SAIHM × ISO/IEC 42001:2023 crosswalk
ISO/IEC 42001:2023 — Information technology — Artificial intelligence — Management system (December 2023) is the first international standard for an Artificial Intelligence Management System (AIMS). It defines requirements for establishing, implementing, maintaining, and continually improving an AIMS, with Annex A specifying controls and objectives.
SAIHM is a protocol (not a management system). The crosswalk shows where SAIHM mechanisms become evidence inside an AIMS audit: clause-by-clause and control-by-control.
Management system clauses (4—10)
| Clause | SAIHM mechanism (evidence at audit time) |
|---|---|
| 4 Context of the organization. Understand internal/external issues and interested parties. | SAIHM positions as the memory layer for AI agents; six crosswalks (NIST AI RMF, ISO 27001, EU AI Act, GDPR Art.17, MCP, and this one) document context. Interested parties: holders, operators, regulators, chain participants. |
| 5 Leadership. AI policy; roles, responsibilities, authorities. | Wallet-bound holder identity gives unambiguous responsibility allocation: the holder controls the cell; the operator stores ciphertext only. Sharing contracts allocate read authority explicitly. |
| 6 Planning. Risks, opportunities, AI objectives. | Cryptographic erasure (saihm_forget) provides a planned, reversible-only-by-design risk treatment. KEK rotation is versioned for cryptographic agility planning. |
| 7 Support. Resources, competence, awareness, communication, documented information. | Apache-2.0 reference implementation (@saihm/mcp-server); public documentation at /docs; public protocol specification (Internet-Draft draft-saihm-memory-protocol-00); audit log on-chain. |
| 8 Operation. Operational planning, impact assessments, life cycle. | Cell life-cycle is explicit: remember → recall → share / revoke_share → forget. Each transition emits a signed receipt anchored on-chain. |
| 9 Performance evaluation. Monitoring, measurement, analysis, audit, management review. | saihm_status dashboards (PRS, BFSI, storage by tier, sharing, governance). On-chain receipts are the audit record — tamper-evident, time-stamped, signed. |
| 10 Improvement. Nonconformity, corrective action, continual improvement. | Public governance: saihm_governance_propose + saihm_governance_vote. KEK rotation supports cryptographic improvement. Apache-2.0 reference implementation accepts PRs. |
Annex A controls (high-impact subset for AI memory)
| Control | SAIHM mechanism |
|---|---|
| A.2 Policies related to AI. | SAIHM POLICY and STRATEGY cells (on chain, signed, hash-anchored). Six public crosswalks. Apache-2.0 license. |
| A.3 Internal organization — roles and responsibilities. | Holder vs operator separation enforced cryptographically (not by policy). HKDF derivation chain documented. |
| A.4 Resources — data, tooling, computing, human. | Storage-tier shard orchestrator (GC-5) reports FILECOIN tier usage; chain audit anchor on COTI V2 mainnet (chain ID 2632500). |
| A.5 Assessing impacts of AI systems. | Six crosswalks (NIST AI RMF, ISO 27001, EU AI Act, GDPR Art.17, MCP, this one) compose a system-impact dossier. |
| A.6.1 AI system life cycle. | Cell lifecycle is the protocol; every transition signed and audit-anchored. |
| A.6.2 Risk management throughout the life cycle. | Erasure (saihm_forget), revocable sharing (saihm_revoke_share), KEK rotation, governance vote — each is a documented risk-treatment lever. |
| A.7 Data for AI systems — integrity, quality, provenance, privacy. | Per-cell signature (ML-DSA-65, FIPS-204) covers integrity; encryption-before-egress covers privacy; chain receipts cover provenance. |
| A.8 Information for interested parties. | Public site, public protocol spec (I-D in preparation), public block explorer (cotiscan.io), public source on npm. |
| A.9 Use of AI systems — intended use, monitoring, withdrawal. | Cryptographic erasure is the formal withdrawal action; saihm_status is the monitoring instrument. |
| A.10 Third-party and customer relationships. | Operator-honest-but-curious threat model; ciphertext-only at the operator side; revocable sharing contracts for third-party access. |
Annex A is informative; specific controls selected per the AIMS scoping statement. SAIHM evidence is durable (on-chain receipts), independent (public chain, public source), and reproducible (signatures verifiable from public keys).
How to cite SAIHM in a 42001 audit dossier
- Reference this crosswalk URL.
- Attach the Internet-Draft
draft-saihm-memory-protocol-00(in preparation; protocol spec). - Reference the reference implementation:
npx @saihm/mcp-server(Apache 2.0). - For each Annex A control, attach the relevant on-chain receipt id (cell id + tx hash) as the evidence artefact.