ISO 42001
An Overview of ISO 42001 Requirements
What falls within scope?

What falls within scope?

Overview of ISO 42001 Requirements
Creation of an AIMS (AI Management System) What falls within scope? The Statement of Applicability (AI Controls Catalogue) ISO 42001 clauses ISO 42001 Annexes (Annex A–D) ISO 42001 Annex A Required documentation Maintaining an AIMS
Defining scope involves determining which AI systems and activities are governed by the AIMS. This is one of the most critical and misunderstood parts of ISO 42001. Most organizations include:
  • AI models developed internally
  • AI-powered product features
  • AI systems that automate or influence decisions
  • Third-party AI tools used in operations
Examples include recommendation engines, fraud detection systems, hiring algorithms, customer support chatbots, and predictive analytics tools. Third-party and embedded AI Even if an organization did not build the AI system, it may still fall under scope if the organization uses or relies on it. ISO 42001 requires governance over use, not just development. Risk-based inclusion and exclusion Not all AI systems require the same level of control. Low-risk AI systems may have lighter governance, while high-impact systems require stronger oversight. Any exclusions must be clearly justified and documented. Not all AI systems require the same level of control. Low-risk AI systems may have lighter governance, while high-impact systems require stronger oversight. Any exclusions must be clearly justified and documented.
The Statement of Applicability

Download the SOC 2 prepkit for free.

We’ve consolidated all the basics. Check where you stand, and access ready-made templates to kickstart your SOC 2 journey.
soc 2 light shadow

The Sprinto advantage

The SOC 2 certification process can feel overwhelming. Sprinto simplifies this journey by automating up to 80% of the work, making it up to 5X faster and saving up to 60% of costs. Beyond just passing the audit, it maintains continuous compliance through real-time monitoring of security controls with 200+ integrations.  

With Sprinto doing the heavy lifting, you can focus on growing your business with the confidence that your security and compliance are always one step ahead.
Schedule Demo Start Now
hub-soc-2-dark

SOC Frameworks Overview

SOC 2 Basics

SOC 2 Compliance Process

SOC 2 Compliance Process

Sprinto: Your ally for all things compliance, risk, governance
Schedule Demo
support-team