42001-2023::7.5.3Control of documented information

Your Compliance Coverage

If you comply with ISO/IEC 42001:2023, you already cover:

ISO 22301:2019

41%

33 controls mapped

Compare →

ISO 9001:2015

39%

31 controls mapped

Compare →

ISO 22000:2018

39%

31 controls mapped

Compare →

+ 122 more: ISO 14001:2015 (38%), ISO 37001:2016 (38%)

See all 125 mapped frameworks ↓

Maps to 125 other frameworks

80 total controls
ISO 22301:2019
33 source controls mapped|32 target controls covered
41%
ISO 9001:2015
31 source controls mapped|32 target controls covered
39%
ISO 22000:2018
31 source controls mapped|31 target controls covered
39%
ISO 14001:2015
30 source controls mapped|30 target controls covered
38%
ISO 37001:2016
30 source controls mapped|29 target controls covered
38%
ISO 37301:2021
28 source controls mapped|29 target controls covered
35%
ISO 27701:2019
28 source controls mapped|35 target controls covered
35%
ISO 45001:2018
27 source controls mapped|28 target controls covered
34%
ISO 50001:2018 - Energy Management Systems
23 source controls mapped|26 target controls covered
29%
ISO 55001:2014
21 source controls mapped|21 target controls covered
26%
ISO/IEC 38500:2024
21 source controls mapped|66 target controls covered
26%
ISO 39001:2012 - Road Traffic Safety Management
17 source controls mapped|99 target controls covered
21%
ISO/IEC 27003:2017
17 source controls mapped|42 target controls covered
21%
ISO 14004:2016
17 source controls mapped|16 target controls covered
21%
ISO 56002
16 source controls mapped|98 target controls covered
20%
ISO 41001:2018 - Facility Management Systems
16 source controls mapped|102 target controls covered
20%
ISO 22313:2020 - Guidance on Business Continuity Management Systems
16 source controls mapped|90 target controls covered
20%
ASEAN Guide on AI Governance and Ethics
16 source controls mapped|24 target controls covered
20%
ISO 37002:2021 - Whistleblowing Management Systems
15 source controls mapped|94 target controls covered
19%
AS9100D - Aerospace Quality Management System
15 source controls mapped|27 target controls covered
19%
ISO 9001
13 source controls mapped|15 target controls covered
16%
ISO 22000
13 source controls mapped|13 target controls covered
16%
ISO 37301
13 source controls mapped|16 target controls covered
16%
ISO 55001
12 source controls mapped|15 target controls covered
15%
ISO 30401
12 source controls mapped|15 target controls covered
15%
ISO 45001
11 source controls mapped|11 target controls covered
14%
ISO 27001:2022
11 source controls mapped|12 target controls covered
14%
ISO/IEC 23894:2023
10 source controls mapped|16 target controls covered
13%
ISO 31000:2018
9 source controls mapped|8 target controls covered
11%
Australia AI Ethics Framework
7 source controls mapped|7 target controls covered
9%
ASIS SPC.1-2009 - Organizational Resilience Standard
6 source controls mapped|9 target controls covered
8%
AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence
6 source controls mapped|12 target controls covered
8%
ISO 13485:2016
6 source controls mapped|5 target controls covered
8%
ISO 19011:2018
6 source controls mapped|6 target controls covered
8%
ISO 37001
5 source controls mapped|7 target controls covered
6%
ISO 27005:2022
5 source controls mapped|7 target controls covered
6%
ISO/IEC 27031:2011
5 source controls mapped|5 target controls covered
6%
Annex 11 to EU GMP - Computerised Systems
5 source controls mapped|1 target controls covered
6%
ISO 28001:2007 Supply Chain Security Management
4 source controls mapped|4 target controls covered
5%
ISO 19011
4 source controls mapped|4 target controls covered
5%
ISO 22320:2018
4 source controls mapped|5 target controls covered
5%
ISO/IEC 27701:2019
3 source controls mapped|3 target controls covered
4%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories
3 source controls mapped|8 target controls covered
4%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
3 source controls mapped|5 target controls covered
