Management Review Deck Template (ISO/IEC 42001 §9.3)

Management Review Deck Template (ISO/IEC 42001 §9.3)

Zen AI Governance — Knowledge Base Templates & Toolkits Updated 20 Nov 2025 www.zenaigovernance.com ↗

Management Review Deck Template (ISO/IEC 42001 §9.3)

ISO 42001 Management Review Executive Governance Pack
+ On this page
Key takeaways
  • The Management Review is mandatory for ISO 42001 certification and must be documented.
  • Deck must show inputs (audits, risks, KPIs, incidents) and outputs (actions, decisions, changes).
  • Audit teams will request evidence of review, attendance, and decision follow-up.

Purpose & Objectives

The Management Review ensures that the AIMS remains effective, aligned with organisational priorities, and compliant with regulatory obligations. It provides leadership with insights into risks, compliance posture, and improvement needs.

ISO 42001 Required Inputs (§9.3)

The following inputs are mandatory:

  • ✔️ Audit results & non-conformities (NCs)
  • ✔️ Progress of previous actions
  • ✔️ Changes in external/internal issues (e.g., EU AI Act updates)
  • ✔️ AI objectives & KPIs (performance, safety, fairness, robustness)
  • ✔️ Trends in complaints, incidents, and serious harms
  • ✔️ Supplier performance (third-party model/API vendors)
  • ✔️ Risk register status & residual risk levels
  • ✔️ Post-market monitoring outcomes

Slide-by-Slide Deck Structure

Slide #TitleDescription
1Opening & AgendaChair, objectives, agenda items.
2AIMS OverviewScope, AI products covered, org changes.
3External & Internal ChangesRegulatory, market, risk environment changes.
4Audit Results & NC DashboardOpen/closed NCs, thematic findings.
5Risk Register SummaryTop residual risks, trends, mitigation progress.
6AI System KPIsAccuracy, drift, robustness, fairness metrics.
7Incident & PMM OverviewSEV-1/2 incidents, CAPA progress.
8Supplier & Third-Party ReviewSLAs, performance, risk flags.
9Resourcing & CompetenceTraining completion, gaps, role needs.
10Objectives ProgressProgress against annual AIMS objectives.
11Summary & Required DecisionsActions, approvals, changes required.
12Action Log & OwnersAssigned actions, due dates.

AIMS KPIs & Dashboards

The deck must include the following KPIs:

  • Model Accuracy: last 12 months trend
  • Model Drift: deviation from baseline
  • Bias Metrics: demographic parity, equalized odds
  • Safety/Robustness: adversarial test results
  • Incident Rate: SEV-1 to SEV-4 count
  • Audit NC Closure Rate
  • Supplier SLA Breaches
  • Training & Competence Completion

Outputs & Required Decisions

ISO 42001 requires documented outputs including:

  • ✔️ Continual improvement actions
  • ✔️ Updated risk ratings
  • ✔️ Required adjustments to AIMS scope
  • ✔️ Updated resources, training, or staffing needs
  • ✔️ Approval of policy or procedural updates
  • ✔️ CAPA and follow-up actions

CSV Templates

A) Action Log CSV 
Action_ID,Description,Owner,Due_Date,Status,Evidence_ID,Category
B) KPI Snapshot CSV 
Date,Accuracy,Drift,Bias_Score,SEV1_Incidents,NC_Open,NC_Closed,Training_Completion

Example Completed Deck

Meeting_Number: MR-2025-Q4
Chair: AI Governance Board Lead
Top Risks: Drift (Score 12), Bias (Score 15)
Incidents: 1 SEV-2, 0 SEV-1
Decisions: Extend dataset audit; retraining approved; policy update required.
Actions: A-2025-019 Owner: ML Ops Lead Due: 2025-12-15

Framework Alignment

FrameworkReferenceRelevance
ISO/IEC 42001§9.3Management Review requirements
NIST AI RMFGovern FunctionOversight & accountability mechanisms
EU AI ActArt. 17, Annex IVProvider oversight & post-market analysis
UK DSIT AI PrinciplesPrinciple 6Governance, transparency & accountability

© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 20 Nov 2025 • This page is general guidance, not legal advice.