ISOIEC 42001 AI Management System Slides
GilangRamadhan884333
999 views
49 slides
Feb 26, 2025
Slide 1 of 49
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
About This Presentation
Complete end to end ISO 42001
Slide Content
1 June 2023 ISO 42001: 2023 AI Management System (AIMS) Fundamental Awareness January 2025
ISO/IEC 42001:2023 based AIMS
Agenda 1 Introduction to AI, ML and AIMS 2 Understanding responsible AI and ISO/IEC 42001 3 Identifying who should implement ISO/IEC 42001 4 Understand the impact of AI on compliance within your organization 5 The framework of ISO/IEC 42001 Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 3
The term Artificial Intelligence coined by John McCarthy in 1955 Artificial intelligence (AI) is the intelligence of machines or software, as opposed to the intelligence of other living beings, primarily of humans. It is a field of study in computer science that develops and studies intelligent machines. Such machines may be called AIs. (Wikipedia) The Future of AI Security Understanding the term AI (Artificial Intelligence) Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 4
The Future of AI Security Is AI disruptive? Is it cool ? 2024-07- 02 Complimentary Webinar: ISO/IEC 42001: The Future of AI 7 Security Webinar
The Future of AI Security Two classes of AI Generative AI Ex.: Artworks, videos, literary works, drug discovery, content generation Ex. Application: Netflix, Spotify, Grammarly etc. Advantages: Ability to create new content Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 6
The Future of AI Security Two classes of AI Discriminative (conditional) AI Ex.: Fraud detection, customer segmentation, risk assessment Ex. Application: Google, Amazon etc. Advantages: Accuracy, reliability, robustness, interpretability Discriminative models are used to classify or predict data, while generative models are used to create new data. Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 7
Understanding the AI Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 8
Understanding AI Few thoughts on AI? Types of intelligences Visual spatial Bodily kinesthetics Creative Interpersonal Intrapersonal Linguistic Logical mathematical Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 9
Understanding AI How we can define AI? Possibly, in four ways Acting humanly Thinking humanly Thinking rationally Acting rationally Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 10
Machine Learning Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 11
Samuel Arthur (IBM – 1959) first used the term machine learning Tom Mitchell’s definition is more widely quoted: “The field of machine learning is concerned with the question of how to construct computer programs that automatically improve with experience.” Machine Learning (ML) What is ML? Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 12
Huge datasets require huge amounts of memory. Multicore, high speed processors are required. Machine is not really aware of something just because it has learnt. Machine learning is not always associated with AI. A machine learning session must use an appropriate algorithm to achieve a desired result. The data must lend itself to analysis using the desired algorithm or it requires a careful preparation by scientists. The basis for machine learning is math. Machine Learning (ML) ML Aspects Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 13
Machine Learning (ML) ML and AI In addition to ML, AI includes – Natural language processing Natural language understanding Knowledge representation Planning Robotics 2024-07- 02 Complimentary Webinar: ISO/IEC 42001: The Future of AI 16 Security Webinar
ISO/IEC 42001:2023 – The AIMS Standard Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 15
ISO/IEC 42001 ISO/IEC 42001 Artificial Intelligence Management System The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) define ISO 42001 as “ an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an artificial intelligence management system (AIMS)” The standard aims to bring stability to the implementation and use of AI systems, considering the inherent risks associated with AI technology. According to McKinsey’s 2023 State of AI Report , organizations globally are actively looking to mitigate these AI issues , including: Inaccuracy of generated data Cybersecurity and regulatory compliance risks Intellectual property infringement Focused on responsible AI Development & Use Flexible Framework
ISO/IEC 42001:2023 specifies a set of requirements for establishing, implementing, maintaining and continually improving an Al management system within the context of an organization. aligned to P-D-C- A cycle An organisation’s Al management system (AIMS) is influenced by the organization’s needs and objectives, processes, size and structure as well as the expectations of various interested parties use cases for Al and the need to strike the appropriate balance between governance mechanisms and innovation. An organisation must use a risk based approach to implement controls meeting the requirements specified in the standard. ISO/IEC 42001:2023 What is ISO/IEC 42001:2023? Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 17
