CompTIA CY0-001 Exam - Topic 4 Question 5 Discussion

Basic Concept: ISO develops international standards for management systems across various domains. For organizations seeking third-party certification demonstrating commitment to responsible AI governance practices, the appropriate ISO standard must specifically address AI management systems. CompTIA SecAI+ Exam Objectives cover ISO standards relevant to AI governance under Domain 4.

Why D is Correct: ISO 42001 is the International Standard for Artificial Intelligence Management Systems (AIMS). It provides a framework for establishing, implementing, maintaining, and continually improving an AI management system within organizations. ISO 42001 certification provides third-party assurance specifically for responsible AI practices including risk management, transparency, human oversight, and ethical AI governance --- directly answering the question.

Why A is Wrong: ISO 20000 is the standard for IT Service Management (ITSM). It provides requirements for establishing and maintaining a service management system for IT services. It does not address AI governance or responsible AI practices.

Why B is Wrong: ISO 27001 is the standard for Information Security Management Systems (ISMS). It addresses general information security risk management, not AI-specific governance or responsible AI practices such as fairness, transparency, and AI lifecycle management.

Why C is Wrong: ISO 27701 extends ISO 27001 to address Privacy Information Management (PIMS), covering personal data protection requirements aligned with GDPR. While relevant to data privacy in AI systems, it does not specifically certify responsible AI governance practices.