Standard

Track updates

AS ISO/IEC 23894:2023

[Current]

Information technology — Artificial intelligence — Guidance on risk management

AS ISO/IEC 23894:2023 identically adopts ISO/IEC 23894:2023, which provides guidance on how organizations that develop, produce, deploy or use products, systems and services that utilize artificial intelligence (AI) can manage risk specifically related to AI.

Published: 25/08/2023

Pages: 30

Table of contents

Cited references

Content history

Table of contents

Header

About this publication

Preface

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Principles of AI risk management

5 Framework

5.1 General

5.2 Leadership and commitment

5.3 Integration

5.4 Design

5.4.1 Understanding the organization and its context

5.4.2 Articulating risk management commitment

5.4.3 Assigning organizational roles, authorities, responsibilities and accountabilities

5.4.4 Allocating resources

5.4.5 Establishing communication and consultation

5.5 Implementation

5.6 Evaluation

5.7 Improvement

5.7.1 Adapting

5.7.2 Continually improving

6 Risk management process

6.1 General

6.2 Communication and consultation

6.3 Scope, context and criteria

6.3.1 General

6.3.2 Defining the scope

6.3.3 External and internal context

6.3.4 Defining risk criteria

6.4 Risk assessment

6.4.1 General

6.4.2 Risk identification

6.4.2.1 General

6.4.2.2 Identification of assets and their value

6.4.2.3 Identification of risk sources

6.4.2.4 Identification of potential events and outcomes

6.4.2.5 Identification of controls

6.4.2.6 Identification of consequences

6.4.3 Risk analysis

6.4.3.1 General

6.4.3.2 Assessment of consequences

6.4.3.3 Assessment of likelihood

6.4.4 Risk evaluation

6.5 Risk treatment

6.5.1 General

6.5.2 Selection of risk treatment options

6.5.3 Preparing and implementing risk treatment plans

6.6 Monitoring and review

6.7 Recording and reporting

Annex A

A.1 General

A.2 Accountability

A.3 AI expertise

A.4 Availability and quality of training and test data

A.5 Environmental impact

A.6 Fairness

A.7 Maintainability

A.8 Privacy

A.9 Robustness

A.10 Safety

A.11 Security

A.12 Transparency and explainability

Annex B

B.1 General

B.2 Complexity of environment

B.3 Lack of transparency and explainability

B.4 Level of automation

B.5 Risk sources related to machine learning

B.6 System hardware issues

B.7 System life cycle issues

B.8 Technology readiness

Annex C

Bibliography

Cited references in this standard

ISO/IEC 22989:2022

[Current]

Information technology - Artificial intelligence - Artificial intelligence concepts and terminology

ISO Guide 73:2009

[Withdrawn]

Risk management - Vocabulary

ISO 31000:2018

[Current]

Risk management - Guidelines

Content history

ISO/IEC 23894:2023

[Current]

DR AS ISO/IEC 23894:2023

One-time Purchase

Access via web browser on any device

One-time purchase

Single publication

Offline access via PDF^

$167.45 AUD

Inclusive of GST

Format *

Web Reader

Licenses *

1 user

Total$167.45 AUD

Add to Cart

IMPORTANT