ISO/IEC 42001:2023 What is ISO/IEC 42001:2023? ISO/IEC 42001:2023 provides guidelines for the deployment of applicable controls to support processes. The Al management system (AIMS) provides requirements specific to managing the issues and risks arising from using Al in an organization. Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 18
Artificial Intelligence Management Framework (AIMF) ISO 42001 Requirements and Guidance Organisational Policy ISO 42005 (System Impact Assessment Guidance ) Context of the Organisation Implement MMS Org’s Opr Procedures + Controls Risk Assessment ISO 38507 (Governance of IT) ISO 23894 (Risk Management) ISO 42006 (Certification Body Requirements) Certification / Conformance Customer Trust Accountability Transparency ISO/IEC 22989:2022 (CONCEPT)
AI Related Standards Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 20
AI Related Standards Some of the Standards and Frameworks on AI ISO/IEC 24028:2020 Information technology Artificial intelligence Overview of trustworthiness in artificial intelligence ISO/IEC TR 24030:2021 Information technology Artificial intelligence (AI) Use cases Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 21
AI Related Standards Some of the Standards and Frameworks on AI ISO/IEC TR 27563:2023 Security and privacy in artificial intelligence use cases Best practices ISO/IEC 23053:2022 AI Framework Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML) Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 22
AI Related Standards Some of the Standards and Frameworks on AI ISO/IEC TR 29119:2020 Software and systems engineering Software testing Part 11: Guidelines on the testing of AI- based systems ISO/IEC 22989:2022 Information technology Artificial intelligence Artificial intelligence concepts and terminology Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 23
AI Related Standards Some of the Standards and Frameworks on AI ISO/IEC TR 24029 : Part 1 : 2021 Artificial Intelligence AI Assessment of the robustness of neural networks Part 1: Overview ISO/IEC TR 24368:2022 Information Technology Artificial Intelligence Overview Of Ethical And Societal Concerns ISO/IEC TR 24372:2021 Information Technology Artificial Intelligence AI Overview Of Computational Approaches For AI Systems Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 24
AI Related Standards Standards and Frameworks on AI ISO/IEC 24668:2022 Information Technology- Artificial Intelligence- Process Management Framework for Big Data Analytics ISO/IEC 38507:2022 Information technology Governance of IT Governance implications of the use of artificial intelligence by organizations Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 25
AI Related Standards Standards and Frameworks on AI ISO/IEC TR 24027:2021 Information technology Artificial intelligence (AI) Bias in AI systems and AI aided decision making ISO/IEC 25010:2011 Systems and software engineering Systems and software Quality Requirements and Evaluation (SQuaRE) System and software quality models ISO/IEC 25012:2008 Software engineering Software product Quality Requirements and Evaluation (SQuaRE) Data quality model Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 26
AI Related Standards Standards and Frameworks on AI ISO/IEC 5338:2023 Information technology Artificial intelligence AI system life cycle processes ISO/IEC CD 27090 (Draft) Cybersecurity - Artificial Intelligence - Guidance for addressing security threats and failures in artificial intelligence systems Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 27
Revisit - What is a management system Based on a common "High-Level Structure" with required management clauses Focused/scoped to a particular domain or sector Stresses an iterative process of continuous improvement for an organization Risk- based - Prioritises and addresses risks systematically. Certification by a third- party to the applicable management standards Context of the organisation Plan Check Do Act Management Clauses Context of organisation Leadership Planning Support Operation Improvement
ISO/IEC 42001 Structure 1. Scope Establish, implement, maintain and continually improve an AIMS, Intended to help the organization develop, provide or use AI systems responsibly in pursuing its objectives and meet applicable requirements, obligations related to interested parties and expectations from them. 2. Normative references Cites ISO/IEC 22989 as indispensable for its application 3. Terms and definitions Terms, definitions and concepts from ISO/IEC 22989 are used in ISO/IEC 42001 Management Clauses Annex A Controls and Annex B Guidance (Normative) Annex C – Potential AI- Related Organisational Objectives and Risk Resources + Annex D (information) Context of the organisation Leadership Planning Support Operation Performance Evaluation Improvement Policies related to AI Internal Organisation Resources for AI Systems Assessing impact of the AU systems AIU Systems life cycles Data for AI Systems Information for interested parties for AI Systems Use of the AI Systems Third Party customer relationships Organisational objectives Risk Sources Integration of AI Management system with other management system standards. ISO/IEC 42001 Structure Requirements Guidance Supplemental Info
