Glossary · ISO
ISO/IEC 42001
The first international management-system standard for artificial intelligence, published in 2023, defining requirements for an AI Management System (AIMS). It helps organisations govern AI responsibly and map to obligations such as the EU AI Act.
This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.
Go deeper: the full ISO/IEC 42001 guide
The complete plain-English explainer behind this definition.
Related ISO terms
AIMS
The governance system defined by ISO 42001 for managing the risks and obligations that come with building or deploying AI. It sets out policies, roles, and controls so an organisation can show its AI is developed and operated responsibly.
Annex A Controls
The catalogue of 93 information-security controls listed in Annex A of ISO/IEC 27001:2022, grouped into organisational, people, physical, and technological themes. An organisation selects the controls relevant to its risks and records that choice in the Statement of Applicability.
ISMS
The framework of policies, processes, roles, and controls an organisation uses to manage information-security risk in a systematic, repeatable way. ISO/IEC 27001 is the standard against which an ISMS is certified.
ISO/IEC 27001
The leading international standard for an information security management system (ISMS), specifying requirements for establishing, operating, and continually improving information security. Certification is issued by an accredited certification body after a successful Stage 1 and Stage 2 audit.
ISO/IEC 27701
An extension to ISO/IEC 27001 that adds privacy-specific requirements and controls, turning an ISMS into a Privacy Information Management System (PIMS). It helps organisations demonstrate alignment with privacy laws such as GDPR and the DPDP Act.
PIMS
The privacy-management framework established by ISO/IEC 27701, layered on top of an ISO 27001 ISMS. It adds the controls and accountability needed to manage personally identifiable information as a controller or processor.
Written By Expert Auditors
Get in touch
Book a free consultation or send us your requirements. We respond within 24 hours.
Quick Call
Pick a time slot
Send Requirements
Get a custom quote in 24 hours