ISO/IEC-42001 (AI Management System) - Lecture 12 - Clause 7.5 – Documented Information

Enroll for Complete Course: https://www.udemy.com/course/iso-4200...

Clause 7.5 – Documented Information
________________________________________
Q1: What is Clause 7.5 (i.e. Documented Information) about in ISO/IEC 42001?

• Clause 7.5 outlines how organizations should manage documented information related to the AI Management System (AIMS).
• It ensures documents are properly created, maintained, controlled, and protected—both internal and external in origin.

Clause 7.5 is broken into three main sub-clauses:
• 7.5.1 – General requirements
• 7.5.2 – Creating and updating documented information
• 7.5.3 – Control of documented information


________________________________________
Q2: What does Clause 7.5.1 (i.e. General Requirements) state?

Organizations must include two types of documented information:

1. Documents required by ISO/IEC 42001 (e.g., policies, risk assessments, audit records)
2. Documents the organization deems necessary for managing its AIMS effectively

📘 Example: Statement of Applicability, AI Risk Register, Training Records, Impact Assessments, etc.

📘 Refer section 20 of AIMS Policy (Template 2) for detailed list of such documents.

________________________________________
Q3: What does Clause 7.5.2 (i.e. Creating and Updating Documents) require?

When creating or updating documentation, organizations must ensure:
• Clear identification (title, number, version)
• Proper description and format
• Designated owners and approvers
• Effective version control and revision history

📘 Refer section 20 of AIMS Policy (Template 2) for format.

Enroll for Complete Course: https://www.udemy.com/course/iso-4200...

________________________________________
Q4: What are the requirements under Clause 7.5.3 (i.e. Control of Documented Information)?

Documents must be controlled to ensure:

• Availability and accessibility when needed
• Confidentiality and protection from unauthorized access
• Proper distribution, retrieval, and use
• Secure storage, preservation, and change management
• Defined retention periods and secure disposal

📘 Refer section 20 of AIMS Policy (Template 2) for format.

________________________________________
Q5: What about documented information of external origin?

The organization must:

• Identify documents of external origin used in the AIMS (e.g., ISO 42001 standard, audit reports, external licenses)
• Apply the same control measures to these documents, including:
o Access control
o Version tracking
o Retention and storage

📘 Example: An ISO 42001 licensed standard copy must be clearly marked and restricted as per licensing terms.
________________________________________