Artificial Intelligence (AI) and risk management with the ISO 23894 standard

06 Dec 2023 07:00 AM By itSMF Staff

Reading time: ~ 2 min.

direttiva sulla responsabilità da intelligenza artificiale itsmf blog

Artificial Intelligence (AI) and risk management with the help of ISO 23894 standard

Artificial Intelligence is indeed one of the most relevant technological topic for companies and people, gaining more and more weight in our daily activities: but AI brings to the table also concerns about an effective risk management approach of AI systems.

We have to notice that the development and use of AI systems is indeed increasingly widespread and they affect many industries as well as very different types of data (in particular, personal data) we have to manage minimizing all the related risks.

So when it comes to find out a well structured risk management approach on systems, products and services with AI-related risks we can rely on the ISO/IEC 23894:2023 standard: let's focus together on this document in the next lines.

The ISO/IEC 23894 standard for AI Systems using ML

The «ISO/IEC 23894:2023 Information Technology Artificial Intelligence» (last update of the standard) is meant to be a guidance on risk management to all the organizations that develop or use intelligence-based products, systems and services to manage properly AI-related risks.

In this new version of the ISO 23894 standard (published on February 2023) we can find a guidance also to assist organizations on integration of risk management into their AI-related activities and functions.

We have to bear in mind that the guidance provides also a description of the expected processes to for the efficient implementation and integration of the Artificial Intelligence (AI) risk management.

The ISO/IEC 23894 standard table of contents

In this updated version of the document (ISO 23894:2023), we find the following chapters:

✅ 4. Principles of AI Risk Management

✅ 5. Framework

✅ 6. Risk Management Process

✅ Annex A Objectives

✅ Annex B Risk sources

✅ Annex C Risk management and AI system life cycle

To better figure out the «big picture» about what we just described in these last lines, we can bring as usual our infographic.

By Andrea Leonardi (VP @ Minerva Group Service, MP @ Alpemi Consulting & itSMF Swizerland board member).
We should finally remember that the ISO/IEC 23984:2023 standard recalls the well-known (and related) ISO 31000 standard which provides useful guidelines for risk management.

If you want to keep you up-to-date with the most recent news on this topic, don't forget to follow us on our blog, social media channels and newsletter. Don't miss out our next updates on the brand new YouTube Channel!


Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
Get the benefits of Membership Program

itSMF Staff