Hi,
in the AI safety best practices Layer 7 controls there seem to be some unclear mappings to the ISO42001. The controls are summarized Appendix A and further described in Appendix B ("Implementation guidance for AI controls") using the same indexes. Maybe double-check:
Current version: "A.7.4 (human oversight)"
Actually A7.4s headline is "Quality of data for AI systems" and it correctly deals with data quality. I would suggest to substitute this control with A9.3. B9.3 states:
[..] The organization should determine at which stages of the AI system life cycle meaningful human oversight objectives should be incorporated. This can include: - involving human reviewers to check the outputs of the AI system, including having authority to override decisions made by the AI system; [..]
Current version: "A8.2 (data minimization) "
A8.2 is described as "System Documentation for users". Beside the mapping not seeming correct, this could actually be a pretty nice point for safety risks. I didnt deal with NIST so far. But "literacy" (term EU AI Act for people being trained to use the system) is mentioned often. Also in ISO42001 there is "7.2 Competence" (note this is not in the controls section). For Data Minimization - I do not find something suitable.
Current version: "A8.3 (system safety)"
A8.3 is "external reporting" in ISO42001.
Current version: "6.2.2 (AI development)"
This fits, though the whole part 6.2 affects development of AI systems.
cheers, Igor
Hi,
in the AI safety best practices Layer 7 controls there seem to be some unclear mappings to the ISO42001. The controls are summarized Appendix A and further described in Appendix B ("Implementation guidance for AI controls") using the same indexes. Maybe double-check:
Current version: "A.7.4 (human oversight)"
Actually A7.4s headline is "Quality of data for AI systems" and it correctly deals with data quality. I would suggest to substitute this control with A9.3. B9.3 states:
[..] The organization should determine at which stages of the AI system life cycle meaningful human oversight objectives should be incorporated. This can include: - involving human reviewers to check the outputs of the AI system, including having authority to override decisions made by the AI system; [..]
Current version: "A8.2 (data minimization) "
A8.2 is described as "System Documentation for users". Beside the mapping not seeming correct, this could actually be a pretty nice point for safety risks. I didnt deal with NIST so far. But "literacy" (term EU AI Act for people being trained to use the system) is mentioned often. Also in ISO42001 there is "7.2 Competence" (note this is not in the controls section). For Data Minimization - I do not find something suitable.
Current version: "A8.3 (system safety)"
A8.3 is "external reporting" in ISO42001.
Current version: "6.2.2 (AI development)"
This fits, though the whole part 6.2 affects development of AI systems.
cheers, Igor