Glossary · ISO
ISO/IEC 42006
The standard (published July 2025) setting requirements for bodies that audit and certify AI management systems — auditor competence in AI, audit-time calculation, and AIMS-specific methods. It is why "accredited" matters for ISO 42001 certificates: a certificate from a body accredited under ISO/IEC 42006 is the defensible kind, verifiable on IAF CertSearch.
This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.
Go deeper: the full ISO/IEC 42006 guide
The complete plain-English explainer behind this definition.
Related ISO terms
Agentic AI
AI systems that plan and take multi-step actions toward a goal — calling tools, browsing, or executing tasks — with limited human intervention per step. Under ISO 42001, agentic systems raise the bar on lifecycle controls (A.6), event logging, and demonstrable human oversight, because autonomy widens the impact surface.
AI Impact Assessment
The outward-looking assessment ISO 42001 Annex A.5 requires: how an AI system could affect individuals, groups, and society — fairness, rights, safety — with documented mitigations. ISO/IEC 42005:2025 provides the methodology. It complements (and differs from) the inward-looking AI risk assessment and a privacy DPIA.
AI System
A machine-based system that infers from inputs how to generate outputs — predictions, content, recommendations, or decisions — that can influence real environments. The definition (shared in substance by ISO/IEC 22989 and the EU AI Act) is deliberately broad: a product feature wrapping a third-party foundation model is an AI system, not just the model itself.
AIMS
The governance system defined by ISO 42001 for managing the risks and obligations that come with building or deploying AI. It sets out policies, roles, and controls so an organisation can show its AI is developed and operated responsibly.
Annex A Controls
The catalogue of 93 information-security controls listed in Annex A of ISO/IEC 27001:2022, grouped into organisational, people, physical, and technological themes. An organisation selects the controls relevant to its risks and records that choice in the Statement of Applicability.
EU AI Act
The European Union's binding AI law, tiering systems by risk from prohibited practices to minimal risk. It phases in from 2025; after the May 2026 digital-omnibus agreement, high-risk obligations apply from December 2027 (Annex III) and August 2028 (Annex I), while transparency duties and GPAI enforcement arrive on 2 August 2026. ISO 42001 is the management system most organisations use to operationalise it.
Written By Expert Auditors
Get in touch
Book a free consultation or send us your requirements. We respond within 24 hours.
Quick Call
Pick a time slot
Send Requirements
Get a custom quote in 24 hours