2 Standards, definitions and books

• 2.1 Standards
• 2.2 Definitions
• 2.3 Books

2.1 Standards

Standards and references related to AI

Plan ahead to avoid suffering

ISO 42001 (2023) – Information technology — Artificial intelligence — Management system – is not an isolated standard; it complements or integrates with other standards within a comprehensive management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) to align governance, securityability to avoid an unwanted event, and ethics.

Note: many standards are titled ISO/IEC. For simplicity, we use the acronym ISO.

Some standards for consultation or use in setting up an artificial intelligence (AIartificial intelligence) management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3):

• ISO/TS 4213 (2022) – Information technology — Artificial intelligence — Assessment of machine learning classification performance
• ISO 5259-2 (2024) – Artificial intelligence — Data quality for analytics and machine learning (ML) – Part 2: Data quality measures
• ISO 5338 (2023) – Information technology — Artificial intelligence — AI system life cycle processes
• ISO/TS 6254 (2025) – Information technology — Artificial intelligence — Objectives and approaches for explainability and interpretability of machine learning (ML) models and artificial intelligence (AI) systems
• ISO 8000-2 (2022) – Data quality – Part 2: Vocabulary
• ISO 9001 (2015) – Quality management systems – Requirements
• ISO 9241-210 (2019) – Ergonomics of human-system interaction – Part 210: Human-centered design for interactive systems
• ISO 19011 (2018) – Guidelines for auditing management systems
• ISO 19944-1 (2020) – Cloud computing and distributed platforms – Data flow, data categories and data use – Part 1: Fundamentals
• ISO 20546 (2019) - Information technology — Big data — Overview and vocabulary
• ISO 22301 (2019) - Security and resilience — Business continuity management systems — Requirements
• ISO 22989 (2022) - Information technology — Artificial intelligence — Artificial intelligence concepts and terminology
• ISO 23053 (2022) - Framework for artificial intelligence (AI) systems using machine learning (ML)
• ISO 23894 (2023) - Information technology — Artificial intelligence — Guidance on risk management
• ISO TR 24027 (2021) - Information technology — Artificial intelligence (AI) — Bias in AI systems and AI-aided decision making
• ISO TR 24029-1 (2021) – Artificial Intelligence (AI) — Assessment of the robustness of neural networks - Part 1: Overview
• ISO TR 24368 (2022) – Information technology — Artificial intelligence — Overview of ethical and societal concerns
• ISO 25024 (2015) – Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Measurement of data quality
• ISO 25059 (2023) – Software engineering — Systems Software Quality Requirements and Evaluation (SQuaRE) — Quality model for AI systems
• ISO 27000 (2018) - Information technology — Security techniques — Information security management systems (free – PAS - Publicly available specifications) — Overview and vocabulary
• ISO 27001 (2022) – Information security, cybersecurity and privacy protection — Information security management systems — Requirements
• ISO 27005 (2022) – Information security, cybersecurity and privacy protection — Guidance on managing information security risks
• ISO 27701 (2025) - Information security, cybersecurity and privacy protection — Privacy information management systems — Requirements and guidance
• ISO 29100 (2024) - Information technology — Security techniques — Privacy framework
• ISO 31000 (2018) - Risk management — Guidelines
• ISO 37002 (2021) - Whistleblowing management systems — Guidelines
• ISO 38500 (2024) - Information technology — Governance of IT for the organization
• ISO 38507 (2022) – Information technology — Governance of IT — Governance implications of the use of artificial intelligence by organizations
• ISO 42001 (2023) - Information technology — Artificial intelligence — Management system

The 2021 UNESCO report, "Recommendation on the Ethics of Artificial Intelligence" contains 141 common-sense recommendations.

The AI Risk Management Framework is a comprehensive guideline (available for free download) developed by the US National Institute of Standards and Technology (NIST) and published in January 2023.

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 includes 64 articles on Digital Operational Resilience (DORA). It has been mandatory for financial entities in EU countries since January 17, 2025.

Regulation (EU) 2024/1689 of the European Parliament and of the Council of June 13, 2024, comprises 144 articles on harmonized rules concerning artificial intelligence (the European regulation on artificial intelligence, known as the "AI Act").

ISO standards (over 21,000) are used in countless fields and are recognized around the world.