Annex A ID CONTROL OBJECTIVE A.2 Policies related to AI (3 controls) A.3 Internal organization (2 controls) A.4 Resources for the AI systems (5 controls) A.5 Assessing impacts of AI systems (4 controls) A.6 AI system life cycle (9 controls) A.7 Data for AI systems (5 controls) A.8 Information for interested parties of AI systems (4 controls) A.9 Use of AI systems (3 controls) A.10 Third- party and customer relationships (3 controls) Slide 30 © PharmOut 2024
The harmonised approach with AIMS 4. Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the AI management system 4.4 AI management system 5. Leadership 5.1 Leadership and commitment 5.2 AI Policy 5.3 Roles, responsibilities and authorities 6. Planning 6.1 Actions to address risks and opportunities 6.2 AI objectives and planning to achieve them 6.3 Planning of changes 7. Support 7.1 Resources 7.2 Competence 7.3 Awareness. 8. Operation 8.1 Operational planning and control 8.2 AI risk assessment 8.3 AI risk treatment 9. Performance Evaluation 9.2 Internal audit 9.3 Management review 10. Improvement 10.1 Continual improvement 10.2 Nonconformity and corrective action 7.4 Communication 7.5 Documented information 8.4 AI system impact assessment. Plan Do Check Act ion 9.1 Monitoring, measurement, analysis and evaluation
4.3 Determining the scope 4.3 Determining the scope Context of the Scope 4.2 Understanding the needs and expectations of the interested parties 4.1 Understanding for Organization and its Context 4.4 AI Management System 4.3 Determining the scope Documentation is Key Understand Documentation Needs Continuous Improvement Leadership and Oversight Understanding AI Roles Defining AI Usage External and Internal Factors The defined scope determines what parts of the organization and which AI activities are covered by the management system.
Clause 5: Leadership Integration Required Commitment Policy and objectives are compatible with the strategic direction Leadership Promote and Support Accountable
Clause 6: Planning- Actions to address risks and Opportunities Risk sources C.3.6 Technology readiness C.3.7 Risk sources related to machine learning C.3.1 Level of automation C.3.4 System life cycle issues C.3.3 Complexity of environment C.3.2 Lack of transparency and explainability Risk Treatment Option 6.1.2 AI risk assessment (Process) Amount of Risk ISO/IEC 38507 and ISO/IEC 23894 Controls Control Objective Slide 34
Risk of AI in Business Image Generated by Dall- E Category Risk Description Legal and Compliance Risks Regulatory Compliance : Data protection. Intellectual Property (IP) Bias and Discrimination Training Data Bias : AI models may produce biased analysis and reports due to biased training data. Algorithmic Disgorgement Input Risks User Input Confidentiality Output Risks Accuracy and Hallucinations : Risk of generating inaccurate or misleading reports. Transparency and Explainability ; Cybersecurity and Robustness Customer Impact Transparency and Communication : Informing customers about the use of AI in data analysis and reporting. Risk of customer mistrust if AI use is not disclosed transparently. Workforce Impact Reskilling and Training : Need for reskilling employees to work alongside AI tools. Acceptable Use Policies : Updating policies to govern the use of AI tools in the workplace. Data Protection Compliance Personal Data Processing : Securing a lawful basis for using personal data in AI training and ensuring compliance with data protection laws. Slide 35 © PharmOut 2024
Clause 6: Planning 6.2 Objectives and Planning to Achieve them Examples: Accountability Objective: Implement a robust AI governance framework to ensure accountability for AI- driven decisions by Q4 2024. This includes establishing clear guidelines for human oversight and responsibility for actions taken by AI systems. Specific: Implement AI governance framework. Measurable: Clear guidelines and oversight mechanisms. Achievable: Utilize current best practices and regulatory guidance. Relevant: Ensures accountability within the organization. Time- bound: By Q4 2024. C.2.2 Security C.2.1 Fairness C.2.11 AI expertise (Qualified Practitioners) C.2.10 Availability and quality of training data C.2.9 Maintainability C.2.8 Availability C.2.3 Safety C.2.4 Privacy C.2.5 Robustness C.2.6 Transparency and explainability C.2.7 Accountability Org AI Objectives Slide 36
Clause 7: Support Competence Awareness Communication Resources 7.5 Documented information 4.3 Scope of AIMS (Shall Statements) 5.2 AI Policy Risks AI Objective 7.2 Evidence of compliance 8.2 Results of AI Risk Assessment 9.1 Evidence of results 10.2 Nonconformities
Clause 8: Operations Operational planning and control AI system impact assessment AI risk treatment AI risk assessment DO
Clause 9: Performance evaluation and Clause 10: Improvement Monitoring, measurement, analysis and evaluation Internal Audit Management Review Check Improvement Continual Improvement Corrective Action Preventative Action Act
Learning Points ISO/IEC 42001 Overview: It sets standards for establishing and improving AI Management Systems (AIMS). Purpose: Ensures responsible AI development, focusing on ethics, transparency, and learning. Significance: First global AI management standard, guiding AI risk and opportunity management. AI Challenges: Addresses ethical, transparency, and continuous learning challenges in AI. Benefits: Enhances risk management, traceability, transparency, reliability, and efficiency in AI us age
QUESTION?? SUGGESTION??
