ISO/IEC 42001
Was ist ISO/IEC 42001?
ISO/IEC 42001The first international management-system standard for AI, published in December 2023, specifying requirements to establish, implement, maintain, and continually improve an AI Management System (AIMS) for organizations that develop or use AI.
ISO/IEC 42001:2023, 'Information technology — Artificial intelligence — Management system,' is the AI counterpart of ISO/IEC 27001. It defines requirements for an AI Management System (AIMS) covering scope, leadership, planning, support, operation, performance evaluation, and improvement, plus Annex A controls organized into governance, AI policies, internal organization, resources, AI-system lifecycle, data for AI, information for interested parties, use of AI, and third-party relationships. Adoption is driven both by regulators (the EU AI Act references ISO management standards as evidence of conformity for some risk-management obligations) and by enterprise customers asking AI vendors for assurance. Independent certification bodies began offering ISO 42001 certification audits in 2024, and several major AI vendors (Anthropic, AWS AI services) achieved certification through 2024–2025. The standard pairs well with ISO 27001 (for the security of the AIMS), ISO 27701 (privacy), and the NIST AI RMF (a non-prescriptive but compatible companion framework).
● Beispiele
- 01
An LLM vendor maps its model-evaluation, red-teaming, and incident-response programs to Annex A controls in pursuit of ISO/IEC 42001 certification.
- 02
An enterprise procurement team adds 'ISO/IEC 42001 certification or equivalent attestation' as a contractual requirement for any AI-platform vendor.
● Häufige Fragen
Was ist ISO/IEC 42001?
The first international management-system standard for AI, published in December 2023, specifying requirements to establish, implement, maintain, and continually improve an AI Management System (AIMS) for organizations that develop or use AI. Es gehört zur Kategorie Compliance und Frameworks der Cybersicherheit.
Was bedeutet ISO/IEC 42001?
The first international management-system standard for AI, published in December 2023, specifying requirements to establish, implement, maintain, and continually improve an AI Management System (AIMS) for organizations that develop or use AI.
Wie funktioniert ISO/IEC 42001?
ISO/IEC 42001:2023, 'Information technology — Artificial intelligence — Management system,' is the AI counterpart of ISO/IEC 27001. It defines requirements for an AI Management System (AIMS) covering scope, leadership, planning, support, operation, performance evaluation, and improvement, plus Annex A controls organized into governance, AI policies, internal organization, resources, AI-system lifecycle, data for AI, information for interested parties, use of AI, and third-party relationships. Adoption is driven both by regulators (the EU AI Act references ISO management standards as evidence of conformity for some risk-management obligations) and by enterprise customers asking AI vendors for assurance. Independent certification bodies began offering ISO 42001 certification audits in 2024, and several major AI vendors (Anthropic, AWS AI services) achieved certification through 2024–2025. The standard pairs well with ISO 27001 (for the security of the AIMS), ISO 27701 (privacy), and the NIST AI RMF (a non-prescriptive but compatible companion framework).
Wie schützt man sich gegen ISO/IEC 42001?
Schutzmaßnahmen gegen ISO/IEC 42001 kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.
Welche anderen Bezeichnungen gibt es für ISO/IEC 42001?
Übliche alternative Bezeichnungen: AIMS, AI Management System standard.
● Verwandte Begriffe
- compliance№ 620
ISO/IEC 27001
Internationaler Standard mit Anforderungen an ein Information Security Management System (ISMS), nach dem Organisationen formal zertifiziert werden können.
- ai-security№ 031
KI-Governance
Richtlinien, Prozesse, Rollen und Kontrollen, mit denen Organisationen und Regulierer sicherstellen, dass KI-Systeme verantwortungsvoll und rechtmäßig entwickelt, bereitgestellt und betrieben werden.
- compliance№ 817
NIST AI Risk Management Framework (AI RMF)
NIST's voluntary framework for managing AI risks, published January 2023 (AI RMF 1.0) with a Generative AI Profile released in July 2024, organized around four Functions: Govern, Map, Measure, and Manage.
- compliance№ 433
EU-KI-Verordnung
EU-Verordnung 2024/1689 mit harmonisierten Regeln fuer kuenstliche Intelligenz nach einem risikobasierten Ansatz, gestaffelt zwischen 2025 und 2027.
- ai-security№ 038
KI-Safety
Disziplin, die unbeabsichtigte Schäden von KI-Systemen für Nutzer, Betreiber und Gesellschaft verhindern soll und technische, operative wie gesellschaftliche Aspekte umfasst.
- ai-security№ 029
AI Bill of Materials (AIBOM)
Maschinenlesbares Inventar aller Komponenten eines KI-Systems — Datensätze, Basismodelle, Fine-Tuning-Daten, Bibliotheken, Prompts und Evaluierungsartefakte — für Sicherheit, Compliance und Accountability.