ISO 42001 Requirement 2 – Normative References•

ISO 42001 Requirement 2 – Normative References

See it in action
By Max Edwards | Updated 2 April 2024

The "Normative References" section of ISO/IEC 42001 identifies indispensable references to external documents and standards that are required for the application of the AI management system standard. It ensures that users have access to all necessary documentation and frameworks critical for comprehensively understanding and implementing the requirements set forth in ISO/IEC 42001.

Jump to topic

Understanding Normative References of ISO 42001 Requirement 2

Normative references are specified documents cited within an ISO standard that provide essential information necessary for the application and understanding of the standard. In the context of ISO 42001, which sets forth a framework for AI Management Systems (AIMS), these references are foundational to ensuring that organisations can establish and maintain systems that are both compliant and ethically managed.

The Role of Normative References in ISO 42001

Normative references serve as the backbone for the implementation of ISO 42001, offering detailed guidance on AI concepts, terminology, and management practices. They are mandatory for organisations aiming to align their AI management systems with international standards, ensuring that practices around safety, privacy, and fairness are not only upheld but are also consistent with global expectations.

Contribution to AI Management Systems

By integrating these references into their AIMS, organisations can navigate the complexities of AI governance more effectively. This includes adhering to legal frameworks such as the GDPR and the EU AI Act, managing AI-related risks, and fostering continuous improvement in line with technological advancements and societal expectations.

Ensuring Compliance and Ethical Management

Normative references are instrumental in guiding organisations towards ethical AI management. They provide a structured approach to identifying, assessing, and mitigating risks associated with AI use and development. Furthermore, these references facilitate the integration of AI management systems with other ISO standards, such as ISO 27001 for information security and ISO 9001 for quality management, promoting a holistic approach to organisational governance.

At ISMS.online, we understand the importance of these normative references in achieving and maintaining ISO 42001 compliance. Our platform offers comprehensive tools and resources to assist you in navigating these requirements, ensuring that your AI management practices are both ethical and aligned with international standards.

Book a demo

The Role of ISO 22989 in ISO 42001

ISO/IEC 22989:2022 plays a pivotal role in shaping the requirements of ISO 42001 by providing a foundational understanding of artificial intelligence concepts and terminology. This normative reference is essential for ensuring that all stakeholders have a common language and understanding when implementing and managing AI systems within the framework of ISO 42001. For compliance officers, familiarity with ISO/IEC 22989:2022 is required. It equips you with the necessary knowledge to navigate the complexities of AI management, ensuring that your organisation’s practices align with international standards for ethical and responsible AI use.

Understanding AI Concepts and Terminology

ISO/IEC 22989:2022 introduces specific AI concepts and terminology that are integral to the ISO 42001 standard. These include definitions of AI systems, machine learning models, and ethical AI governance principles. By standardising these terms, ISO/IEC 22989:2022 facilitates a clearer understanding and implementation of AI management practices.

Essential Knowledge for Compliance Officers

For compliance officers, grasping the content of ISO/IEC 22989:2022 is not just beneficial it’s essential. This understanding ensures that your AI management system (AIMS) is built on a solid foundation of recognised AI principles and practices, paving the way for compliance with ISO 42001 and other related standards.

Applying ISO 22989 in AI Management Practices

By integrating the concepts from ISO/IEC 22989:2022 into your AI management practices, you can enhance the effectiveness of your AIMS. This involves adopting standardised terminology in your AI policies, ensuring that risk assessments and ethical considerations are grounded in internationally recognised definitions and concepts. At ISMS.online, we provide tools and guidance to help you seamlessly incorporate these principles into your organisation’s AI management system, ensuring compliance and fostering ethical AI use.


Everything you need
for ISO 42001

Manage and maintain your ISO 42001 Artificial Intelligence Management System with ISMS.online

Book a demo

Aligning with Other ISO Standards

ISO 42001, the AI Management System Standard, is designed to work in harmony with other ISO standards, notably ISO 27001 (Information Security Management) and ISO 9001 (Quality Management Systems). This alignment is facilitated through normative references, which serve as a bridge, ensuring that the principles and practices across these standards are coherent and complementary.

Harmonisation with ISO 27001 and ISO 9001

The integration of ISO 42001 with ISO 27001 and ISO 9001 enhances AI management systems by embedding robust information security and quality management principles into AI governance. This synergy ensures that organisations not only focus on the ethical and responsible use of AI but also uphold the highest standards of data protection and quality in their operations.

