What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? We will explore these three questions in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. In this episode, Tom is joined by Ali Khan, Head of Governance Risk & Compliance at Kandji and an Advisory Board Member (CAB) at Drata.
This episode discusses the essential steps to effectively implement an artificial intelligence management system, as defined by ISO 42001. They start by understanding the standard requirements and expectations, performing a scoping exercise and gap assessment, and securing management’s commitment to the project. Key steps include revamping the risk assessment process to align with ISO 23894, which guides managing AI-related risks and using the NIST AI risk management framework. The design and implementation phase involves creating various AI policies, integrating AI deployment plans, and performing impact and risk assessments. They also discuss Kandji’s internal audit plan, third-party vendor assessment processes, and security awareness training to include AI-specific considerations. The beauty of ISO 42001 is its applicability to organizations of any size and industry that develop, produce, or use AI products or services.
Key highlights:
- Understanding the Standard Requirements
- NIST AI Risk Management Framework
- Design and Implementation
- Creating AI Policies and Procedures
- Performing AI Impact and Risk Assessments
- Steps Taken for ISO 42001 Implementation
Resources
Ali Khan on Linkedin
Tom Fox
