ISO 9001 (Quality Management Systems) is the oldest and most widely adopted ISO management system standard, governing the management of product and service quality across any sector.
ISO/IEC 27001 (Information Security Management Systems) governs the management of information security and is the dominant security certification in regulated industries.
ISO/IEC 42001 (AI Management Systems) governs the management of AI and is the newest of the three. All three share the Annex SL high-level structure that makes integration possible.
The NIST AI Risk Management Framework (AI RMF) is structurally different — a voluntary, non-certifiable US framework that provides guidance on managing AI risk without prescribing a management system.
The four together form the conventional landscape for AI governance in most regulated industries.
“This document specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving an AI management system within the context of an organization.” — ISO/IEC 42001:2023, Clause 1 (Scope)
“The AI RMF is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.” — NIST AI RMF 1.0 (January 2023), Foreword
Key definitions
| Term | Meaning |
|---|---|
| Annex SL | The ISO/IEC directive establishing a common high-level structure for all ISO management system standards. Defines a shared ten-clause structure with consistent terminology. |
| Management system standard | A standard specifying requirements for the management of an organisational function — quality, security, AI — through policy, planning, operation, evaluation, and improvement. |
| Certifiable | A standard against which an organisation can be audited and certified by an accredited certification body. ISO 9001, ISO 27001, and ISO 42001 are certifiable; NIST AI RMF is not. |
| Integrated management system (IMS) | A management system that integrates the requirements of multiple management system standards into a single operational regime, sharing common elements (leadership, documented information, audit, review, improvement) across them. |
| Crosswalk | A mapping document showing how requirements or controls in one framework correspond to those in another. Used to identify reusable evidence. |
ISO 42001 and ISO/IEC 27001 (Information Security)
Where they align
ISO 27001 and ISO 42001 share the Annex SL structure exactly. The clause numbers, sequence, and many of the underlying concepts are the same. Both are certifiable, both produce a Statement of Applicability against a normative annex of controls, and both follow the Plan-Do-Check-Act cycle.
| Shared element | ISO 27001 source | ISO 42001 source |
|---|---|---|
| Context of the organisation | Clause 4 | Clause 4 |
| Leadership commitment | Clause 5 | Clause 5 |
| Risk-based planning | Clause 6 | Clause 6 |
| Resources, competence, awareness | Clause 7 | Clause 7 |
| Operational planning and control | Clause 8 | Clause 8 |
| Performance evaluation and audit | Clause 9 | Clause 9 |
| Improvement and corrective action | Clause 10 | Clause 10 |
| Statement of Applicability | Clause 6.1.3 | Clause 6.1.3 |
| Annex of reference controls | Annex A (93 controls) | Annex A (38 controls) |
Organisations with mature ISO 27001 implementations can extend most of this infrastructure to ISO 42001. The AI policy is new; the leadership commitment infrastructure is reusable.
The AI risk methodology may differ from the information security risk methodology; the broader risk management discipline is reusable. The Annex A controls differ in content; the SoA mechanism and audit approach are reusable.
Where they diverge
The divergence between the two is more important than the alignment. Three structural differences shape implementation.
| Dimension | ISO 27001 | ISO 42001 |
|---|---|---|
| Object of management | Information security — confidentiality, integrity, availability of information | AI systems — their development, provision, and use |
| Risk perspective | Risk to the organisation from information security threats | Risk to the organisation plus impact on individuals, groups, and societies |
| Impact assessment | Not a defined concept | Explicit requirement under Clause 6.1.4; a core feature of the Standard |
| Lifecycle focus | Information lifecycle (collection, storage, processing, transmission, disposal) | AI system lifecycle (inception, design, development, V&V, deployment, operation, monitoring, retirement) |
| Data treatment | Information classification and protection | Data quality, provenance, preparation, and governance specific to AI |
| Third-party scope | Supplier relationships for information security | AI-specific supplier and customer obligations, including foundation models and AI-enabled SaaS |
| Number of Annex A controls | 93 (in ISO/IEC 27001:2022) | 38 |
| Annex A organisation | 4 themes (organisational, people, physical, technological) | 9 control objectives organised by AI lifecycle and governance function |
The impact assessment requirement (Clause 6.1.4) is the most consequential difference. ISO 27001 manages risk to the organisation. ISO 42001 manages risk to the organisation and impact on those outside the organisation — individuals affected by AI decisions, groups exposed to AI systems, societies in which AI operates.
