A collection of professional and humorous infographic cards to help you understand, remember, and explain ISO/IEC 42001.
Tip
nelsambrose.github.io/ISO-42001-Visual-Library — browse all cards in a clean, searchable page optimised for sharing.
Note
Free to use, share, or remix these cards in presentations, training, or anything else you wish to use them for.
Attribution is appreciated but not required, but a star does help a lot continuing improvements on this library 😀
Status: Work in progress. Current coverage includes Clauses 4–10, Annex A domain and control cards, the Audit Readiness mini-deck, and AI Principles cards.*
Click to expand Table of Contents
This repository is a practical visual library for learning and explaining ISO/IEC 42001:2023, the international standard for AI Management Systems (AIMS).
It is designed to make ISO 42001 easier to understand, remember, and explain through visual learning. The library combines professional and humorous infographic cards to support study, awareness, training, presentations, and audit preparation.
Most ISO 42001 material is dense or assumes prior knowledge. This library turns the standard into short visual cards designed for learning, communication, and memory.
Each topic includes a professional card for clear explanation and sharing, and a funny card for memory and engagement. Some topics also include minimal memory cards focused on clause number and keyword recall.
These assets are learning aids and are not a replacement for the full ISO/IEC 42001:2023 standard.
Project structure and naming conventions are documented in CONTEXT.md.
The library currently covers the ISO 42001 overview, Domain cards, Control cards, Clauses 4 to 10, Annex A, the Audit Readiness, and AI Principles.
For Audit Readiness reference material, see the Audit Readiness reference index.
- Expanded Annex A guidance and supporting visuals
- Certification preparation
- People impact and human oversight
- ISO 42001 and ISO 27001 comparison
- EU AI Act alignment
- AI policy templates
Tip
Click any card to open a full-size view. This is the easiest way to read the detail.
These overview cards show the complete ISO/IEC 42001:2023 AI Management System structure, covering mandatory clauses 4 to 10 and the optional Annex A controls.
The simple memory cards are designed for quick recall. Each card reduces one clause to its core keyword. The professional simple cards use a clean minimal style. The funny simple cards use a strong visual hook.
These cards are intentionally simple. The goal is not to explain every sub-clause, but to make the main association easy to remember.
| Clause 4 | Clause 5 | Clause 6 |
|---|---|---|
 |
 |
 |
| Clause 7 | Clause 8 | Clause 9 |
 |
 |
 |
| Clause 10 | ||
 |
| Clause 4 | Clause 5 | Clause 6 |
|---|---|---|
 |
 |
 |
| Clause 7 | Clause 8 | Clause 9 |
 |
 |
 |
| Clause 10 | ||
 |
Simple memory cards for ISO 42001 Clauses 4 to 10, designed for quick keyword recall in study, training, and awareness sessions.
Clauses 4–10 are the mandatory requirements of ISO 42001 - the standards that every organisation must implement. Unlike Annex A (which provides controls to select from), these clauses are non-negotiable. Each clause builds on the previous one, forming a management system cycle.
| Topic | Professional | Funny |
|---|---|---|
| Clause 4 Context of the Organisation Reference ↗ |
 |
 |
| Clause 5 Leadership Reference ↗ |
 |
 |
| Clause 6 Planning Reference ↗ |
 |
 |
| Clause 7 Support Reference ↗ |
 |
 |
| Clause 8 Operation Reference ↗ |
 |
 |
| Clause 9 Performance Evaluation Reference ↗ |
 |
 |
| Clause 10 Improvement Reference ↗ |
 |
 |
Full infographic cards for ISO 42001 Clauses 4 to 10 — the mandatory requirements every organisation must implement to achieve ISO/IEC 42001:2023 certification.
Annex A is the operational core of ISO 42001. It contains controls across nine areas (A.2–A.10) that define what responsible AI management looks like in practice.
These controls are grouped into four non-compulsory domains, and can be selected based on the organisation's AI risks, context, and objectives:
- Governance - Establishing AI policies, leadership accountability, and the overall direction for responsible AI within the organisation.
- Organisation - Defining internal roles and responsibilities, ensuring the right people, skills, and resources are in place to manage AI effectively.
- Operation - Managing the full AI system lifecycle: from design and data management through deployment, monitoring, and decommissioning.
