Framework Guide

ISO/IEC 23894

Artificial Intelligence (Product/Service) - Guidance on risk management. Provides a framework and process to systematically manage potential risks throughout the entire life cycle of AI systems, from design and development to deployment and disposal.

ISO/IEC 23894 Overview

ISO/IEC 23894 provides specific guidance for organizations to effectively manage risks when providing AI products and services. It evaluates the adequacy of the risk management framework and processes, including risk identification, analysis, evaluation and treatment.

Key Provisions

Key provisions and requirements of ISO/IEC 23894.

Clause 5

AI Risk Management Framework

Includes activities to establish a system for AI risk management within the organization, integrate it across the enterprise and continuously improve it.

Key Requirements

  • Demonstrating leadership and commitment from top management
  • Designing and integrating risk management processes within the organization
  • Evaluating framework effectiveness and continuous improvement
Clause 6

Risk Management Process

Procedure for identifying, analyzing and evaluating risks throughout the product/service life cycle and establishing appropriate treatment plans.

Key Requirements

  • Systematic execution of the three stages of risk diagnosis (identification, analysis, evaluation)
  • Technical measurement and functional testing for fairness, robustness and safety
  • Communication and consultation, continuous monitoring and recording activities
Goals

Core Risk Management Goals

11 core values for reliable AI required by ISO/IEC 23894.

Key Requirements

  • Ensuring accountability, privacy, transparency and explainability
  • Ensuring AI expert participation and quality of training/test data
  • Considering security (adversarial attacks), maintainability and environmental impact
ISO/IEC 23894 Complete Guide | Tynapse AI Regulation