Organisations porting ISO 27001 risk methodology into an AIMS routinely under-implement this requirement because the concept does not exist in the information security standard.
Reusable elements
Where ISO 27001 is already in place, the following AIMS elements can typically be evidenced once across both certifications:
| Element | Notes |
|---|---|
| Leadership commitment infrastructure | Top-management governance, policy approval mechanisms, accountability assignment |
| Documented information control | Version control, retention, access — the underlying document management discipline |
| Internal audit programme | Audit scheduling, auditor competence, finding management — though audit content differs |
| Management review cycle | The review schedule and infrastructure; AI-specific inputs are added |
| Corrective action process | The process and register; AI-specific findings are added |
| Risk management discipline | Methodology framework, even where the AI-specific methodology differs in substance |
| Supplier assessment process | The structure; AI-specific obligations layered on |
What cannot be reused: the AI policy itself (must be specific to AI), the AI risk and impact assessment methodologies (must address AI-specific risk sources and impact categories), the SoA (different Annex A), and most operational controls (different lifecycle, different data treatment).
ISO 42001 and ISO 9001 (Quality)
Where they align
ISO 9001 and ISO 42001 share the Annex SL structure, like ISO 27001. The shared clauses produce the same overlap in leadership, planning, support, and improvement infrastructure.
| Shared element | ISO 9001 source | ISO 42001 source |
|---|---|---|
| Context of the organisation | Clause 4 | Clause 4 |
| Leadership commitment | Clause 5 | Clause 5 |
| Risk-based thinking | Clause 6 | Clause 6 |
| Resources, competence, awareness | Clause 7 | Clause 7 |
| Operational planning and control | Clause 8 | Clause 8 |
| Performance evaluation | Clause 9 | Clause 9 |
| Improvement | Clause 10 | Clause 10 |
ISO 9001 is the standard the EU AI Act explicitly references in Article 17, which requires providers of high-risk AI systems to operate a quality management system. ISO 9001 and ISO 42001 together provide the most direct evidence basis for Article 17 compliance.
Where they diverge
ISO 9001 has no Annex A of reference controls and is not control-based. It is principle-based: the requirements are stated in the clauses themselves, and the organisation determines how to operationalise them. ISO 42001 is both clause-based (Clauses 4–10) and control-based (Annex A).
| Dimension | ISO 9001 | ISO 42001 |
|---|---|---|
| Object of management | Product and service quality | AI systems |
| Structure | Clause-based; no Annex A controls | Clause-based plus Annex A controls |
| Risk perspective | Risk-based thinking applied to quality | AI-specific risk and impact assessment |
| Customer focus | Central concept; explicit clauses on customer satisfaction | Interested parties broader than customers; includes affected individuals and societies |
| Statement of Applicability | Not a concept | Required (Clause 6.1.3) |
ISO 9001’s structure is the most adaptable of the three. Its principle-based approach allows organisations to extend the quality management infrastructure to AI without restructuring it — the AI policy becomes an additional policy under the existing leadership framework; AI risk and impact assessment become additional inputs to existing risk-based thinking; AI lifecycle processes become additional operational processes.
Reusable elements
Where ISO 9001 is in place, the reusable elements are broadly the same as for ISO 27001 — leadership, documented information, audit, review, corrective action — plus the broader quality discipline (process approach, customer focus, evidence-based decision making) that ISO 9001 instils across the organisation. Organisations with mature ISO 9001 implementations often find the cultural and procedural readiness for ISO 42001 higher than they expected.
