ISO 42001 - Control A.Control A.8.5 – Information for Interested Parties
](/assets/img/ru_52png)
Control A.8.5 – Information for Interested Parties
In todays article by Kimova AI, we examine Annex A Control A.8.5 – Information for Interested Parties, a control that reinforces structured transparency and accountability within an AI Management System (AIMS). From an ISMS auditor’s perspective, this control ensures that relevant stakeholders are not only identified—but are provided with appropriate information regarding AI-related risks, controls, and impacts.
While earlier controls address documentation and reporting, A.8.5 focuses specifically on ensuring that interested parties receive information necessary to understand how AI systems may affect them and how risks are managed.
Purpose of Control A.8.5
Control A.8.5 requires organizations to determine:
- What information relevant interested parties need
- When and how that information should be communicated
- How the organization ensures the information remains accurate and up to date
The objective is to support transparency, accountability, and trust in AI systems.
Who Are “Interested Parties”?
Interested parties may include:
- Customers and users
- Employees
- Regulators and supervisory authorities
- Business partners and suppliers
- Individuals affected by AI-driven decisions
- Investors or oversight bodies
ISO/IEC 42001 expects organizations to formally identify these parties and understand their information expectations.
Why This Control Matters
Failure to provide relevant information can result in:
- Misuse or misunderstanding of AI systems
- Regulatory non-compliance
- Reputational damage
- Reduced stakeholder trust
- Increased legal exposure
As auditors, we frequently see organizations underestimate stakeholder information needs—especially when AI systems directly influence decisions impacting individuals.
Key Requirements Under Annex A Control A.8.5
To demonstrate conformity, organizations should ensure that:
- Information Needs Are Assessed
Stakeholder information requirements are systematically identified and documented.
- Communication Methods Are Defined
Clear channels (policies, reports, notices, dashboards, contractual disclosures) are established.
- Information Is Clear and Understandable
Communication avoids unnecessary technical complexity while remaining accurate.
- Updates Are Managed
When AI systems change significantly, stakeholders are informed appropriately.
- Records Are Maintained
Evidence of communication and stakeholder engagement is documented.
Practical Implementation Guidance
Organizations can implement Control A.8.5 effectively by:
-
Maintaining an interested parties register within the AIMS
-
Linking stakeholder information requirements to AI risk assessments
-
Aligning AI communications with corporate governance and ISMS practices
-
Reviewing stakeholder expectations during management reviews
-
Ensuring cross-functional collaboration between compliance, legal, technical, and communications teams
At Kimova AI, we support organizations in structuring stakeholder communication frameworks that align with ISO/IEC 42001 while strengthening AI transparency and governance maturity.
Conclusion
Annex A Control A.8.5 emphasizes a key governance principle: AI systems operate within an ecosystem of stakeholders who require clear and relevant information.
By systematically identifying and addressing stakeholder information needs, organizations reinforce accountability, trust, and compliance with ISO/IEC 42001.
In tomorrow’s article by Kimova.AI, we’ll explore Annex A Control A.9.1 – Use of AI Systems, where we’ll explore how organizations can ensure AI systems are used responsibly, securely, and in alignment with defined policies, legal requirements, and ethical principles.