AssuranceLab’s Post

🔍 Guidance for Implementing AI Governance: ISO42001, ISO23894, ISO42005, and ISO5338 🔎 I continue to have conversations with leaders who are beginning their AIMS journey and aren't quite sure how all the pieces of the ISO puzzle fit together. Though there are MANY ISO guidance, reference, and standards documents that offer incredible value to organizations, I find that a handful of resources continue to take focus in these dialogs. ➡ ISO42001 establishes the framework for an AI Management System (AIMS), ensuring that your organization implements processes to govern AI systems effectively. It focuses on establishing policies and accountability for responsible AI use. ➡ISO23894 guides you through conducting AI Risk Assessments, helping you identify and manage operational and ethical risks your AI systems might introduce. ➡ISO42005 addresses the need for AI System Impact Assessments (AI-SIA). This standard ensures your organization evaluates the societal and ethical impacts of your AI systems on individuals and communities. ➡ISO5338 provides a structured approach for managing the AI Lifecycle, from the design stage to decommissioning. It ensures that AI systems are continuously monitored, updated, and managed throughout their entire lifecycle, addressing changes in risk or functionality as they occur. ⚙ Interrelationship of the Standards: - ISO 42001 helps you govern AI with clear accountability. - ISO 23894 ensures you assess and mitigate risks related to your AI. - ISO 42005 encourages you to consider the societal impacts of your AI systems. - ISO 5338 supports lifecycle management, ensuring that your AI systems remain effective and responsible over time. As I said, understanding how to leverage these tools can seem overwhelming, but it’s a worthwhile effort. By using these standards together, your organization can begin building and ensuring comprehensive governance, continuous risk management, and a lifecycle approach to AI systems management, bringing order to what would otherwise be chaos. As always, for help getting started, please reach out! NOTE: I did not reference above, but want to ensure you have access to the Rosetta Stone of AI Vocabulary (from ISO's perspective), ISO22989. It can be downloaded for free from the link below. 🌐 https://lnkd.in/gxCRGVFh A-LIGN #iso42001 #TheBusinessofCompliance #ComplianceAlignedtoYou

ISO - International Organization for Standardization PECB #artificialintellgence #ISO42001 #AIMS Now I'm a PECB certified ISO 42001 Artificial Intelligence Management Systems Implementer . ISO/IEC 42001 course equip individuals with the competencies needed to plan, develop, implement, maintain, and improve AI management systems within organizations. An effective AIMS enables organizations to utilize the full potential of AI in an era where technological adaptation is synonymous with progress and success. Additionally, it helps organization maintain a competitive edge in the constantly changing tech and business environment. If you have any question , I am always happy to answer

Spring Cleaning for Your Business: New ISO Standards Explained Spring has arrived, bringing sunshine, birdsong, and fresh breezes. But just like your home needs a spring cleaning, your business processes might need a refresh too! The International Organization for Standardization (ISO) has been busy this season, introducing new standards and updating existing ones, including ISO Standard Changes that could impact your organisation. Don't Wait! Contact Risk Evolves Today For A Consultation on meeting the new ISO standards and explore how ISO 42001 can help your business thrive in the age of AI. #ISO #certification #standards #ISO42001 #AI

As ISO 42001 continues to be a topic of discussion, you might have a few questions. Rest assured, we have some answers that can help you on your infosec journey. ❓What is ISO 42001 and why is it important? ❓ It's a certifiable international standard providing guidelines for building and managing AI tools. Compliance with ISO 42001 allows companies to communicate to their customers, prospects, and stakeholders that they adhere to the highest standards in AI use and development. ❓Who Needs ISO 42001 Compliance? ❓ AI Producers, Service Providers and customers/users. ISO 42001 can apply to any business interacting with others in this ecosystem. ❓How To Get ISO 42001 Certification: How Easy Is It? ❓ There are several steps to gain certification. This includes gap analysis, implementation of ISO 42001 controls, an internal audit, and lastly, an external audit. You might be interested in ISO 42001 for your business or you might have more questions about this newer framework. Our FAQ has more answers that will help prepare you for ISO 42001 readiness and how Rhymetec can help. https://hubs.li/Q02PZpRr0

What are your thoughts…? As with other National Institute of Standards and Technology (NIST) and ISO - International Organization for Standardization standards, how will this be implemented? Will existing standards and GRC practices need to be updated?

Hearing a lot about ISO 42001 but don't know what it is? ISO 42001 might sound like a mouthful, but Leah Eubanks breaks it down in a way that's easy to understand in our newest YouTube video! Please like, share, and subscribe! #newyoutubevideo #iso42001 #whatisiso42001 #ai #security #dataprivacy https://lnkd.in/enXDVznd

Interesting insight to the potential changes to the ISO 9001 standard.

