Establishing a governance framework for artificial intelligence is essential for any organization that uses AI in its daily business. It is a boardroom-level responsibility, limited not only to ensuring the effective use of AI, but also encompassing risk management, regulatory compliance and ethical usage.
A new international standard, ISO/IEC 38507, provides guidance for the governing bodies of organizations that are either using or considering the use of AI. In addition to CEOs and senior executives, a broad range of other stakeholders will find it important reading, ranging from legal experts and accountants to regulators.
ISO/IEC 38507 will help organizations to adapt their existing governance and organizational policies for the use of AI. It offers guidance on defining responsibilities and assigning accountability.
"Understanding the governance implications of AI is essential to ensuring responsible adoption," said Wael William Diab, who chairs the committee that develops AI standards for the IEC and ISO. "Across virtually every industry, sector and application, AI is being considered as part of a digitalization strategy because of the transformational insights it can provide.
"Thus, this standard will be relevant to any organization looking to deploy AI regardless of industry."
"Beyond assisting decision-makers to understand the governance implications of AI, ISO/IEC 38507 is a highly applicable and practical international standard," added Professor Yonosuke Harada, the project convenor. "AI is increasingly present in a variety of applications throughout an organization, regardless of the industry domain.
"The organization's governing body acts as a conductor of all these activities and thus ISO/IEC 38507 provides practical measures throughout."
The new standard will raise awareness and provide a toolkit for addressing a range of strategic issues, including but not limited to AI-related benefits and the mitigation of AI-related challenges. It takes a holistic approach, covering both processes and people.
"People from across industry and society, ranging from business leaders to regulators, have expressed concern not so much about AI technologies themselves but rather about who uses them and how. This standard will help organizations address the questions and concerns that will inevitably arise from the use - or intended use - of AI," said the project editor, Peter Brown.
ISO/IEC 38507 will also benefit business. The new publication shows how an effective AI governance framework can provide better insights and increased return on investment.
The new standard builds on foundational projects. For instance, it references two other standards: the soon-to-be-published ISO/IEC 22989, on artificial intelligence concepts and terminology, and ISO/IEC 38500, Governance of IT for the organization.
The new standard also provides structured advice on the governance implications of AI data and how it is managed within the AI system over its entire lifecycle. ISO/IEC 38507 stresses the importance of data governance to ensure that the correct data is used not only for the correct purpose but also for future strategy.
Data must be used in the right way, and it will become unusable very quickly unless the right precautions are taken. The new publication helps users to manage data in a way that addresses business challenges both effectively and efficiently.
ISO/IEC 38507 is the first port of call for any organization planning to deploy AI to further realize the benefits of digital transformation. "It is a must-read for digitally savvy directors," said Jan Begg, who chairs the committee that produces IT governance standards for IEC and ISO. "It is a great conversation starter for CIOs and CTOs briefing their boards on AI usage, risks and opportunities."
It was developed in a joint working group comprising two key committees, for IT governance and artificial intelligence respectively, in the joint technical committee set up by IEC and ISO.
The former focuses on the governance, service management and business process of outsourcing activities, while the latter provides guidance to IEC and ISO, as well as experts in the joint ISO/IEC technical committee looking at AI applications.
(Source: IEC)
