Since December 2023, the ISO/IEC 42001:2023 standard is available that specifically covers Artificial Intelligence (AI). The standard was developed to help organisation to responsibly develop, provide and/or use AI systems.
The standard describes the requirements for establishing, implementing, maintaining and improving an Artificial Intelligence Management System (AIMS) and is suitable for any organisation, regardless of size or type. It provides guidance on a structured approach to managing risks and capabilities, focusing on transparency and reliability.
The ISO 42001 standard has great similarities with, for example, ISO 27001 and/or ISO 27701 and, as a result, can be easily incorporated within our IRM360 integrated management systems. Existing IRM360 users can thus easily integrate the ISO 42001 standard into the existing ISMS.
This makes it easy to integrate into existing management systems such as ISO 27001, for example, and align with management reviews, internal audits, risk management, policies, objectives etc.
The IRM360 AIMS aligns with standards requirements on AI system lifecycle, basic data and incident recording requirements and reporting between parties involved in the AI system. The system is already filled with the key issues such as measure templates and standards frameworks, allowing you to get started right away and gain insight into progress.
Issues raised in the Annexes such as impact assessments, objectives and KPIs, Risk management and continuous monitoring and the like are filled in directly by the IRM360 AIMS functionalities such as:
With an integrated link between the control measures and the IRM360 Risk Management System, the Declaration of Applicability rolls out easily.
Central to the AIMS dashboard is a complete overview of all tasks that are still to be completed and in progress, or that have passed the deadline. You can no longer miss anything and even have steering mechanisms to easily push tasks through if they have been left somewhere, because the task holder is no longer on duty or is absent for long periods of time.
Audit programmes are quick to set up, schedule, or recur. Improvement actions are easy to assign and reusing evidence makes implementation easy. This reduces the audit pressure of involved employees and lowers your audit costs.
From the Internal Audit dashboard, the internal audit planning can be visualised, including recurring audits, open and expired tasks, and you can manage these tasks from here, either integrally or from a specific standard. Periodic audits are easy to set up.
Especially for organisations targeting ISO 27001 for information security, we have developed specific awareness programmes tailored to the aspects of Physical, Human, Organisational and Technical, as well as Privacy. This enables you to align well with the requirements of Annex A of ISO 27001 applicable from 2022.
Risk awareness for information security is easy and integral via the integrated E-Learning management system. Through our Risk Awareness Management System, you can set tasks in our PDCA approach and even automatically include the results in, for example, a Management Review report. It enables an integrated approach, so that your employees are not the weakest link but a strong one, and you can easily demonstrate from your organisation or external auditor your organisation's risk awareness level.
Preview our E-learning below.
Other available standards:
A clear roadmap is available for the implementation of the IRM360 Management Systems so that you can get started quickly and independently.
To support the introduction of various standards and frameworks, several Quick Start guides are available and checklists to support you in preparing for your external audits.