AI System Technical Documentation
Organisations must set and ensure data quality standards for AI system development and operation.
Plain language
This control is about making sure the data you use for your AI is of good quality. Imagine a customer getting the wrong product recommendation because the AI learned from inaccurate data - you want to avoid that by setting clear data quality rules.
Framework
ISO/IEC 42001:2023
Control effect
Preventative
Classifications
N/A
Official last update
01 Dec 2023
Control Stack last updated
19 May 2026
Maturity levels
N/A
Official control statement
The organisation shall determine what AI system technical documentation is needed for each relevant category of interested parties, such as users, partners, supervisory authorities, and provide the technical documentation to them in the appropriate form.
Why it matters
Bad data can lead the AI to make errors, like recommending wrong products, which frustrates customers and harms your business reputation.
Operational notes
Check your data quality each time you adjust your AI model or get new data - doing this keeps issues from piling up.
Implementation tips
- The data steward should regularly check the data quality by sampling and testing it against set criteria. A simple checklist or logging form can be used to document common data errors or inconsistencies.
- The AI lead needs to train the team on what good data looks like and why it matters. Hold a workshop showing examples of flawed data leading to incorrect AI decisions, like suggesting the wrong products to customers.
- Askvendors for a data quality certificate or a simple disclosure statement on how they ensure data standards
- The head of risk should work with the data steward to document potential data quality risks and develop actions to mitigate them. Use real scenarios, like mismatched data labels leading to poor AI predictions, to illustrate these risks.
- Board members should ask for regular updates on data quality and any issues reported. Request a monthly briefing that summarises key data quality metrics and any corrective actions taken.
Audit / evidence tips
- AskRequest the documented data quality standards. GoodThe document is clear, comprehensive, and includes specific data quality criteria.
- AskAsk to see recent data quality check reports. GoodReports are recent, show consistent checking, and detail any data anomalies found and corrected.
- AskAsk the data steward about the training sessions conducted. GoodTraining records show regular sessions and are attended by relevant staff.
- AskCheck contracts with data suppliers. GoodContracts clearly require data suppliers to certify data quality standards.
- AskRequest a summary of data-related issues presented to the board. GoodThe board reviews regular updates on data quality and any action plans to address issues.
Cross-framework mappings
How Annex A 6.2.7 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 5.33 | Annex A 6.2.7 requires the organisation to produce and provide AI system technical documentation to relevant interested parties in an app... | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| ISM-2087 | Annex A 6.2.7 requires the organisation to determine and provide AI system technical documentation appropriate to different interested pa... | |
| ISM-2088 | Annex A 6.2.7 requires the organisation to identify what AI system technical documentation is needed and provide it to relevant categorie... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
Want to implement this AI control?
Mindset Cyber runs PECB-accredited ISO/IEC 42001 training that maps directly to the AI controls in this library.