EAAPL-CMP005 — ISO/IEC 42001 AI Management System Implementation
Status: Proven
Tags: iso-42001 model-risk governance traceability high-complexity
Version: 1.2
Last Updated: 2026-06-12
Author: Enterprise AI Architecture Pattern Library
1. Executive Summary
ISO/IEC 42001:2023 is the first international standard providing requirements for an Artificial Intelligence Management System (AIMS). It follows the High-Level Structure (HLS/Annex SL) shared with ISO 9001, ISO 27001, and ISO 14001, enabling integration with existing management systems. Certification against ISO 42001 provides independent assurance that an organisation has established systematic processes for responsible AI development, deployment, and governance across its AI lifecycle.
This pattern provides a reference architecture mapping each ISO 42001 clause (Clauses 4–10) to specific architectural controls and governance artefacts. It covers: Clause 4 (Context — identifying internal and external issues, interested parties, determining scope); Clause 5 (Leadership — AI policy, roles and responsibilities); Clause 6 (Planning — AI objectives, risk and opportunity assessment, impact assessment); Clause 7 (Support — competence, awareness, documentation); Clause 8 (Operation — AI system lifecycle, responsible AI controls per Annex A); Clause 9 (Performance evaluation — internal audit, management review); and Clause 10 (Improvement — nonconformity and corrective action). Organisations implementing this pattern establish a systematic, certifiable AIMS that satisfies regulatory expectations from EU AI Act (Article 9 risk management aligns with Clause 6), NIST AI RMF, and APRA model risk guidance.
2. Problem Statement
Business Problem
Boards and executive teams face growing accountability for AI risks but lack a systematic framework to demonstrate that AI is governed responsibly. Customers, regulators, and procurement teams increasingly require evidence of structured AI governance. Without an internationally recognised management system, AI governance is fragmented across business units with inconsistent maturity and no external validation mechanism.
Technical Problem
AI system development teams operate without standardised lifecycle processes: AI risks are assessed inconsistently across projects; responsible AI controls (fairness, transparency, human oversight) are applied ad hoc; training data governance lacks a consistent framework; model versioning and change management are not integrated with the quality management system; and internal audits do not cover AI-specific risks.
Symptoms
- Different business units use different AI governance templates or none at all
- There is no documented AI policy approved by the board
- AI impact assessments are not conducted systematically before deployment
- Model training and validation procedures are undocumented or exist only in engineering tribal knowledge
- No internal audit programme covers AI systems and their responsible AI controls
- Corrective action processes do not capture AI-specific nonconformities
Cost of Inaction
| Dimension |
Consequence |
| Regulatory |
Inability to demonstrate due diligence when regulators or courts investigate AI harms |
| Commercial |
Loss of enterprise customer contracts that require ISO 42001 or equivalent AI governance |
| Operational |
Inconsistent AI quality leading to reputational damage from AI failures |
| Strategic |
Inability to obtain AI-specific cyber insurance products without documented governance |
3. Context
When to Apply
- Organisations seeking ISO/IEC 42001 certification for commercial, regulatory, or reputational reasons
- AI product companies whose customers require AI governance assurance
- Regulated entities seeking to demonstrate structured AI risk management to regulators
- Organisations integrating AI governance with existing ISO 9001 (quality) or ISO 27001 (information security) management systems
When NOT to Apply
- Organisations in early-stage exploration of AI with no production AI deployments (start with informal governance; adopt AIMS when AI systems are approaching production)
- Organisations whose AI usage is entirely through third-party SaaS with no custom model development (lighter-weight vendor governance suffices)
Prerequisites
| Prerequisite |
Description |
| Executive Sponsorship |
Senior leader accountable for AI governance (often CTO, CDO, or CRO) |
| AI Inventory |
Basic catalogue of AI systems in development or production |
| Existing QMS or ISMS |
ISO 9001 or ISO 27001 integration is strongly recommended to leverage existing Annex SL infrastructure |
| Legal Counsel |
Review of applicable AI regulations to inform Clause 4 external issues |
| AI Governance Budget |
Dedicated budget for AIMS implementation (staff, tooling, external audit) |
Industry Applicability
| Industry |
Relevance |
Notes |
| Financial Services |
High |
Regulators (APRA, ECB, FCA) increasingly reference structured AI governance; model risk management integration |
| Healthcare |
High |
AI medical devices and clinical decision support require systematic risk assessment |
| Technology / SaaS |
High |
Enterprise B2B AI products face procurement requirements for AI governance certification |
| Manufacturing |
Medium |
AI in quality control and predictive maintenance; supply chain AI governance |
| Government |
High |
Public accountability for AI decisions; ISO 42001 provides external validation |
| Professional Services |
Medium |
AI in legal, audit, consulting; client trust through certified governance |
4. Architecture Overview
The ISO 42001 AI Management System Architecture is organised around the Plan-Do-Check-Act (PDCA) cycle embedded in each of the seven operational clauses. The architecture translates abstract management system requirements into concrete technical controls and governance processes.
