AI Impact Assessment Forensic Audit

A deep-dive technical checklist for ISO/IEC 42001:2023 Annex B.4 alignment.

1. System Context & Algorithmic Intent

Documented Intended Use & Limitations Is there a formal record of what the system is (and is NOT) designed to do? (A.8.1)

External AI Resource Mapping Are all 3rd-party models, APIs, and libraries inventoried for Clause 8.6?

Infrastructure Security Controls Is the hosting environment aligned with ISO 27001 requirements for AI?

Training Data Lineage Do you have a verifiable forensic trail of training, test, and validation sets? (A.9.1)

Data Poisoning Defense Are STRIDE "Tampering" mitigations implemented to prevent training set corruption?

Privacy-Preserving Pre-processing Are PETs used to sanitize PII from training sets before ingestion?

Spoofing & Identity Verification Are inputs verified to prevent synthetic identity or deepfake-based spoofing?

Information Disclosure Mitigations Are safeguards in place to prevent model inversion and membership inference?

Denial of Service Resilience Is the system resilient against prompt-injection massive resource exhaustion?

High-Risk Impact Assessment Is there an AIIA documented for decisions affecting health, safety, or legal status?

Stakeholder Harm Mapping Have potential harms to marginalized or vulnerable groups been quantified?

Transparency & Notification Are users actively notified when an AI-driven decision impacts them?

Mechanism for Redress Is there a formal path for individuals to challenge AI decisions?

Human Override Protocols Can a qualified human operator override non-deterministic model results?

Adversarial Drift Detection Are there detective controls to identify performance shifts over time?

Continuous AIIA Updates Is the impact assessment re-triggered when the model is re-evaluated?

COMPLIANCE MATURITY 0%

Complete the technical checklist to see your ISO 42001 positioning.