My Portal
My Portal
Global | EN

ISO/IEC 42001 Certification Mark

Adding value with our service portfolio

cert markCertification:

ISO/IEC 42001 Artificial Intelligence Management System (AIMS)

Basis for Certification (certification standard):

International standard ISO IEC 42001 (requirements for Artificial Intelligence Management System)

Standard owner:

ISO-International Organization for Standardization

 

What does the ISO/IEC 42001 standard define?

This standard is designed to ensure the responsible development and use of AI systems, addressing challenges such as ethical considerations, transparency, and continuous learning.

Key aspects of ISO/IEC 42001 include:

  • Risk Management: Providing a framework to manage risks and opportunities associated with AI. Risk assessment, Risk mitigation and impact assessment are the core pillars of this Standard.
  • Transparency: Ensuring AI decision-making processes are explainable and understandable.
  • Accountability: Defining roles and responsibilities to maintain human oversight and justifications for AI-related decisions.
  • Compliance: The standard aligns with ethical principles and regulatory requirements, such as GDPR, promoting global interoperability.

This standard is applicable across various industries and is relevant for any organization involved in developing, providing, or using AI-based products or services. ISO/IEC 42001 also emphasizes additional principles such as fairness, reliability, privacy, and stakeholder involvement. It uses the time-tested, structured Plan-Do-Check-Act (PDCA) methodology for continuous improvement of AI systems.

What does “certification” and/or the issue of a certification mark according to ISO/IEC 42001 by TÜV SÜD South Asia mean?
  • The customer has submitted to a voluntary assessment (audit) according to defined criteria (certification standard).
  • A certificate and/or the authorization to use a certification mark is only issued if the assessment (audit) does not reveal any major nonconformities with the requirements of the certification standard.
  • The certificates and/or certification marks are valid for a restricted period of time. Interested parties can check the validity of individual certificates in the certificate database of TÜV SÜD South Asia Pvt. Ltd.
  • To maintain certificate validity, the certificate holder must annually complete an announced audit with a positive result.
  • Unscheduled audits and assessments are possible in specific cases. They can be carried out by the certification body.
How is the assessment/audit performed?

Independent and qualified experts (auditors) apply the following auditing techniques:

  • Document review

Evaluation of the organisation's requirements and/or documentation to ensure systematic control of all processes relevant for artificial intelligence management.

  • On-site audit

Verification, in the form of interviews and on-site inspection at the customer's premises, that the above requirements are effectively implemented in practice. Random on-site checks of processes based on records, such as available measurement results, minutes of meetings, training and qualification records, complaint management, and records related to defined objectives and the resulting improvement projects.

  • Remote Audit

Similar to onsite audits, the goal is to verify that the organization's processes, systems, and practices comply with relevant ISO standards. Remote audits leverage various ICT tools, including video conferencing, document-sharing platforms, etc. The auditor will review documents, conduct virtual interviews with staff, and observe processes through live video feeds or recorded footage.


What is beyond the scope of certification according to the ISO/IEC 42001 standard?
  • Certification according to ISO/IEC 42001 does not constitute product certification. Certification thus does not provide any direct statements on the quality of artificial intelligence developed and/or deployed/ used for the provision of product/s and/or service/s of the certified customer. Certification according to ISO/IEC 42001 does not mean that the company manufactures product/s or provides service/s of higher quality.
  • Certification thus does not provide any guarantee that an organisation complies with responsible business practices related to (but not limited to) ethics, explainability, training data- quality, security, and privacy, and transparency of the artificial intelligence developed and/or deployed/ used for the provision of product/s and/or service/s of the certified customer, in each individual case.
  • Certification according to ISO/IEC 42001 does not guarantee that an organisation complies with statutory and/or regulatory requirements defined for artificial intelligence in each individual case.
  • Certification according to ISO/IEC 42001 does not confirm that the digital, systemic, technical, and organisational measures taken by the company are functioning without errors in each individual case.
  • The certification based on ISO/IEC 42001 does not constitute an indication of compliance with the EU AI Act, nor does it serve as a measure for ensuring adherence to its regulatory requirements, including prohibitions on certain AI practices.