Clause 4 — Context of the Organisation
The AIMS begins with a structured context analysis. Clause 4 requires identifying internal issues (existing AI maturity, organisational culture, technical capabilities, data governance state) and external issues (regulatory environment, competitive landscape, societal expectations for responsible AI, customer trust requirements). Interested parties—shareholders, customers, employees, regulators, affected communities—must be identified with their AI-specific requirements and expectations documented. The scope of the AIMS must be formally defined, naming which AI systems, business units, and geographies are included. A context register captures these assessments and is reviewed annually. The AI Systems Inventory (a component required by Clause 8) is initiated here as a comprehensive catalogue of all AI systems within scope, enabling the scope boundary to be enforced technically.
Clause 5 — Leadership
The AIMS requires visible leadership commitment, demonstrated through an AI Policy approved at the highest governance level (board or equivalent). The AI Policy must state: the organisation's commitment to responsible AI; objectives for AI governance; integration with business strategy; and assignment of roles. The AI function structure—roles such as AI Officer, AI Risk function, AI Ethics Board, business unit AI owners—must be formally defined with documented responsibilities. Critically, responsibility must be assigned for specific AI obligations: data governance, model risk, transparency, human oversight, and AI incident management. This is operationalised as an RACI matrix for AI governance activities, published internally.
Clause 6 — Planning
Clause 6 is the most technically demanding. AI Risk and Opportunity Assessment is required for all AI systems within scope, systematically identifying risks from AI failure modes: bias, lack of transparency, harmful outputs, security vulnerabilities, and performance degradation. AI Impact Assessments (required by Annex B of ISO 42001) must be conducted before deploying AI systems with significant societal or individual impact, with findings feeding into the risk treatment plan. AI Objectives must be established—measurable goals for responsible AI (e.g., bias metric thresholds, human oversight coverage rates, audit completion targets) that are tracked over time. Planning must address how objectives will be achieved, who is responsible, and how achievement will be evaluated.
Clause 7 — Support
Clause 7 covers the organisational capabilities required to operate the AIMS. Competence requirements for AI roles must be documented—what knowledge and skills each AI role requires—and assessed against current capability with gaps addressed through training or recruitment. AI awareness programmes must ensure all staff who work with AI understand the AI policy, their responsibilities, and the consequences of AIMS nonconformity. Documentation control is formally required: all AIMS records, policies, procedures, risk assessments, and audit reports must be managed under a document control framework with version history, review cycles, and retention periods.
Clause 8 — Operation
Clause 8 operationalises the AIMS through the AI system lifecycle: planning and design, data acquisition and preparation, model development, testing and validation, deployment, operation, and decommissioning. At each lifecycle stage, specific controls from Annex A apply. Annex A of ISO 42001 contains 38 controls across eight domains: AI system design; data for AI; AI system development; AI operation; stakeholder engagement; transparency; human oversight; and responsible AI objectives. These controls are analogous to ISO 27001 Annex A information security controls—organisations assess applicability, implement applicable controls, and document any exclusions in a Statement of Applicability.
Clause 9 — Performance Evaluation
The AIMS must be monitored and evaluated. This requires: monitoring of AI objectives against targets; internal audits of the AIMS at planned intervals; management review by top management that evaluates AIMS performance, audit findings, risk register changes, and opportunities for improvement. The internal audit programme must have documented competence requirements for AI auditors, a risk-based audit schedule, and findings tracked through to closure.
