Framework Guide

ISO/IEC 38507

IT Governance - Governance implications of the use of artificial intelligence by organizations. Defines the decision-making, data and risk management systems that organizations should have when introducing AI.

ISO/IEC 38507 Overview

ISO/IEC 38507 is an international standard that provides guidance on the governance of IT for organizations using AI. It evaluates the governance framework including key elements for decision-making, data use, cultural values, compliance and risk.

Key Provisions

Key provisions and requirements of ISO/IEC 38507.

Clause 4

Governance implications of organizational use of AI

Defines how to maintain and extend existing governance and accountability when introducing AI.

Key Requirements

  • Establishing frameworks for maintaining governance during AI adoption
  • Setting up procedures to ensure organizational accountability
  • Creating governance policies and strategic plans
Clause 5

Overview of AI and AI systems

Understanding AI technology characteristics and identifying organizational impacts and constraints.

Key Requirements

  • Analyzing differences between existing IT systems and AI
  • Defining responsibility boundaries within the AI ecosystem
  • Identifying benefits and organizational constraints of AI use
Clause 6

Policies to address use of AI

Establishing specific management policies for decision-making, data and risk management.

Key Requirements

  • Developing governance policies for AI oversight and decision-making
  • Building management systems for data use and security
  • Establishing policies for cultural/value compliance and legal risk management
ISO/IEC 38507 Complete Guide | Tynapse AI Regulation