#173 Top 10 Reasons to Use ISO 42001 AI Management

ISO 42001 was published in December of 2023, and is the first International Standard for Artificial Intelligence Management Systems. It was introduced following growing calls for a common framework for organisations who develop or use AI, to help implement, maintain and improve AI management practices. However, its benefits extends past simply establishing an effective AI Management System. Join Steph Churchman, Communications Manager at Blackmores, on this episode as she discusses the top 10 reasons to adopt ISO 42001. You’ll learn ·      What is ISO 42001? ·      What are the top 10 reasons to use ISO 42001? ·      What risks can ISO 42001 help to mitigate? ·      How can ISO 42001 benefit both users and developers of AI?    Resources ·      Isologyhub ·      ISO 42001 training waitlist   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:30] What is ISO 42001?: Go back and listen to episode 166, where we discuss what ISO 42001 is, why it was introduced and how it can help businesses mitigate AI risks.   [02:45] Episode summary: We take a look at the top 10 reasons why you should consider implementing ISO 42001. [02:55] #1: ISO 42001 helps to demonstrate responsible use of AI.  – , ISO 42001 helps ensure fairness, non-discrimination, and respect for human rights in AI development and use. Remember, AI can still be bias based on the fact that AI models are typically trained on existing data, so any existing bias will carry over into those AI models – an example of this is the existing lack of representation for minority groups. We also need to take care in the use of AI over people, as staff being replaced by AI is a very real concern and should not be treated lightly. We’ve already seen a few cases where this has happened, especially across the tech support field where some companies mistakenly think that a chatbot can replace all human staff. We also need to consider the ethics of AI content. It’s predicted that 90% of online content will be AI generated by 2026! A lot of this generated content includes things like images, which poses a real concern over the values we’re translating to people. The content we consume shapes the way we think and if all we have is artificial, then what message is that conveying? An example of this is Dove’s recent advert, which showed an example of AI generating images of very unobtainable ideals of a beautiful face. Which were predictably absolutely flawless, almost inhuman and something that can only be achieved through photo editing. If the internet was flooded with this sort of imagery, then that starts to become the expectation to live up to, which can be tremendously damaging to people’s self-esteem. They then went on to show actual unedited people, in all their varied and wonderful glory and stated that they will never use AI imagery in any of their future marketing or promotional material. Which sends a very strong message – AI definitely has its place, but we need to fully consider the implications and consequences of it’s use and possible oversaturation. [05:20] #2: Traceability, transparency and reliability - Information sourced via AI is not always correct – It collates information published online, and as many of us are aware, not everything on the internet is correct or accurate. Data sets carelessly scrapped from online sources may also contain sensitive or unsavoury content. We’ve had cases where people have managed to ‘break’ Chat GPT, causing it to spew out nonsense answers which also contained sensitive information such as health data and personal phone numbers. While not usually accessible when requested, it does not stop the risk of this data being dug up through exploits. AI is like any other technology, and is not infallible. So, it’s up to developers to ensure that the data used to train models is safe and appropriate for use. It should be expected that data sets will be scrutinised from a legal standpoint – either as a result misuse of AI or a mandatory exercise as a part of future legislation.  There’s also research that suggests data sets can be potentially poisoned to produce inaccurate results – which is another consideration for developers using live data sets, who will need to stay on top of these risks to ensure the integrity of their tools. ISO 42001 provides specific guidance that covers how developers can ensure transparency and explainability within sample training data. [06:45] #3: It’s a framework for managing risks and opportunities – AI, like any other new technology, is going to create new risks and opportunities. Risks include the likes of inaccurate data being used, existing bias in data training sets, plagiarism, information security risks and data poisoning. If you’re simply using AI to gather information, it’s also a good exercise to ensure that the information is coming from a reputable source. One easy way to so this is to simply ask for the source to be cited when pluging in a prompt into tools like Chat GPT and Gemini. You can then verify how legitimate that source is. For web developers and SEO specialists, Google has recently updated it’s algorithm to punish those with a lot of AI generated content on their websites. So those within the SEO space may see some interesting trends over the course of 2024.  Another unfortunate risk is that of more complex scams being implemented through the use of AI. An example of this involves those who may use an AI assistant in their systems, which can be affected by malicious emails that contain prompt injections which could be used to send data from a victims machine to outside sources. This is only touching on a few risks, but as you can see, there’s a lot to consider and I’ve no doubt that more complex risks will make themselves known as the technology evolves. However, there are a lot of opportunities to be found with AI use. There’s a huge potential for AI to be utilised to tackle mundane and routine tasks which could be automated. AI also has the capability to scan masses of data and provide suggestions based on it’s findings. Obviously, humans can’t possibly compete with the sheer volume of data that AI can process, and so we can utilise it to help us make better more informed decisions. A lot of commonly used