Clause 10 — Improvement
Nonconformities with AIMS requirements—whether discovered through internal audit, customer complaint, or incident—must be documented, root-caused, and corrected. Corrective actions must address root causes, not just symptoms. The continuous improvement process requires systematic analysis of trends in audit findings, incidents, and near-misses to identify systemic issues for proactive improvement.
5. Architecture Diagram
flowchart TD
subgraph Plan["Plan — Context and Leadership"]
A[AI Systems Inventory]
B[AI Policy and RACI]
end
subgraph Do["Do — Operation"]
C[Risk and Impact Assessment]
D[AI Lifecycle Controls]
E[Annex A Statement of Applicability]
end
subgraph Check["Check — Evaluation"]
F[Internal Audit Programme]
G[Management Review]
end
A --> B
B --> C
C --> D
D --> E
E --> F
F --> G
G -->|nonconformity| C
G -->|policy update| B
style A fill:#dbeafe,stroke:#3b82f6
style B fill:#dbeafe,stroke:#3b82f6
style C fill:#f0fdf4,stroke:#22c55e
style D fill:#f0fdf4,stroke:#22c55e
style E fill:#fef9c3,stroke:#eab308
style F fill:#f0fdf4,stroke:#22c55e
style G fill:#d1fae5,stroke:#10b981
6. Components
| Component |
Type |
Responsibility |
Technology Options |
Criticality |
| AIMS Management Platform |
Governance |
Central repository for all AIMS records, policies, audits; document control |
Confluence + Jira, SharePoint + Planner, Archer, OneTrust AI Governance |
Critical |
| AI Systems Inventory |
Governance |
Catalogue of all AI systems in scope with lifecycle status, risk classification, owner |
ServiceNow CMDB extension, Collibra, custom database |
Critical |
| AI Risk Register |
Governance |
Per-system risk assessments; treatment plans; residual risk tracking |
Archer, Resolver, Jira, custom |
High |
| AI Impact Assessment Tool |
Governance |
Structured Annex B impact assessment workflow with decision logic |
Custom intake form + workflow, OneTrust PIA module, Credo AI |
High |
| Statement of Applicability |
Governance |
Map of Annex A controls: applicable, excluded, implementation status |
Document in AIMS platform; spreadsheet (small organisations) |
Critical |
| Annex A Control Library |
Governance |
38 controls across 8 domains; implementation guidance per control |
AIMS management platform; custom wiki |
High |
| Model Lifecycle Management |
Engineering |
Track AI models from development through deprecation; version control; approval gates |
MLflow, DVC, SageMaker Model Registry, Azure ML Model Registry |
High |
| Training Data Governance |
Engineering |
Provenance, quality assessment, bias analysis for training datasets |
Alation, Collibra, OpenMetadata, Great Expectations |
High |
| Internal Audit Management |
Governance |
Schedule, conduct, record, and close AIMS internal audits |
Archer, TeamMate+, custom Jira project |
High |
| AI Objectives Dashboard |
Governance |
Track AI governance KPIs against targets in near-real-time |
Power BI, Tableau, Grafana, custom |
Medium |
| Nonconformity Tracker |
Governance |
Record, root-cause, and close AIMS nonconformities |
Jira, ServiceNow, Archer |
High |
| Competence Register |
HR / Governance |
Document AI role competence requirements and assessed staff capability |
HR system extension; custom spreadsheet; Workday |
Medium |
7. Data Flow
Primary Flow (AI System Onboarding Through AIMS)
| Step |
Actor |
Action |
Output |
| 1 |
AI Project Team |
Submit new AI system for AIMS intake via AI Systems Inventory |
AI system record with initial metadata |
| 2 |
AI Risk Function |
Conduct Clause 6 AI Risk Assessment for the new system |
Risk register entry with identified risks and initial treatment |
| 3 |
AI Ethics / Privacy |
Conduct Annex B AI Impact Assessment |
Impact assessment report with mitigation requirements |
| 4 |
AI Officer |
Review assessment outputs; approve Annex A control selection; update Statement of Applicability |
Approved SOA section for this system |
| 5 |
Development Team |
Implement applicable Annex A controls during AI system development |
Control implementation evidence |
| 6 |
Internal Audit |
Verify Annex A control implementation pre-deployment |
Pre-deployment audit finding |
| 7 |
AI Officer / Governance |
Deployment approval gate: all P0 findings resolved |
Deployment authorisation record |
| 8 |
Operations |
Deploy with monitoring; feed performance data to AI Objectives Dashboard |