Benefits of Integrating ISO Standards

Organisations that align their AI management practices with these standards gain several benefits. These include improved risk management, enhanced operational efficiency, and increased trust among stakeholders. Moreover, this integration supports compliance with regulatory requirements, providing a competitive edge in the marketplace.

How ISMS.online Can Assist

At ISMS.online, we understand the importance of seamless standard integration. Our platform is designed to simplify the alignment process, offering tools and resources that help you incorporate the requirements of ISO 42001 alongside ISO 27001 and ISO 9001. With our support, you can ensure that your AI management system not only meets international standards but also leverages the collective strengths of these frameworks for superior governance and performance.


Implementing the Plan-Do-Check-Act (PDCA) Cycle

The Plan-Do-Check-Act (PDCA) cycle is a dynamic and iterative process that is central to ISO 42001, facilitating continuous improvement in AI governance. This cycle enables organisations to establish, implement, maintain, and continually improve their AI Management System (AIMS).

The Role of Normative References in the PDCA Cycle

Normative references play a important role in each phase of the PDCA cycle. They provide the foundational knowledge and standards against which AI governance practices are measured and improved. During the Plan phase, these references guide the development of AI policies and objectives that are compliant and ethically sound. In the Do phase, they inform the implementation of these policies. The Check phase involves monitoring and measuring AI systems against the standards set out in the normative references. Finally, the Act phase uses insights gained from these references to inform corrective actions and drive continual improvement.

Effective Implementation of the PDCA Cycle

For effective implementation of the PDCA cycle in AI governance, organisations should integrate the guidance from normative references into each phase. This ensures that AI management practices are not only compliant with ISO 42001 but also aligned with the latest developments and ethical standards in AI technology.

Overcoming Challenges with ISMS.online

Organisations might face challenges in interpreting normative references or integrating them into the PDCA cycle. ISMS.online provides tools and expertise to help you navigate these challenges. Our platform simplifies the process of aligning your AI governance practices with ISO 42001 requirements, ensuring that your AIMS is robust, compliant, and capable of continuous improvement.


Manage all your compliance in one place

ISMS.online supports over 100 standards
and regulations, giving you a single
platform for all your compliance needs.

Book a demo

Conducting Gap Analysis and AI Policy

Normative references within ISO 42001 provide a structured framework for conducting gap analysis and formulating AI policies. These references serve as benchmarks against which current AI management practices can be evaluated, identifying areas where improvements are necessary to meet the standard’s requirements.

Guiding Gap Analysis

In conducting gap analysis, normative references act as a compass, guiding organisations through the process of comparing their existing AI management systems against the ISO 42001 standard. This comparison highlights discrepancies and areas for enhancement, ensuring that AI governance aligns with ethical, legal, and technical standards.

Formulating Effective AI Policies

To formulate effective AI policies, it’s essential to integrate the principles and guidelines outlined in the normative references. These documents provide the foundation for developing policies that not only comply with ISO 42001 but also promote ethical AI use, privacy, fairness, and accountability.

Influencing AI Impact Assessments

Normative references significantly influence AI impact assessments by setting the criteria for evaluating the potential effects of AI systems on individuals, society, and the environment. These assessments are essential for identifying risks and implementing mitigation strategies in line with ISO 42001.


Multidisciplinary Approach and Stakeholder Engagement

Adopting a multidisciplinary approach is indispensable for comprehensively understanding and applying the normative references outlined in ISO 42001. This approach ensures that diverse perspectives and expertise are considered, leading to more robust and inclusive AI management practices.

Ensuring Inclusive and Transparent Decision-Making Processes

To ensure inclusive and transparent decision-making processes, organisations should establish clear communication channels that facilitate feedback and dialogue among all stakeholders. This includes creating forums, workshops, and regular meetings where stakeholders can voice their concerns and contribute to policy formulation.

Strategies for Effective Stakeholder Engagement

Effective stakeholder engagement can be achieved through:

  • Regular Consultations: Engage with stakeholders at regular intervals to keep them informed and involved in the decision-making process.
  • Feedback Mechanisms: Implement mechanisms for stakeholders to provide feedback on AI policies and practices.
  • Education and Training: Provide stakeholders with the necessary education and training on ISO 42001 and its normative references to ensure a deep understanding of the standards.

Contribution to the Successful Implementation of ISO 42001

Stakeholder engagement significantly contributes to the successful implementation of ISO 42001 by ensuring that AI management practices are aligned with the expectations and needs of all parties involved. This collaborative approach not only enhances compliance but also fosters a culture of trust and accountability in AI governance.

