
ISO 42001:2023 Checklist
Artificial Intelligence Management System
Context
The Organisation
Have you determined the internal and external issues that will impact your
Artificial Intelligence (AI) management system?
Have you determined if Climate Change is a relevant issue?
Intended Purposes
Have you determined the intended purposes for your AI system?
Interested Parties
Have you determined which internal and external interested parties are
relevant to the AI management system and what their requirements are?
Scope
Have you determined the Scope for your AI management system?
Leadership
Leadership & Commitment
Are you able to demonstrate Top Management is providing leadership and
commitment to the AI management system?
Policy
Has an AI policy been established by Top Management?
Roles, Responsibilities & Authorities
Are roles and responsibilities communicated and understood?
Need a Quick Quote?
Request an obligation free quote today, tailored specifically to your business’ certification needs and industry.
Get Your Free ISO Checklist
Training Sessions
Contact Us
Planning
AI Objectives
Have AI objectives been established?
Change
Are changes to your AI management system planned and controlled?
Risk & Opportunities
Have you determined the risks and opportunities related to your
organisation?
Has an AI risk assessment and risk treatment process been established?
Has an AI system impact assessment process been established
Do you have plans to address them?
Statement of Applicability
Have you documented a Statement of Applicability?
Support
Resources
Have you determined and ensured necessary resources are in place for the
establishment, implementation, maintenance, and continual improvement
of the AI management system?
Awareness
Have you ensured that employees are aware of the AI policy and their
contributions to the effectiveness of the AI management system?
Are personnel aware of the implications of not conforming with the
requirements of the AI management system?
Documentation
Are all documents and records effectively controlled?
Competence
Have you determined and documented the competency of your staff?
Communication
Have you determined the processes for internal and external
communication relevant to the AI management system?
Operation
Operational Planning & Control
Have you established, documented, and maintained procedures to meet
the requirements of the AI management system?
System Impact Assessment
Do you conduct system impact assessments?
Do you maintain records?
Risk Assessment & Risk Treatment
Have AI risk assessments been performed and documented?
Have AI risk treatment plans been documented, implemented, and verified for
effectiveness?
Performance Evaluation
Monitoring & Measurement
Have you determined what needs to be monitored and measured?
Have you ensured the right procedures are in place to ensure accurate
results?
Do you maintain records?
Internal Audit
Do you conduct internal audits on your AI management system and record the
results?
Management Review
Does your top management review your AI management system at planned
intervals?
Do you maintain records?
Improvement
Continual Improvement
Do you continually improve your AI Management System?
Non-Conformity & Corrective Action
Do you have processes for reporting, investigating and taking action to
manage incidents and corrective action?
Do you maintain records?
ANNEX A
Documenting an AI policy
A.2.3 Alignment with Other Organisational Policies
Identifying where other policies might impact or relate to its AI objectives
A.2.4 Review of the AI Policy
Defining when AI policies should be reviewed
A.3.2 AI Roles and Responsibilities
Defining AI roles and responsibilities based on what’s relevant to your organisation
A.3.3 Reporting of Concerns
Setting up a process to report concerns about its role in the AI system throughout its life cycle
A.4.2 Resource Documentation
Documenting important resources at each AI system life cycle stage
A.4.3 Data Resources
Documenting information on data resources used for the system
A.4.4 Tooling Resources
Documenting information on tooling resources used for the system
A.4.5 System and Computing Resources
Documenting information on system and computing resources used for the system
A.4.6 Human Resources
Documenting information about HR and their skills used for all the activities within the system
A.5.2 AI System Impact Assessment Process
Creating a process to evaluate the potential impacts of the AI system on individuals, groups, and societies throughout its life cycle
A.5.3 Documentation of AI System Impact Assessments
Documenting the impact assessment results and defining their retention period
A.5.4 Assessing AI System Impact on Individuals or Groups of Individuals
Documenting the potential impacts on societies (it can be individuals or groups of individuals) of AI systems
A.5.5 Assessing Societal Impacts of AI Systems
Documenting societal impacts (both beneficial and detrimental) of AI systems
