ISO/IEC 42001:2023 Information technology — Artificial intelligence — Management system

• Management system standard requiring organisations to establish processes for AI governance, ethics and life cycle management.

​​

ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management

• Risk management guideline that provides tools to assess and mitigate AI-specific risks without mandating a full management system.

 

ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controls

• General information security controls applicable to all industries.

 

ISO/IEC 27017:2015 Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services

• Cloud-specific extension of 27002. It refines controls (e.g., data isolation, virtual machine security) and clarifies responsibilities for cloud providers and customers.