Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
ISO/IEC 42001:2023 overview
The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world's largest developer of voluntary international standards. The International Electrotechnical Commission (IEC) is the world's leading organization for the preparation and publication of international standards for electrical, electronic, and related technologies.
ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. An AI management system is a set of interrelated or interacting elements of an organization intended to establish policies and objectives, and processes to achieve those objectives, in relation to the responsible development, provision, or use of AI systems.
ISO/IEC 42001 specifies the requirements and provides guidance for establishing, implementing, maintaining, and continually improving an AI management system within the context of an organization. It's designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems. For organizations, it sets out a structured way to manage risks and opportunities associated with AI, balancing innovation with governance.
Microsoft and ISO/IEC 42001
Microsoft’s progress towards ISO 42001 certification represents a pivotal achievement in our dedication to responsible AI as a leader in AI research and technology. Amid rapid AI advancements and widespread adoption, Microsoft remains steadfast in its commitment to the following:
- Continually improving its AI management system
- Understanding the needs and expectations of its customers
- Identifying and actioning upon opportunities to build and maintain trust in its AI products and services
- Collaborating with the growing community of responsible AI practitioners, regulators, researchers on advancing our responsible AI approach
This certification will also assist customers with supporting their own compliance efforts by leveraging certified AI services and demonstrating their commitment to using AI technologies that have been developed responsibly.
This independent validation is intended to provide our customers with additional assurance over the application of our Responsible AI Standard for AI risk management throughout the AI lifecycle.
This certification builds upon our existing work on responsible AI such as:
- Our AI Customer Commitments to assist our customers on their responsible AI journey
- Our inaugural Responsible AI Transparency Report that enables us to record and share our maturing practices, reflect on what we have learned, chart our goals, hold ourselves accountable, and earn the public’s trust
- Our Transparency Note for Microsoft 365 Copilot helps customers understand how our AI technology works, its capabilities and limitations, and the choices system owners can make that influence system performance and behavior
- Our Responsible AI Resources site which provides tools, practices, templates, and information we believe will help many of our customers establish their responsible AI practices
Services in scope for ISO 42001 Certification
Microsoft 365 Copilot and Microsoft 365 Copilot Chat
Microsoft 365 Copilot and ISO 42001
The ISO/IEC 42001 certification applies to Microsoft 365 Copilot and Microsoft 365 Copilot Chat. Microsoft 365 Copilot is an AI-powered productivity tool that uses large language models (LLMs) and integrates your data with the Microsoft Graph and Microsoft 365 apps and services. It works alongside popular Microsoft 365 apps such as Word, Excel, PowerPoint, Outlook, Teams, and more. Microsoft 365 Copilot provides real-time intelligent assistance, enabling users to enhance their creativity, productivity, and skills.
See the Microsoft 365 Copilot Service Descriptions for a full list of available features.
Microsoft 365 Copilot and Microsoft 365 Copilot Chat undergo regular independent third-party audits for ISO/IEC 42001 compliance. You can review the Microsoft 365 ISO/IEC 42001 certificate and audit report on Service Trust Portal for more information.
Frequently asked questions
Why is ISO/IEC 42001 certification important?
The ISO 42001 certification confirms that an independent third party has validated Microsoft's application of the necessary framework and capabilities to effectively manage risks and opportunities associated with the continuous development, deployment, and operation of Microsoft 365 Copilot and Microsoft 365 Copilot Chat. This independent validation is intended to provide our customers with additional assurance over the application of our Responsible AI Standard for AI risk management throughout the AI lifecycle.
Where can I get the ISO/IEC 42001 audit reports and scope statements?
The Service Trust Portal provides independently audited compliance reports and certificates.
Can I use the ISO/IEC 42001 compliance of Microsoft 365 Copilot in my organization's certification?
Yes. If your business requires ISO/IEC 42001 certification for implementations of Microsoft 365 Copilot, you can use the applicable certification in your compliance assessment. You're responsible, however, for engaging an assessor to evaluate the controls and processes within your own organization and your implementation for ISO/IEC 42001 compliance.
Microsoft 365 services that help support Microsoft 365 Copilot
In your Microsoft 365 license, there are services and features that can help you get your data and organization ready for Copilot.
- SharePoint Advanced Management (SAM) – Microsoft SharePoint Premium – SharePoint Advanced Management (SAM) can help you reduce oversharing and cleanup inactive sites. These tasks help declutter Copilot's data sources and improve the quality of the responses.
- Restricted SharePoint Search – Restricted SharePoint Search (RSS) RSS gives you time to review and configure the correct permissions on your SharePoint sites. You add the reviewed & corrected sites to an allowed list that Copilot can access.
- Microsoft Purview – You can Use Microsoft Purview to mitigate and manage the risks associated with AI usage and implement corresponding protection and governance controls. Microsoft Purview can classify and label your data based on the sensitivity of the content. It can also help prevent unauthorized sharing or leakage and review Copilot prompts and responses.