ISO 42001 vs ISO 27001: a side-by-side comparison

TL;DR.ISO/IEC 27001 governs how you secure information. ISO/IEC 42001 governs how you manage AI systems. They share a structure but not a control set: 27001 has 93 reference controls in Annex A across security themes; 42001 has 38 reference controls across the AI lifecycle. If you have 27001 today and use AI in your product, you almost certainly need 42001 too — and the lift is smaller than starting from scratch because the standards share ISO's Harmonized Structure.

What each standard actually is

ISO/IEC 27001:2022 is the international standard for an Information Security Management System (ISMS). First published in 2005, updated in 2013, and substantively revised in 2022, it specifies requirements for protecting the confidentiality, integrity, and availability of information across people, process, and technology. The current version has 93 reference controls in Annex A organized into 4 themes (organizational, people, physical, technological).

ISO/IEC 42001:2023 is the international standard for an AI Management System (AIMS). Published December 2023 — the first of its kind globally — it specifies requirements for governing AI systems an organization develops, provides, or uses. The standard has 38 reference controls in Annex A organized into 10 categories specific to the AI lifecycle (policies for AI, internal organization, resources, impact assessment, system lifecycle, data for AI, information for interested parties, use of AI, third-party relationships, plus the umbrella objective category).

The structural overlap (and why it matters)

Both standards inherit ISO's Harmonized Structure (formerly the High-Level Structure). Clauses 4 through 10 cover the same topics in the same order with the same general wording:

• Clause 4 — Context of the organization
• Clause 5 — Leadership
• Clause 6 — Planning (risks, opportunities, objectives)
• Clause 7 — Support (resources, competence, awareness, communication, documented information)
• Clause 8 — Operation
• Clause 9 — Performance evaluation (monitoring, internal audit, management review)
• Clause 10 — Improvement (continual improvement, nonconformity and corrective action)

The practical implication: if you have a working 27001 program, you already have a top-management commitment template, a risk assessment process, a competence matrix, an internal audit programme, a management review cadence, and a nonconformity register. All of these structural pieces transfer directly to 42001 — you do not need to re-invent the management-system machinery. You just need to extend it with AI-specific content.

The control framework: 93 controls vs 38 controls

The reference controls in each Annex A are completely different lists. Both are non-prescriptive — your Statement of Applicability declares which apply to your scope and justifies any exclusions. But the shape of the controls tells you what each standard is really worried about.

ISO 27001:2022 Annex A (93 controls, 4 themes)

• Organizational (37 controls): policies, roles, segregation of duties, supplier relationships, threat intelligence, classification
• People (8 controls): screening, terms of employment, awareness, disciplinary process
• Physical (14 controls): perimeters, entry controls, equipment, clear-desk policy
• Technological (34 controls): access control, cryptography, malware, backup, logging, network security, secure development

ISO/IEC 42001:2023 Annex A (38 controls, 10 categories)

• A.2 Policies related to AI (3 controls): AI policy, alignment with other policies, periodic review
• A.3 Internal organization (2 controls): AI roles and responsibilities, concern reporting
• A.4 Resources for AI systems (5 controls): resource documentation, data, tooling, computing, human resources
• A.5 Assessing impacts of AI systems (4 controls): impact-assessment process, documentation, assessing impact on individuals, assessing societal impacts
• A.6.1 Management guidance for AI development (2 controls): development objectives, development processes
• A.6.2 AI system lifecycle (7 controls): requirements + specification, design and development docs, verification and validation, deployment, operation and monitoring, technical documentation, event log recording
• A.7 Data for AI systems (5 controls): data for development, acquisition, quality, provenance, preparation
• A.8 Information for interested parties (4 controls): system documentation for users, external reporting, incident communication, information to interested parties
• A.9 Use of AI systems (3 controls): responsible use processes, responsible use objectives, intended use
• A.10 Third-party and customer relationships (3 controls): allocating responsibilities, suppliers, customers

The 42001 control set introduces concepts that simply don't exist in 27001 — data provenance, AI system lifecycle stages (per ISO/IEC 5338), foreseeable misuse, impact on individuals and societies (per ISO/IEC 42005), human oversight, AI-specific competence. These map roughly onto AI risks like bias, drift, hallucination, opacity, automation bias, training-data leakage, prompt injection — none of which 27001's control set addresses, because 27001 was written to protect the confidentiality of static data, not to govern the behaviour of adaptive systems.

Risk management: different scope, similar mechanics

Both standards require a risk-assessment process (Clause 6.1.2 in both). The mechanics are identical — identify, analyse, evaluate, treat, accept the residual risk with designated-management approval. But the risk surface is different:

27001 risks focus on threats to information assets: unauthorized disclosure, modification, loss of availability. The CIA triad (Confidentiality, Integrity, Availability) is the canonical lens. Risk registers tend to populate from a threat catalogue and asset inventory.

42001 risksfocus on consequences of AI system behaviour: biased outputs causing disparate impact, drift eroding decision quality, lack of explainability blocking redress, foreseeable misuse causing harm, over-reliance on AI decisions by operators (automation bias), training-data memorization leaking sensitive information. The ISO/IEC 23894 guidance document is the canonical reference for AI-specific risk types. A 42001 risk register that is 90% CIA-triad / infosec entries is the second-most common Stage 1 nonconformity — it indicates the AIMS hasn't actually been thought through for AI-specific risks.