Live AI system with telemetry |
| 9 |
Internal Audit |
Annual AIMS audit covering this system |
Audit report with findings |
| 10 |
Management Review |
Top management review of AIMS performance including this system's findings |
Management review minutes; decisions on improvement |
Error Flow
| Step |
Failure |
Detection |
Recovery |
| Annex A Control Not Implemented |
Required control skipped before deployment |
Pre-deployment audit; internal review |
Block deployment; implement control; re-audit |
| AI Impact Assessment Not Conducted |
System deployed without Annex B assessment |
Periodic compliance check; external audit |
Conduct retrospective assessment; document finding; implement any required mitigations |
| Nonconformity Not Root-Caused |
Corrective action treats symptom only; recurrence |
Trend analysis in Clause 10; repeat audit finding |
Escalate to AI Officer; require independent root cause analysis |
| AIMS Scope Creep |
New AI system deployed outside AIMS scope without intake |
Scope boundary check; audit |
Bring system into AIMS scope; retrospective assessment |
| Management Review Not Conducted |
Annual review missed |
AIMS calendar alert; certification audit |
Schedule emergency management review; document as nonconformity |
8. Security Considerations
AIMS Security Controls
| Domain |
Control |
Implementation |
ISO 42001 Reference |
| Authentication |
AIMS platform access requires strong authentication; audit trail of all record changes |
SSO + MFA; document management system audit log |
Clause 7.5 — documented information security |
| Authorisation |
Role-based access: AI project teams (read/submit), AI risk function (read/write), AI Officer (approve), Internal Audit (read/report) |
RBAC in AIMS platform |
Clause 5.3 — roles and responsibilities |
| Secrets |
Model API keys, training data access credentials documented in AIMS but stored in secrets manager (not in AIMS directly) |
Pointer references in AIMS; actual secrets in vault |
Clause 8 — operational security |
| Classification |
AIMS records containing commercially sensitive AI model details classified; access restricted |
Document classification in AIMS platform |
Clause 7.5 — documented information |
| Encryption |
All AIMS records encrypted at rest; TLS in transit |
Cloud platform encryption; AIMS platform vendor controls |
Clause 7.5 |
| Auditability |
All AIMS record changes logged with user identity and timestamp; immutable |
Document management audit trail; SIEM integration |
Clause 9.1 — monitoring and measurement |
OWASP LLM Top 10 — ISO 42001 Control Mapping
| OWASP LLM Risk |
ISO 42001 Control Domain |
Annex A Control |
Clause |
| LLM01 Prompt Injection |
AI system design |
A.6.2.7 — AI system input validation |
Clause 8 |
| LLM02 Insecure Output Handling |
AI system development |
A.6.2.9 — Output validation and handling |
Clause 8 |
| LLM03 Training Data Poisoning |
Data for AI |
A.6.1.4 — Data acquisition and preparation quality |
Clause 8 |
| LLM04 Model Denial of Service |
AI operation |
A.6.4.2 — AI system monitoring and availability |
Clause 8, Clause 9 |
| LLM05 Supply Chain Vulnerabilities |
Stakeholder engagement |
A.6.5.2 — Third-party AI component governance |
Clause 8 |
| LLM06 Sensitive Information Disclosure |
Transparency |
A.6.6.1 — Transparency of AI system outputs |
Clause 8 |
| LLM07 Insecure Plugin Design |
AI system design |
A.6.2.5 — Principle of least privilege in AI design |
Clause 8 |
| LLM08 Excessive Agency |
Human oversight |
A.6.7.1 — Human oversight mechanisms |
Clause 8 |
| LLM09 Overreliance |
Human oversight |
A.6.7.2 — User education on AI limitations |
Clause 8 |
| LLM10 Model Theft |
AI system design |
A.6.2.8 — Protection of AI model assets |
Clause 8 |
9. Governance Considerations
ISO 42001 Governance Controls
| Clause |
Governance Requirement |
Architectural Control |
Artefact |
| Clause 4.1 |
Internal and external issues affecting AIMS |
Annual context review; regulatory watch |
Context Register |
| Clause 4.2 |
Interested party needs and expectations |
Stakeholder register with AI-specific requirements |
Interested Parties Register |
| Clause 5.2 |
AI Policy approved by top management |
Policy published; board minutes of approval |
AI Policy document |
| Clause 5.3 |
AI roles and responsibilities assigned |
RACI matrix; job descriptions with AI responsibilities |
