Request your demo of the Sigrid® | Software Assurance Platform:
The International Organization for Standardization (ISO) is one of the world’s oldest non-governmental organizations, bringing global experts together to establish the best way of doing things—from making a product to managing a process.
ISO has a series of standards dedicated to making Artificial Intelligence development, deployment and use in the world of business as safe, risk-free, and optimal as possible.
Business leaders who choose to adopt ISO standards for AI help to ensure AI governance, and compliance with current and future AI legislations.
This article explores different ISO standards that are specifically relevant to AI. Here is a brief overview:
It’s safe to say that the growth of AI has been nothing short of explosive. According to IDC, worldwide spending on artificial intelligence (AI), including AI-enabled applications, infrastructure, and related IT and business services, will more than double by 2028 when it is expected to reach $632 billion.
Additionally, around 77% of businesses today are incorporating AI models into their systems. This rapid adoption emphasizes the technology’s transformative impact which is comparable to the revolutionary introduction of electricity. However, alongside these significant opportunities, there are also considerable challenges and uncertainties to navigate.
Standardization of AI can help to ensure that wherever in the world AI systems are developed or deployed, processes are optimized, and risks are minimized.
To this end, ISO, the International Organization for Standardization, has published several standards related to AI integration in business, regardless of industry or sector.
This article explores these ISO Standards so that organizations of all shapes, sizes, and budgets can better adopt, develop, and deploy AI systems.
The International Organization for Standardization (ISO) is one of the world’s oldest non-governmental organizations, bringing global experts together to establish the best way of doing things—from making a product to managing a process.
ISO has been promoting safer, more secure, and profitable global trade and cooperation since 1946, by publishing standards designed to make lives “easier, safer, and better.”
ISO compliance holds significant value because its standards are widely respected within the global business community.
Compliance with these standards, particularly in AI, will foster the adoption of best practices. This, in turn, can be key in achieving improved performance, regulatory adherence, and operational efficiency—all of which contribute to building a stronger, more trusted brand.
In this article, you’ll often come across the abbreviation IEC. The IEC, short for the International Electrotechnical Commission, is a global not-for-profit membership organization dedicated to setting international standards, like the ISO.
The IEC’s standards are developed specifically to enable quality infrastructure and trade in electrical and electronic goods, including technological innovations like AI.
In the context of ISO standards for AI, the IEC has been joint publisher of the standards set out in this guide. That’s why you’ll see the standards written as “ISO/IEC XXXXX.”
In short: No, ISO compliance is not a legal requirement. However, it’s important to note that ISO standards are designed to provide guidance to organizations that want to improve and are written to align with different regulations across industries. Thus, whilst compliance might not be mandatory, it is highly recommended.
Below, we delve into the existing ISO standards for AI—examining the standards and what they could mean for your business.
Note: Not all the standards listed below deal specifically with AI, but they all play a part in ensuring the safe, secure, and trustworthy development and use of AI systems in business.
With cybercrime on the rise along with the constant emergence of new threats, managing cyber risks can be challenging.
ISO/IEC 27001 is an ISO standard for AI designed to enable organizations to become more risk-aware and take proactive steps to identify and mitigate weaknesses/vulnerabilities. It does so by following a holistic approach to information security. An information security management system established in accordance with this standard serves as a valuable tool for risk management, enhancing cyber resilience, and achieving operational excellence.
This holistic approach is governed by three principles key to ISO/IEC 27001, known as the CIA triad:
Organizations will be able to confidently put into place systems which manage risks relating to the security of data owned or handled by their company—including the data used to train, develop, and operate AI.
The ISO/IEC 31700 standard is beneficial for defining high-level requirements for privacy by design, ensuring that privacy is safeguarded throughout the entire lifecycle of a consumer product, including the data processed by the consumer.
The core principle of ISO/IEC 31700 is “privacy by design,”. Privacy by design encompasses various methodologies for developing products, processes, systems, software, and services. These methodologies prioritize consumer privacy throughout the design and development phases, considering the entire lifecycle of the product.
Organizations implementing ISO/IEC 31700 can improve regulatory compliance, enhance innovation and business agility, and reduce privacy- and data-breaches related risk.
AI should not be treated in isolation, but an extension of the existing software lifecycle.
ISO/IEC 5338, co-developed by the Software Improvement Group, is the new global standard for AI lifecycle management and builds on known software best practices, for example, described in ISO/IEC/IEEE 12207.
ISO/IEC 5338 is important because it builds on these pre-existing software lifecycle best practices in an AI-specific context.
ISO/IEC 5338’s processes can be applied within an organization or project when developing or acquiring AI systems. It emphasizes the unique considerations for AI in every stage of the lifecycle process. These include:
For traditional software or system elements within an AI system, the software life cycle processes in ISO/IEC/IEEE 12207 and the system life cycle processes in ISO/IEC/IEEE 15288 can also be used.
Organizations gain high-quality standardized guidance on what to consider when developing AI applications, with emphasis on risk management, quality assurance, project management, data and model engineering, continuous validation, human resources and more.
ISO/IEC 42001 is the first international standard for establishing, implementing, maintaining, and improving an Artificial Intelligence Management System (AIMS) within organizations.
The standard offers crucial guidance in the rapidly evolving field of AI, addressing unique challenges such as ethical considerations, transparency, and continuous machine learning. It also provides organizations with a structured approach to manage AI-related risks and opportunities, balancing innovation with effective governance.
Moreover, ISO/IEC 42001 provides an integrated approach to managing AI projects designed to be future-proof—essential as AI technology continues to evolve rapidly. It provides an integrated approach to managing AI projects, from risk assessment to mitigation.
ISO/IEC 42001 can help businesses increase their trust and credibility by ensuring that AI is used safely and responsibly, especially concerning its continuous learning.
ISO/IEC 42001 combines key frameworks with experience to implement crucial processes like risk, life cycle and data quality management, when adopted, it can also help with achieving better operational efficiency.
As the technological breakthrough of Artificial Intelligence continues to take the world by storm, businesses seek to benefit. Promises of improved turnover, ROI, efficiency, productivity, and product performance invite leadership across the global spectrum of industries to consider adopting AI systems—if not develop their own.
Yet, AI implementation in business also carries its fair share of risks. Poor-quality AI applications, a lack of understanding as to what AI is and how it operates and, at present, limited regulation of this exciting new technology all contribute to a technological environment filled with risks.
Whilst regulatory bodies around the world move to shape the future legal framework of AI, organizations and leaders currently using or planning to use AI to optimize their operations should consider adopting ISO standards for AI before they do.
Learn more about AI in business with the Software Improvement Group blog.
Author:
We'll keep you posted on the latest news, events, and publications.
