Compliance/ISO/IEC 42001

ISO/IEC 42001 Evidence Mapping for AI Agents

Name: Veto
Availability: InStock
Author: Veto

ISO/IEC 42001:2023 is the first AI management system standard used for certification programs. For organizations running AI agent systems, certification turns on whether the AIMS scope, Annex A control selection, and operational records reflect how agents make decisions. Policy-as-code and decision records are the evidence backbone.

Last updated: May 20, 2026

What is ISO/IEC 42001?

ISO/IEC 42001:2023, published by ISO and IEC on December 18, 2023, specifies requirements for establishing, implementing, maintaining, and continually improving an AI Management System (AIMS) within an organization. It is the first international AI management standard built on the Annex SL structure used by ISO 27001 (information security) and ISO 9001 (quality), making integrated certification possible. Unlike NIST AI RMF, which is voluntary and non-certifiable, ISO 42001 is certifiable by accredited bodies and gives procurement, vendor-risk, and governance teams a concrete AI management baseline to review.

Why it applies to AI agents

ISO 42001 was deliberately written to cover any organization that develops, provides, or uses AI systems, including downstream deployers. Agent operators sit squarely in scope. The standard requires you to document the AI system lifecycle (Annex A.6), the data flowing through it (A.7), how stakeholders are informed (A.8), and how the system is operated in production (A.9). Every one of those touches a runtime authorization boundary.

Clause 6.1.3 requires AI risk treatment plans. Clause 8.2 requires operational controls. Clause 9.1 requires monitoring, measurement, analysis, and evaluation. Without decision records that record exactly what agents did and why, the AIMS has nothing to monitor and nothing to evaluate.

Control mapping: AIMS clauses and Annex A controls to Veto features

ISO 42001 uses Annex SL clauses 4 to 10 (the management system structure) plus 38 Annex A controls. The table maps the controls most directly addressed by runtime authorization.

Clause or control	Requirement	Veto feature
4.3	Determine scope of the AIMS, including AI systems and intended uses	Project- and organization-scoped policy files enumerating every agent in scope
6.1.2	AI risk assessment process identifies risks to AI system objectives	Policy authoring forces enumeration of allowed tools, arguments, and denied actions
6.1.3	AI risk treatment plan with controls selected from Annex A	Statement of Applicability mapping each Annex A control to a policy file or feature
8.2	Operational controls implementing the risk treatment plan	Runtime authorization enforcement; deny-by-default; per-tool argument validation
8.3	AI risk assessment performed at planned intervals and on significant change	Policy diff CI gates; mandatory review for any policy change touching production agents
9.1	Monitoring, measurement, analysis, and evaluation of AIMS performance	Decision-log view with decision outcome rates, approval latency, policy violation counts
10.1	Continual improvement of the AIMS	Versioned policies with change history; reviewer comments fed back into policy revisions
A.2.2	AI policy aligned with business objectives and risk appetite	Declarative YAML policies stored alongside business code; reviewable as documentation
A.6.2.4	Verification and validation of AI system behavior	Policy playground for offline test cases; CI checks asserting expected policy outcomes
A.6.2.6	Deployment of AI system in production with operational controls	Environment-scoped policies (dev, staging, prod) with separate API keys and approval rules
A.6.2.8	Recording of AI system events	Append-only decision record with agent ID, tool, arguments, policy version, outcome, timestamp
A.9.2	Intended use of AI system documented and enforced	Per-agent policy specifying allowed tools, allowed arguments, and approval-required actions

Evidence Veto provides

ISO 42001 audits require documented evidence, not slide decks. Veto outputs map to the four evidence categories auditors request:

Documented information (Clause 7.5)

YAML policy files stored in version control, signed commits, CODEOWNERS approvals, and CHANGELOG entries become the AIMS documented information set.

Operational records (Clause 8)

Decision record entries are the operational records of agent behavior. Each entry includes agent ID, tool, arguments, policy version SHA, outcome, reviewer ID, timestamp.

Performance evaluation (Clause 9)

Workspace aggregates of decision outcome counts, approval latency, and policy violation rates supply the monitoring and measurement evidence required for management review.

Improvement (Clause 10)

Git history of policy revisions, linked to incident records or reviewer feedback, documents the continual improvement loop the auditor will sample.

Implementation timeline

December 18, 2023ISO/IEC 42001:2023 published

2024 onwardOrganizations begin mapping AI management programs to the new AI management system standard

Procurement reviewVendor-risk teams can ask whether AI governance maps to ISO 42001 controls

Certification cycleCertification programs generally use surveillance audits and periodic recertification

Frequently asked questions

What is ISO/IEC 42001 and is it certifiable?

ISO/IEC 42001:2023, published December 18, 2023, is the first international management system standard for AI. Unlike NIST AI RMF (voluntary, non-certifiable), ISO 42001 follows the Annex SL high-level structure used by ISO 27001 and ISO 9001 and can be certified by accredited bodies. Certification programs commonly use surveillance and recertification cycles; confirm cadence with your certification body.

How is ISO 42001 different from ISO 27001?

ISO 27001 governs information security management systems. ISO 42001 governs AI management systems. They share Annex SL structure (clauses 4-10) so integrated audits are possible. ISO 42001 Annex A introduces 38 controls across nine categories specific to AI: policies, internal organization, resources, impact assessment, lifecycle, data, information for stakeholders, use, and third-party relationships.

Which ISO 42001 Annex A controls apply to runtime authorization?

A.6 (AI system lifecycle), A.7 (Data for AI systems), A.8 (Information for stakeholders of AI systems), and A.9 (Use of AI systems) cover runtime authorization most directly. Specifically A.6.2.4 (verification and validation), A.6.2.6 (deployment), A.8.2 (system documentation), and A.9.2 (intended use) require evidence that authorization decisions match documented intent.

What evidence does an ISO 42001 auditor look for?

Auditors evaluate the AIMS scope statement, the AI risk assessment, the Statement of Applicability listing applicable Annex A controls with justifications, operational records (decision records, approval queues, incident logs), and management review minutes. Veto provides decision records, approval records, and policy version history that teams can map to clauses 8.2, 8.3, 9.1, and 10.1 evidence requirements.

Related evidence resources

NIST AI RMF

GOVERN, MAP, MEASURE, MANAGE functions for AI agents

SOC 2

Trust service criteria for service organization audits

EU AI Act

Risk-tier regulation with Article 14 oversight requirements

ISO 42001 certification needs operational records, not a deck. Start with one governed workflow.