ISO 42001 Course

In this course, you’ll find all the information you need to get up to speed on the latest ISO/IEC 42001:2023 standard that, “specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems.” (iso.org)

Course Outline

  1. Course Introduction
  2. Context
    a. History and Context
    b. The Business Case for ISO 42001
  3. Framework Review
    a. Overview
    b. Review of the AI Management System (AIMS)
    c. Required AI Policies
    d. AI Risk Management
    e. AI Impact Assessments
    f. Internal Audit Requirements
    g. Connection to ISO 27001 and 27701
  4. Certification Journey
    a. Implementation process
    b. Certification process
    c. Selecting a Certifying Body
    d. Maintaining Your Program
    e. Typical Timeline
  5. Real World Examples
    a. Lending Technology
    b. Smart Law Firm
  6. Wrap Up
    a. Other Resources
    b. Closing Comments

Course Introduction

Welcome to the first ever ISO 42001 training course from risk3sixty. In it, we want to give you everything you need to get certified. In this lesson, we will give you a preview of what to expect in this course on Artificial Intelligence system management..

Part 1: ISO 42001 In Context

The Business Case for ISO 42001

If your company is considering ISO 42001 certification, it needs to make sense for your business. In this lesson we will help you step through important trends like:

  • AI requirements in contracts with customers
  • The evolving AI regulatory landscape
  • Building trust with customers that could become important factors in your decision to pursue certification or not

History and Context

To get the most out of this course it is important to understand the important history and context of ISO 42001. This lesson will help put Artificial Intelligence Risk and ISO 42001 in perspective by answering questions like:

  • Where did ISO 42001 come from?
  • Who invented it and why?
  • Why does it matter to my company?
  • How is it related to security and privacy?

Part 2: ISO 42001 Framework Review

Framework Overview

ISO 42001 is broken into two three main parts:

  • The AIMS (clauses 4-10)
  • Annex A (the 38 controls)
  • Annex B (Implementation guidance of the 38 controls

In this section, we will pull up the framework and do a quick walkthrough so you can navigate it.

Review of the AI Management System (AIMS)

Clauses 4 – 10 of ISO 42001 define the AI Management System (or AIMS). An AIMS defines how your organization will govern AI risk management. In this lesson, we will walk through each clause and explain each requirement in an easy to understand format.

Review of the 9 Control Objectives and 38 Controls

Annex A of ISO 42001 defines 9 control objectives and 38 controls to manage AI risks. In this lesson, we will walk through each objective to explain the requirements in an easy to understand format.

Required AI Policies

ISO 42001 will require several policies such as an AI Policy, AI Acceptable Use Policy, and many more. In this lesson, we will walk through the policies that your organization will likely need to obtain certification.

AI Risk Management

ISO 42001 clause 6 requires that the organization establish and AI risk management program. In this course we will talk through the framework and discuss practical ways companies implement risk management programs to meet each requirement.

AI Impact Assessments

ISO 42001 clause 6 requires that companies perform AI Impact Assessments. For most companies, an AI impact assessment is a new concept. In this course, we will cover what an AI impact assessment looks like, why it is required, and common ways companies implement them.

Internal Audit Requirement

ISO 42001 clause 9.2 requires that companies performs internal audits as part of program monitoring. In this section, we will cover what an internal audit looks like, why it is required, and how companies practically implement an internal audit program to meet the ISO 42001 requirement.

Connection to ISO 27001 and ISO 27701

ISO 42001 is heavily informed by concepts that can be found in ISO 27001 (security) and ISO 27701 (privacy). In this lesson, we will cover off on the links between each framework and the opportunity to obtain certification across multiple frameworks in a single effort.

If your company is already ISO 27001 certification, this will be an important lesson.

Part 3: The ISO 42001 Certification Journey

Implementation Process

We will give you the 4-step roadmap to implement ISO 42001 that includes:

  • Planning
  • Current State Assessment
  • Developing a maturity roadmap
  • Implementing the program.

We will also cover some of the most common workstreams associated with implementing a program such as writing policies, establishing a risk management program, and more.

Certification Process

We will cover the 3-step ISO 42001 certification process that includes:

  • Planning
  • Stage 1 Audit
  • Stage 2 Audits

Selecting a Certifying Body

To obtain an ISO 42001 certification you must work with an accredited ISO 42001 certifying body (CB). In this lesson, we will walk through which firms are authorized to issue ISO 42001 certification and questions to consider when choosing an audit firm.

Maintain Your Program

ISO 42001 certification audits are an annual event. As a result, you have to maintain the program once you implement it. In this lesson, we will talk through what to expect during a certification audit and things you should consider when maintaining your program year after year.

Typical Timeline

We will talk through the typical timeline to implement an ISO 42001 program and obtaining certification. We’ll also discuss important workstreams, order of operations, and how much time it will take.

Part 4: Real World Examples

Lending Tech Example

Lending Technology uses AI and automated decision making to making lending decisions to potential borrowers. In this lesson, we will review how ISO 42001 concepts like the AIMS, AI Impact Assessments, and others apply in the real world.

