top of page
  • Writer's pictureMichael

International Standards (ISO/IEC 42001) for Artificial Intelligence: Part 4/4

Worldwide standardizations for Artificial Intelligence (AI)

  • ISO (International Organization for Standardization)

  • IEC (International Electrotechnical Commission)

 

Focus on 42001:2023 Artificial intelligence - Management System





Summary


ISO/IEC 42001:2023(E), is about providing requirements and guidance for establishing, implementing, maintaining, and continually improving an AI (artificial intelligence) management system within the context of an organization. It is intended to help organizations develop, provide, or use AI systems responsibly in pursuing their objectives and meeting applicable requirements, obligations related to interested parties, and expectations from them. The standard is applicable to any organization, regardless of size, type, and nature, which provides or uses products or services that utilize AI systems.



Key Themes


The main topics covered in the ISO/IEC 42001:2023(E) standard on Artificial Intelligence Management System include:


  1. Understanding the needs and expectations of interested parties

  2. Determining the scope of the AI management system

  3. Establishing, implementing, maintaining, and continually improving an AI management system

  4. Leadership and commitment in the context of the AI management system

  5. Development of an AI policy

  6. Compatibility with other management system standards

  7. Introduction to the challenges and responsibilities related to AI systems

  8. Documentation of AI system design and development


These topics encompass the essential aspects of managing AI systems within an organization, including leadership, policy development, and alignment with other management system standards. SO/IEC 42001:2023(E) is a standard that provides requirements and guidance for establishing, implementing, maintaining, and continually improving an AI (artificial intelligence) management system within the context of an organization. The standard is intended to help organizations develop, provide, or use AI systems responsibly in pursuing their objectives and meeting applicable requirements, obligations related to interested parties, and expectations from them. The standard covers a wide range of topics related to AI management systems, including understanding the needs and expectations of interested parties, determining the scope of the AI management system, establishing, implementing, maintaining, and continually improving an AI management system, leadership and commitment in the context of the AI management system, development of an AI policy, compatibility with other management system standards, introduction to the challenges and responsibilities related to AI systems, documentation of AI system design and development, and normative references.





Parties and Stakeholders


One of the key aspects of the standard is the emphasis on understanding the needs and expectations of interested parties. This includes identifying the stakeholders who are affected by the AI system and determining their needs and expectations. This information is then used to determine the scope of the AI management system and to establish the policies and procedures necessary to meet the needs and expectations of interested parties. Another important aspect of the standard is the requirement for leadership and commitment in the context of the AI management system. This includes the need for top management to demonstrate their commitment to the AI management system and to provide the necessary resources and support to ensure its success. It also includes the need for leadership to establish a culture of responsibility and accountability within the organization. The standard also provides guidance on the development of an AI policy. This policy should outline the organization's approach to AI and should include the principles and values that guide the organization's use of AI. It should also include the roles and responsibilities of those involved in the development, deployment, and maintenance of the AI system.

Integration with other standards


Integration with other Standards


Compatibility with other management system standards is another important aspect of the standard. The AI management system should be compatible with other management system standards, such as ISO 9001 (quality management) and ISO 27001 (information security management). This ensures that the AI management system is integrated into the overall management system of the organization and that it is aligned with the organization's objectives and goals.


  • ISO/IEC 42001:2023(E) references several other ISO standards that are relevant to the development and implementation of an AI management system. These standards include:

  • ISO 9001:2015 - Quality management systems - Requirements: This standard provides requirements for a quality management system and is applicable to any organization, regardless of size, type, and nature.

  • ISO 9001:2015 provides a framework for organizations to ensure that their products and services consistently meet customer requirements and that they continually improve their processes.

  • ISO/IEC 27001:2013 - Information technology - Security techniques - Information security management systems - Requirements: This standard provides requirements for an information security management system (ISMS) and is applicable to any organization, regardless of size, type, and nature. ISO/IEC 27001:2013 provides a framework for organizations to manage and protect their information assets and to ensure the confidentiality, integrity, and availability of information.

