Quality Alchemist (品質煉金術師): SGS Webinar for AI Applications with ISO/IEC 42001

2024年1月12日星期五

SGS Webinar for AI Applications with ISO/IEC 42001

In response to the rise of AI and the challenges it creates, the ISO and IEC had created the ISO/IEC 42001 standard and issued at the end of 2023. This global standard specifies the requirements for establishing, implementing, maintaining and continually improving an AI management system. SGS held a webinar named “Build trust in your AI applications with ISO/IEC 42001” on 11 Jan 2024 at 3:00pm (EST) equal to HKT at 4:00am on 12 Jan 2024 so that I wake up very early to attend this webinar and summarized as follows.

In the beginning, Mr. Willy Fabritius (Global Head of Strategy & Business Development Information Security, SGS) give opening speech and introduced SGS background. He said ISO is from Greek word “isos” meaning “equal”. And then he introduced the speaker Ms. Kim Lucy (Director of GRC Standards at Microsoft).

Ms. Kim Lucy firstly said AI serviced humans that demand for oversight and control. Thus, development of AI specific international standards help to fulfill the demands for safe, responsible and trustworthy AI. Three key principles for AI management system standards are “Flexible”, “Durable” and “Transversal & Scalable”. The foundational AI ecosystem was described.

After that the ISO/IEC 42001 development history were stated since 2020. It is matching the EU AI Act. Because customer demanded for assurance and trust of AI system and some key central concepts of AI governance, risk and compliance (AI GRC) ecosystem are aligned with ISO/IEC 23894 (Risk Management) and ISO/IEC 38507 (Governance).

And then Ms. Kim Lucy briefed the ISO/IEC 42001 structure including management clauses which are mainly requirements, Annex A and B are guidance as well as, Annex C for AI related organizational objective and risk resources as supplemental information.

Finally, she gave a summary of ISO/IEC 42001:2023 to give an overview of the AIMS standard.

She also compared the different between ISO/IEC 42005 -AI system impact assessment (expected to be published 2025) and ISO/IEC 23894:2023 – AI guidance on risk management.

Lastly, she mentioned the other supporting standards such as ISO 23053, 5259, 22989 are within the foundational ecosystem.

At the end, they introduced different related ISO standards, as well as, different legislation and regulations in different countries to be developed.