Originally Posted On: https://insightassurance.com/achieving-iso-iec-42001-compliance-how-to-overcome-common-challenges/
Achieving ISO/IEC 42001 Compliance: How to Overcome Common Challenges
Late in 2022, a wave of Large Language Model (LLM)-based applications began going live online, letting users generate human-like text outputs, images, and even songs by typing simple plain-language prompts. This was generative artificial intelligence. AI—which in its “non-generative” forms had already made waves in areas like analytics and robotics—exploded onto the mainstream radar. Businesses naturally sought opportunities to use these powerful new tools. But generative AI’s never-before-seen features raised equally unprecedented concerns.
From the Wild West of AI emerged reports of copyright litigation, AI-based tools confidently “hallucinating” falsehoods as fact, and more. It became clear that organizations needed to understand not just leveraging AI profitably, but also doing so ethically, safely, and without inadvertently introducing legal risk. An industry standard was necessary.
In December of 2023, the International Organization for Standardization (ISO), in collaboration with the International Electrotechnical Commission (IEC) introduced that standard, ISO 42001, establishing benchmarks for the responsible management and use of AI systems and AI-based tools.
ISO/IEC 42001 compliance is growing in importance and esteem as AI proliferates, regulations arise, and certified enterprises thrive. But businesses implementing it may face internal challenges. This blog will identify common challenges and our tips for overcoming them to set the stage for a successful implementation.
Common Challenges Organizations Face When Planning to Implement ISO/IEC 42001
A Lack of Awareness and Understanding
Due to its newness, even tech experts might not yet know about ISO/IEC 42001. Less technologically-focused high-level staff might not understand how an organization uses AI, or the importance of an AI-focused governance framework.
Resource Constraints
An organization may opt not to implement ISO/IEC 42001 in order to focus time, money, and staff on projects with a more easily understood payoff. It may also lack AI-literate staff and technical project managers capable of implementing the standard.
Integrating ISO/IEC 42001 With Existing Management Systems
An organization with numerous management systems in place governing different aspects of its operations could be concerned about a new AI-specific standard interfering with other standards, potentially causing confusion or affecting business.
The following tips will help address each of these respective hurdles:
Overcoming a Lack of Awareness and Understanding
Make sure staff is educated with a well-built training initiative
Implementing ISO/IEC 42001, staff may have basic questions about organizational AI usage, technically sophisticated questions about compliance, and everything in between. A well-structured, easy-to-understand, well-deployed training addresses them all. Good training sessions can inform, set critics at ease, and prevent surprises during implementation.
Let the experts lead the training effort
Technical training is not easy to manage single-handedly. Organizations can rely on expert consultants who specialize in creating workshops and training sessions that speak directly to the knowledge deficits, levels of technological sophistication, and needs of different departments.
Addressing Resource Constraints
Organizational buy-in and budget approval are key
With complex topics like AI and compliance, you can find yourself in meetings with major stakeholders nodding their heads through discussions of acronyms they don’t know and concepts they don’t get—meetings where little is achieved. So while pursuing organizational buy-in and the budget it brings, your team must speak the lingo of different departments; talking ROI with finance, regulatory risk with legal, and so on, to establish why they, specifically, should care.
Training sessions help here too, as trainers can furnish you with department-specific talking points, do’s and don’ts, etc.
Prioritize which departments are critical to ISO Compliance
Assessing early on which business units are currently using AI solutions and how, and ranking which benefit most from ISO/IEC 42001 compliance, is key to a well-organized, quickly-executed, budget-friendly project.
Use the latest generation of streamlining solutions
Today there are suites of tools that streamline team communication, document review, and other project-critical tasks. They improve efficiency by leaps and bounds over working from legal pads or printed-out spreadsheets. Automated streamlining solutions will make your staff’s lives easier—and reduce your implementation’s price tag.
Integrating ISO/IEC 42001 With Existing Systems
Harmonize your standards, unify your system
ISO builds its management system standards to “harmonize”, so ISO 42001 works in concert with other standards (like ISO 9001 for quality management, or ISO 14001 for environmental management). A gap analysis can reveal disparities between ISO and non-ISO standards.
Beyond that, implementing ISO/IEC 42001 can be the basis for building a “unified management system.” This carefully monitored, frequently revised, living part of your business keeps operations functioning smoothly and makes it easier to introduce new standards that emerge.
Get Certified: Benefit From AI, Mitigate Its Risks
ISO/IEC 42001 ensures that no matter how AI evolves, you’re using as you should. And it will position you better to comply with AI regulation now in effect in the European Union and any that is forthcoming stateside. Getting ISO-certified, though, is no simple task. So, if compliance is your goal but you can’t figure out where to start, explore how Insight Assurance can guide your ISO 42001 certification process. We can help get your organization in line with globally recognized standards for AI—and for any other technology, so that you, your partners, and your investors will be confident you’re doing business right.