Training Module
Training Module

AI System Scope, Lifecycle & Inventory

Define AI system scope, lifecycle boundaries, and a maintained AI system inventory aligned to ISO/IEC 42001

Understand

Implement

Manage

Audit

Training module overview

Many organisations adopt ISO/IEC 42001 while their AI usage remains fragmented: pilots, embedded vendor features, local automations, and model-driven components are treated inconsistently, documented unevenly, and owned ambiguously. The result is predictable: the AIMS scope statement becomes abstract, risk and impact work starts from incomplete system lists, and operational controls cannot be applied consistently across the AI lifecycle.

This module focuses on the ISO/IEC 42001-specific expectations for identifying AI systems, describing their intended purpose and context of use, defining lifecycle boundaries that matter for governance, and maintaining an AI system inventory as living management system knowledge. It does not teach generic scoping methods, AI technical foundations, risk/impact assessment methods, or operational control design as these topics are taught in other training modules. Rather, it provides the standard-specific structure needed so those activities have a reliable, shared input baseline.

Many organisations adopt ISO/IEC 42001 while their AI usage remains fragmented: pilots, embedded vendor features, local automations, and model-driven components are treated inconsistently, documented unevenly, and owned ambiguously. The result is predictable: the AIMS scope statement becomes abstract, risk and impact work starts from incomplete system lists, and operational controls cannot be applied consistently across the AI lifecycle.

This module focuses on the ISO/IEC 42001-specific expectations for identifying AI systems, describing their intended purpose and context of use, defining lifecycle boundaries that matter for governance, and maintaining an AI system inventory as living management system knowledge. It does not teach generic scoping methods, AI technical foundations, risk/impact assessment methods, or operational control design as these topics are taught in other training modules. Rather, it provides the standard-specific structure needed so those activities have a reliable, shared input baseline.

Target audience

  • AI management system managers and implementers (AIMS owners, coordinators)

  • Product, engineering, and data leaders accountable for AI-enabled services

  • Governance, risk, and compliance professionals supporting ISO/IEC 42001 implementation

  • Internal auditors and assurance professionals reviewing ISO/IEC 42001 readiness or effectiveness

  • Supplier and procurement stakeholders managing AI-relevant vendor relationships (scope/inventory perspective)

  • AI management system managers and implementers (AIMS owners, coordinators)

  • Product, engineering, and data leaders accountable for AI-enabled services

  • Governance, risk, and compliance professionals supporting ISO/IEC 42001 implementation

  • Internal auditors and assurance professionals reviewing ISO/IEC 42001 readiness or effectiveness

  • Supplier and procurement stakeholders managing AI-relevant vendor relationships (scope/inventory perspective)

Agenda

What ISO/IEC 42001 needs from “scope” at the AI system level

  • AIMS scope statement vs. AI system scope clarity (what must be unambiguous)

  • Typical scoping failure modes unique to AI-enabled products and services

Defining “AI system” consistently for inventory purposes

  • AI system identification rules: standalone models, embedded features, and composite services

  • Boundaries, interfaces, and shared responsibility (provider / integrator / user contexts)

Lifecycle boundaries that matter for governance and assurance

  • Lifecycle stages as governance checkpoints (build → deploy → operate → change → retire)

  • Where lifecycle accountability usually breaks (data changes, model updates, vendor releases)

Designing the AI system inventory (ISO/IEC 42001-aligned metadata)

  • Minimum inventory fields to enable traceability (purpose, context, ownership, dependencies)

  • Linking inventory items to documented information without overengineering

Inventory governance and maintenance routines

  • Ownership model, update triggers, and version discipline for inventory integrity

  • Integrating inventory upkeep into management routines and change processes

Using the inventory as a backbone for implementation and audit-readiness

  • Traceability lines: inventory ↔ scope ↔ assessments ↔ controls ↔ monitoring/records

  • Common audit friction points and how to prevent “scope ambiguity” findings

Workshop (case-based)

  • Build an AI system inventory slice from a realistic organisational scenario

  • Define lifecycle boundaries and maintenance triggers for that inventory slice

What ISO/IEC 42001 needs from “scope” at the AI system level

  • AIMS scope statement vs. AI system scope clarity (what must be unambiguous)

