Introducing ISO 42001 - an update to the AssuranceLab GRC City

 

Let’s recap on our ISO suburb and its surrounds. 

With over 22,000 variations of the International Organisation for Standardisation (ISO) standards, it can often be overwhelming to understand which one is right for you. At AssuranceLab we cover the following ISO standards. 

  • ISO 27001: Information Security Management System
  • ISO 27017: Information Security Controls based on ISO 27001 for Cloud Services
  • ISO 27018: Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors
  • ISO 27701: Privacy Information Management System (PIMS)
  • ISO 42001: AI Management System - a new addition to our service offerings 

 

ISO blog graphic-2To help break down how ISO works, we like to think of it as a suburb. If you remember from our original ISO standards blog we explained that each standard is its own house that you can extend, subdivide or build next to! Some of the standards listed above, are stand-alone homes while others are extensions of existing homes. 

 

Introducing the latest build - ISO 42001

 

ISO updated blog graphic


Imagine an architect looked at your brick or concrete houses and decided to bring along a 3D printer and print out a brand new AI-generated house. But now you need to get that 3D build approved, that’s kind of like the ISO 42001 standard! 

 

ISO 42001 is an International Management System standard for the safe and reliable development and implementation of AI, and it enables certification of Artificial Intelligence Management Systems (AIMS). It specifies requirements for establishing, implementing, maintaining and continually improving the AIMS.

 

Understanding ISO 42001 compliance:

Implement all of the Main Requirements

  • Determine which Annex A controls are required for your organisation based on your identified risks, to undergo both Stage 1 and 2 audits.
  • Don’t set it and forget it! You don’t clean your house only once, this goes for your AI management system. It is now a living breathing household, you worked hard to build and maintain it so make sure you maintain the benefits!

Does my AI Management System have to be a standalone home or can it be part of my ISMS?

  • Consider it as friendly neighbours, there will be some adjoining fences between your ISO 27001 and your ISO 42001 houses. Both sets of criteria have the same structure and flow, however, one is focused on information security and one is focused on the use of Artificial Intelligence – ensuring your processes cover both is vital. The last thing you want is for the adjoining fence to fall down!

Ready to get started but still unsure about which ISO house is right for you? 

No one builds a new house on their own, you have builders, plumbers, electricians, etc. Much in the same way you need auditors for compliance. That is where we come in to help navigate your journey. If you’re ready to start building your ISO dream suburb, get in contact with us today.

 

 

Disclaimer: AssuranceLab performs the role of an independent auditor across hundreds of client environments. We do not perform technical roles or assessments and this content is not intended to be comprehensive on those technical or detailed aspects of cybersecurity. You should perform further research and seek professional advice as appropriate before acting on any of the information contained here.

ISO 42001

Some additional information in one line