Glossary · ISO
ISO/IEC 42005
The AI system impact assessment standard, published in May 2025. It provides the step-by-step methodology for assessing an AI system's consequences for individuals, groups, and society — the process ISO 42001 Annex A.5 requires an organisation to have.
This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.
Go deeper: the full ISO/IEC 42005 guide
The complete plain-English explainer behind this definition.
Related ISO terms
Agentic AI
AI systems that plan and take multi-step actions toward a goal — calling tools, browsing, or executing tasks — with limited human intervention per step. Under ISO 42001, agentic systems raise the bar on lifecycle controls (A.6), event logging, and demonstrable human oversight, because autonomy widens the impact surface.
AI Impact Assessment
The outward-looking assessment ISO 42001 Annex A.5 requires: how an AI system could affect individuals, groups, and society — fairness, rights, safety — with documented mitigations. ISO/IEC 42005:2025 provides the methodology. It complements (and differs from) the inward-looking AI risk assessment and a privacy DPIA.
AI System
A machine-based system that infers from inputs how to generate outputs — predictions, content, recommendations, or decisions — that can influence real environments. The definition (shared in substance by ISO/IEC 22989 and the EU AI Act) is deliberately broad: a product feature wrapping a third-party foundation model is an AI system, not just the model itself.
AIMS
The governance system defined by ISO 42001 for managing the risks and obligations that come with building or deploying AI. It sets out policies, roles, and controls so an organisation can show its AI is developed and operated responsibly.
Annex A Controls
The catalogue of 93 information-security controls listed in Annex A of ISO/IEC 27001:2022, grouped into organisational, people, physical, and technological themes. An organisation selects the controls relevant to its risks and records that choice in the Statement of Applicability.
EU AI Act
The European Union's binding AI law, tiering systems by risk from prohibited practices to minimal risk. It phases in from 2025; after the May 2026 digital-omnibus agreement, high-risk obligations apply from December 2027 (Annex III) and August 2028 (Annex I), while transparency duties and GPAI enforcement arrive on 2 August 2026. ISO 42001 is the management system most organisations use to operationalise it.
Written By Expert Auditors
Get in touch
Book a free consultation or send us your requirements. We respond within 24 hours.
Quick Call
Pick a time slot
Send Requirements
Get a custom quote in 24 hours