  • Typical scoping failure modes unique to AI-enabled products and services

Defining “AI system” consistently for inventory purposes

  • AI system identification rules: standalone models, embedded features, and composite services

  • Boundaries, interfaces, and shared responsibility (provider / integrator / user contexts)

Lifecycle boundaries that matter for governance and assurance

  • Lifecycle stages as governance checkpoints (build → deploy → operate → change → retire)

  • Where lifecycle accountability usually breaks (data changes, model updates, vendor releases)

Designing the AI system inventory (ISO/IEC 42001-aligned metadata)

  • Minimum inventory fields to enable traceability (purpose, context, ownership, dependencies)

  • Linking inventory items to documented information without overengineering

Inventory governance and maintenance routines

  • Ownership model, update triggers, and version discipline for inventory integrity

  • Integrating inventory upkeep into management routines and change processes

Using the inventory as a backbone for implementation and audit-readiness

  • Traceability lines: inventory ↔ scope ↔ assessments ↔ controls ↔ monitoring/records

  • Common audit friction points and how to prevent “scope ambiguity” findings

Workshop (case-based)

  • Build an AI system inventory slice from a realistic organisational scenario

  • Define lifecycle boundaries and maintenance triggers for that inventory slice

Course ID:

HAM-AISSLI-1

Audience:

Auditor

Manager

Domain:

Artificial Intelligence

Available in:

English

Duration:

7 h

List price:

CHF 550

Excl. VAT. VAT may apply depending on customer location and status.

Book

Book

Book

Check in-house options

Check in-house options

Check in-house options

What you get

Learning outcomes

  • Distinguish AIMS scope definition from AI system identification, and state what must be explicit for ISO/IEC 42001 use

  • Apply consistent criteria to identify AI systems across products, embedded features, and vendor-delivered capabilities

  • Describe AI system intended purpose and context of use in a way that supports governance traceability

  • Define lifecycle boundaries and accountability points that are operationally meaningful (including change and retirement)

  • Build an ISO/IEC 42001-aligned AI system inventory structure with practical minimum metadata

  • Design ownership and maintenance routines so the inventory stays current and usable for implementation and assurance

  • Create traceability links from the inventory to downstream implementation activities without re-teaching those methods

  • Distinguish AIMS scope definition from AI system identification, and state what must be explicit for ISO/IEC 42001 use

  • Apply consistent criteria to identify AI systems across products, embedded features, and vendor-delivered capabilities

  • Describe AI system intended purpose and context of use in a way that supports governance traceability

  • Define lifecycle boundaries and accountability points that are operationally meaningful (including change and retirement)

  • Build an ISO/IEC 42001-aligned AI system inventory structure with practical minimum metadata

  • Design ownership and maintenance routines so the inventory stays current and usable for implementation and assurance

  • Create traceability links from the inventory to downstream implementation activities without re-teaching those methods

Learning materials

  • Slide deck

  • Participant workbook

  • Certificate of completion

  • Slide deck

  • Participant workbook

  • Certificate of completion

Templates & tools

  • AI system identification checklist (ISO/IEC 42001 implementation perspective)

  • AI system inventory register (fields + guidance notes)

  • Lifecycle boundary and accountability canvas (governance checkpoints)

  • Inventory governance mini-RACI (ownership and update triggers)

  • Change / retirement log template for AI systems

  • Traceability map template (inventory ↔ scope ↔ assessments ↔ controls ↔ records)

  • Optional prompt set for inventory hygiene (summarising changes, detecting inconsistencies)

  • AI system identification checklist (ISO/IEC 42001 implementation perspective)

  • AI system inventory register (fields + guidance notes)

  • Lifecycle boundary and accountability canvas (governance checkpoints)

  • Inventory governance mini-RACI (ownership and update triggers)

  • Change / retirement log template for AI systems

  • Traceability map template (inventory ↔ scope ↔ assessments ↔ controls ↔ records)

  • Optional prompt set for inventory hygiene (summarising changes, detecting inconsistencies)

Prerequisites

This module assumes general familiarity with management system implementation concepts and documented information discipline. Participants should also be comfortable with basic AI lifecycle terminology at a conceptual level (no technical depth required).