Smart Law Firm

Smart Law Firm uses AI to help attorneys perform case research. In this lesson, we will review how ISO 42001 concepts like integrating with OpenAI, training data, and risk assessments apply in the real world.

Part 5: Course Wrap Up

Other Resources

In this section, we will provide a list of other helpful resources like whitepapers, frameworks, and concepts you should know about to continue your ISO 42001 learning and certification journey.

Closing Comments

Thank you for taking the course. We need your help. We have one very important ask.

Please view on desktop for best experience.

Course Introduction

Welcome to the first ever ISO 42001 training course from risk3sixty. In it, we want to give you everything you need to get certified. In this lesson, we will give you a preview of what to expect in this course on Artificial Intelligence system management..

Part 1: ISO 42001 In Context

The Business Case for ISO 42001

If your company is considering ISO 42001 certification, it needs to make sense for your business. In this lesson we will help you step through important trends like:

  • AI requirements in contracts with customers
  • The evolving AI regulatory landscape
  • Building trust with customers that could become important factors in your decision to pursue certification or not

History and Context

To get the most out of this course it is important to understand the important history and context of ISO 42001. This lesson will help put Artificial Intelligence Risk and ISO 42001 in perspective by answering questions like:

  • Where did ISO 42001 come from?
  • Who invented it and why?
  • Why does it matter to my company?
  • How is it related to security and privacy?

Part 2: ISO 42001 Framework Review

Framework Overview

ISO 42001 is broken into two three main parts:

  • The AIMS (clauses 4-10)
  • Annex A (the 38 controls)
  • Annex B (Implementation guidance of the 38 controls

In this section, we will pull up the framework and do a quick walkthrough so you can navigate it.

Review of the AI Management System (AIMS)

Clauses 4 – 10 of ISO 42001 define the AI Management System (or AIMS). An AIMS defines how your organization will govern AI risk management. In this lesson, we will walk through each clause and explain each requirement in an easy to understand format.

Review of the 9 Control Objectives and 38 Controls

Annex A of ISO 42001 defines 9 control objectives and 38 controls to manage AI risks. In this lesson, we will walk through each objective to explain the requirements in an easy to understand format.

Required AI Policies

ISO 42001 will require several policies such as an AI Policy, AI Acceptable Use Policy, and many more. In this lesson, we will walk through the policies that your organization will likely need to obtain certification.

AI Risk Management

ISO 42001 clause 6 requires that the organization establish and AI risk management program. In this course we will talk through the framework and discuss practical ways companies implement risk management programs to meet each requirement.

AI Impact Assessments

ISO 42001 clause 6 requires that companies perform AI Impact Assessments. For most companies, an AI impact assessment is a new concept. In this course, we will cover what an AI impact assessment looks like, why it is required, and common ways companies implement them.

Internal Audit Requirement

ISO 42001 clause 9.2 requires that companies performs internal audits as part of program monitoring. In this section, we will cover what an internal audit looks like, why it is required, and how companies practically implement an internal audit program to meet the ISO 42001 requirement.

Connection to ISO 27001 and ISO 27701

ISO 42001 is heavily informed by concepts that can be found in ISO 27001 (security) and ISO 27701 (privacy). In this lesson, we will cover off on the links between each framework and the opportunity to obtain certification across multiple frameworks in a single effort.

If your company is already ISO 27001 certification, this will be an important lesson.

Part 3: The ISO 42001 Certification Journey

Implementation Process

We will give you the 4-step roadmap to implement ISO 42001 that includes:

  • Planning
  • Current State Assessment
  • Developing a maturity roadmap
  • Implementing the program.

We will also cover some of the most common workstreams associated with implementing a program such as writing policies, establishing a risk management program, and more.

Certification Process

We will cover the 3-step ISO 42001 certification process that includes:

  • Planning
  • Stage 1 Audit
  • Stage 2 Audits

Selecting a Certifying Body

To obtain an ISO 42001 certification you must work with an accredited ISO 42001 certifying body (CB). In this lesson, we will walk through which firms are authorized to issue ISO 42001 certification and questions to consider when choosing an audit firm.

Maintain Your Program

ISO 42001 certification audits are an annual event. As a result, you have to maintain the program once you implement it. In this lesson, we will talk through what to expect during a certification audit and things you should consider when maintaining your program year after year.

Typical Timeline

We will talk through the typical timeline to implement an ISO 42001 program and obtaining certification. We’ll also discuss important workstreams, order of operations, and how much time it will take.

Part 4: Real World Examples

Lending Tech Example

Lending Technology uses AI and automated decision making to making lending decisions to potential borrowers. In this lesson, we will review how ISO 42001 concepts like the AIMS, AI Impact Assessments, and others apply in the real world.

Smart Law Firm

Smart Law Firm uses AI to help attorneys perform case research. In this lesson, we will review how ISO 42001 concepts like integrating with OpenAI, training data, and risk assessments apply in the real world.

Part 5: Course Wrap Up

Other Resources

In this section, we will provide a list of other helpful resources like whitepapers, frameworks, and concepts you should know about to continue your ISO 42001 learning and certification journey.

Closing Comments

Thank you for taking the course. We need your help. We have one very important ask.