heino1.github.io-AI-management

ISO/IEC AI Risk Management Standards

ISO/IEC 23894 - AI Risk Management

ISO/IEC 23894 is an international standard published in February 2023 that offers strategic guidance to organizations across all sectors for managing risks connected to the development and use of artificial intelligence.

Key Features

• Provides guidance on integrating risk management into AI-driven activities and business functions
• Offers concrete examples of effective risk management implementation throughout the AI development lifecycle
• Provides detailed information on AI-specific risk sources
• Can be customized to any organization and its business context

Alignment with Existing Standards

ISO/IEC 23894 builds upon established risk management principles:

• Uses ISO 31000:2018 as its reference point for principles, frameworks, and processes
• Relies on generic risk management principles for approaching AI risks
• References ISO Guide 73:2009 Risk Management Vocabulary
• References ISO/IEC 22989 (Information Technology – Artificial Intelligence – Concepts & Technology)

Managing Risk in the AI Lifecycle

The standard recognizes that AI systems operate on a more complex level than other technologies, resulting in a greater number of risk sources:

• AI systems introduce new or emerging risks for organizations
• These risks can have positive or negative implications for strategic objectives
• AI can change existing risk profiles

A key component of the standard is Annex C, which provides a comprehensive functional mapping of risk management processes across the AI system lifecycle. This serves as the primary tool for implementing risk management principles, processes, and frameworks that can be adapted to any organization.

ISO/IEC 42001 - AI Management Systems

ISO/IEC 42001:2023 is the world’s first AI management system standard, providing valuable guidance for this rapidly changing field of technology.

Key Focus Areas

• Ethics
• Transparency
• Accountability
• Bias mitigation
• Safety
• Privacy

The standard covers essential elements of AI development and deployment, helping organizations manage risk and use AI responsibly while balancing innovation, governance, and ethics.

Relationship Between Standards

These ISO/IEC standards complement other frameworks like the NIST AI Risk Management Framework, providing international perspectives and approaches to AI risk management. Together, they form a comprehensive set of guidelines that organizations can use to develop responsible AI practices.

Sources

• AI Standards Hub: https://aistandardshub.org/a-new-standard-for-ai-risk-management/
• ISO: https://www.iso.org/standard/77304.html
• ISO: https://www.iso.org/standard/81230.html