4%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration
3 source controls mapped|3 target controls covered
4%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
3 source controls mapped|3 target controls covered
4%
BS 65000:2014 - Guidance on Organizational Resilience
3 source controls mapped|3 target controls covered
4%
ISO/IEC TR 24028:2020
3 source controls mapped|2 target controls covered
4%
ISO 31000
3 source controls mapped|5 target controls covered
4%
AICPA SOC 3
3 source controls mapped|3 target controls covered
4%
NIST SP 800-53 Rev 5
3 source controls mapped|4 target controls covered
4%
FedRAMP High
3 source controls mapped|3 target controls covered
4%
NIST SP 800-53 Revision 5.1 HIGH
3 source controls mapped|3 target controls covered
4%
FedRAMP Moderate
3 source controls mapped|3 target controls covered
4%
NIST SP 800-53 Rev 5 MODERATE
3 source controls mapped|3 target controls covered
4%
NIST SP 800-53 Rev 5 LOW
3 source controls mapped|3 target controls covered
4%
ISO/IEC 27006:2024
2 source controls mapped|2 target controls covered
3%
CSA STAR (Security, Trust, Assurance, and Risk)
2 source controls mapped|2 target controls covered
3%
ISO 10006:2003
2 source controls mapped|2 target controls covered
3%
ISO/IEC 27018:2019
2 source controls mapped|1 target controls covered
3%
ISAE 3402 - Assurance Reports on Controls at a Service Organisation
2 source controls mapped|2 target controls covered
3%
NY DFS 23 NYCRR 500
2 source controls mapped|2 target controls covered
3%
NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management
2 source controls mapped|3 target controls covered
3%
Cloud Security Alliance Cloud Controls Matrix (CCM) v4.0.1
2 source controls mapped|2 target controls covered
3%
ISO/IEC 30111:2019
2 source controls mapped|2 target controls covered
3%
ITIL 4
1 source controls mapped|1 target controls covered
1%
ISO/IEC 29134:2023
1 source controls mapped|1 target controls covered
1%
ISO 27005
1 source controls mapped|2 target controls covered
1%
NIST AI Risk Management Framework (AI RMF 1.0)
1 source controls mapped|1 target controls covered
1%
Belgium CyberFundamentals
1 source controls mapped|1 target controls covered
1%
FBI CJIS Security Policy
1 source controls mapped|1 target controls covered
1%
UK Modern Slavery Act 2015
1 source controls mapped|1 target controls covered
1%
SOC 1 (SSAE 18 / ISAE 3402)
1 source controls mapped|1 target controls covered
1%
Canada ITSG-33 - IT Security Risk Management
1 source controls mapped|1 target controls covered
1%
Bermuda Monetary Authority (BMA) Cyber Risk Management Code of Conduct
1 source controls mapped|1 target controls covered
1%
SSAE 18 - Attestation Standards (SOC Reporting)
1 source controls mapped|1 target controls covered
1%
BSI IT-Grundschutz
1 source controls mapped|1 target controls covered
1%
NIST SP 800-171
1 source controls mapped|2 target controls covered
1%
SANS Incident Handler's Handbook and PICERL Methodology
1 source controls mapped|1 target controls covered
1%
ISO/SAE 21434
1 source controls mapped|1 target controls covered
1%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
1 source controls mapped|2 target controls covered
1%
Digital Services Act (DSA) - Regulation (EU) 2022/2065
1 source controls mapped|1 target controls covered
1%
NIST SP 800-171 Rev 3
1 source controls mapped|1 target controls covered
1%
C-TPAT - Customs-Trade Partnership Against Terrorism
1 source controls mapped|1 target controls covered
1%
AML/CTF Act 2006 (Australia)
1 source controls mapped|1 target controls covered
1%
US OFAC Sanctions Compliance Framework
1 source controls mapped|1 target controls covered
1%
Regulation (EU) 2023/1115 on deforestation-free supply chains
1 source controls mapped|1 target controls covered
1%
ISO 27018:2019
1 source controls mapped|1 target controls covered
1%
ISO 27017:2015
1 source controls mapped|1 target controls covered
1%
ISO 10005:2005
1 source controls mapped|1 target controls covered
1%
FFIEC Cybersecurity Assessment Tool (CAT)