Over 28,000 standards (in English and other languages) are available free of charge on the Public.resource.Org site.

Top of the page

2.2 Definitions

Terms and definitions related to AI

The beginning of wisdom is the definitions of terms. Attributed to Socrates

Some specific terms:

AI: artificial intelligence

AIMS: artificial intelligence management system

Asset: any element of value to the organization

Audit: systematic and independent survey to determine whether activities and results comply with pre-established measures and are capable of achieving the objectives

Availability: property of information to be usable in time (see also ISO 27000, 3.7)

Backup: copy of data in order to archive and protect against loss

Competence: personal skills, knowledge and experiences (see also ISO 9000, 3.10.4)

Confidentiality: property of information accessible only to authorized persons (see also ISO 27000, 3.10)

Conformity: fulfillment of a specified requirement (see also ISO 9000, 3.6.11)

Corrective action: action to eliminate the causes of nonconformity or any other undesirable event and to prevent their recurrence (see also ISO 9000, 3.12.2)

Customer satisfaction: top priority objective of every quality management system related to the satisfaction of customer requirements (see also ISO 9000, 3.9.2)

Customer: anyone who receives a product (see also ISO 9000, 3.2.4)

Effectiveness: capacity to realize planned activities with minimum effort (see also ISO 9000, 3.7.11)

Efficiency: financial relationship between achieved results and resources used (see also ISO 9000, 3.7.10)

Incident (AI): malfunction of an AI system resulting in disruption to the management or operation of critical infrastructure 

Indicator: value of a parameter, associated with a process objective, allowing the objective measure of its effectiveness (see also FD X50-171, 2.1)

Information security (IS): controls to protect the confidentiality, integrity and availability of information (see also ISO 27000, 3.28)

Integrity: property of information to be unaltered (see also ISO 27000, 3.36)

Management system: set of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3)

Nonconformity: non-fulfillment of a specified requirement (see also ISO 9000, 3.6.9)

Objective: measurable goal to be achieved

Organization (company): structure that satisfies a need (see also ISO 9000, 3.2.1)

Process: activities that transform inputs into outputs (see also ISO 9000, 3.4.1)

Product (or service): any outcome of a process or activity (see also ISO 9000, 3.4.2)

Quality: aptitude to fulfill requirements (see also ISO 9000, 3.6.2)

Requirement: explicit or implicit need or expectation (see also ISO 9000, 3.6.4)

Residual risk: risk accepted (see also ISO Guide 73, 3.8.1.6)

Risk assessment: risk identification, analysis and evaluation process (see also ISO Guide 73, 3.4.1)

Risk treatment: risk reduction activities (see also ISO Guide 73, 3.8.1)

Risk: likelihood of occurrence of a threat or an opportunity (see also ISO Guide 73, 1.1)

Statement of applicability (SoA): document describing the objectives and security controls

Supplier (external provider): an entity that provides a product (see also ISO 9000, 3.2.5)

Top management: group or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1)

Traceability: aptitude to memorize or restore all or part of a trace of executed functions (see also ISO 9000, 3.6.13)

Vulnerability: weakness of an asset that could lead to unauthorized access (see also ISO 27000, 3.77)

In the terminology of management systems, do not confuse:

• accident and incident
  • an accident is an unexpected serious event
  • an incident is an event that can lead to an accident
• anomaly, defect, dysfunction, failure, nonconformity, reject and waste:
  • an anomaly is a deviation from what is expected
  • a defect is the non-fulfillment of a requirement related to an intended use
  • a dysfunction is a degraded function that can lead to a failure
  • a failure is when a function has become unfit
  • a nonconformity is the non-fulfillment of a requirement in production
  • a reject is a nonconforming product that will be destroyed
  • a waste is when there are added costs but no value
• audit program and plan
  • an audit program is the annual planning of the audits
  • an audit plan is the description of the audit activities
• audit, inspection, auditee and auditor
  • an audit is the process of obtaining audit evidence
  • an inspection is the conformity verification of a process or product
  • an auditee is the one who is audited
  • an auditor is the one who conducts the audit
• control and optimize
  • control is meeting the objectives
  • optimize is searching for the best possible results
• customer, external provider and subcontractor
  • a customer receives a product
  • an external provider provides a product on which specific work is done
  • a subcontractor provides a service or product on which specific work is done
• effectiveness and efficiency
  • effectiveness is the level of achievement of planned results
  • efficiency is the ratio between results and resources
• follow-up and review
  • follow-up is the verification of the obtained results of an action
  • review is the analysis of the effectiveness in achieving objectives
• inform and communicate
  • to inform is to give someone meaningful data
  • to communicate is to pass on a message, to listen to the reaction and discuss
• objective and indicator
  • an objective is a sought after commitment
  • an indicator is the information on the difference between the pre-set objective and the achieved result
• organization and enterprise, society, company
  • organization is the term used by the ISO 9001 standard as the entity between the supplier and the customer
  • an enterprise, society and company are examples of organizations
• process, procedure, product, activity and task
  • a process is how we satisfy the customer using people to achieve the objectives
  • a procedure is the description of how we should conform to the rules
  • a product is the result of a process
  • an activity is a set of tasks
  • a task is a sequence of simple operations
• safety and security
  • safety is prevention against malicious risks
  • security is prevention against risks of unintentional origin