RACI; role descriptions |
| Clause 6.1 |
AI risks and opportunities assessed |
Risk assessment methodology; risk register per AI system |
AI Risk Register |
| Clause 6.2 |
AI objectives established and tracked |
Measurable AI governance KPIs; dashboard |
AI Objectives Dashboard |
| Clause 8 |
AI system lifecycle with Annex A controls |
Model lifecycle management; SOA; control evidence |
SOA; control evidence package |
| Clause 9.2 |
Internal audit programme |
Audit schedule; competent AI auditors; finding tracker |
Audit Programme; Audit Reports |
| Clause 9.3 |
Management review of AIMS |
Annual management review agenda and minutes |
Management Review Minutes |
| Clause 10.1 |
Nonconformity and corrective action |
NCR system; root cause analysis; closure verification |
Nonconformity Register |
Governance Artefacts
| Artefact |
Description |
Retention |
| AI Policy |
Board-approved policy stating organisation's commitment and objectives for responsible AI |
Current version + 10 years history |
| AIMS Scope Statement |
Formal definition of AI systems, business units, and geographies within AIMS scope |
Current version + 7 years |
| AI Risk Register |
Per-system risk assessments with treatment plans and residual risk |
10 years |
| Statement of Applicability |
Annex A control applicability decisions with justifications |
Current version + 10 years |
| Internal Audit Reports |
Findings, evidence, and closure records for each AIMS audit |
7 years |
| Management Review Minutes |
Annual management review records including AIMS performance decisions |
10 years |
| Nonconformity Register |
All AIMS nonconformities with root cause and corrective action records |
10 years |
| AI Impact Assessments |
Annex B assessments for each AI system with identified impacts and mitigations |
Lifetime of system + 7 years |
10. Operational Considerations
Monitoring and SLOs
| SLO |
Target |
Measurement |
Breach Action |
| AI Risk Assessment Currency |
100% of production AI systems with risk assessment reviewed within 12 months |
Assessment age metric in AI Risk Register |
Alert AI Risk function; schedule urgent review |
| Annex A Control Implementation |
>95% of applicable controls implemented for production AI systems |
SOA implementation status |
Escalate outstanding controls to AI Officer |
| Internal Audit Schedule Adherence |
100% of scheduled AIMS audits completed on time |
Audit completion rate vs schedule |
Reschedule immediately; escalate if >30 days overdue |
| Nonconformity Closure |
>90% of minor findings closed within 60 days; 100% of major findings within 90 days |
NCR age metric |
Escalate to AI Officer; report to Management Review |
| AI Objectives Achievement |
>80% of AI governance objectives on track at each quarterly review |
Objectives dashboard |
Root cause; adjust programme; escalate to management |
Disaster Recovery for AIMS Infrastructure
| Scenario |
Impact |
Recovery |
| AIMS Platform Outage |
Cannot log new AI assessments or audits; manual workaround required |
Manual records maintained; import to platform within 5 days of restoration |
| Loss of AI Risk Register |
Risk management blindspot |
Restore from backup; review all AI systems for any risk changes during gap |
| Internal Audit Competence Loss |
Auditor leaves; audit programme cannot proceed |
Cross-train backup auditor; external audit resource as contingency |
11. Cost Considerations
Cost Drivers
| Cost Driver |
Indicative Cost |
Notes |
| AIMS Management Platform |
USD 20,000–80,000/year |
Commercial tools (OneTrust, Credo AI); lower with Confluence/Jira |
| External Certification Audit |
USD 30,000–80,000 per year |
Accredited certification body; scales with scope size |
| Internal AI Governance FTE |
USD 250,000–600,000/year |
1–3 FTE depending on scope; AI risk, audit, and coordination roles |
| AI Auditor Training |
USD 10,000–30,000/year |
ISO 42001 Lead Auditor training; ongoing CPD |
| Consultancy (initial implementation) |
USD 100,000–300,000 |
One-time; implementation partner for AIMS design and gap assessment |
| Tooling Integration |
USD 20,000–50,000 |
One-time; integrating AIMS platform with MLflow, CMDB, risk system |
Indicative Cost Range
| Organisation |
Annual AIMS Cost (Post-Certification) |
Notes |
| Small (<10 AI systems) |
USD 200,000–500,000 |
Lean AIMS; Confluence/Jira tooling; 1 FTE |
