ISO/IEC 42001
¿Qué es ISO/IEC 42001?
ISO/IEC 42001The first international management-system standard for AI, published in December 2023, specifying requirements to establish, implement, maintain, and continually improve an AI Management System (AIMS) for organizations that develop or use AI.
ISO/IEC 42001:2023, 'Information technology — Artificial intelligence — Management system,' is the AI counterpart of ISO/IEC 27001. It defines requirements for an AI Management System (AIMS) covering scope, leadership, planning, support, operation, performance evaluation, and improvement, plus Annex A controls organized into governance, AI policies, internal organization, resources, AI-system lifecycle, data for AI, information for interested parties, use of AI, and third-party relationships. Adoption is driven both by regulators (the EU AI Act references ISO management standards as evidence of conformity for some risk-management obligations) and by enterprise customers asking AI vendors for assurance. Independent certification bodies began offering ISO 42001 certification audits in 2024, and several major AI vendors (Anthropic, AWS AI services) achieved certification through 2024–2025. The standard pairs well with ISO 27001 (for the security of the AIMS), ISO 27701 (privacy), and the NIST AI RMF (a non-prescriptive but compatible companion framework).
● Ejemplos
- 01
An LLM vendor maps its model-evaluation, red-teaming, and incident-response programs to Annex A controls in pursuit of ISO/IEC 42001 certification.
- 02
An enterprise procurement team adds 'ISO/IEC 42001 certification or equivalent attestation' as a contractual requirement for any AI-platform vendor.
● Preguntas frecuentes
¿Qué es ISO/IEC 42001?
The first international management-system standard for AI, published in December 2023, specifying requirements to establish, implement, maintain, and continually improve an AI Management System (AIMS) for organizations that develop or use AI. Pertenece a la categoría de Cumplimiento y marcos en ciberseguridad.
¿Qué significa ISO/IEC 42001?
The first international management-system standard for AI, published in December 2023, specifying requirements to establish, implement, maintain, and continually improve an AI Management System (AIMS) for organizations that develop or use AI.
¿Cómo funciona ISO/IEC 42001?
ISO/IEC 42001:2023, 'Information technology — Artificial intelligence — Management system,' is the AI counterpart of ISO/IEC 27001. It defines requirements for an AI Management System (AIMS) covering scope, leadership, planning, support, operation, performance evaluation, and improvement, plus Annex A controls organized into governance, AI policies, internal organization, resources, AI-system lifecycle, data for AI, information for interested parties, use of AI, and third-party relationships. Adoption is driven both by regulators (the EU AI Act references ISO management standards as evidence of conformity for some risk-management obligations) and by enterprise customers asking AI vendors for assurance. Independent certification bodies began offering ISO 42001 certification audits in 2024, and several major AI vendors (Anthropic, AWS AI services) achieved certification through 2024–2025. The standard pairs well with ISO 27001 (for the security of the AIMS), ISO 27701 (privacy), and the NIST AI RMF (a non-prescriptive but compatible companion framework).
¿Cómo defenderse de ISO/IEC 42001?
Las defensas contra ISO/IEC 42001 combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.
¿Cuáles son otros nombres para ISO/IEC 42001?
Nombres alternativos comunes: AIMS, AI Management System standard.
● Términos relacionados
- compliance№ 620
ISO/IEC 27001
Norma internacional que establece los requisitos de un Sistema de Gestión de Seguridad de la Información (SGSI) y permite la certificación formal de las organizaciones.
- ai-security№ 031
Gobernanza de IA
Conjunto de políticas, procesos, roles y controles con los que organizaciones y reguladores garantizan que los sistemas de IA se desarrollan, despliegan y operan de forma responsable y legal.
- compliance№ 817
NIST AI Risk Management Framework (AI RMF)
NIST's voluntary framework for managing AI risks, published January 2023 (AI RMF 1.0) with a Generative AI Profile released in July 2024, organized around four Functions: Govern, Map, Measure, and Manage.
- compliance№ 433
Reglamento Europeo de IA
Reglamento UE 2024/1689 que establece normas armonizadas sobre inteligencia artificial con un enfoque basado en el riesgo, con aplicacion escalonada entre 2025 y 2027.
- ai-security№ 038
Safety de IA
Disciplina que busca evitar que los sistemas de IA causen daños no intencionados a usuarios, operadores y sociedad, abarcando dimensiones técnicas, operativas y sociales.
- ai-security№ 029
Lista de materiales de IA (AIBOM)
Inventario legible por máquina de cada componente que entra en un sistema de IA —datasets, modelos base, datos de fine-tuning, librerías, prompts y artefactos de evaluación— usado para seguridad, cumplimiento y rendición de cuentas.