Home · AI Security Answers · ISO/IEC 42001 & 23894
What are the Annex A controls in ISO/IEC 42001 and how are they organized?
Annex A of ISO/IEC 42001 groups operational AI-specific controls, which are organized into themes covering various aspects of an AI Management System (AIMS). These controls complement the general management system requirements outlined in clauses 4-10 of the standard.
The Annex A controls are structured around the following themes:
- AI policy (A.2): This theme focuses on establishing a documented AI policy that aligns with business objectives and other organizational policies.
- Internal organization (A.3): This involves defining and resourcing AI roles, responsibilities, and reporting lines within the organization.
- Resources for AI systems (A.4): This theme addresses the identification and documentation of resources necessary for AI systems, including data, tooling, compute, human competence, and model/tool components.
- AI impact assessment (A.5): This covers processes for assessing the impacts of AI systems on individuals, groups, and society throughout their lifecycle. This cross-maps to NIST-MAP-5.1.
- AI system lifecycle (A.6): This is a core theme focusing on the responsible design, development, deployment, operation, and retirement of AI systems, with controls applied at each stage of the lifecycle.
- Data for AI systems (A.7): This theme emphasizes data governance, including the provenance, quality, preparation, and management of data used by AI systems across their lifecycle. This cross-maps to OWASP LLM04 data poisoning and NIST GenAI "Data privacy".
- Information for interested parties (A.8): This involves making information about AI systems, such as their capabilities, limitations, and intended use, available to relevant interested parties to support transparency.
- Use of AI systems (A.9): This theme covers responsible-use controls and human oversight for the operation of AI systems. This cross-maps to NIST-GOVERN-3.2 and OWASP LLM06/LLM09 for oversight and overreliance.
- Third-party relationships (A.10): This addresses controls for suppliers and third parties involved in the AI value chain, such as model providers, data providers, and tool/plugin vendors. This cross-maps to NIST-GOVERN-6.1 and OWASP LLM03 supply chain.
Grounded in
- iso_42001
- nist_ai_rmf
How does your AI agent score?
Get a free, instant AI agent security readiness snapshot — mapped to NIST, OWASP & ISO — then unlock the full report with a prioritized, cited fix-list.
This AI-generated answer is for guidance only — not a certification, audit, or penetration test. Grounded in the NIST AI RMF, OWASP LLM Top 10, and ISO/IEC 42001 control text; verify applicability to your environment.