ISO 42001 - Planning of Changes (Clause 6.3)

ISO 42001: Planning of Changes (Clause 6.3) with TurboAudit by [Kimova AI](https://kimova.ai)

In any AI-enabled organization, change is constant—whether it’s the introduction of a new model, integration of external data sources, changes to organizational structure, or the adoption of new regulations. Clause 6.3 of ISO/IEC 42001 addresses how organizations should plan and manage these changes in a structured and responsible manner.

This clause ensures that the AI Management System (AIMS) remains robust and effective even as technologies, risks, and business objectives evolve.

What Clause 6.3 Requires

Clause 6.3 states that when the organization determines the need for changes to the AIMS, those changes must be carried out in a planned manner. The planning process must consider:

  • The purpose of the change and its potential consequences
  • The integrity of the AIMS
  • The availability of resources
  • The allocation or reallocation of responsibilities and authorities

In essence, this clause is about anticipating the impact of changes before they are implemented—and ensuring that governance, controls, and objectives remain aligned.

Why This Clause Matters in AI Contexts

In AI, even small changes can have significant downstream effects. For example:

  • Replacing a dataset may alter model outcomes or introduce new biases.
  • Switching model types may affect explainability or performance in critical areas.
  • Regulatory changes might impose new documentation or risk assessment requirements.

Uncontrolled changes can lead to:

  • Non-compliance with legal or ethical commitments
  • System failures or inaccurate predictions
  • Erosion of trust in AI outcomes
  • Confusion over ownership or accountability

Planning change carefully ensures that AI systems remain stable, compliant, and aligned with your governance framework—even in the face of constant evolution.

Examples of Planned Changes in Practice

Here are a few types of changes where Clause 6.3 applies:

Type of Change Planning Considerations
Deployment of a new high-risk AI system Ensure the scope of AIMS is still valid, update risk assessments, assign new responsibilities
Organizational restructuring Re-evaluate accountability for AI governance across departments
Updating AI lifecycle procedures Confirm consistency with the AI policy and communicate changes to affected staff
Changing cloud infrastructure or vendors Assess data protection implications and integration with existing controls

How to Apply Clause 6.3 Effectively

  1. Establish a formal change management process for the AIMS—this should integrate with your general IT or business change management procedures.
  2. Document all proposed changes and evaluate them for risks, resource needs, and effects on roles and responsibilities.
  3. Engage relevant stakeholders early, particularly those responsible for compliance, data governance, or technical integrity.
  4. Update documentation: If processes, responsibilities, or risks change, ensure those updates are reflected in policies, risk registers, or objectives.
  5. Communicate changes clearly across the organization to prevent confusion or unintended nonconformities.

Common Mistakes to Avoid

  • Making unplanned or informal updates to AI-related processes
  • Failing to assess the downstream impact of technical or organizational changes
  • Not updating the AIMS documentation when responsibilities or scope shift
  • Overlooking the training or support needs related to change

Conclusion

Clause 6.3 emphasizes that sustainable AI governance depends on stability through change. In dynamic environments, it’s not enough to have a strong AI Management System—you must ensure that it continues to function effectively as the organization, technologies, and context evolve.

When handled properly, change is not a threat—it’s an opportunity to strengthen the system and respond responsibly to new realities.


In tomorrow’s article, we’ll begin exploring Clause 7: Support, starting with Clause 7.1: Resources—how to ensure your organization allocates the people, tools, and infrastructure needed to operate an effective AIMS.


Stay tuned, and subscribe if you haven’t already—this journey through ISO 42001 is just the beginning.

Ready to experience the future of auditing? Explore how TurboAudit can transform your audit process. Visit Kimova.ai to learn more and see the power of AI auditor assistance in action.

Try Ask AIMS for Free