  • ISO/IEC 29100:2011 - Information technology - Security techniques - Privacy framework: This standard provides a framework for organizations to manage privacy risks related to the processing of personal data. ISO/IEC 29100:2011 is applicable to any organization that processes personal data, regardless of size, type, and nature.

  • ISO/IEC 5259-1:2016 - Information technology - Data quality - Part 1: Overview and general principles: This standard provides an overview of data quality and general principles for managing data quality. ISO/IEC 5259-1:2016 is applicable to any organization that manages data, regardless of size, type, and nature.

  • ISO/IEC 31010:2019 - Risk management - Risk assessment techniques: This standard provides guidance on risk assessment techniques and is applicable to any organization, regardless of size, type, and nature. ISO/IEC 31010:2019 provides a framework for organizations to identify, assess, and manage risks related to their activities.



Challenges, objectives, and goals


The standard also introduces the challenges and responsibilities related to AI systems. These challenges include the need to ensure the safety and reliability of the AI system, the need to protect the privacy and security of data, and the need to ensure that the AI system is transparent and accountable. The responsibilities of organizations using AI systems include the need to ensure that the AI system is developed and used in a responsible and ethical manner, the need to ensure that the AI system is compatible with legal and regulatory requirements, and the need to ensure that the AI system is aligned with the organization's values and principles.

ISO/IEC 42001:2023(E) ensures that the AI management system is integrated into the overall management system of the organization and that it is aligned with the organization's objectives and goals. These standards provide a framework for organizations to manage quality, information security, privacy, data quality, and risk, which are all important aspects of developing and implementing an AI management system.





Documentation


Documentation of AI system design and development is another important aspect of the standard. This includes the need to document the design and development of the AI system, including the algorithms and data used in the system. It also includes the need to document the testing and validation of the AI system to ensure that it is safe, reliable, and effective. Finally, the standard includes normative references to other documents that are relevant to the development and implementation of an AI management system. These references include documents related to quality management, information security management, and risk management.





Legal considerations


ISO/IEC 42001:2023(E) is a voluntary standard, meaning that organizations are not legally required to comply with its requirements. However, organizations may choose to adopt and implement the standard to demonstrate their commitment to responsible and ethical development and use of AI systems. Additionally, compliance with ISO/IEC 42001:2023(E) can provide organizations with a framework for managing the challenges and responsibilities related to AI systems, thereby enhancing their credibility and trustworthiness in the marketplace. While compliance with ISO/IEC 42001:2023(E) is voluntary, organizations may choose to undergo certification by a third-party certification body to demonstrate their conformity to the standard. Certification involves an independent assessment of an organization's AI management system to ensure that it meets the requirements specified in ISO/IEC 42001:2023(E).


If the organization's AI management system is found to be in compliance with the standard, it may receive a certificate of conformity, which can be used to communicate its commitment to responsible AI development and use to stakeholders, customers, and other interested parties. It's important to note that certification to ISO/IEC 42001:2023(E) is not a legal or regulatory requirement, but rather a voluntary initiative that organizations may undertake to demonstrate their adherence to best practices in AI management. Additionally, while certification can provide external validation of an organization's AI management system, the decision to seek certification is ultimately at the discretion of the organization and its leadership. In summary, ISO/IEC 42001:2023(E) is enforced through voluntary adoption and implementation by organizations, and certification by third-party certification bodies can provide independent validation of an organization's conformity to the standard.


Conclusions


In conclusion, ISO/IEC 42001:2023(E) provides a comprehensive framework for the development, implementation, and maintenance of an AI management system within an organization. The standard emphasizes the need for understanding the needs and expectations of interested parties, leadership and commitment, the development of an AI policy, compatibility with other management system standards, the challenges and responsibilities related to AI systems, documentation of AI system design and development, and normative references. By following the requirements and guidance provided in the standard, organizations can develop and use AI systems in a responsible and ethical manner, while meeting the needs and expectations of interested parties and achieving their objectives.



17 views

Comments

Couldn’t Load Comments
It looks like there was a technical problem. Try reconnecting or refreshing the page.

BOTS of LONDON town

bottom of page