| Mid-size (10–30 AI systems) |
USD 600,000–1,500,000 |
Commercial AIMS platform; dedicated governance team |
| Large (30+ AI systems, multi-site) |
USD 2,000,000–6,000,000 |
Enterprise programme; multiple auditors; extensive tooling |
12. Trade-Off Analysis
Implementation Approach Options
| Option |
Description |
Pros |
Cons |
Recommended For |
| Option A: Standalone ISO 42001 AIMS |
Implement ISO 42001 as an independent management system |
Cleanest scope; fastest to certify |
Duplication with ISO 27001/9001 processes; higher total overhead |
Organisations without existing ISO management systems |
| Option B: Integrated AIMS (with ISO 27001 or ISO 9001) |
Extend existing ISMS or QMS with ISO 42001 AI-specific clauses |
Leverages existing infrastructure; lower cost; integrated audits |
Requires careful scoping to maintain clarity; integration complexity |
Organisations with mature ISO 27001 or ISO 9001 programmes |
| Option C: Self-Declaration (No Certification) |
Implement ISO 42001 requirements without third-party certification |
Lowest cost; faster to implement |
No external validation; limited commercial/regulatory credibility |
Internal governance improvement only; no external trust requirement |
Architectural Tensions
| Tension |
Trade-Off |
Resolution |
| Standardisation vs AI Velocity |
AIMS processes (impact assessments, risk reviews, deployment gates) slow down AI development |
Risk-tier the process: low-risk AI gets lightweight fast-track; high-risk gets full AIMS process |
| Comprehensiveness vs Manageability |
Full Annex A (38 controls) applied to all AI creates governance overhead |
Statement of Applicability excludes controls not applicable to low-risk, low-complexity AI |
| Internal Audit Independence vs AI Expertise |
Best AI auditors are practitioners; but auditors should not audit their own work |
Rotate auditors; use external for highest-risk systems; train dedicated AI auditors |
| AIMS Certification vs Regulatory Compliance |
ISO 42001 certification does not guarantee EU AI Act or APRA compliance |
AIMS is a foundation; map AIMS controls to specific regulatory requirements in parallel |
13. Failure Modes
| Failure |
Likelihood |
Impact |
Detection |
Recovery |
| Paper AIMS — Controls Documented Not Implemented |
High |
Critical — certification gap; governance theatre |
Certification audit finding; incident exposes lack of control |
Root cause; implement controls; may suspend certification pending remediation |
| AIMS Scope Excludes High-Risk AI Systems |
Medium |
High — governance blindspot for most risky systems |
Audit; incident investigation |
Expand scope; conduct retrospective assessments for out-of-scope systems |
| AI Impact Assessment Quality Too Low |
High |
High — identifies no material impacts; mitigations inadequate |
Incident reveals unidentified impact; external audit |
Improve methodology; train assessors; retrospective re-assessment of deployed systems |
| Management Review Disconnect |
Medium |
High — management does not act on AIMS findings; systemic issues persist |
Repeat audit findings; external audit |
Escalate to board; demonstrate consequences of inaction |
| Corrective Actions Closed Without Verification |
High |
Medium — problems recur; false closure |
Repeat audit finding; incident |
Require evidence-based closure; independent verification for major nonconformities |
| Certification Audit Failure |
Medium |
High — commercial and reputational impact |
Certification audit report |
Address major findings; request re-audit; communicate transparently with customers |
Cascading Failure Scenario
An organisation achieves ISO 42001 certification but the AIMS is treated as a compliance exercise. The AI Impact Assessments for a credit decisioning AI identify no material impacts (the assessors are not trained adequately and default to "no impact" for all categories). No human oversight controls are implemented for this system because the SOA excludes A.6.7.1 without documented justification. A regulatory investigation following customer complaints finds the AI system was making discriminatory credit decisions. The ISO 42001 certification, rather than providing defence, draws additional scrutiny: the regulator determines the certification was obtained through inadequate impact assessments that masked a known risk. The certification body withdraws certification.
