• integrated_82#Q4.16

RAIDT connects to ISO/IEC 42001 by supplying the evidentiary layer that a management system needs but does not itself fully standardise for one configured generative-AI use. The motivation paper argues that ISO/IEC 42001 routinises AI governance through documented information, internal controls, corrective action, and continuous improvement, while the accountability paper shows why this is still insufficient if the organisation cannot reconstruct a specific run after the event. Generative AI behaviour is materially shaped by prompts, retrieval settings, tool use, and review steps. For that reason, RAIDT treats run as the unit of governance and provides a bounded proof object for each important use rather than relying only on system-level artefacts.

The connection is also managerial. ISO/IEC 42001 expects governance to be documented, monitored, and reviewable across teams, suppliers, and functions. RAIDT makes that expectation operational through the run-level evidence pack, the score profile, and the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability). These artefacts support internal audit sampling, procurement comparison, exception handling, and organisational learning. They also explain why influence methods as governance interventions matter: structured prompting, retrieval augmentation, PEFT/LoRA, and preference-based alignment can change the evidence profile of a run, so governance cannot be inferred from model documentation alone. RAIDT therefore connects ISO's management-system logic to the live socio-technical configuration in which risk, oversight, and accountability are actually enacted.

In cybersecurity incident triage, an analyst may use a generative AI assistant configured with a structured prompt, approved threat-intelligence retrieval, and preference constraints that discourage unsafe action. ISO/IEC 42001 would expect documented controls, monitoring, and corrective action, but RAIDT shows what that means for this one use. The run-level evidence pack records the prompt version, retrieval snapshot identifiers, model configuration, safety filters, output hash, and repeat-run stability checks. The score profile highlights whether Dependability and Traceability are strong enough for operational use.

If repeated runs show unstable advice, the evidence anchors may leave Dependability at 3 rather than 5. That finding gives managers and auditors a defensible basis to pause deployment, tighten the prompt and filters, and treat the change as a corrective-action cycle within the AI management system.

• 10-RAIDT_Policy_Pathways_M_V50
• 14-RAIDT-Policy-Motivation_M_v11
• 16-RAIDT-Audit-Accountability_M_v05