1 source controls mapped|1 target controls covered
1%
APRA CPS 220 Risk Management
1 source controls mapped|1 target controls covered
1%
ISO 10007:2017
1 source controls mapped|1 target controls covered
1%
FFIEC IT Examination Handbook
1 source controls mapped|1 target controls covered
1%
UK Bribery Act 2010
1 source controls mapped|1 target controls covered
1%
NIST SP 800-183
1 source controls mapped|2 target controls covered
1%
NSA Guidance for Transition to Quantum-Resistant Cryptography
1 source controls mapped|1 target controls covered
1%
OWASP ASVS
1 source controls mapped|1 target controls covered
1%
ISO/IEC 27004:2016
1 source controls mapped|1 target controls covered
1%
ISO 22317
1 source controls mapped|1 target controls covered
1%
ISO 22318
1 source controls mapped|2 target controls covered
1%
PCI P2PE
1 source controls mapped|1 target controls covered
1%
PCI SSF
1 source controls mapped|1 target controls covered
1%
ISO 22316
1 source controls mapped|1 target controls covered
1%
NIST SP 1800-32
1 source controls mapped|1 target controls covered
1%
ISO/IEC 29147:2018
1 source controls mapped|2 target controls covered
1%
Brazil AI Framework
1 source controls mapped|1 target controls covered
1%
APRA CPS 230 Operational Risk Management
1 source controls mapped|1 target controls covered
1%
ISO 26000:2010
1 source controls mapped|1 target controls covered
1%
PCI PIN Security
1 source controls mapped|1 target controls covered
1%
ISO 20400:2017 - Sustainable Procurement
1 source controls mapped|1 target controls covered
1%
CCSDS 350.0-G-3 - Space Communications Security (Consultative Committee for Space Data Systems)
1 source controls mapped|1 target controls covered
1%
ISO/IEC 25012:2008 - Data Quality Model
1 source controls mapped|2 target controls covered
1%
Angola Personal Data Protection Law (Law No. 22/11)
1 source controls mapped|1 target controls covered
1%
Authorised Economic Operator (AEO) Programmes - Global Standards
1 source controls mapped|1 target controls covered
1%
DORA
1 source controls mapped|1 target controls covered
1%
EASA Part-IS - Information Security in Aviation
1 source controls mapped|1 target controls covered
1%
Aged Care Quality Standards (Australia)
1 source controls mapped|1 target controls covered
1%
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07)
1 source controls mapped|1 target controls covered
1%
ISO/IEC 27050 - Electronic Discovery (Parts 1-4)
1 source controls mapped|1 target controls covered
1%
APRA CPS 234
1 source controls mapped|1 target controls covered
1%
NIST SP 800-88 Rev 1
1 source controls mapped|1 target controls covered
1%
ISO/IEC 27010:2015
1 source controls mapped|1 target controls covered
1%
NIST SP 800-128
1 source controls mapped|1 target controls covered
1%
BCBS 239
1 source controls mapped|1 target controls covered
1%
Compare ISO/IEC 42001:2023 with ISO 22301:2019

Frequently Asked Questions

What is ISO/IEC 42001:2023?

ISO/IEC 42001:2023 is a compliance framework from International with 18 domains and 80 controls. ISO/IEC 42001:2023 Artificial Intelligence Management System (AIMS), the first AI-specific ISO management system standard. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does ISO/IEC 42001:2023 have?

ISO/IEC 42001:2023 has 80 controls organised across 18 domains. The largest domains are Annex A AIMS controls - A.6 AI system life cycle (9 controls), Clause A – ISO/IEC 42001:2023 (9 controls), Support – ISO/IEC 42001:2023 (8 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does ISO/IEC 42001:2023 map to?

ISO/IEC 42001:2023 maps to 125 other compliance frameworks. The top mapping partners are ISO 22301:2019 (41% coverage), ISO 9001:2015 (39% coverage), ISO 22000:2018 (39% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with ISO/IEC 42001:2023 compliance?

Start your ISO/IEC 42001:2023 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO/IEC 42001:2023 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 80 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required