14. Regulatory Considerations
| Regulation |
ISO 42001 Alignment |
Architectural Control |
Reference |
| EU AI Act Article 9 — Risk Management System |
Direct alignment: Clause 6 AI risk assessment satisfies Article 9 requirements |
AI Risk Register; Risk Treatment Plan |
ISO 42001 Clause 6.1; EU AI Act Article 9 |
| EU AI Act Article 10 — Training Data Governance |
Annex A data governance controls (A.6.1.x) align with Article 10 requirements |
Training Data Governance component |
ISO 42001 Annex A; EU AI Act Article 10 |
| EU AI Act Article 14 — Human Oversight |
Annex A A.6.7.1 human oversight controls directly address Article 14 |
Human oversight controls in AI system design |
ISO 42001 A.6.7; EU AI Act Article 14 |
| NIST AI RMF — GOVERN function |
ISO 42001 Clauses 4, 5 establish the governance structures the GOVERN function requires |
AIMS governance structure; AI Policy; roles |
NIST AI RMF GOVERN 1.x–6.x |
| NIST AI RMF — MAP and MEASURE |
ISO 42001 Clause 6 risk and impact assessment; Clause 9 performance evaluation |
Risk Register; AI Objectives Dashboard |
NIST AI RMF MAP, MEASURE |
| APRA CPS230 — Material Business Services |
ISO 42001 Clause 8 operational controls and Clause 9 monitoring apply to AI in material business services |
AI lifecycle controls; monitoring |
APRA CPS230 |
| APRA CPG 234 |
AI security controls under Annex A complement CPS234 controls |
Annex A security-related controls |
APRA CPG 234 |
| ISO/IEC 27001 — ISMS |
HLS Annex SL integration: ISO 42001 can be integrated with ISO 27001 |
Integrated management system |
ISO/IEC 27001:2022; ISO/IEC 42001:2023 |
15. Reference Implementations
AWS
| Component |
AWS Service / Tool |
| AIMS Management Platform |
Confluence on AWS; ServiceNow on AWS; or OneTrust SaaS |
| AI Systems Inventory |
AWS Service Catalog + custom DynamoDB inventory |
| AI Risk Register |
Jira on AWS; Archer SaaS |
| Model Lifecycle Management |
Amazon SageMaker Model Registry; MLflow on EC2 |
| Training Data Governance |
AWS Glue Data Catalog; Amazon Macie for PII |
| AI Objectives Monitoring |
Amazon CloudWatch + QuickSight |
| Internal Audit Tracking |
Jira; ServiceNow |
Azure
| Component |
Azure Service / Tool |
| AIMS Management Platform |
SharePoint Online + Planner; OneTrust SaaS |
| AI Systems Inventory |
Azure DevOps extension; ServiceNow |
| AI Risk Register |
Azure DevOps Boards; Archer |
| Model Lifecycle Management |
Azure Machine Learning Model Registry |
| Training Data Governance |
Microsoft Purview |
| AI Objectives Monitoring |
Azure Monitor + Power BI |
| Internal Audit Tracking |
Azure DevOps; ServiceNow |
GCP
| Component |
GCP Service / Tool |
| AIMS Management Platform |
Google Workspace (Docs/Sheets) + Jira; OneTrust SaaS |
| AI Systems Inventory |
Cloud Asset Inventory + custom BigQuery |
| AI Risk Register |
Jira; Archer |
| Model Lifecycle Management |
Vertex AI Model Registry |
| Training Data Governance |
Dataplex; Data Catalog |
| AI Objectives Monitoring |
Cloud Monitoring + Looker |
On-Premises
| Component |
Technology |
| AIMS Management Platform |
Confluence Data Center; SharePoint Server |
