Skip to content

ISO/IEC 23894:2023 Information Technology - Artificial intelligence - Guidance on risk management

Summary

ISO/IEC 23894:2023 provides organizations with guidance on applying established risk management principles specifically to artificial intelligence systems. It aligns AI risk considerations with ISO 31000, the general risk management standard, and covers the full AI lifecycle—from design and data acquisition to deployment and decommissioning. The standard is not certifiable but is intended as a practical reference for integrating AI-specific risks into enterprise risk management frameworks.

Key Takeaways

  • Addresses AI specific risks such as bias, transparency, misuse, safety, and security.
  • Supports alignment with other regulatory frameworks like EU AI Act and NIST AI RMF.
  • Covers risk identification and mitigation during design, development, operation, and retirement.
  • Focus on organizational governance.

Additional Sources

Tags

risk-management, governance