software has already integrated various AI tools which offer great quality of life updates and help make a lot of tasks quicker. Which in turn means our time is better spent elsewhere on tackling the more complex issues that require a more human touch. ISO 42001 can help you balance out these risks and opportunities by helping you build a robust management system to manage and mitigate risks, and drive forward opportunities through continual improvement. [10:35] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [12:50] #4: Demonstrate that introducing AI is a strategic decision with clear objectives - Businesses looking to integrate AI should not make this decision lightly. I know it’s tempting to play with the newest toy, but we should take care to look at any possible risks, and that it aligns with both your company objectives and ethics before rushing to utilise something. For example, allowing your staff to use ChatGPT for content creation. You need to consider a few things: You need to make sure Staff aren’t putting in any confidential or sensitive information into publicly available AI tools. Also, ensuring that Staff understand that content provided by the likes of ChatGPT and Gemini could be plagiarised if used as is. You need to build, adapt and change the content so it’s something unique. It’s all well and good introducing AI technology if it truly is going to be beneficial to your employees and to the business as a whole, however if you’re just introducing it because everyone else seems to be, then you really have to question if it’s worth it. If it’s not actively making your work lives easier and helping you to achieve your objectives, then is it really worth the potential cost and effort to implement? It may also be worth looking into how the AI tool you’re using was created. There is sadly still a lot of exploitation involved in the development of new technology, so it’s up to you to ensure that the tools you’re using were created in an ethical way. Ultimately, ensure that you are using AI safely, ethically and that it aligns with your businesses established objectives. This will need to be communicated clearly to everyone in the business. ISO 42001 is, at its heart, a Management system standard. Like many other ISO Standards, it includes guidance on setting objectives and communicating these to your wider business. [15:24] #5: ISO 42001 helps to implement safeguards – Certain features of AI may require safeguards to help protect businesses against the extra risks they pose, such as the increased potential of more sophisticated cyber attacks or compromised training data. This can be applied within a particular process or an entire system. Examples of features that may require these safeguards include: ·      Automatic decision making ·      Data analysis, insight and machine learning ·      Continuous learning Something you need to consider: Cyber scams are going to become a lot more complex with the help of AI, so you need to ensure you’re staff are both aware of this and how they can avoid falling prey to them. Safeguards may simply involve more training on these new risks, or updating to a more robust security software that is able to detect possible AI cyber scams. Developers are also going to need to keep on top of any data being fed into their tools. Public live data tools especially will be more susceptible to being poisoned and tampered with, so it’s up to them to monitor and ensure the integrity of their data. ISO 42001 provides guidance in it’s annexes for users and developers to implement these necessary safeguards. [16:30] #6: ISO 42001 Supports compliance with legal and regulatory Standards – More AI focused legislation is an inevitability, with the new EU AI Act being a perfect example. It’s important to ensure that you are prepared to comply with legislation as it’s released, or you may be held liable and be subject to fines. Currently, the UK has no plans to introduce a new regulator for AI, instead relying on existing technology based regulators like the Information Commissioners Office (ICO), Ofcom and FCA. ISO 42001 includes specific considerations for any potential applicable legislation. [17:06] #7: ISO 42001 Can enhance your reputation  – ISO Standards are internationally recognised and ensure you are complying with best practice. Gaining certification to ISO 42001 will show you are confident in your AI related claims, and are happy to have this verified by a third party. [17:30] #8: ISO 42001 Encourages innovation within your business – For as much as we’ve stressed the potential risks AI could expose your business to, ultimately AI is here to help make our lives easier. We just need to ensure we’re responsible when applying it. ISO 42001 ensures you can safety integrate AI tools and systems within your business. It’s there to help guide the adoption of this new technology, and drive continual improvement as your management system matures.  [17:55] #9: ISO 42001 Can be easily integrated with existing systems – ISO 42001, like many ISO Standards, is based on the Annex SL format and can be easily integrated with existing ISO Management Systems such as an ISO 9001 (Quality management) or ISO 27001 (Information Security management) system. Risks addressed in ISO 42001 include security, privacy and quality among others, and can help to enhance the effectiveness of your Management system in those areas. [18:25] #10: ISO 42001 Does not require an existing Management System to implement – While ISO 42001 would make a great addition to any ISO Management System, it’s important to note that this can be implemented independently. It is also not intended to replace or supersede any existing quality, safety or privacy Standards / existing management systems. We’ll be releasing a suite of ISO 42001 related training content on the isologyhub, if you’d like to get notified as soon as this becomes available, please register your interest on our waitlist. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Om Podcasten

Blackmores is a pioneering consultancy firm with a distinctive approach to working with our clients to achieve and sustain high standards in Quality, Risk and Environmental Management. We'll be posting podcasts discussing ISO standards here very soon!