Harness the new era of AI and create a smart future - ISO/IEC 42001:2023 standard helps companies build efficient artificial intelligence management systems!

Preface

With the rapid development of science and technology, artificial intelligence (AI) is gradually penetrating into every aspect of our lives, bringing huge changes to human society. However, with the widespread application of AI technology, the ethical, security and forward-looking problems it may bring have gradually surfaced, such as data privacy leaks, algorithm bias, and the opacity of automated decision-making. These problems not only affect the credibility of AI technology, but may also cause potential harm to human society. Secondly, the global regulatory demand for AI technology is also an important driving force for the release of ISO/IEC 42001:2023. With the widespread application of AI technology, governments and enterprises in various countries have begun to realize its potential risks and challenges, and have strengthened the supervision of AI technology. However, due to the lack of unified standards and norms, there are large differences and uncertainties in AI supervision across countries, which affects the cross-border application and promotion of AI technology. Therefore, formulating a set of internationally accepted AI management system standards will help promote global AI regulatory cooperation and coordination and promote the healthy development of AI technology.

In this context, ISO and the International Electrotechnical Commission (IEC) recently formulated ISO/IEC 42001:2023 (Information technology — Artificial intelligence — Management system). This standard not only focuses on the technical level, but also goes deeper into organizational strategy, risk management and The multiple dimensions of ethics and morality are dedicated to comprehensively improving the competitiveness and credibility of organizations in the AI ​​era. Today, the editor will take you to understand the ISO 42001 standard.

I. Overview

ISO/IEC 42001:2023 (Information technology — Artificial intelligence — Management system), the full name is "Information technology - Artificial intelligence - Management system", is jointly released by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2023 A new standard that specifically regulates the management system of artificial intelligence (AI). The standard aims to ensure that organizations can follow responsible and sustainable principles when developing, deploying and using AI technology, so as to effectively assess and manage the risks brought by AI and seize innovation opportunities.

2. Scope of application

This standard applies to all types of organizations, regardless of size, industry or region, as long as they involve the processing, storage and transmission of personal information, they can use this standard to establish and maintain personal information security management systems. In addition, this standard can also serve as an important basis for establishing a trust relationship between personal information processors (such as enterprises, government agencies, non-profit organizations, etc.) and personal information subjects (such as individual users, customers, etc.).

3. Core content

Including the following aspects:

1. Information security policies and goals: The organization should clarify the goals and policies for personal information security and ensure that all employees understand and follow them.

2. Information security organization: The organization should establish a corresponding information security management organizational structure, clarify responsibilities and authorities, and ensure the effective implementation of information security management.

3. Risk assessment and management: Organizations should regularly conduct personal information security risk assessments, identify potential threats and vulnerabilities, and formulate corresponding risk management measures.

4. Information security control measures: Organizations should develop and implement a series of information security control measures, including physical security, network security, access control, encryption technology, etc., to ensure the confidentiality, integrity and availability of personal information.

5. Information security training and awareness raising: Organizations should conduct information security training to improve employees’ information security awareness and ensure that employees can comply with information security regulations and operating procedures.

6. Information security monitoring and auditing: Organizations should establish an information security monitoring mechanism, regularly audit and evaluate the personal information security management system, and promptly discover and correct existing problems.

4. Implementation significance

Implementing the ISO/IEC 42001 standard is of great significance to organizations and individuals:

1. Improve the level of organizational information security: By establishing and maintaining a personal information security management system, organizations can effectively prevent information security risks, improve information security levels, and protect the legitimate rights and interests of personal information.

2. Improve the organization's image and credibility: Adopting the ISO/IEC 42001 standard shows the organization's emphasis on and commitment to personal information security, which helps improve the organization's image and credibility and win the trust of customers, partners and the public.

3. Promote business development and innovation: Personal information is an important asset of the organization. Implementing the ISO/IEC 42001 standard will help organizations make full use of personal information resources, promote business development and innovation, and achieve sustainable development.

In short, the ISO/IEC 42001 standard provides organizations with a comprehensive and systematic personal information security management system framework, which helps organizations strengthen personal information security management, reduce information security risks, and enhance the organization's competitiveness. Therefore, various organizations should pay attention to and actively adopt this standard to contribute to the security and privacy protection of personal information.

About ISO organization

The International Organization for Standardization (ISO) was founded in 1947. It is an international organization in the field of standardization. The organization defines itself as a non-governmental organization, and its official languages ​​are English, French and Russian. ISO comes from the Greek "ISOS", which means "equality".

ISO is responsible for standardization activities in most fields in the world today (including military industry, petroleum, shipbuilding and other monopoly industries), and carries out technical activities through 2856 technical structures (including 611 technical committees, 2022 working groups, and 38 special working groups).

purpose

Promote the development of standardization work worldwide to facilitate international exchanges of materials and services, and expand cooperation in knowledge, science, technology and economy. Its main activities are to formulate international standards, coordinate worldwide standardization work, organize members and technical committees to exchange information, cooperate with other international organizations, and jointly study related standardization issues.

Task

ISO's mission is to promote the development of standardization and related activities around the world, with the purpose of facilitating the international exchange of goods and services and further strengthening cooperation in the fields of knowledge, science, technology and economy. International agreements formed by ISO are published as international standards. ISO's first standard, Standard Reference Temperature for Industrial Length Measurement, was published in 1951.

organization

ISO's organizational structure is divided into non-permanent institutions and permanent institutions. The highest authority of ISO is the ISO General Assembly, which is a non-permanent organization of ISO. The ISO Central Secretariat is responsible for the work of the General Assembly, the four policy-making committees established by the General Assembly, the Council, the Technical Management Bureau and the Secretariat of the General Standardization Principles Committee.

The main bodies of ISO are the General Assembly, Council, Technical Management Bureau, Technical Committee and Central Secretariat, as shown in the figure.

ISO has promulgated a total of 25,264 international standards, covering various fields such as technology, management and manufacturing. Among them, ISO9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001 and ISO 20000 management systems are more widely used and more common.

Attached table: Common systems and uses