Rhand LealSince both ISO 27001 and ISO 42001 are mainly about IT, many companies are considering the implementation of ISO 27001 together with ISO 42001 – in effect, merging cybersecurity with Artificial Intelligence (AI) governance. So, does this make sense?
This article will present the similarities and differences between these standards, with respect to requirements, processes, and controls, so that organizations can understand what can and cannot be merged into an integrated management system that unifies data protection with the ethical development, provision, and use of AI systems.
- For clauses that are the same, implement an integrated management system.
- Use the same process for risk management, even though risk assessment for ISO 27001 will have different risks and controls from those for ISO 42001.
- Where possible, integrate AI and information security controls.
Similarities and differences between ISO 27001 and ISO 42001
Because ISO 42001 follows the High-Level Structure of other ISO standards, it has the same main clauses as ISO 27001. Most importantly, the main concept in ISO 42001 follows the same principle from ISO 27001: Companies need to assess the risks of using AI systems and apply appropriate controls to decrease those risks.
There are some notable differences between ISO 42001 and ISO 27001 – of course, the controls from Annex A are very different, and ISO 42001 has the concept of “AI system impact assessment” that does not have a parallel in ISO 27001.
For more information, see this article: ISO 42001 vs. ISO 27001: Similarities and differences.
What can be merged between ISO 27001 and ISO 42001
Here are the clauses from both standards that can be merged, i.e., they can use the same documents and processes:
Context and Leadership (Clauses 4 & 5). Organizations can merge organizational context, stakeholder identification, and leadership commitment into a single governance framework (e.g., merged top-level policies, leadership commitment statements, and defined organizational roles).
Support (Clause 7). Resource management, communication plans, and administrative documentation systems can be shared across both standards.
Performance and Improvement (Clauses 9 & 10). Integrated internal audits, management reviews, and a single corrective action process for both security and AI-related failures can reduce “audit fatigue.”
What cannot be merged between ISO 27001 and ISO 42001
Here are the elements that need to be considered independently due to their nature, so documents and processes need to be adjusted:
Risk focus and assessment. While ISO 27001 focuses on protecting information, ISO 42001 focuses on protecting individuals and society from improper use of AI. Although both can use the same general approach (i.e., risk identification, evaluation, treatment, and monitoring), this difference in objectives means that the outputs are going to be very different. For example, ISO 27001 risks are related to the compromise of information confidentiality, integrity, and/or availability, while ISO 42001 risks are related to the existence of bias, lack of transparency in decisions, and so on.
Annex A controls. ISO 27001 has 93 controls organized into four domains, while ISO 42001 has 38 controls organized into nine domains. While some controls overlap, ISO 42001 has specific controls that need to be considered when implementing certain ISO 27001 controls.
Documentation and evidence. ISO 27001 audit materials typically include evidence of what is running and being performed (e.g., access logs, firewall settings, and backup records). In contrast, ISO 42001 requires records of why AI is running and how it provides responsible outputs (e.g., AI intent, model design rationales, transparency logs, and human-in-the-loop oversight evidence).
Data governance focus. ISO 27001 focuses on protecting data throughout its lifecycle, from creation/acquisition to disposal. ISO 42001 focuses on the proper use of data.
Cybersecurity risks for AI systems
Although risk management for ISO 27001 and ISO 42001 aims for different objectives, because AI systems work with data, some risks will have a natural connection with information security.
Here are some examples of common security risks specific to Artificial Intelligence that can be related to information security:
- Manipulation of input data to deceive AI models, leading to erroneous results (compromise of information integrity).
- Injection of malicious data into the training dataset, degrading AI models’ performance or trust, or making them behave in a way that benefits the attacker. This one can be related to the compromise of both information integrity and information availability.
- Inference of sensitive information from AI models by analyzing their outputs (compromise of information confidentiality).
- Lack of transparency on how AI decisions are made can make it difficult to identify when the model is being manipulated (compromise of information availability).
Some examples of AI security breaches and their impacts are:
- In 2023, Samsung employees pasted confidential source code and internal meeting notes into public generative AI chatbots – this resulted in sensitive corporate data becoming part of the public AI’s training set, leading to severe corporate data exposure.
- Deepfake technology is an AI-based technology being used to create realistic fake videos and audio to be used for malicious purposes, including misinformation campaigns, identity theft, and non-consensual explicit content.
Since there are risks that are related to both AI and cybersecurity, the next section lists controls that could address both AI and cyber risks at the same time.
Potential overlap between ISO 27001 and ISO 42001 controls
When studying ISO 27001 and ISO 42001 controls, you will find that there are no identical controls, so a direct mapping is not possible.
However, there are some controls that are similar, and could potentially be integrated if this makes sense in the specific environment of a particular company. The table below lists those similar controls.
