Skip to content

4.3 Layer 7: Controls (ISO42001) #47

Description

@litfoy

Hi,

in the AI safety best practices Layer 7 controls there seem to be some unclear mappings to the ISO42001. The controls are summarized Appendix A and further described in Appendix B ("Implementation guidance for AI controls") using the same indexes. Maybe double-check:

Current version: "A.7.4 (human oversight)"
Actually A7.4s headline is "Quality of data for AI systems" and it correctly deals with data quality. I would suggest to substitute this control with A9.3. B9.3 states:
[..] The organization should determine at which stages of the AI system life cycle meaningful human oversight objectives should be incorporated. This can include: - involving human reviewers to check the outputs of the AI system, including having authority to override decisions made by the AI system; [..]

Current version: "A8.2 (data minimization) "
A8.2 is described as "System Documentation for users". Beside the mapping not seeming correct, this could actually be a pretty nice point for safety risks. I didnt deal with NIST so far. But "literacy" (term EU AI Act for people being trained to use the system) is mentioned often. Also in ISO42001 there is "7.2 Competence" (note this is not in the controls section). For Data Minimization - I do not find something suitable.

Current version: "A8.3 (system safety)"
A8.3 is "external reporting" in ISO42001.

Current version: "6.2.2 (AI development)"
This fits, though the whole part 6.2 affects development of AI systems.

cheers, Igor

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions