3.3 ISO/IEC standards & assurance/audit
Key Takeaways
- ISO/IEC 42001:2023 is the world's first certifiable AI management system (AIMS) standard, built on the Annex SL high-level structure and the Plan-Do-Check-Act cycle for continual improvement.
- ISO/IEC 23894:2023 provides AI-specific risk management guidance derived from ISO 31000, while ISO/IEC 22989:2022 supplies the foundational AI concepts and terminology.
- A management-system standard drives continual improvement through recurring Plan-Do-Check-Act cycles, internal audits, and management review rather than a one-time assessment.
- Conformity assessment can be first-party (self-declaration), second-party (customer or supplier), or third-party (independent, often accredited certification body).
- Third-party certification typically follows a Stage 1 documentation review and a Stage 2 implementation audit, then surveillance audits, with recertification usually on a three-year cycle.
ISO/IEC 42001: The Certifiable AI Management System
ISO/IEC 42001:2023, published in December 2023, is the world’s first certifiable Artificial Intelligence Management System (AIMS) standard. This is the single most important fact about it for the AIGP exam: certifiable means an organization can undergo an independent audit and earn a formal certificate—exactly as with ISO/IEC 27001 for information security or ISO 9001 for quality. Guidance documents cannot be certified against; management-system standards can.
42001 follows the Annex SL high-level structure shared by all modern ISO management-system standards, so its clauses map cleanly onto ISO 27001 and ISO 9001. The requirement clauses are 4 through 10:
| Clause | Theme | Focus |
|---|---|---|
| 4 | Context of the organization | Internal/external issues, interested parties, scope of the AIMS. |
| 5 | Leadership | Top-management commitment, AI policy, roles and responsibilities. |
| 6 | Planning | AI risk assessment and treatment, AI system impact assessment, objectives. |
| 7 | Support | Resources, competence, awareness, documented information. |
| 8 | Operation | Operational planning and control of the AI lifecycle. |
| 9 | Performance evaluation | Monitoring, internal audit, management review. |
| 10 | Improvement | Nonconformity, corrective action, continual improvement. |
The standard also carries a normative Annex A of controls, with Annex B implementation guidance and Annex C listing potential AI-related objectives and risk sources. Notably, 42001 requires an AI system impact assessment—a distinctive control that pushes organizations to evaluate consequences for individuals and society, not just the organization.
Plan-Do-Check-Act and Continual Improvement
Like every management-system standard, 42001 is animated by the Plan-Do-Check-Act (PDCA) cycle. Plan establishes objectives and risk treatments (clauses 4–6); Do implements operational controls (clauses 7–8); Check monitors, audits, and reviews performance (clause 9); and Act corrects nonconformities and drives improvement (clause 10). The point is that governance is not a one-time project but a repeating loop. An AIMS matures over successive cycles, adapting as models, data, laws, and risks change. This continual-improvement logic is why organizations adopt a management system rather than a checklist.
The Guidance Companions: 23894 and 22989
Two companion standards support 42001 and are guidance, not certifiable:
- ISO/IEC 23894:2023 — AI risk management. It adapts the general risk-management principles of ISO 31000 to the AI context, giving detailed guidance on identifying, analyzing, evaluating, and treating AI-specific risks across the lifecycle. Where 42001 tells you an AIMS must manage risk, 23894 shows you how.
- ISO/IEC 22989:2022 — AI concepts and terminology. It provides the foundational vocabulary—defining terms such as AI system, machine learning, and stakeholder—so that everyone building or auditing an AIMS speaks the same language. It underpins the rest of the ISO/IEC AI standards.
A frequent exam distinction: 42001 is the certifiable AIMS; 23894 is risk guidance; 22989 is terminology. Mixing these up is a classic error. A simple mnemonic is that only the management-system standard (42001) ends in a number you can be audited and certified against; the guidance documents describe how and what things mean but confer no certificate. The ISO/IEC AI portfolio continues to grow—covering topics such as bias in AI systems, transparency taxonomies, and functional safety—but 42001, 23894 and 22989 are the three the AIGP most reliably tests, so master this trio first.
Conformity Assessment, Assurance, and Audit
Standards create value only when someone verifies conformity. Conformity assessment comes in three forms:
- First-party — an organization assesses and self-declares its own conformity.
- Second-party — a customer, supplier, or other interested party assesses another (for example, in procurement due diligence).
- Third-party — an independent body assesses conformity; when that body is accredited, it can issue a recognized certification.
Third-party certification against 42001 follows a defined path. A Stage 1 audit reviews documentation and readiness; a Stage 2 audit examines whether the AIMS is actually implemented and effective. After a certificate is granted, the certification body conducts periodic surveillance audits (typically annual) and a full recertification audit—commonly on a three-year cycle. Between external audits, the organization runs its own internal audits and management reviews (clause 9) to sustain conformity.
This is where AI assurance enters the picture. Assurance is the broader practice of building justified confidence that an AI system is trustworthy—through audits, conformity assessments, impact assessments, and independent evaluation. A 42001 certificate is a powerful assurance signal to customers, regulators, and the public because it is backed by an accredited third party rather than a self-claim. For an AIGP professional, the key insight is that ISO/IEC management-system standards convert abstract principles (like the OECD’s accountability or NIST’s trustworthiness characteristics) into an auditable, repeatable, certifiable governance system—closing the loop between high-level frameworks and demonstrable, verifiable practice.
Accreditation, Harmonized Standards, and Scope
Two further distinctions frequently appear on the exam. First, understand the difference between certification and accreditation. A certification body audits organizations and issues certificates against 42001; an accreditation body (such as a national accreditation service) audits and authorizes those certification bodies. Accreditation is what makes a third-party certificate credible—it is oversight of the auditors themselves. Second, note the distinction between certifying a management system and certifying a product: ISO/IEC 42001 certifies that an organization has a sound system for governing AI, not that any individual AI product is ‘safe’ or ‘compliant.’
ISO/IEC standards also intersect with binding law. Under the EU AI Act, harmonized standards developed by European bodies (CEN-CENELEC), often building on ISO/IEC work, can grant a presumption of conformity: a provider that follows a harmonized standard is presumed to meet the corresponding legal requirement. This is how a voluntary, consensus-based standard becomes a practical route to regulatory compliance. For the AIGP, the durable lesson is that the ISO/IEC 42001 family, ISO 31000-based risk guidance, and independent accredited audit together form the assurance backbone that turns principles and frameworks into evidence a regulator, customer, or board can actually rely upon.
What distinguishes ISO/IEC 42001:2023 from ISO/IEC 23894:2023 and ISO/IEC 22989:2022?
An accredited, independent certification body audits an organization's AI management system and issues a certificate. What type of conformity assessment is this?