At ISMS.online, we understand the importance of a multidisciplinary approach and stakeholder engagement in achieving ISO 42001 compliance. Our platform offers tools and resources to facilitate these processes, ensuring that your organisation’s AI management system is both effective and inclusive.


Everything you need
for ISO 42001

Manage and maintain your ISO 42001 Artificial Intelligence Management System with ISMS.online

Book a demo

Navigating Regulatory Alignment and the Future

Normative references within ISO 42001 are instrumental in preparing organisations for future regulations. By aligning with these references, you’re not only adhering to current standards but also positioning your organisation to seamlessly adapt to upcoming legal frameworks. This proactive approach ensures that your AI management practices remain at the forefront of ethical and regulatory compliance.

International Initiatives and ISO 42001

Several international initiatives are aligned with ISO 42001 through its normative references, including the EU AI Act and the UK Government’s International AI Safety Summit. These alignments underscore the standard’s relevance and applicability in shaping global AI governance frameworks. By adhering to ISO 42001, your organisation contributes to a unified approach to AI management, fostering international cooperation and standardisation.

Staying Ahead in AI Management and Governance

To stay ahead of the curve in AI management and governance standards, it’s mandatory to engage in continuous learning and development. This involves regularly reviewing and updating your AI management practices in light of new normative references and international guidelines. At ISMS.online, we provide resources and support to help you navigate these updates, ensuring that your AI governance remains effective and compliant.

The Role of Continuous Development

Continuous development is key to maintaining compliance with ISO 42001. It involves an ongoing commitment to improving your AI management system (AIMS) based on evolving standards, technological advancements, and societal expectations. This commitment to excellence not only enhances compliance but also drives innovation within your organisation, ensuring that your AI practices are both responsible and forward-thinking.


Further Reading

Leveraging Tools and Support for Compliance

In the journey towards ISO 42001 compliance, leveraging the right tools and support services is crucial. This ensures not only adherence to the standard but also the efficient management and governance of AI systems within your organisation.

Support Services for Certification Guidance

For organisations seeking certification guidance, ISMS.online provides comprehensive support services. Our team of experts offers tailored advice and resources to navigate the complexities of ISO 42001 compliance, from initial gap analysis to certification readiness.

Additional Support and Resources from ISMS.online

At ISMS.online, we understand the challenges organisations face in achieving ISO 42001 compliance. Our platform offers a suite of tools and resources designed to simplify this process. From policy templates and risk management tools to stakeholder engagement strategies, we provide everything you need to ensure your AI governance practices are compliant and effective.


Addressing Privacy and Industry-Specific Applications

ISO 42001 accommodates Privacy Information Management Systems (PIMS) by integrating privacy considerations into its framework, ensuring that AI management practices uphold data protection principles. This alignment is necessary for organisations to manage and mitigate privacy risks associated with AI systems effectively.

Industry-Specific Considerations for ISO 42001

For industry-specific applications of ISO 42001, it’s essential to consider the unique regulatory and operational requirements of each sector. For instance, the medical device industry must align AI management practices with stringent regulatory standards for patient safety and data privacy. Normative references within ISO 42001 provide the necessary guidance to support regulatory compliance across various industries, including healthcare, finance, and manufacturing.

Supporting Regulatory Compliance in Sectors Like the Medical Device Industry

Normative references play a pivotal role in ensuring that AI management systems meet the specific regulatory requirements of sectors such as the medical device industry. These references offer a foundation for developing AI systems that are not only compliant with ISO 42001 but also adhere to industry-specific regulations and standards.

Overcoming Challenges in Specific Industries

Applying ISO 42001 to specific industries may present challenges, such as aligning AI governance with sector-specific regulations and managing the complexities of highly regulated data. At ISMS.online, we provide tailored solutions and expert guidance to help you navigate these challenges, ensuring that your AI management practices are robust, compliant, and aligned with industry-specific requirements.


Enhancing Global Impact and Sustainability Through ISO 42001

ISO 42001 significantly contributes to the Sustainable Development Goals (SDGs) by promoting ethical AI practices that prioritise safety, privacy, and fairness. By adhering to this standard, organisations can ensure their AI systems are developed and managed in a way that respects human rights and fosters social and environmental well-being.

The Role of Normative References in International Cooperation

Normative references within ISO 42001 play a pivotal role in facilitating international cooperation and standardisation in AI governance. These references provide a common framework and language for AI management, enabling organisations worldwide to align their practices with global standards. This harmonisation is crucial for addressing cross-border challenges associated with AI technologies and ensuring consistent ethical standards are maintained globally.

