Managing AI Technology in A Way That Makes Your Clients Trust You – Part 3

The explosion of Artificial Intelligence (AI) technology is taking the world by storm. However, there is a lot of apprehension around the amount of data it possesses, the confidentiality of the data and the potential impacts of the data. Here in comes ISO 42001:2023 – Artificial Intelligence Management System. This ISO Standard looks to ensure organisations are appropriately controlling their use or development of AI by taking in the potential “Impacts” the AI technology could have.

Read Article
man sitting at laptop in cyber security

Thomas Dold I 21st November 2024

The explosion of Artificial Intelligence (AI) technology is taking the world by storm. However, there is a lot of apprehension around the amount of data it possesses, the confidentiality of the data and the potential impacts of the data. 

Here in comes ISO 42001:2023 – Artificial Intelligence Management System. This ISO Standard looks to ensure organisations are appropriately controlling their use or development of AI by taking in the potential “Impacts” the AI technology could have. 

In part 3 of this series, we will look to break down how the ISO 42001:2023 has organisations manage the Support and Operations sections of the standard. 

Support

Resources  

To ensure that your organisation can maintain compliance with the AI Management System and continually improve how it operates, the organisation needs to ensure that there are appropriate resources allocated. These can be technical, people, internal or external. As long as the management system can be effectively managed and maintained.

Competence

Now that the appropriate resources have been determined, your organisation needs to ensure that any people involved are trained/experienced to what they determine is an acceptable level. Where possible appropriate evidence of these competencies must be tracked and maintained.

Awareness

When implementing an AI Management System in the organisation, all staff need to be made aware of it, what the policy is and their role in maintaining it. It needs to be made clear what the implications are for not conforming with the policies and how to go about reporting any issues or improvements.

Communication

As with most things, communication is key, as part of the AI Management System the organisation needs to determine the relevant internal and external communications that will be needed as part of it.

When determining these, there are 4 key components you must include. These are:

  • What you will communicate
  • When you will communicate
  • Whom you will communicate with
  • How you will communicate

Documented Information

When creating documentation such as policies, standards, procedures or processes related to the AI Management System, they need to be managed and controlled in a consistent manner.

This is simply content such as consistent title structure, version control, date, change history and approval.

The documents need to be reviewed regularly and made available to all necessary personal, so controlling the distribution of documentation is also important to capture where possible.

Operations

Operational Planning and Control

The AI Management System needs to determine the controls in scope from the Annex A and establish the criteria for the processes. Then implement the controls in accordance with the criteria you have set. We will dive deeper into the controls and how to implement them in Part 5 of this series.

AI Risk Assessment

The organisation at regular planned intervals or when there is notable change to a process, needs to conduct risk assessments to ensure that there are no new unacceptable risks being identified. The organisation must retain documented results of the risk assessments taking place.

AI Risk Treatment

The organisation needs to determine the treatment plan for all identified risks, common methods for this are methodologies such as:

  • Treat
  • Terminate
  • Tolerate
  • Transfer

This lets you direct the intention of your plan to manage the risk, from there, depending on the choice you will determine a more formalised plan for reducing the risk. Treatment plans need to be reviewed for effectiveness and revalidated if the intended outcome has not been met.

AI System Impact Assessment

Similar to what was discussed in Part 2, this section simply wants to ensure that impact assessments are carried out at regularly planned intervals and whenever a notable change to the AI Management System takes place.

Looking For Cyber Security?

Enquire about our comprehensive Cyber Security Services today.

Talk To UsOur Services

Related posts

Get the latest news and insights on cyber security.

Articles
2
min read

Understanding Cyber Essentials Plus

In a previous article, we explained an overview of Cyber Essentials and how the self-assessment process works. The next step in completing your Cyber Essentials self-assessment is to explore the Cyber Essentials Plus certification. This is the technical verification of your self-assessment and demonstrates that your organisation has correctly implemented the Cyber Essentials controls.
Read more
Articles
3
min read

Managing AI Technology in a Way That Makes Your Clients Trust You-Part 2

In part 2 of this series, we will look to break down how the ISO 42001:2023 has organisations manage the Leadership and Planning sections for the standard.
Read more
Partnership
4
min read

D&D Network Services & 3CT Security: Bolstering Managed Service Providers Security Offerings

Through this partnership with D&D Network Services, we aim to build compliance and resilience without burden for companies with Managed Services, further fortifying our place in the market as a specialist in providing affordable managed cybersecurity services to all businesses in the UK.
Read more
Articles
2
min read

Introduction to Cyber Essentials

Today's business world has evolved to rely heavily on data transfer, making all businesses increasingly vulnerable to cyber threats. Cyber Essentials is a government-backed certification program in the UK designed to help organisations protect themselves from common online threats and improve their overall cyber security posture.
Read more
Articles
3
min read

Managing AI Technology in A Way That Makes Your Clients Trust You – Part 1

The explosion of AI technology is taking the world by storm. However, there is a lot of apprehension around the amount of data it possesses, the confidentiality of the data and the potential impacts of the data. Here in comes ISO 42001:2023 – Artificial Intelligence Management System. This ISO Standard looks to ensure organisations are appropriately controlling their use or development of AI by taking in the potential “Impacts” the AI technology could have.
Read more
Articles
5
min read

Stay Ahead of Cyber Threats: Get Ready for the 2025 Cyber Essentials Updates

The NCSC has announced upcoming updates to the Cyber Essentials certification that could impact how organisations complete the self-assessment process. Although these changes won’t officially take effect until April 2025, we’re sharing the details now to help businesses prepare for any applications starting on or after April 28, 2025.
Read more
Blog
3
min read

What Makes 3CT Security The Preferred Choice for Attaining Cyber Essentials?

In today's competitive market, selecting the right partner for your business’s information security needs is crucial and with multiple consultancies out there, customers have more choice than ever before.
Read more
Blog
2
min read

How to Obtain Cyber Essentials Certification

Have you ever wondered what's involved in the process of obtaining Cyber Essentials Certification? The process is quick and simple and involves three easy steps, which we've detailed in this blog.
Read more
Blog
4
min read

How Cyber Essentials Can Power You To New Growth

As you know, Cyber Essentials is an effective, Government backed scheme that will help you to protect your organisation, against a range of the most common cyber-attacks.
Read more
Case Studies
5
min read

Code Software Achieves ISO 27001 with 3CT Security

"We knew we needed to consult experts in the field to help solve this potential challenge in the most efficient way with minimal impact on the day to day running of the company." Mark Armstrong, CEO | Code Software
Read more
Blog
2
min read

Empowering Tomorrow: The Rise of 3CT Security

Three years ago, Cameron Lewis and Thomas Dold recognised the pressing need for cyber security services and embarked on a journey to establish 3CT Security.
Read more
Partnership
4
min read

3CT Security & Validato Forge Strategic Partnership

3CT Security are excited to announce our strategic partnership with Validato, a leading provider of security control validation technology.
Read more
Blog
5
min read

Understanding Cyber Essentials Certification

Cyber Essentials, a government-backed scheme, provides a framework to help organizations protect themselves against common online threats. But who exactly needs this certification, and who actively uses it? Let’s dive in
Read more
View all