Helpful background includes:

  • Understanding of management system scope concepts and boundary thinking

  • Familiarity with registers, ownership, and change control as governance tools

  • Basic awareness of how AI-enabled capabilities are developed or sourced (build/buy/embedded)

This module assumes general familiarity with management system implementation concepts and documented information discipline. Participants should also be comfortable with basic AI lifecycle terminology at a conceptual level (no technical depth required).

Helpful background includes:

  • Understanding of management system scope concepts and boundary thinking

  • Familiarity with registers, ownership, and change control as governance tools

  • Basic awareness of how AI-enabled capabilities are developed or sourced (build/buy/embedded)

Strongly recommended preparatory modules

Governance Foundations: Role Design, Decision Rights, and Escalation in Management Systems

Learn the fundamentals of role design, decision rights, governance mechanisms, and escalation paths in management systems

7 h

Governance Foundations: Role Design, Decision Rights, and Escalation in Management Systems

Learn the fundamentals of role design, decision rights, governance mechanisms, and escalation paths in management systems

7 h

Governance Foundations: Role Design, Decision Rights, and Escalation in Management Systems

Learn the fundamentals of role design, decision rights, governance mechanisms, and escalation paths in management systems

7 h

Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems

Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.

7 h

Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems

Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.

7 h

Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems

Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.

7 h

Helpful preparatory modules

The modules below prepare for an optimal learning experience – but are not strictly necessary for participants to follow.

System Foundations: Context, Stakeholders, and System Boundaries

Understand organisational context, stakeholders, and system boundaries

7 h

System Foundations: Context, Stakeholders, and System Boundaries

Understand organisational context, stakeholders, and system boundaries

7 h

System Foundations: Context, Stakeholders, and System Boundaries

Understand organisational context, stakeholders, and system boundaries

7 h

Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge

Fundamentals of documented information control, records, and knowledge capture for management systems

7 h

Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge

Fundamentals of documented information control, records, and knowledge capture for management systems

7 h

Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge

Fundamentals of documented information control, records, and knowledge capture for management systems

7 h

AI Foundations I: AI Concepts & System Types

Learn core AI concepts, AI system types, and the technical building blocks that underpin modern AI-enabled products and services

7 h

AI Foundations I: AI Concepts & System Types

Learn core AI concepts, AI system types, and the technical building blocks that underpin modern AI-enabled products and services

7 h

AI Foundations I: AI Concepts & System Types

Learn core AI concepts, AI system types, and the technical building blocks that underpin modern AI-enabled products and services

7 h

AI Foundations II: AI Limitations, Uncertainty & Failure Modes

Understand AI uncertainty, limitations, and common failure modes across predictive and generative AI systems

7 h

AI Foundations II: AI Limitations, Uncertainty & Failure Modes

Understand AI uncertainty, limitations, and common failure modes across predictive and generative AI systems

7 h

AI Foundations II: AI Limitations, Uncertainty & Failure Modes

Understand AI uncertainty, limitations, and common failure modes across predictive and generative AI systems

7 h

Continuous learning

Follow-up modules

Follow-up modules

After completion of this module, the following modules are ideal to further deepen the participant's competence.

After completion of this module, the following modules are ideal to further deepen the participant's competence.

View all modules

View all modules

HAM-ARIA-1

AI Risk, Impact & Harm Assessment

ISO/IEC 42001: AI Risk, Impact & Harm Assessment

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-ARIA-1

AI Risk, Impact & Harm Assessment

ISO/IEC 42001: AI Risk, Impact & Harm Assessment

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-ARIA-1

AI Risk, Impact & Harm Assessment

ISO/IEC 42001: AI Risk, Impact & Harm Assessment

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-OCAI-1

Operational Control of AI Systems

ISO/IEC 42001: Operational Control of AI Systems

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-OCAI-1

Operational Control of AI Systems

ISO/IEC 42001: Operational Control of AI Systems

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-OCAI-1

Operational Control of AI Systems

ISO/IEC 42001: Operational Control of AI Systems

Domain

Text

Duration

7 h

List price

CHF 550

View module

Office scene with people standing, walking and sitting

Ready to achieve mastery?

Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.

Contact us

Office scene with people standing, walking and sitting

Ready to achieve mastery?

Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.

Contact us

Office scene with people standing, walking and sitting

Ready to achieve mastery?

Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.

Contact us