ISO/IEC 42006 mapping
Traceability shortcuts: Taxonomy → Minimum Evidence → Validator → Conformance.
This page explains ISO/IEC 42006 and how AIMO Standard supports adopters preparing for AIMS audits. It is informative only; it does not constitute certification or legal advice.
What is ISO/IEC 42006?
ISO/IEC 42006 specifies requirements for bodies that audit and certify AI management systems (AIMS) against ISO/IEC 42001. It builds on ISO/IEC 17021-1 (conformity assessment — requirements for bodies providing audit and certification of management systems). Published in 2025 (e.g. 2025-07), it formalizes competence and process expectations for certification bodies performing AIMS audits.
Why it matters for AIMO adopters
Certification bodies applying ISO/IEC 42006 will expect auditable evidence of management-system controls: documented policies, roles, operational controls, monitoring, and improvement. AIMO helps structure that evidence into a consistent bundle (manifest, hashes, lifecycle records) and provides a validator for structural consistency. It does not replace the auditor’s judgment or the certification decision.
AIMO support
| AIMO component | How it supports audit readiness |
|---|---|
| Evidence Bundle + Validator | Auditable structure: manifest, object_index, payload_index, hash_chain, signing. Validator checks presence and integrity; output can be attached to the bundle for auditors. |
| Conformity levels | Foundation / Operational / Audit-Ready describe evidence maturity (traceability, lifecycle trail, attestation, handoff index). They indicate readiness level, not certification. |
| Coverage Map + Profiles | Explainability and requirements traceability: mappings from AIMO artifacts to ISO 42001 clause families and, where applicable, to EU or other frameworks. |
See Conformance for level definitions and ISO/IEC 42001 for the underlying standard mapping.
References
- ISO/IEC 42006 — Requirements for bodies auditing and certifying AI management systems (ISO)