AI Impact Assessment in ISO 42001

Here we look at the requirements of the standard, why an AI Impact Assessment is a good idea and how Assent’s ISO 42001 Consultants can help you!

The international standard for an Artificial Intelligence (AI) Management System, ISO 42001, is now published and alongside the common management system requirements such as leadership and risk management there is a core requirement to perform an AI Impact Assessment.

Scope of an AI Impact Assessment

The ISO 42001 standard has been designed for all types and sizes of organisations including those who Develop and/or Use an AI Product or Service.

With more and more organisations utilising AI, even if it’s just for its generative capabilities, an AI Impact Assessment is becoming a common requirement within tender documents and supply chain audits.

And in the UK/EU there is already precedent with similarities to the Data Protection impact Assessment (DPIA) requirements of GDPR.

What to Consider in an AI Impact Assessment

When conducting an AI Impact Assessment you should consider your use and development of AI in the context of how it could impact an individual, groups of individuals and societies.

The AI Impact Assessment should be conducted according to a repeatable process, which is something our consultants can help you document.

If the AI Impact Assessment is part of a wider ISO 42001, the results should be used to inform the AI Risk Assessment.

Considering AI Lifecycle

As part of the AI Impact Assessment, it is important to consider the whole lifecycle of your AI product, service or use.

The AI impact assessment should be conducted before specifying or building an AI tool, so that the impacts can be managed by design.

While using the AI product or service, impacts should continue to be managed and reviewed.

And at the end of the lifecycle, where the AI product or service is discontinued or migrated to a new tool, the impacts on individuals, groups and societies should again be considered. For example how reference data, AI models and any personal information is managed.

Types of Impact

There is no defined list of impact types and it will vary depending on the organisation and the AI involved; however below are some common considerations:

Intended Use of the AI
Misuse of the AI,
Known Limitations,
Failure of the Tool,
Legislative Impacts,
Risk of Injury.

Help with your AI Impact Assessment

Assent’s consultants can help you perform an AI Impact Assessment as a stand alone activity or as part of an ISO 42001 AI Management System implementation project.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	16 years 3 months 23 days 8 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.