ISO/IEC FDIS 42006
(Main)Information technology — Artificial intelligence — Requirements for bodies providing audit and certification of artificial intelligence management systems
Information technology — Artificial intelligence — Requirements for bodies providing audit and certification of artificial intelligence management systems
This document specifies additional requirements for ISO/IEC 17021-1 in order to enable accredited and or peer assessed certification bodies to reliably audit the management system for organizations that develop or use AI systems or both according to ISO/IEC 42001 and to make an evaluation and decision for certification. The application of this document enables the certification bodies to meet the specific technical features and the particular risks in dealing with AI systems according to ISO/IEC 42001. This allows accreditation bodies and peer assessors to assess the competencies of conformity assessment bodies in an efficient and harmonized way and ensures the comparability and reproducibility of certificates confirming conformity with ISO/IEC 42001. The requirements contained in this document shall be demonstrated by any body providing AIMS certification.
Technologies de l'information — Intelligence artificielle — Exigences pour les organismes procédant à l'audit et à la certification des systèmes de gestion de l'intelligence artificielle
General Information
Buy Standard
Standards Content (Sample)
FINAL DRAFT
International
Standard
ISO/IEC FDIS
ISO/IEC JTC 1/SC 42
Information technology — Artificial
Secretariat: ANSI
intelligence — Requirements
Voting begins on:
for bodies providing audit and
2025-02-19
certification of artificial intelligence
Voting terminates on:
management systems
2025-04-16
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
FINAL DRAFT
International
Standard
ISO/IEC FDIS
ISO/IEC JTC 1/SC 42
Information technology — Artificial
Secretariat: ANSI
intelligence — Requirements
Voting begins on:
for bodies providing audit and
certification of artificial intelligence
Voting terminates on:
management systems
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO/IEC 2025
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, symbols and abbreviated terms . 1
4 Principles . 2
5 General requirements . 2
5.1 Legal and contractual matters .2
5.2 Management of impartiality .2
5.2.1 General .2
5.2.2 Conflicts of interest.2
5.3 Liability and financing .3
5.3.1 General .3
5.3.2 Liability .3
6 Structural requirements . 3
7 Resource requirements . 3
7.1 Competence of personnel .3
7.1.1 General .3
7.1.2 Generic technical competence requirements .3
7.1.3 Determination of specific technical competence requirements .4
7.2 Personnel involved in the certification activities .7
7.2.1 General .7
7.2.2 Demonstration of auditor knowledge and experience .7
7.3 Use of individual external technical experts .8
7.4 Personnel records .8
7.5 Outsourcing .8
8 Information requirements . 9
8.1 Public information . .9
8.2 Certification documents .9
8.2.1 General .9
8.2.2 AIMS certification documents .9
8.3 Reference to certification and use of marks .9
8.4 Confidentiality .9
8.4.1 General .9
8.4.2 Access to the documentation of the organization .9
8.5 Information exchange between a certification body and its clients .9
9 Process requirements . 10
9.1 Pre-certification activities .10
9.1.1 General .10
9.1.2 Audit programme .10
9.1.3 Scope of certification .10
9.1.4 Determining audit time .10
9.1.5 Multi-site sampling . .10
9.1.6 Multiple management systems .10
9.2 Planning audits .11
9.2.1 Determining audit objectives, scope and criteria .11
9.2.2 Audit team selection and assignments . 12
9.2.3 Audit plan . 12
9.2.4 Deployment of remote audit . 12
9.3 Initial certification . 12
9.3.1 General . 12
© ISO/IEC 2025 – All rights reserved
iii
9.3.2 Initial certification audit . 12
9.4 Conducting audits . 13
9.5 Certification decision . . . 13
9.6 Maintaining certification . 13
9.6.1 General . 13
9.6.2 Surveillance activities . 13
9.6.3 Re-certification .14
9.6.4 Special audits .14
9.6.5 Suspending, withdrawing or reducing the scope of certification .14
9.7 Appeals .14
9.8 Complaints.
...
ISO/IEC JTC 1/SC 42
Secretariat: ANSI
Date: 2025-01-0331
Information technology — Artificial intelligence — Requirements for
bodies providing audit and certification of artificial intelligence
management systems
FDIS stage
ISO/IEC DISFDIS 42006:2023(E2025(en)
© ISO/IEC 20232025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Website: www.iso.orgwww.iso.org
Published in Switzerland
ii © ISO/IEC 2023 – All rights reserved
© ISO/IEC 2025 – All rights reserved
ii
ISO/IEC DISFDIS 42006:2023(E2025(en)
Contents
Foreword . vii
Introduction . viii
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, symbols and abbreviated terms . 1
4 Principles . 2
5 General requirements . 2
5.1 Legal and contractual matters . 2
5.2 Management of impartiality . 2
5.3 Liability and financing . 3
6 Structural requirements . 3
7 Resource requirements . 3
7.1 Competence of personnel . 3
7.2 Personnel involved in the certification activities . 8
7.3 Use of individual external technical experts . 9
7.4 Personnel records . 9
7.5 Outsourcing . 10
8 Information requirements . 10
8.1 Public information . 10
8.2 Certification documents . 10
8.3 Reference to certification and use of marks . 10
8.4 Confidentiality . 10
8.5 Information exchange between a certification body and its clients . 11
9 Process requirements . 11
9.1 Pre-certification activities . 11
9.2 Planning audits . 12
9.3 Initial certification . 14
9.4 Conducting audits . 14
9.5 Certification decision . 14
9.6 Maintaining certification . 15
9.7 Appeals . 15
9.8 Complaints . 15
9.9 Client records. 16
10 Management system requirements for certification bodies . 16
10.1 Options . 16
10.2 Option A: General management system requirements . 16
10.3 Option B: Management system requirements in accordance with ISO 9001 . 16
Annex A (normative) Audit time . 17
Annex B (informative) Examples for audit time calculations . 24
Annex C (informative) Template for a certification document . 34
Bibliography . 36
© ISO/IEC 2023 – All rights reserved iii
© ISO/IEC 2025 – All rights reserved
iii
ISO/IEC DISFDIS 42006:2023(E2025(en)
To update the Table of Contents please select it and press "F9".
Foreword . vii
Introduction . viii
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, symbols and abbreviated terms . 2
4 Principles . 3
5 General requirements . 3
5.1 Legal and contractual matters . 3
5.2 Management of impartiality . 3
5.2.1 General . 3
5.2.2 Conflicts of interest . 3
5.3 Liability and financing . 3
5.3.1 General . 3
5.3.2 Liability . 4
6 Structural requirements . 4
7 Resource Requirements . 4
7.1 Competence of personnel . 4
7.1.1 General . 4
7.1.2 Generic competence requirements . 4
7.1.3 Determination of competence criteria . 4
7.2 Personnel involved in the certification activities . 9
7.2.1 General . 9
7.2.2 Selecting auditors and personnel reviewing the audit reports . 9
7.2.3 Selecting an individual auditor for leading the personnel fulfilling the function of
“auditor” . 9
7.3 Use of individual external technical experts . 10
7.3.1 General . 10
7.3.2 Use of individual external technical within the certification process . 10
7.4 Personnel records . 10
7.5 Outsourcing . 10
8 Information requirements . 10
8.1 Public information . 10
8.2 Certification documents . 10
8.2.1 General . 10
8.2.2 AIMS certification documents . 10
8.3 Reference to certification and use of marks . 10
8.4 Confidentiality . 10
8.4.1 General . 10
8.4.2 Access to the documentation of the organization . 10
8.5 Information exchange between a certification body and its clients . 11
9 Process requirements . 11
9.1 Pre-certification activities . 11
9.1.1 Application . 11
9.1.2 Application review . 11
9.1.3 Audit programme . 11
iv © ISO/IEC 2023 – All rights reserved
© ISO/IEC 2025 – All rights reserved
iv
ISO/IEC DISFDIS 42006:2023(E2025(en)
9.1.4 Audit methodology .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.