1. Center of excellence Conclusion| Identify use casesgain potential and assess strategic implications of value proposition changes for impacted output I dentify and implement operational best practices across portfolio, function by function Screen for highly impacted industries and assess strategic implications Set objectives Identify high impact-sectors Size the prize Assess scenarios Stand up functional Org Develop option sets Set up war room Prepare for implementation • • Screen the portfolio for high impact industries Look for anticipated changes in core offerings, customer demand, competitive dynamics • Determine sub-set of PortCos and functions to be evaluated Consider the end-state goal of the evaluation (e.g, cost take out vs. quality improvement) • • • • • Initiate deep-dive analysis for prioritied PortCos to estimate size and scope of impact Assess PortCo's positions vs. key competitors Aggregate headcount by (sub-) function across portfolio Estimate the productivity improvement potential by (sub-) function • • • • Evaluate options: e.g. product dev., M&A, partnerships Estimate costs/investments required and potential outcome Identify & drive best practices across PortCo Set up GenAI focused teams across key impacted functions (e.g. call centers) • Assemble war room involving mgmt & board • Develop action plan and execute with high urgency • Assess implications on people, processes & tech Consider extent which productivity translates to cost take out, workstream reinvention or op model enhancement • Productivity gain potential: Value proposition impact:
Thank you Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 43
Who can use this standard? AI system developers AI system users Service providers who deliver services using AI systems Identify the organisation’s role and then decide how AIMS has to be established. ISO/IEC 42001:2023 What is ISO/IEC 42001:2023? Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 44
Annex A controls Context (4), Leadership (5), Planning (6), Support (7), Operation (8), Performance Evaluation (9), Improvement (10) Applicability of the standard (1), References (2), Terminologies (3) Annex B (Control explanation), Annex C (Objectives and risk sources), Annex D (use of AIMS) ISO/IEC 42001:2023 Structure of the standard Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 45
Scope Normative references Terms and definitions Context of the organization Understanding the organization and its context Understanding the needs and expectations of interested parties Determining the scope of the Al management system Al management system Leadership Leadership and commitment Al policy Roles, responsibilities and authorities ISO/IEC 42001:2023 Structure of the standard Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 46
Planning Actions to address nsks and opportunmes General Al risk assessment Al risk treatment Al system impact assessment Al objectives and planning to achieve them. Planning of changes Support Resources Competence Awareness Communication Documented information General Creating and updating documented information Control of documented information ISO/IEC 42001:2023 Structure of the standard Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 47
Operation Operational planning and control Al risk assessment Al risk treatment Al system impact assessment Performance evaluation Monitoring, measurement, analysis and evaluation Internal audit General Internal audit programme.. Management review General Management review inputs Management review results Improvement Continual improvement Non conformity and corrective action ISO/IEC 42001:2023 Structure of the standard Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 48
Annex A (normative) Reference control objectives and controls Annex B (normative) Implementation guidance for Al controls Annex C (informative) Potential Al- related organizational objectives and risk sources Annex D (informative) Use of the Al management system across domains or sectors ISO/IEC 42001:2023 Structure of the standard Complimentary Webinar: ISO/IEC 42001: The Future of AI Security Webinar 2024-07- 02 49
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 999
- Slides 49
- Age 279 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
22 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views