ISO 42001 and the NIST AI Risk Management Framework
What the NIST AI RMF is
The NIST AI RMF (version 1.0, published January 2023) is a voluntary US framework for managing risks associated with AI. It is published by the National Institute of Standards and Technology and developed in response to the National AI Initiative Act of 2020. The framework is not a standard, is not certifiable, and is not regulation — it is guidance for organisations seeking to develop and deploy AI responsibly.
The framework is structured around four functions:
| Function | Purpose |
|---|---|
| Govern | Cultivate a culture of risk management; establish policies, processes, accountability, oversight |
| Map | Establish context; identify risks; characterise AI systems and their potential impacts |
| Measure | Analyse, assess, benchmark, and monitor AI risks; develop metrics |
| Manage | Allocate resources to address risks; respond to, recover from, and communicate about incidents |
Each function contains categories and subcategories that detail specific activities. The AI RMF Playbook, published alongside the framework, provides implementation guidance.
The framework defines characteristics of trustworthy AI: valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed. These map closely to Annex C of ISO 42001 and to the substantive concerns of Annex A controls.
Where ISO 42001 and the NIST AI RMF align
The two frameworks address the same substantive territory — risk management, governance, lifecycle, impact, transparency, accountability — and arrived at similar conclusions about what responsible AI governance requires. The mapping below is approximate; both frameworks have official and unofficial crosswalks that detail it further.
| NIST AI RMF function | Corresponding ISO 42001 elements |
|---|---|
| Govern | Clauses 4, 5; Annex A.2 (Policies), A.3 (Internal organisation) |
| Map | Clause 6.1 (Risk and impact assessment); Annex A.5 (Impact), A.6 (Lifecycle inception and design) |
| Measure | Clause 9.1 (Monitoring and measurement); Annex A.6.2.4 (V&V), A.6.2.6 (Operation and monitoring) |
| Manage | Clause 6.1.3 (Risk treatment), Clause 8 (Operation), Clause 10 (Improvement); Annex A.6.2.5, A.6.2.6 |
The trustworthy AI characteristics in the AI RMF align with Annex C objectives in ISO 42001 — fairness, transparency, robustness, safety, privacy, accountability all appear in both. Organisations using the AI RMF as a substantive guide and ISO 42001 as a management system structure typically find the two complementary.
Where they diverge
The divergence is structural rather than substantive.
| Dimension | NIST AI RMF | ISO 42001 |
|---|---|---|
| Type | Voluntary framework / guidance | Voluntary international standard |
| Certifiable | No | Yes |
| Origin | US (NIST) | International (ISO/IEC) |
| Structure | Functions, categories, subcategories | Annex SL clauses plus Annex A controls |
| Output | Implementation guidance | Auditable conformity |
| Adoption pattern | Self-attestation; used in US federal contracting and as voluntary best practice | Third-party certification; used globally as evidence of AI governance |
| Legal effect | None directly; referenced in some US executive orders and federal procurement | Contractual and reputational; supports EU AI Act conformity |
The most important practical difference: the AI RMF does not produce a certificate. Organisations using the AI RMF self-attest to alignment with its guidance. Organisations seeking external verification of AI governance need ISO 42001 (or an equivalent certifiable standard) — the AI RMF alone does not provide that.
Using both together
The two are commonly used in combination. The AI RMF provides substantive depth on specific risk management practices, particularly on the technical dimensions of trustworthy AI characteristics. ISO 42001 provides the management system structure within which those practices are governed. A typical pattern:
- NIST AI RMF as the methodology source for Clauses 6 and 8. The Map and Measure functions provide detailed guidance for AI risk identification, characterisation, and monitoring that supplements ISO/IEC 23894 and Annex B implementation guidance.
- ISO 42001 as the management system frame. The clauses provide the structural requirements; the SoA provides the working surface; certification provides external attestation.
- NIST trustworthy AI characteristics as Annex C objectives. The seven characteristics can be adopted directly as AI objectives under Clause 6.2 and as the vocabulary for impact assessment under Clause 6.1.4.
Organisations subject to both US federal expectations (where the AI RMF is referenced) and EU AI Act obligations (where ISO 42001 supports conformity) often pursue both in parallel.