Do you want to know the basics of how you can work with AI in a safe and controlled way, check out ISO/ IEC 42001 This latest standard offers a systematic approach to addressing the challenges associated with AI implementation in a recognized management systems framework. It covers areas such as ethics, accountability, transparency and data privacy.

Finally no AI generated image for this ISO 13485 interpretation series! I just thought a small image may be pretty helpful here. According to section 4.2.2, the QM manual shall out line the structure of documentation. You often see more or less useful pyramids or all kinds of different visualisations for it. The overview in the image is one of the more useful that I’ve come across or come up with myself. You have 3 levels: 1. strategic: top management sets the overall direction of the company 2. specification: the leadership/process responsible implement SOPs 3. operational: the processes are being used to operate the company, develop devices, and generate the necessary documentation/records This was inspired by a book on systems thinking for risk management. The different layers have very different paces for their day to day work. So it’s most important to define the interfaces. The documents listed in type of information is the top-down-interface. The bottom-up-interface (which is not listed in that table) is about the reporting that is being done, e.g. via KPIs. So, this table does not only depict the structure of documentation, but also of the QMS in total. Curious to hear what y'all think about that? --- This is a post from my series on ISO 13485 interpretation with focus on SaMD. Please consider following me if that post is interesting to not miss the next ones.

ISO 42001 is the world's first 𝗔𝗜 𝗰𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻. Here is a rundown of the 9 objectives and 38 controls. 👇 𝗚𝗲𝘁 𝘁𝗵𝗲 𝗙𝘂𝗹𝗹 𝗖𝗼𝘂𝗿𝘀𝗲 - 𝗳𝗼𝗿 𝗙𝗥𝗘𝗘 --- 𝗧𝗛𝗘 𝟵 𝗜𝗦𝗢 𝟰𝟮𝟬𝟬𝟭 𝗢𝗕𝗝𝗘𝗖𝗧𝗜𝗩𝗘𝗦 𝗔.𝟮: 𝗣𝗼𝗹𝗶𝗰𝗶𝗲𝘀 𝗥𝗲𝗹𝗮𝘁𝗲𝗱 𝘁𝗼 𝗔𝗜 To provide management direction and support for AI systems according to business requirements. 𝗔.𝟯: 𝗜𝗻𝘁𝗲𝗿𝗻𝗮𝗹 𝗢𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻   To establish accountability within the organization to uphold its responsible approach for the implementation, operation and management of AI systems. 𝗔.𝟰: 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀 𝗳𝗼𝗿 𝗔𝗜 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 To ensure that the organization accounts for the resources (including AI system components and assets) of the AI system in order to fully understand and address risks and impacts. 𝗔.𝟱 𝗔𝘀𝘀𝗲𝘀𝘀𝗶𝗻𝗴 𝗜𝗺𝗽𝗮𝗰𝘁𝘀 𝗼𝗳 𝗔𝗜 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 To assess system impacts to interested parties of the AI system throughout its life cycle. 𝗔.𝟳 𝗔𝗜 𝗦𝘆𝘀𝘁𝗲𝗺 𝗟𝗶𝗳𝗲 𝗖𝘆𝗰𝗹𝗲 A6.1 Management guidance for AI system development: To ensure that the organization identifies and documents objectives and implements processes for the responsible design and development of AI systems. A6.2 AI system life cycle: To define the criteria and requirements for each stage of the AI system life cycle. 𝗔.𝟳: 𝗗𝗮𝘁𝗮 𝗳𝗼𝗿 𝗔𝗜 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 To ensure that the organization understands the role and impacts of data in AI systems in the application and development, provision or use of AI systems throughout their life cycles. 𝗔.𝟴 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗳𝗼𝗿 𝗜𝗻𝘁𝗲𝗿𝗲𝘀𝘁𝗲𝗱 𝗣𝗮𝗿𝘁𝗶𝗲𝘀 𝗼𝗳 𝗔𝗜 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 To ensure that relevant interested parties have the necessary information to understand and assess the risks and their impacts (both positive and negative). 𝗔.𝟵 𝗨𝘀𝗲 𝗼𝗳 𝗔𝗜 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 To ensure that the organization uses AI systems responsibly and per organizational policies. 𝗔.𝟭𝟬 𝗧𝗵𝗶𝗿𝗱-𝗽𝗮𝗿𝘁𝘆 𝗮𝗻𝗱 𝗖𝘂𝘀𝘁𝗼𝗺𝗲𝗿 𝗥𝗲𝗹𝗮𝘁𝗶𝗼𝗻𝘀𝗵𝗶𝗽𝘀 To ensure that the organization understands its responsibilities and remains accountable, and risks are appropriately apportioned when third parties are involved at any stage of the AI system life cycle. Register here: https://lnkd.in/gyiqcBSa