| AI Systems Inventory |
ServiceNow CMDB extension; custom PostgreSQL |
| AI Risk Register |
Archer on-premises; custom |
| Model Lifecycle Management |
MLflow self-hosted; DVC + Git |
| Training Data Governance |
Apache Atlas; Alation |
| AI Objectives Monitoring |
Grafana + Prometheus |
| Pattern ID |
Pattern Name |
Relationship |
Notes |
| EAAPL-CMP003 |
EU AI Act Compliance |
COMPLEMENTARY |
ISO 42001 AIMS satisfies many EU AI Act Article 9 risk management obligations |
| EAAPL-CMP006 |
NIST AI RMF Implementation |
COMPLEMENTARY |
ISO 42001 and NIST AI RMF are complementary; ISO is certifiable; NIST provides detailed operational guidance |
| EAAPL-CMP002 |
APRA CPS234 AI Security |
COMPLEMENTARY |
Annex A security controls extend APRA CPS234 ¶17 for AI-specific security |
| EAAPL-CMP004 |
Privacy-Preserving AI |
COMPLEMENTARY |
Annex B AI Impact Assessment in ISO 42001 covers privacy impacts; integrate with full PIA process |
| EAAPL-AGT003 |
Human-in-the-Loop Oversight |
EXTENSION |
ISO 42001 Annex A A.6.7 human oversight controls are implemented through HITL pattern |
| EAAPL-PLT001 |
MLOps Platform |
PREREQUISITE |
Model lifecycle management (Clause 8) requires an operational MLOps platform |
17. Maturity Assessment
Overall Maturity Label: Proven
| Dimension |
Level 1 |
Level 2 |
Level 3 |
Level 4 |
Level 5 |
Current Level |
| Context and Scope |
No analysis |
Informal identification of AI systems |
Formal context register; scope defined |
Scope dynamically maintained as AI portfolio evolves |
Context analysis feeds automated risk prioritisation |
Level 3 |
| Leadership |
No AI policy |
Draft AI policy |
Board-approved AI policy; roles assigned |
AI governance KPIs in executive scorecards |
AI governance performance linked to executive accountability |
Level 3 |
| Risk and Impact Assessment |
No assessments |
Ad-hoc assessments |
Systematic Clause 6 assessments for all in-scope systems |
Quantified risk scoring; impact assessment feeds design |
Continuous risk reassessment; automated risk signal aggregation |
Level 3 |
| Annex A Controls |
No controls mapped |
Some controls documented |
SOA complete; controls implemented for high-risk AI |
Automated control testing; evidence auto-generated |
Controls embedded in CI/CD; continuous compliance |
Level 3 |
| Internal Audit |
No audit |
Occasional informal reviews |
Formal annual audit programme |
Risk-based audit frequency; real-time findings dashboard |
Continuous audit sampling with AI-assisted finding analysis |
Level 3 |
| Improvement |
No corrective action |
Ad-hoc fixes |
Nonconformity register; root cause analysis |
Trend analysis; proactive improvement |
AI-assisted pattern detection in audit findings |
Level 3 |
18. Revision History
| Version |
Date |
Author |
Changes |
| 1.0 |
2025-05-01 |
EAAPL Working Group |
Initial draft aligned to ISO/IEC 42001:2023 |
| 1.1 |
2025-09-10 |
EAAPL Working Group |
Added NIST AI RMF cross-mapping; expanded Annex A control library guidance |
| 1.2 |
2026-06-12 |
EAAPL Working Group |
Added cascading failure scenario; updated cost ranges; aligned with EU AI Act harmonised standard progress |