AI Management Systems

ISO 42001 Audit Trail Requirements: What the Standard Actually Demands

Published 30 June 2026  ·  KairoNull  ·  7 min read

ISO 42001 is the international standard for AI management systems. Published in December 2023, it provides a framework for organisations to establish, implement, maintain, and continually improve their approach to responsible AI. It has rapidly become the de facto governance baseline for organisations operating AI in regulated environments.

Certification against ISO 42001 requires documented, independently verifiable evidence that your AI management system operates as declared. This is where most organisations discover that their existing documentation practices are insufficient. ISO 42001 does not accept self-reported records as evidence of AI system behaviour.

What ISO 42001 Actually Requires

The standard's documentation and audit trail requirements are distributed across several clauses. The operative demands are:

Clause 7.5
Documented information required by the AIMS must be controlled, including creation, updating, and control across format, review, and approval.
Clause 8.4
AI system design and development must include documented inputs, design decisions, and outputs at each development stage.
Clause 9.1
Monitoring and measurement must produce documented results that demonstrate whether the AIMS is achieving intended outcomes.
Clause 10.1
Nonconformities and corrective actions must be documented with evidence of causation, actions taken, and effectiveness review.
Annex A.6.2
Records of AI system operation must enable post-hoc reconstruction of AI decisions affecting individuals or regulated processes.
The key word across all clauses is "documented information." In ISO standards terminology, this means records that are controlled, identifiable, and protected from unintended alteration. A Confluence page, a Slack thread, or an application log that a privileged administrator can edit does not meet this definition.

The Gap Between Documentation and Evidence

Most organisations seeking ISO 42001 certification already maintain documentation of their AI systems. They have model cards, risk assessments, data governance policies, and change logs. The audit challenge arises not from missing documentation, but from the integrity of that documentation.

ISO 42001 auditors are increasingly trained to distinguish between documentation that describes what a system was intended to do and evidence that demonstrates what it actually did. These are different things, and the gap between them is where certification fails.

Documentation (insufficient)

  • Describes intended behaviour
  • Written before or after the fact
  • Modifiable by document owners
  • No proof of when it was created
  • Cannot reconstruct actual decisions
  • Chain of custody is assumptive

Evidence (ISO 42001 compliant)

  • Records actual system behaviour
  • Captured at the moment of operation
  • Tamper-evident by construction
  • Timestamped by trusted third party
  • Enables post-hoc decision reconstruction
  • Chain of custody is cryptographically provable

Annex A.6.2: Operational Records

Annex A.6.2 is the most technically demanding clause for most organisations. It requires that AI systems operating in high-risk contexts maintain records sufficient to reconstruct the system's behaviour at the time of any specific decision. This is not a reporting requirement. It is an architectural requirement.

For a credit scoring system, this means: at any subsequent point, a compliance officer must be able to reconstruct exactly what inputs the model received, which model version processed those inputs, what the output was, and what contextual conditions applied at the time. If any of those elements are missing or could have been altered, the record fails the Annex A.6.2 standard.

A.6.2 compliance cannot be retrofitted. Records must be created at the moment of the AI decision. Post-hoc reconstruction from application logs, database states, or memory is explicitly insufficient and will be identified in a certification audit.

How ISO 42001 Intersects with the EU AI Act

Organisations operating high-risk AI systems in the EU face overlapping obligations from ISO 42001 and the EU AI Act. The two frameworks align in their requirements for operational records, but with important differences:

Organisations building a single evidence infrastructure that satisfies both frameworks simultaneously are better positioned than those pursuing separate compliance tracks. A cryptographic audit trail built to EU AI Act Article 12 standards will also satisfy ISO 42001 Annex A.6.2 with margin.

What Auditors Check During ISO 42001 Certification

Certification auditors are specifically trained to probe the integrity of documented information. The typical audit sequence for AI operational records is:

  1. Request records for a specific AI decision from a defined time period
  2. Ask how the organisation can demonstrate those records have not been altered since creation
  3. Request evidence of the record creation timestamp from a source independent of the organisation
  4. Ask whether the organisation or any administrator can modify the records retrospectively
  5. Request a chain-of-custody demonstration from decision event to the record being presented

Organisations that cannot answer steps 2 through 4 without pointing to an internal system or a vendor attestation will receive a nonconformity. The most common gap is step 3: organisations have timestamps, but the timestamps are self-reported and cannot be independently verified.

RFC3161 timestamping solves step 3. An RFC3161 timestamp is issued by a trusted third-party time authority and is cryptographically bound to the record at capture. It cannot be altered without invalidating both the record hash and the timestamp binding. This is the standard that ISO 42001 auditors accept as independent timestamp verification.

Continuous Monitoring and Evidence Accumulation

Clause 9.1 requires that monitoring and measurement results be retained as documented information. For AI systems, this means operational evidence must accumulate continuously, not be assembled for audit purposes. An organisation that produces evidence only when a certification audit is scheduled is not meeting the continuous monitoring requirement.

The practical implication is that ISO 42001-compliant AI evidence infrastructure must be always-on. Evidence must be generated and retained from the first day an AI system is in production, not from the day a certification decision is made. Auditors will check the continuity of records, and gaps in operational coverage are material nonconformities.

Corrective Action Evidence (Clause 10.1)

When AI systems produce unexpected outputs, exhibit bias, or contribute to harm, ISO 42001 Clause 10.1 requires documented evidence of the corrective action process: what was identified, what was done, and whether the action was effective. This requires being able to point to the original AI decision record that triggered the corrective action and trace the chain from incident to resolution.

Without a tamper-evident audit trail, the corrective action documentation cannot be verified against the original system behaviour. Auditors will ask to see the original record and compare it to the corrective action documentation. If the original record could have been altered, the entire corrective action chain is invalidated.

Build evidence infrastructure that satisfies ISO 42001 and EU AI Act together

KairoNull's Umbra Trust Protocol captures AI decision records at the moment of generation, applies RFC3161 timestamping, and chains them with SHA-256 into a tamper-evident ledger. The output is independently verifiable by ISO 42001 auditors and EU AI Act regulators without requiring KairoNull access.

Book a 30-min scoping call