A.6.1.2 Objectives for Responsible Development of AI System
Documenting objectives for responsible AI development, including requirements and guidelines as necessary to ensure that measures are integrated into the various stages of the development life cycle
A.6.1.3 Processes for Responsible AI System Design and Development
Documenting design and development processes that demonstrate responsible design of AI systems
A.6.2.2 AI System Requirements and Specification
Documenting requirements for new AI systems or major updates to existing systems
A.6.2.3 Documentation of AI System Design and Development
Documenting its AI system design and development process according to your objectives, documentation, and specification criteria
A.6.2.4 AI System Verification and Validation
Documenting how to verify and validate the AI system and specify when to use these measures
A.6.2.5 AI System Deployment
Creating a deployment plan and meeting these requirements before deployment
A.6.2.6 AI System Operation and Monitoring
Documenting the essential processes for the system including at least system and performance monitoring, repairs, updates, and support
A.6.2.7 AI System Technical Documentation
Deciding what technical documentation is needed for each group of interested parties, like users, partners, and supervisory authorities, and provide it to them in the right format
A.6.2.8 AI System Recording of Event Logs
Deciding when to enable event log record-keeping during the AI system’s life cycle, including when the AI system is in use
A.7.2 Data for Development and Enhancement of AI System
Documenting and implementing data management processes for developing AI systems
A.7.3 Acquisition of Data
Documenting how data for AI systems is acquired and selected
A.7.4 Quality of Data for AI Systems
Documenting data quality standards and making sure the data used for AI systems meets those standards
A.7.5 Data Provenance
Documenting a process for tracking the origin of data used in its AI systems throughout their life cycles
A.7.6 Data Preparation
Documenting its criteria for choosing and preparing data
A.8.2 System Documentation and Information for Users
Identifying and giving users the needed information about the AI system
A.8.3 External Reporting
Allowing interested parties to report any negative effects of the AI system
A.8.4 Communication of Incidents
Creating a plan on how to communicate incidents to AI system users
A.8.5 Information for Interested Parties
Documenting what information about the AI system needs to be reported to interested parties
A.9.2 Processes for Responsible Use of AI Systems
Documenting processes for using AI systems responsibly
A.9.3 Objectives for Responsible Use of AI System
Documenting objectives which serve as a framework on the responsible use of AI systems
A.9.4 Intended Use of the AI System
Making sure that your AI system is used as intended and follows your documentation
A.10.2 Allocating Responsibilities
Ensuring responsibilities for your AI systems are shared among your company, your partners, suppliers, customers, and third parties
A.10.3 Suppliers
Creating a process to make sure that the services, products, or materials from suppliers match its responsible AI development and use approach
A.10.4 Customers
Demonstrating that your AI systems meet customer expectations and needs
Have your own checklist
ISO 42001 Artificial Intelligence Management System
The ISO 42001 Certification is an Artificial Intelligence Management Systems (AIMS) – the first of its kind – designed to help organisations responsibly develop, deploy, and use AI systems.
What is ISO 42001 Artificial Intelligence Management System?
ISO 42001 Artificial Intelligence Management Systems is a standard designed to help organisations governs its use of AI, including setting AI policies, objectives, and procedures to achieve those objectives.
Why do I need ISO 42001 Certification?
Certification to ISO 42001 provides you with independent endorsement that your Artificial Intelligence Management Systems meets international standards, giving your stakeholders confidence that you manage AI risks responsibly and effectively.
How can I get certified?
Getting ISO certification is a lot easier than you might think, We take you through everything required to get ISO 42001 AI management systems – from your initial accreditation enquiry to the final certification decision.
ISO 42001 Certification Throughout Australia
Compass Assurance Services have offices and staff located throughout Australia including Brisbane, Melbourne, Perth, Adelaide, and Sydney.
Want to speak to someone?
Contact Us
Contact us and speak to one of our helpful team about your ISO certification needs. We can offer certification to smaller, niche standards and to other non-accredited (non ISO) standards as well.
Request a Quote
Request an obligation free quote today, tailored specifically to your business’ certification needs and industry.