Since its publication in December 2023, business leaders are still wrapping their heads around the ISO 42001 standard. The framework is designed to help any organization who provides, develops, or uses artificial intelligence (AI) products and services to do so in a trustworthy and responsible manner, guided by the requirements and safeguards that the standard defines—including clearly defining your AI role.

When seeking ISO 42001:2023 certification, you need to ensure that your artificial intelligence management system (AIMS) aligns with the standard’s framework clauses (4-10), each of which focuses on a specific facet—context, leadership, planning, support, operation, performance evaluation, and improvement.

ISO/IEC 42001:2023 is rapidly becoming the global standard for Artificial Intelligence (AI ) governance. While it is a close cousin of ISO/IEC 27001:2022, ISO 42001—rather than focusing primarily on cyber and information security—takes a more holistic approach to risk management for AI systems.

Within a few months of their latest update to their Data Protection Requirements (DPR) to address a coding incident (version 9.1), Microsoft released a draft or “pre-read” for their version 10 requirements that will be utilized for its Supplier Security and Privacy Assurance (SSPA) process as of the 2025 fiscal year. Arguably the largest update to the DPR since September 2018, v10’s new mandates address artificial intelligence (AI) and include important references to ISO 42001 that suppliers may want to take advantage of during their next compliance cycle.

Stepping foot into Davos for the very first time was akin to entering a realm of unparalleled wonder. While getting the invitation itself had been surreal, actually walking in as a delegate of the Cyber Future Foundation felt like a dream materializing into reality.

Now that ISO 42001 has been published, organizations are looking more closely at possible adherence to this new standard for artificial intelligence (AI). But those familiar with established ISO standards will know that this new framework for regulating AI will be similarly rigorous and any opportunity to streamline certification—like a gap assessment—will be enormously advantageous.

The need for responsible, trustworthy, and ethical use of artificial intelligence (AI) has been a hot topic over the past couple of years, prompting the release of regulations such as NIST’s AI Risk Management Framework to help organizations secure the evolving tech. Additional standards have emerged to address the need to implement safeguards addressing the security, safety, privacy, fairness, transparency, and data quality of AI systems throughout their life cycle—including ISO/IEC 42001. ISO is already well-known among those interested and invested in cybersecurity, as it offers frameworks for the implementation of different management systems that can help you improve different aspects of your organization. Through the establishment of ISO 42001 in late 2023—ISO merged into the AI game, introducing best practices for an AI management system (AIMS).