ISO/IEC 23894 Overview
ISO/IEC 23894 provides specific guidance for organizations to effectively manage risks when providing AI products and services. It evaluates the adequacy of the risk management framework and processes, including risk identification, analysis, evaluation and treatment.
Key Provisions
Key provisions and requirements of ISO/IEC 23894.
Clause 5
AI Risk Management Framework
Includes activities to establish a system for AI risk management within the organization, integrate it across the enterprise and continuously improve it.
Key Requirements
- Demonstrating leadership and commitment from top management
- Designing and integrating risk management processes within the organization
- Evaluating framework effectiveness and continuous improvement
Clause 6
Risk Management Process
Procedure for identifying, analyzing and evaluating risks throughout the product/service life cycle and establishing appropriate treatment plans.
Key Requirements
- Systematic execution of the three stages of risk diagnosis (identification, analysis, evaluation)
- Technical measurement and functional testing for fairness, robustness and safety
- Communication and consultation, continuous monitoring and recording activities
Goals
Core Risk Management Goals
11 core values for reliable AI required by ISO/IEC 23894.
Key Requirements
- Ensuring accountability, privacy, transparency and explainability
- Ensuring AI expert participation and quality of training/test data
- Considering security (adversarial attacks), maintainability and environmental impact