Building an integrated management system
Annex D of ISO 42001 explicitly supports integration with existing management systems. For organisations operating ISO 27001, ISO 9001, or both, integration is generally more efficient than parallel implementation — and in some respects produces more credible governance because shared infrastructure reduces the risk of policies and processes contradicting each other.
A practical integration approach distinguishes three layers:
| Layer | Shared across standards | AI-specific |
|---|---|---|
| Management system spine | Leadership commitment, documented information control, internal audit programme, management review cycle, corrective action process | — |
| Risk and planning | Risk methodology framework, planning of changes | AI risk assessment methodology, AI impact assessment methodology, AI objectives |
| Operational controls | Some controls may overlap (supplier assessment, incident response, training) | AI-specific Annex A controls — lifecycle, data, impact, transparency, third-party AI |
Genuine integration is structural. A genuinely integrated management system shares the spine, runs AI-specific obligations as a distinct workstream within it, and produces documentation that an auditor for any of the constituent standards can navigate. Implementations that label themselves integrated but maintain parallel policy stacks, parallel audit programmes, and parallel review cycles capture the cost of integration and none of the benefit.
Evidence that can be reused across certifications
The table below indicates where evidence produced for one certification typically supports another. The mapping is indicative — specific reusability depends on how the evidence is scoped and whether it addresses each standard’s substantive requirements.
| Evidence | ISO 9001 | ISO 27001 | ISO 42001 | NIST AI RMF |
|---|---|---|---|---|
| Top-management leadership commitment | ✓ | ✓ | ✓ | ✓ (Govern) |
| Documented information control | ✓ | ✓ | ✓ | — |
| Internal audit programme (structure) | ✓ | ✓ | ✓ | — |
| Management review (cycle) | ✓ | ✓ | ✓ | ✓ (Govern) |
| Corrective action register (structure) | ✓ | ✓ | ✓ | ✓ (Manage) |
| Supplier assessment process (structure) | ✓ | ✓ | ✓ | ✓ (Map, Manage) |
| Information security risk assessment | — | ✓ | ✗ (different methodology) | — |
| AI risk assessment | — | — | ✓ | ✓ (Map, Measure) |
| AI impact assessment | — | — | ✓ | ✓ (Map, Measure) |
| AI policy | — | — | ✓ | ✓ (Govern) |
| Statement of Applicability | — | ✓ (27001 SoA) | ✓ (42001 SoA) | — |
| AI lifecycle documentation | — | — | ✓ | ✓ (Map, Manage) |
| Data governance for AI | — | partial | ✓ | ✓ (Map, Measure) |
| Event logs and audit trail | partial | ✓ | ✓ | ✓ (Measure) |
The ticks mark structural reuse. AI-specific content — methodology, scope, criteria — must be added where the evidence is produced for an AI-specific standard. An ISO 27001 internal audit programme can host ISO 42001 audits but cannot itself satisfy the ISO 42001 requirement; the audit content must address AI-specific clauses and controls.
Practical sequencing
Most organisations encounter these frameworks in a sequence shaped by business context rather than by an ideal order. Three patterns recur.
Pattern 1: ISO 27001 first, ISO 42001 added. Common in organisations with mature information security programmes that begin developing or procuring AI. The ISO 27001 infrastructure provides the management system spine; ISO 42001 adds AI-specific obligations. Implementation timelines compress because the spine already exists.
Pattern 2: ISO 9001 first, ISO 42001 added. Common in regulated industries — manufacturing, healthcare, financial services — where ISO 9001 has been in place for years. The quality management discipline transfers well to AI governance, and Article 17 of the EU AI Act explicitly references quality management.
Pattern 3: NIST AI RMF for methodology, ISO 42001 for certification. Common in organisations with US exposure that have adopted the AI RMF as substantive guidance and pursue ISO 42001 for external attestation and EU market access. The two run in parallel rather than sequentially.
A fourth pattern — ISO 42001 first, ISO 27001 and ISO 9001 considered later — exists but is uncommon. Organisations typically arrive at ISO 42001 already operating one of the older standards.