42001 also adds a process 27001 does not have: the AI System Impact Assessment (Clause 6.1.4, structured per ISO/IEC 42005). This is a per-system documented assessment of consequences for individuals, groups, and societies — distinct from the risk assessment, but feeding into it.

The audit process: nearly identical

Both standards follow the same ISO/IEC 17021-1 conformity-assessment mechanism, which means the audit process is essentially identical:

• Stage 1 — documentation review (typically 1-3 days for small organizations, scaling with personnel and system count)
• Stage 2 — operational audit, 3-6 months after Stage 1 once operating evidence exists (typically 2-5x the Stage 1 duration)
• Certificate issuance by the accredited Certification Body, valid for 3 years
• Annual surveillance audits at month 12 and 24, typically one-third of initial-audit duration
• Re-certification at month 36, typically two-thirds of initial-audit duration

42001 audit time is specified by ISO/IEC TS 42006:2025 Annex A — the certification-body rulebook published July 2025. The duration scales with personnel count (5 auditor-days for 1-10 people, 16.5 days for 426-625), with adjustments for jurisdiction count, AI system count, high-risk systems, regulatory frameworks, and any custom controls beyond Annex A. Same Annex A of TS 42006 explicitly says the auditor team must collectively hold AI domain knowledge, AI lifecycle knowledge (ISO/IEC 5338), AI risk management (ISO/IEC 23894), and AI impact assessment (ISO/IEC 42005) expertise — your 27001 auditor cannot moonlight as your 42001 auditor without supplementary training.

If you have 27001, what's the lift to add 42001?

Realistically, 30-50% of a fresh 42001 program if your 27001 is mature. Specifically what transfers:

• Top-management commitment template (Clause 5.1)
• Roles and responsibilities matrix (Clause 5.3) — extend with AI-specific roles like AIMS Owner, AI Impact Assessor, model owner
• Risk assessment methodology and risk criteria (Clause 6.1.1-6.1.2) — extend with AI-specific risk types
• Statement of Applicability format (Clause 6.1.3) — but with the new 38-control Annex A
• Documented information control (Clause 7.5)
• Internal audit programme (Clause 9.2) — extend with AI-specific clauses and controls
• Management review cadence (Clause 9.3) — extend with AI-performance inputs
• Nonconformity and corrective action process (Clause 10.2)

What you have to build new:

• AI Policy (Clause 5.2) — distinct from your Information Security Policy; covers responsible AI principles, intended use, prohibited use
• AI System Inventory — every system you develop, provide, or use, with criticality and lifecycle stage
• AI Impact Assessment per system (Clause 6.1.4 + ISO/IEC 42005) — covers consequences for individuals, groups, societies, intended use vs foreseeable misuse, mitigations
• Data quality and provenance documentation (A.7.4, A.7.5) per AI system
• AI system technical documentation (A.6.2.7) for each system
• Customer information and supplier responsibility allocation (A.10) — third-party AI APIs you consume (OpenAI, Anthropic, etc.) need a documented responsibility split

Which one (or both) do you need?

If you handle sensitive data and don't use AI: ISO 27001 is the right framework. 42001 is irrelevant.

If you build or operate AI systems that affect people: ISO 42001 is becoming the de facto standard your customers and regulators will expect. Pure 27001 doesn't answer the AI-specific questions ("how do you assess bias?", "what's your AI incident response process?").

If you do both(and most B2B SaaS companies do): get 27001 first if you don't have it, then add 42001 on top. Sequencing matters because the management-system infrastructure 27001 forces you to build (risk process, internal audit, management review) is exactly what 42001 will reuse. Doing 42001 first without an ISMS underneath is technically possible but you'll end up rebuilding much of the structural work later when you add 27001.

If you're a consultancy or solo founder helping clients: you need fluency in both. Most enterprise procurement teams now ask for evidence of either or both, and the differentiating questions ("what's your data-quality process for training data?", "show me a sample AI Impact Assessment") come from the 42001 side.

How Encor handles this overlap

Encor is purpose-built for 42001 — but recognizes that most customers come to us already operating an ISMS (either ISO 27001 certified or SOC 2 Type II). The product surfaces the integration points: where your existing risk assessment methodology applies, where you need to extend (AI-specific risk types pre-loaded into the risk register), where 27001 control evidence transfers (A.10.2 supplier responsibility allocation can reuse your 27001 Annex A supplier documentation), and where you genuinely have new work to do (per-system impact assessments per ISO/IEC 42005, AI system technical documentation per A.6.2.7).

Every clause reference in our generated artefacts traces to a literal "shall" in the standard. Statement of Applicability versioning matches the format your Certification Body needs to quote on the certificate per ISO/IEC TS 42006:2025 §8.2.2. The full validation pass we did against the actual standards is documented in our public repository.

Sources. ISO/IEC 27001:2022 (published 2022-10), ISO/IEC 42001:2023 (published 2023-12), ISO/IEC TS 42006:2025 (published 2025-07), ISO/IEC 42005:2024, ISO/IEC 23894:2023, ISO/IEC 5338:2023. All clause references are paraphrased; the standards themselves are licensed from ISO and must be purchased to read in full.