Trustworthy AI & AIMS (Artificial Intelligence Management Systems)

At its essence, Artificial Intelligence is the capability to acquire, model, and utilize knowledge. Importantly, this knowledge may be gathered from or based on sensitive and proprietary information.

Because of this sensitivity, the steps you take to acquire and consume this knowledge may be subject to regulations that your organization must meet or comply with.

Compounding this situation is that downstream tasks and decisions based on AI have a direct impact on your end users — your employees and your customers.  Rightfully, this setup can raise concerns around topics like:

• Privacy
• Bias
• Security
• Inequality
• Safety

So, with that picture, how can you ensure that your AI systems are secure and dependable?

AI regulation and standardization remains highly debatable and challenging. That’s for a few reasons: The industry is evolving continuously. Knowledge transfer from academia and the research industry is enabling new AI use cases and innovations.

One this we do know is that we need a systematic approach to managing AI systems in order to ensure the responsible and dependable use of AI technologies.

That’s where AIMS comes in.

What is AIMS?

Artificial Intelligence Management Systems (AIMS) is a standardization framework that allows organizations to manage risks and opportunities associated with AI. The framework allows organizations to:

• Address challenges and considerations.
• Adopt standardization and governance protocols.
• Provide a transparent mechanism for audits and controls.

ISO/IEC 42001 is the world’s first Artificial Intelligence Management System (AIMS).

(Related reading: AI frameworks & secure AI system development.)

What’s ISO/IEC 42001?

Among the newest standards, ISO 42001 contains a set of standardizations and guidelines that allow organizations to:

1. Establish policies and objectives for dependable and trustworthy AI projects. (More on AI trustworthiness below.)
2. Enforce processes that support these projects.

Think of ISO 42001 as an umbrella framework that applies to all AI projects in a variety of contexts and use cases, across all industry verticals and organizations.

The main objective of the ISO 42001 guideline is to offer a comprehensive and standardized guiding framework for responsible and effective use of AI. It provides an integrated approach to AI risk assessment, mitigation and management. The key themes of this framework include leadership, planning, support, operations, performance evaluations and continual improvement.

Key benefits of AIMS

By aligning with ISO 42001, your organization can expect outputs and outcomes like these:

Responsible AI

Your organization can develop safe and trustworthy AI from an ethical and legal standpoint. This is important because AI models are typically black box systems. (“Black box” means that a system maps an input to an output without providing clear visibility into its internal behavior — we don’t always understand how it works, we just know it does.)

From a perspective of building responsible AI systems, issues inherent and resulting from large-scale AI systems emerge in the late stages of the AI model lifecycle.

For example, bias may be inherent in a large dataset used to train your AI systems, but it can only be identified after the model is fully trained on all available datasets.

Reputation management

You can also understand how you can build trust and loyalty among end-users of your AI products and services. Develop processes that will help improve your reputation as an AI company.

AI governance

With AI governance in place, you’ll comply with stringent regulations. These regulations are changing rapidly, trying to respond to the fast pace of AI innovation. Build processes of trust and transparency. Establish controls that will save you time, efforts, and investments on internal audits.

(Related reading: AI TRiSM: AI trust, risk & security management.)

Practical guidance

Your organization faces risks that are unique to your circumstances, markets, business processes, location, and target market. The ISO 42001 framework is uniquely positioned to serve as a guideline for organizations of all sizes and industry verticals. Examples of the guidelines include:

• The determination of objectives
• Partner involvement
• Processes related to the trustworthiness of AI systems lifecycle
• Supplier management
• And more

New opportunities

The vast and comprehensive nature of the ISO 42001 guideline means that business organizations can identify new challenges and opportunities with a structured and systematic approach.

What does “trustworthy AI” mean?

In the context of Artificial Intelligence, the notion of trustworthiness encompasses the ethical, technical performance and dependability related risks. For example:

• A trustworthy AI language model is fully capable and engineered to generate fair, ethical, and unbiased language communications.
• A trustworthy AI vision model deployed in autonomous vehicles can accurately identify a pedestrian in low-visibility and unforeseen conditions on the road ahead.
• A trustworthy AI healthcare medicine model can accurately interpret anomalies in radiology images.

A key characteristic of a trustworthy AI system relates to the generalizability of the AI models — whether (or not) you can generalize an AI model out towards other use cases. This characteristic is highly dependent on:

• The model development and training process
• Data used to train AI models
• Business metrics used to evaluate and interpret AI model performance, trustworthiness and dependability

AI models are trained continually on new data but — when these models are exposed to new data distributions, they tend to catastrophically forget previous learnings.

Currently, AI models are trained continuously on all data distributions to enhance model generalization.

(Related reading: Executive Order 13960 requires trustworthy AI in the U.S. government.)

Holistic data management for trustworthy AI

From a business perspective, building trustworthy AI requires a holistic data management process. In phases, you would expect:

1. A standardized technology stack and process allows organizations to acquire and prepare data.
2. Key roles related to AI are clearly defined. Members adopt unique responsibilities as AI providers, AI producers or AI customers.
3. The Plan-Do-Check-Act model provides a structured approach to continuous model improvement.
4. AI objectives are aligned with business goals. Operational planning and control guidance provides a mechanism to ensure trustworthiness.

Finally, an AI system impact assessment allows organizations to ensure that all technologies, processes, systems, roles and decisions collectively help organizations develop safe, responsible, trustworthy and risk-free AI Management Systems.