AS ISO/IEC 23894:2023 identically adopts ISO/IEC 23894:2023, which provides guidance on how organizations that develop, produce, deploy or use products, systems and services that utilize artificial intelligence (AI) can manage risk specifically related to AI.
Table of contents
Header
About this publication
Preface
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles of AI risk management
5 Framework
5.1 General
5.2 Leadership and commitment
5.3 Integration
5.4 Design
5.4.1 Understanding the organization and its context
5.4.2 Articulating risk management commitment
5.4.3 Assigning organizational roles, authorities, responsibilities and accountabilities
5.4.4 Allocating resources
5.4.5 Establishing communication and consultation
5.5 Implementation
5.6 Evaluation
5.7 Improvement
5.7.1 Adapting
5.7.2 Continually improving
6 Risk management process
6.1 General
6.2 Communication and consultation
6.3 Scope, context and criteria
6.3.1 General
6.3.2 Defining the scope
6.3.3 External and internal context
6.3.4 Defining risk criteria
6.4 Risk assessment
6.4.1 General
6.4.2 Risk identification
6.4.2.1 General
6.4.2.2 Identification of assets and their value
6.4.2.3 Identification of risk sources
6.4.2.4 Identification of potential events and outcomes
6.4.2.5 Identification of controls
6.4.2.6 Identification of consequences
6.4.3 Risk analysis
6.4.3.1 General
6.4.3.2 Assessment of consequences
6.4.3.3 Assessment of likelihood
6.4.4 Risk evaluation
6.5 Risk treatment
6.5.1 General
6.5.2 Selection of risk treatment options
6.5.3 Preparing and implementing risk treatment plans
6.6 Monitoring and review
6.7 Recording and reporting
Annex A
A.1 General
A.2 Accountability
A.3 AI expertise
A.4 Availability and quality of training and test data
