Technical standards
International Organization for Standardization (ISO)
About
ISO/IEC 42001:2023 Information technology — Artificial intelligence — Management system
-
Management system standard requiring organisations to establish processes for AI governance, ethics and life cycle management.
​​
ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
-
Risk management guideline that provides tools to assess and mitigate AI-specific risks without mandating a full management system.
ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controls
-
General information security controls applicable to all industries.
ISO/IEC 27017:2015 Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
-
Cloud-specific extension of 27002. It refines controls (e.g., data isolation, virtual machine security) and clarifies responsibilities for cloud providers and customers.