Glossary
ISO 42001
ISO/IEC 42001:2023, the international standard for AI management systems, published in December 2023, which provides a certifiable framework for organisations to govern AI systems across risk assessment, supplier controls, operational monitoring and incident response.
Term: ISO 42001
ISO/IEC 42001:2023 is the international standard for AI management systems, published in December 2023 by ISO/IEC JTC 1/SC 42. It provides a certifiable framework for organisations to govern AI systems across risk assessment, supplier controls, operational monitoring and incident response.
Why it matters
UK organisations developing, deploying or relying on AI need a defensible governance posture, particularly in regulated sectors such as NHS trusts, local authorities and professional services. ISO 42001 gives them a recognised structure that auditors, regulators and procurement teams understand.
The standard also supports EU AI Act preparedness. Organisations within its scope benefit from a structured approach that maps governance obligations to documented controls, reducing the gap between regulatory expectation and operational reality.
How it works in practice
ISO 42001 sits alongside ISO 27001 for information security and ISO 9001 for quality, but adds AI-specific elements those standards do not cover: an AI risk taxonomy, an impact assessment methodology and supplier controls for third-party models and services.
Certification follows a familiar management-system pattern. We help organisations scope the AI systems in use, assess risk and impact, document controls and prepare for external audit.
Related terms: the EU AI Act. See our ISO 42001 service page for certification pathway and timelines.
Want this in context?
See how this term fits into the broader programme of work.