FAQ
Can I be certified to ISO 27001 and ISO 42001 simultaneously by the same audit?
Yes, where the certification body is accredited for both. Joint audits are increasingly common for ISO 27001 and ISO 42001 because of the shared structure. The total audit days are less than the sum of separate audits because shared elements are tested once. Some certification bodies offer combined audits at a meaningfully lower cost than separate audits.
Does the NIST AI RMF satisfy any ISO 42001 requirement?
Not directly. The AI RMF is not a certifiable standard, and ISO 42001 does not reference it. But evidence produced under the AI RMF — risk identification under Map, monitoring under Measure, governance documentation under Govern — typically supports ISO 42001 conformity work substantially. The reverse is also true: an ISO 42001 AIMS produces most of what an organisation needs to claim alignment with the AI RMF.
Which standard should I implement first if I have none of them?
There is no universally correct answer, and the question is usually shaped by business need rather than abstract framework comparison. If EU market exposure is significant and AI is central to the business, ISO 42001 is increasingly the priority. If information security is the primary concern and AI is a smaller portion of operations, ISO 27001 is the conventional starting point. If quality and regulatory conformity in product industries are central, ISO 9001 remains the foundation. Organisations facing all three concerns simultaneously usually pursue ISO 27001 and ISO 42001 together with integration in mind.
How much overlap exists between Annex A of ISO 27001 and Annex A of ISO 42001?
Less than the shared structure suggests. ISO 27001’s 93 controls in ISO/IEC 27001:2022 focus on information security; ISO 42001’s 38 controls focus on AI governance, lifecycle, data, and impact. The areas of genuine overlap — supplier relationships, event logging, incident management, awareness — are real but limited. Crosswalks between the two annexes typically identify a small number of controls that can be evidenced jointly and a larger number that require separate implementation.
Is the NIST AI RMF accepted as evidence in EU AI Act conformity work?
Not directly. The Act provides for presumption of conformity only where harmonised standards listed in the Official Journal are applied; the NIST AI RMF is not such a standard. But evidence produced under the AI RMF — risk management documentation, monitoring records, governance artefacts — can support EU AI Act conformity work as supporting evidence, in the same way that ISO 42001 evidence supports it. Neither framework is itself sufficient.
Will the NIST AI RMF eventually become certifiable?
There is no published intention to make it certifiable. NIST frameworks are typically guidance documents rather than certification schemes. Third-party attestation services for AI RMF alignment have begun to emerge in the US market, but these are not certifications in the ISO sense and are not equivalent to ISO 42001 certification.
How does ISO/IEC 27701 (privacy information management) fit into this picture?
ISO/IEC 27701 extends ISO 27001 with privacy-specific controls, addressing the privacy management dimensions that ISO 27001 itself does not. Organisations subject to GDPR often operate ISO 27001 and ISO 27701 together. ISO 42001 overlaps with 27701 on data governance — Annex A.7 (data for AI systems) intersects with privacy obligations — but the two address different objects. An organisation governing AI that processes personal data may operate all three (27001, 27701, 42001) in an integrated regime.
Are there sector-specific AI standards I should consider alongside ISO 42001?
ISO 42001 is technology-neutral and sector-neutral. Sector-specific AI standards are emerging — for example, ISO/IEC TR 5469 (AI functional safety) and various ISO/IEC subcommittee work on AI in healthcare, automotive, and finance — but the landscape is still forming. Annex D of ISO 42001 acknowledges that sector context shapes implementation and points outward to sector-specific guidance. Organisations in regulated sectors should treat ISO 42001 as the management system layer and sector-specific guidance as the additional content layer.
Can I claim ISO 42001 conformity without certification?
Yes. An organisation can implement the Standard and claim conformity without engaging a certification body. The Standard itself does not require certification, and self-declared conformity is a legitimate position.
But self-declared conformity carries different weight in customer, partner, and regulator interactions than certified conformity. Where ISO 42001 is requested in procurement or where the AIMS is intended to support EU AI Act conformity, certification is generally expected.