Information is stored in multiple ways such as:

• digital (data stored electronically)
• physical (on paper or other)
• knowledge (the know-how of the staff)

Information is transmitted in different ways such as:

• digital (electronic mail)
• physically (post)
• verbally (meetings)

Note 1: the use of ISO 42001, ISO 27000 and ISO 9000 definitions is recommended. The most important thing is to determine a common and unequivocal vocabulary for everyone in the company.

Note 2: the customer can also be the user, the beneficiary, the trigger, the ordering party or the consumer.

Note 3: documented information is any information that we must maintain (procedure ) or retain (record ).

Note 4: an asset is a broad concept. An asset can be:

• information
• a document
• an archive
• infrastructure
• technical equipment
• software
• the staff
• the reputation of the organization
• a process
• a service

For other definitions, comments, explanations and interpretations that you do not find in this module and annex 06 you can consult: 

• ISO online consultation platform (OBP)
• IEC Electropedia

Top of the page

2.3 Books

Books related to AI

When I think of all the books still left for me to read, I am certain of further happiness. Jules Renard

Books for further reading on qualityaptitude to fulfill requirements (see also ISO 9000, 3.6.2) and AI:

•  Anand Vemula, ISO 42001 AI Management System: Comprehensive Guide to Implementation and Best Practices, Independently published, 2024
•  Sid Ahmed Benraouane, AI Management System Certification According to the ISO/IEC 42001 Standard, Productivity Press, 2024
•  Ethan Alexander, THE AI BOOK FOR BEGINNERS: A Fun and Practical Guide to Artificial Intelligence, Automation, and Machine Learning for Entrepreneurs, Professionals, and Creative Thinkers, Independently published, 2025
•  Gregory B. Hutchins, Margaux K Hutchins, Trust Me - ISO 42001 AI Management System - 2nd Edition, Independently published, 2025
•  Cristina Messias da Silva, ISO/IEC 42001:2023 - Implementing and Managing AI Management Systems (AIMS): Practical Guide, Independently published, 2025
•  Alexander Hayes, ISO/IEC42001 AI Management Systems: The Complete Implementation Guide: Practical Roadmaps, Templates, and Case Studies for Trustworthy AI Governance and Compliance, Independently published, 2025
•  Ravi Rajput, Mastering ISO/IEC 42001 AI Standards (AIMS): The AIMS Blueprint for Ethical AI | AI Management Systems Demystified | ISO/IEC 42001 for Modern Enterprises | Ethical AI Unlocked with ISO 42001, Independently published, 2025
•  Ravi Rajput, ISO 42001 Artificial Intelligence Management System: Quick Handbook and Implementation, Independently published, 2025
•  Mark Hayward, Cyber Security AI and ISO 42001 Standard, Independently published, 2025
•  Eric Harrington, ISO/IEC 42001 (AIMS) Lead Implementer: 500 Study Notes for Faster Learning, Independently published, 2026
•  Liam Henderson, ISO/IEC 42001 Artificial Intelligence Management Systems (AIMS) Lead Auditor: 500 Exam-Style Questions for Certification Success, Independently published, 2026

Minute of relaxation. Game: Procedure

Top of the page

• Home
• My account
• Site map
• FAQ
• GTU