ISO and AI

ISO standards can provide a structured approach to AI deployment. Here’s a glimpse into some key ISO documents in the context of AI.

ISO/IEC TR 24028:2020 Information technology Artificial intelligence Overview of trustworthiness in artificial intelligence — https://www.iso.org/standard/77608.html

This document surveys topics related to trustworthiness in AI systems, including the following:

— approaches to establish trust in AI systems through transparency, explainability, controllability, etc.;

— engineering pitfalls and typical associated threats and risks to AI systems, along with possible mitigation techniques and methods; and

— approaches to assess and achieve availability, resiliency, reliability, accuracy, safety, security and privacy of AI systems.

The specification of levels of trustworthiness for AI systems is out of the scope of this document.

ISO/IEC TR 24030:2021 Information technology Artificial intelligence (AI) Use cases — https://www.iso.org/standard/77610.html

This document provides a collection of representative use cases of AI applications in a variety of domains.

ISO/IEC TR 24368:2022 Information technology Artificial intelligence Overview of ethical and societal concerns — https://www.iso.org/standard/78507.html

This document provides a high-level overview of AI ethical and societal concerns.

In addition, this document:

— provides information in relation to principles, processes and methods in this area;

— is intended for technologists, regulators, interest groups, and society at large;

— is not intended to advocate for any specific set of values (value systems).

This document includes an overview of International Standards that address issues arising from AI ethical and societal concerns.

ISO/IEC 23053:2022 Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML) — https://www.iso.org/standard/74438.html

This document establishes an Artificial Intelligence (AI) and Machine Learning (ML) framework for describing a generic AI system using ML technology. The framework describes the system components and their functions in the AI ecosystem. This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are implementing or using AI systems.

ISO/IEC 38507:2022 Information technology Governance of IT Governance implications of the use of artificial intelligence by organizations — https://www.iso.org/standard/56641.html

This document provides guidance for members of the governing body of an organization to enable and govern the use of Artificial Intelligence (AI), in order to ensure its effective, efficient and acceptable use within the organization.

This document also provides guidance to a wider community, including:

— executive managers;

— external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies;

— public authorities and policymakers;

— internal and external service providers (including consultants);

— assessors and auditors.

This document is applicable to the governance of current and future uses of AI as well as the implications of such use for the organization itself.

This document is applicable to any organization, including public and private companies, government entities and not-for-profit organizations. This document is applicable to an organization of any size irrespective of their dependence on data or information technologies.

ISO/IEC 42001:2023 Information technology Artificial intelligence Management system — https://www.iso.org/standard/81230.html

ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems.

ISO/IEC 5339:2024 Information technology Artificial intelligence Guidance for AI applications — https://www.iso.org/standard/81120.html

ISO/IEC 5339 provides guidance on artificial intelligence (AI) applications, emphasizing stakeholder engagement and the AI application life cycle. It aims to enhance multi-stakeholder communication and acceptance by offering a framework that includes the make, use, and impact perspectives of AI systems.

ISO/IEC 23894:2023 Information technology Artificial intelligence Guidance on risk management — https://www.iso.org/standard/77304.html

This document provides guidance on how organizations that develop, produce, deploy or use products, systems and services that utilize artificial intelligence (AI) can manage risk specifically related to AI. The guidance also aims to assist organizations to integrate risk management into their AI-related activities and functions. It moreover describes processes for the effective implementation and integration of AI risk management.

ISO/IEC 5338:2023 Information technology Artificial intelligence AI system life cycle processes — https://www.iso.org/standard/81118.html

This document defines a set of processes and associated concepts for describing the life cycle of AI systems based on machine learning and heuristic systems. It is based on ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207 with modifications and additions of AI-specific processes from ISO/IEC 22989 and ISO/IEC 23053.

This document provides processes that support the definition, control, management, execution and improvement of the AI system in its life cycle stages. These processes can also be used within an organization or a project when developing or acquiring AI systems. When an element of an AI system is traditional software or a traditional system, the software life cycle processes in ISO/IEC/IEEE 12207 and the system life cycle processes in ISO/IEC/IEEE 15288 can be used to implement that element.

ISO/IEC TR 27563:2023 Security and privacy in artificial intelligence use cases Best practices — https://www.iso.org/standard/80396.html

This document outlines best practices on assessing security and privacy in artificial intelligence use cases, covering in particular those published in ISO/IEC TR 24030.

The following aspects are addressed:

— an overall assessment of security and privacy on the AI system of interest;

— security and privacy concerns;

— security and privacy risks;

— security and privacy controls;

— security and privacy assurance; and

— security and privacy plans.

Security and privacy are treated separately as the analysis of security and the analysis of privacy can differ.

ISO/IEC TR 5469:2024 Artificial intelligence Functional safety and AI systems — https://www.iso.org/standard/81283.html

This document describes the properties, related risk factors, available methods and processes relating to:

— use of AI inside a safety related function to realize the functionality;

— use of non-AI safety related functions to ensure safety for an AI controlled equipment;

— use of AI systems to design and develop safety related functions.

In conclusion, the integration of ISO standards into AI systems is a significant step towards harmonizing technological advancement with ethical and responsible practices. These documents serve as a compass, guiding organizations through the complexities of AI implementation while prioritizing accountability, transparency, and safety. As we continue to explore the vast potential of AI, adhering to these standards ensures that we do so with a commitment to excellence and a focus on the betterment of society. Embrace these ISO guidelines, and let’s build an AI-powered future that is not only intelligent but also wise and humane.