Leveraging ISO 42001 for Positive Global Impact

Organisations can leverage ISO 42001 to make a positive global impact by implementing AI management practices that are not only compliant with international standards but also contribute to societal and environmental sustainability. By doing so, organisations can demonstrate leadership in ethical AI governance, influencing industry standards and contributing to the global effort to harness AI’s potential responsibly.

Long-Term Benefits of Adopting ISO 42001

Adopting ISO 42001 offers long-term benefits for sustainable AI management, including enhanced reputation, increased stakeholder trust, and improved risk management. Furthermore, compliance with ISO 42001 positions organisations to adapt more easily to future regulations and technological advancements, ensuring their AI practices remain at the forefront of ethical and responsible innovation. At ISMS.online, we are committed to supporting your journey towards ISO 42001 compliance, providing the tools and expertise necessary to achieve and maintain these long-term benefits.


Resources for Continuous Improvement

The ISO/IEC JTC 1/SC 42 committee plays a pivotal role in the development of AI standards, including ISO 42001. This committee brings together experts from various fields to ensure that AI standards are comprehensive, up-to-date, and reflective of current technological advancements and ethical considerations.

Platforms for Sharing Expert Insights

For sharing expert insights and responsible AI practices, several platforms are available. These include industry forums, webinars, and conferences dedicated to AI governance and management. Additionally, online communities and professional networks offer valuable spaces for exchanging ideas and best practices.

Benefits of Engaging with the ISO 42001 Community

Engaging with the ISO 42001 community offers organisations numerous benefits. It provides access to a wealth of knowledge and expertise, enabling you to stay informed about the latest developments in AI management. Furthermore, it fosters collaboration and networking opportunities with peers and industry leaders, enhancing your organisation’s AI governance practices.

Resources for Continuous Learning and Improvement

For continuous learning and improvement in AI management, a variety of resources are available. These include publications, guidelines, and case studies published by the ISO/IEC JTC 1/SC 42 committee. Additionally, training programmes and certification courses designed around ISO 42001 standards can equip your team with the skills and knowledge necessary for effective AI governance.

At ISMS.online, we are committed to supporting your continuous improvement journey. Our platform offers access to the latest resources and tools to help you align with ISO 42001 and enhance your AI management practices.



ISO 42001 Requirements

ISO 42001 RequirementISO 42001 Requirement Name
ISO 42001 Requirement 1Scope
ISO 42001 Requirement 2Normative References
ISO 42001 Requirement 3Terms and Definitions
ISO 42001 Requirement 4Context of the Organisation
ISO 42001 Requirement 5Leadership
ISO 42001 Requirement 6Planning
ISO 42001 Requirement 7Support
ISO 42001 Requirement 8Operation
ISO 42001 Requirement 9Performance Evaluation
ISO 42001 Requirement 10Improvement

ISMS.online Offer Guidance on ISO 42001 Compliance

At ISMS.online, we are dedicated to assisting your organisation in navigating the complexities of ISO 42001, especially when it comes to understanding and implementing Requirement 2: Normative References. Our platform offers tailored solutions designed to align your AI management system with the essential normative references, ensuring a comprehensive and compliant framework.

Tailored Solutions for Aligning with Normative References

Our platform provides a suite of tools and resources specifically designed to facilitate the integration of normative references into your AI management practices. From policy templates to risk assessment tools, we offer solutions that are customised to meet the unique needs of your organisation, enhancing the effectiveness of your AI management system.

Why Choose ISMS.online for ISO 42001 Compliance

Choosing ISMS.online means partnering with a team of experts who are deeply knowledgeable about ISO standards and AI governance. Our platform is built to streamline the compliance process, making it more manageable and less time-consuming for your team. With ISMS.online, you gain access to comprehensive support, from initial gap analysis to certification readiness.

Streamlining Your Path to ISO 42001 Certification and Beyond

Contacting ISMS.online can significantly streamline your path to ISO 42001 certification. Our platform simplifies the compliance process, providing you with the guidance and tools necessary to navigate the certification journey efficiently. By leveraging our expertise and resources, you can achieve ISO 42001 compliance with confidence, setting a solid foundation for ethical and responsible AI management.

Book a demo

complete compliance solution

Want to explore?
Start your free trial.

Sign up for your free trial today and get hands on with all the compliance features that ISMS.online has to offer

Find out more

Streamline your workflow with our new Jira integration! Learn more here.