Many people are now embracing Artificial Intelligence within their work and personal lives with an increase in awareness and the availability of new services. Even if you are not directly using an AI tool, you might find it is built into existing services such as smartphones, smart speakers, photo applications, search engines and desktop software such as Microsoft Office and google Workspace.
(AI) brings many risks and opportunities to the workplace. With such a big shift towards a new technology, organisations should consider how this may affect existing management systems and ISO Certification.
Here we explore some key areas to address.
Internal and External AI Issues
Annex SL based management systems such as ISO 9001, ISO 14001, ISO 27001 and ISO 22301 are built to a common clause structure which includes a requirement to consider internal and external issues affecting the management system.
This is the first place we would suggest raising the potential impact of AI on your organisation.
Organisations address this clause in different ways, however it is common to see a SWOT or PESTLE.
AI issues arise in many areas that could affect the organisation, including technology, economics, politics and legislation.
By identifying the internal and external issues, you can prepare to manage them and, if necessary, escalate them through the risk management process.
AI Risks and Opportunities
Addressing risks and opportunities is a key aspect of management system standards.
AI may present a series of risks and opportunities to your organisation which you can address through your risk management process.
Risks to consider might include:
- AI Vendor due diligence,
- Data residency,
- AI Legislation in applicable territories,
- Confidentiality of data processed.
- Integrity of the processing and output,
- Availability of the tools when required,
- Impact on privacy and intellectual property,
Where you identify an opportunity to use AI to help meet your organisation’s intended outcomes, you might consider raising these as objectives within your management system.
This will allow you to ensure that the correct resources are assigned and progress can be measured.
Many states recognise the potential impact of AI and are moving to legislation, for example the EU AI Act.
So organisations should ensure they understand how any new legislation may affect them, update any legal registers they maintain and document the compliance approach.
AI Management System – ISO 42001
The standard is intended for use by organisation providing or using products and services that utilise AI.
As AI becomes more prevalent the risk and impact can be managed using this new standard and, eventually, ISO 42001 certification schemes will be available to support the supply chain.
Assent has a keen interest in ISO 42001 and can help you implement the standard.
Contact us for more information about how AI affects your existing standards and how you can use ISO 42001!