ISO/IEC 42005

Gamut supports AI system impact assessment aligned to ISO/IEC 42005, with guidance organised around the standard’s clause headings and themes.

Does not replace the standard

Gamut provides impact-assessment guidance aligned to clause headings and themes. It does not reproduce ISO standard text and does not replace a licensed copy of the standard. Work from a licensed copy of ISO/IEC 42005.

What ISO/IEC 42005 covers

ISO/IEC 42005 addresses AI system impact assessment: understanding and documenting the potential consequences of an AI system on individuals, groups and society, and how those impacts are managed. It complements the management-system focus of ISO/IEC 42001, and underpins the Fundamental Rights Impact Assessment work in EU AI Act readiness.

The five sections

Gamut organises ISO/IEC 42005 work into five sections that follow the standard’s flow from setting up the process to documenting impacts and measures.

Section	Clauses	What it covers
Process foundation	5.1 to 5.3	Establishing and documenting the impact-assessment process and integrating it with other processes.
Governance & triggers	5.4 to 5.7	Timing, scope, responsibilities and thresholds for sensitive or restricted uses.
Execution & review	5.8 to 5.12	Performing the assessment, analysing results, approval, recording and review.
Documentation content	6.1 to 6.6	The information an impact assessment should contain, including AI system information and data quality.
Impacts & measures	6.7 to 6.9	Interested parties, actual and foreseeable impacts, and measures to address harms and benefits.

How Gamut helps

• Structured impact assessment organised around the standard’s five sections.
• Reuse of intake context, so impact assessment builds on what intake already captured: purpose, users, data exposure, oversight and potential impact.
• Model cards that document model-level characteristics relevant to impact. See Model cards.
• Evidence and findings to record and manage identified impacts.

How you use it

1. Run intake so the system’s context is captured.
2. Start an ISO/IEC 42005-aligned impact assessment.
3. Work through the five sections, recording rationale and evidence.
4. Capture findings for impacts that need management, and track remediation.

Crosswalk

Impact assessment supports EU AI Act FRIA work and aligns with ISO/IEC 42001 clause 6 and GTSAF (every GTSAF control carries ISO/IEC 42005 anchors). See Frameworks overview.

Next

• Model cards, document model-level characteristics.
• ISO/IEC 42001, the management-system companion standard.