| ISO 27001 Control | ISO 42001 related controls | Rationale |
| A.5.1 Policies for information security | ISO 42001 A.2 policies related to AI:
– A.2.2 AI Policy – A.2.3 Alignment with other organizational policies – A.2.4 Review of the AI policy |
Organizations could expand their planned or existing Information Security Policy into a unified “Information Security and AI Governance Policy.” Additionally, other information security policies, such as the Backup Policy and the Software Development Policy, can include AI considerations, and the AI deployment process can consider information security issues. |
| A.5.9 Inventory of information and other associated assets | ISO 42001 A.4 Resources for AI systems:
– A.4.2 Resource documentation – A.4.3 Data resources – A.4.4 Tooling resources – A.4.5 System and computing resources – A.4.6 Human resources |
By keeping an inventory of AI-related resources, which could be either integrated into an information asset inventory or kept as a separate inventory according to the organization’s needs, organizations can properly identify and protect AI resources. |
| A.5.10 Acceptable use of information and other associated assets | ISO 42001 A.9 Use of AI systems:
– A.9.2 Processes for responsible use of AI systems – A.9.3 Objectives for responsible use of AI systems – A.9.4 Intended use of the AI system |
Organizations could streamline compliance by updating their Acceptable Use Policy (AUP) to include an AI Annex that defines that using AI assets outside of their declared “Intended Use” constitutes a violation of “Acceptable Use,” which can trigger the same disciplinary or corrective action workflows already established in the ISO 27001 framework. |
| A.5.19 Information security in supplier relationships | ISO 42001 A.10.3 Suppliers | When evaluating a vendor’s information security posture (e.g., encryption, access controls), an organization could also assess its AI ethics and reliability, such as the provenance of its training data and methods for bias mitigation. |
| A.5.37 Documented operating procedures | ISO 42001 A.6.2.7 AI system technical documentation
ISO 42001 A.7.2 Data for development and enhancement of AI systems |
Organizations could create Standard Operating Procedures (SOPs) for documenting model versioning and system intent, making the AI system auditable and transparent for both security and governance teams.
Additionally, organizations could create SOPs for data acquisition, cleaning, and labeling, ensuring that the processes for enhancing AI models — such as verifying data provenance or identifying bias in datasets — are not just technical tasks, but rather documented, repeatable operations that meet the organization’s security and ethical standards. |
| A.6.8 Information security event reporting | ISO 42001 A.3 Internal organization:
– A.3.3 Reporting of concerns
ISO 42001 A.8 Information for interested parties of AI systems: – A.8.3 External reporting – A.8.4 Communication of incidents |
Organizations could make use of the same mechanisms provided for personnel to report observed or suspected information security events to report issues related to AI systems, ensuring response in a timely manner, as well as directing information to the proper interested parties and keeping interested parties informed about adverse impacts that can affect them. |
| A.8.15 Logging | ISO 42001 A.6.2.8 AI system recording of event logs | Organizations could make use of integrated storage of information security logs and AI logs to:
– determine if an AI system’s unexpected behavior was caused by a security breach (e.g., model tampering) or a governance failure (e.g., unintended bias) – secure AI logs, ensuring they cannot be altered after recording, which is critical for future ethical and legal audits
|
| A.8.16 Monitoring activities | ISO 42001 A.6.2.6 AI system operation and monitoring | The combined monitoring of security and AI information could help organizations to:
– monitor infrastructure health (e.g., server load, network anomalies) alongside AI-specific metrics such as model drift, performance degradation, and accuracy rates – configure integrated alerts that trigger based on both security thresholds (e.g., unauthorized access attempts) and AI performance thresholds (e.g., a sudden increase in biased outputs), allowing for a coordinated response between IT and AI engineering teams |
| A.8.25 Secure development life cycle | ISO 42001 A.6.1 Management guidance for AI system development | Organizations could expand the existing Software Development Life Cycle used to support information security to:
– include specialized management guidance for the AI lifecycle, specifically addressing ethics, social responsibility, and transparency – integrate AI-specific checks, such as bias mitigation and model robustness testing, as part of its approval criteria |
| A.8.26 Application security requirements | A.6.2 AI system life cycle:
– A.6.2.2 AI system requirements and specification
|
Security requirements can be extended to include AI specifications, such as model robustness, explainability, and fairness.
|
| A.8.27 Secure system architecture and engineering principles | ISO 42001 A.6.2.3 Documentation of AI system design and development | Secure engineering principles could be expanded to include documentation of the AI model architecture, its decision-making logic, and the rationale behind specific design choices
|
| A.8.29 Security testing in development and acceptance | ISO 42001 A.6.2.4 AI system verification and validation | The tests for information security can be expanded to include:
– technical verification to ensure the AI system is “built right” according to its technical specifications – criteria that validate that the AI produces fair, transparent, and accurate results in real-world conditions – the controlled infrastructure necessary for intensive bias and robustness testing to prevent testing data or experimental model outputs from accidentally leaking into production environments |
| A.8.32 Change management | ISO 42001 A.6.2.5 AI system deployment | A unified change management process can be used to ensure:
– the inclusion of evidence of AI-specific readiness, such as bias testing results and model performance benchmarks, alongside traditional security impact assessments – a quick revert to a previous, stable version of the AI model if it fails to meet its operational objectives – that any changes to underlying infrastructure (e.g., updating Python libraries, GPU drivers, or cloud configurations) are logged and assessed for their potential impact on the AI system’s performance and security – that management evaluates not just the technical risk of a change (e.g., system downtime) but also the societal and ethical risks (e.g., changes in decision-making logic that could lead to unfair outcomes) |
The synergy between ISO 27001 and ISO 42001
Because ISO 27001 and ISO 42001 have a lot in common, it definitely makes sense to create an integrated management system where you will cover all the overlapping clauses, especially since both standards deal primarily with IT systems.
Even though there are some notable differences between these two standards, particularly with the risk assessment and controls, many of those controls can still be aligned and implemented together. In that way, the ISMS and AIMS support each other – security controls ensure that the confidentiality, integrity, and availability of all IT systems (including the AI systems) are protected, and AI controls ensure trustworthiness not only in AI systems, but also in other IT systems as well.
To learn the details of these standards, check out these free ISO 27001 and ISO 42001 courses that will teach you about each clause and control.