- Relationships - Governing how the organisation works with third parties, customers, and other stakeholders who develop, supply, or are affected by AI systems.
| Professional | Funny |
|---|---|
 |
 |
ISO 42001 Annex A groups controls across four domains: Governance, Organisation, Operation, and Relationships.
| Domain | Professional | Funny |
|---|---|---|
| Governance Reference ↗ |
 |
 |
| Organisation Reference ↗ |
 |
 |
| Operation Reference ↗ |
 |
 |
| Relationships Reference ↗ |
 |
 |
Domain-level cards for ISO 42001 Annex A, covering governance, organisation, operation, and relationship controls for responsible AI management.
Annex A controls are recommended governance measures that help organisations manage AI systems responsibly across the areas mentioned below.
| Control | Professional | Funny |
|---|---|---|
| A.2 Policies Related to AI Reference ↗ |
 |
 |
| A.3 Internal Organisation Reference ↗ |
 |
 |
| A.4 Resources for AI Systems Reference ↗ |
 |
 |
| A.5 Assessing Impacts of AI Systems Reference ↗ |
 |
 |
| A.6 AI System Life Cycle Reference ↗ |
 |
 |
| A.7 Data for AI Systems Reference ↗ |
 |
 |
| A.8 Information for Interested Parties Reference ↗ |
 |
 |
| A.9 Use of AI Systems Reference ↗ |
 |
 |
| A.10 Third-party and Customer Relationships Reference ↗ |
 |
 |
Control-level cards covering ISO 42001 Annex A controls A.2 through A.10, from AI policies and internal organisation to third-party and customer relationships.
These five cards help you prepare for ISO 42001 audits. They cover what auditors actually look for, the difference between strong and weak evidence, common failure patterns across Annex A, and how to talk about controls confidently.
Reference files available for all five cards. See the Audit Readiness reference index for an overview.
| Card | Professional | Funny |
|---|---|---|
| Audit-01 What an Auditor Actually Looks For Reference ↗ |
 |
 |
| Audit-02 Evidence vs Good Intentions Reference ↗ |
 |
 |
| Audit-03 Strong Versus Weak Evidence Examples Reference ↗ |
 |
 |
| Audit-04 Common Audit Failure Modes Across Annex A Reference ↗ |
 |
 |
| Audit-05 How to Talk About Controls Confidently Reference ↗ |
 |
 |
ISO 42001 audit readiness cards covering auditor expectations, evidence standards, common Annex A failure patterns, and how to communicate controls confidently.
The AI Principles Cards explain core responsible AI concepts that support practical AI governance and AI Management System thinking. They cover fairness, transparency, accountability, human oversight, privacy, and safety and reliability. Each principle is shown as a professional card for clear explanation and a funny card for memory and engagement.
These cards are learning aids. They do not add new ISO/IEC 42001 requirements and should not be treated as a replacement for the official standard.
| Principle | Professional | Funny |
|---|---|---|
| Principle-01 Fairness Reference ↗ |
 |
 |
| Principle-02 Transparency Reference ↗ |
 |
 |
| Principle-03 Accountability Reference ↗ |
 |
 |
| Principle-04 Human Oversight Reference ↗ |
 |
 |
| Principle-05 Privacy Reference ↗ |
 |
 |
| Principle-06 Safety and Reliability Reference ↗ |
 |
 |
AI principles cards covering the core responsible AI concepts that underpin ISO/IEC 42001:2023 governance: fairness, transparency, accountability, human oversight, privacy, and safety and reliability.
These are earlier infographic cards that have since been superseded by the current card designs, but the content remains accurate. Feel free to use any of these if you prefer the format.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Earlier ISO 42001 infographic card variants covering Clause 8 Operation, Clause 9 Performance Evaluation, Clause 10 Improvement, Annex A.5, Annex A.10, and the Annex A domain overview.
This repository has been included in the following curated AI governance and responsible AI resource lists:
-
Awesome Artificial Intelligence Regulation - Curated resources focused on AI governance, regulation, and responsible AI.
-
Awesome Responsible AI - Curated responsible AI tools, frameworks, standards, and learning resources.
-
Awesome EU AI Act - Curated resources focused on the EU AI Act, AI governance, compliance, and responsible AI.
This work is licensed under the Creative Commons Attribution 4.0 International License. See LICENSE.md for details.
Suggested attribution:
ISO 42001 Visual Library by Nelson Ambrose, licensed under CC BY 4.0.
Creator: Nelson Ambrose
If you find these useful, please leave a ⭐
This repository is an independent learning resource. It is not affiliated with, endorsed by, or certified by ISO, IEC, or any certification body.
The materials are intended as learning aids and should not be treated as a replacement for the official ISO/IEC 42001:2023 standard, legal advice, audit advice, or certification guidance.
A personal visual overview of the author's AI governance focus and role in building the library.
