ISO 42001 Explained: Defining Your Organization’s Role in the AI Ecosystem

So, brief agenda for today's webinar is first, we will understand artificial intelligence

basics, how it is being used in organizations, the use of EIN organizations, then we will

just briefly look into ISO IC 40 2001, 2023 standard.

The standard name is Information Technology Artificial Intelligence Management System,

and then we will move on to today's main agenda that is AI roles which an organization

can play.

So, to start with artificial intelligence basics, so what is artificial intelligence?

As per the ISO organization, it is defined as a system which has been there and which

is impacting about daily lives.

So, the idea of machines that could think, machines that could learn and machines that

could make decisions, earlier it was part of science fiction, but today artificial intelligence

has transcended those fictional boundaries embedding itself into the fabric of our daily lives.

So, at its core, when we talk about artificial intelligence, it refers to those computer systems

which are capable of performing tasks which otherwise will require human intelligence.

So, the tasks which require human intelligence involved reasoning, learning, perception and

of course, language understanding.

Now, when you are working on your systems, on your laptops or desktops, your computer

is just giving you the output as per your commands, that's all.

Everything you have to do yourself, whether you want to create a new document in word format

or you want to create a presentation, or you want to do some data analysis on excel sheet.

So, our systems are not doing any reasoning or they are not learning anything new.

In fact, we are following whatever programs are installed on our systems, but when it

comes to the systems which are using artificial intelligence, these computer systems will

actually mimic a human behavior, hence the name artificial intelligence.

Now, to give this output of reasoning, learning, perception, language understanding,

these computer systems are not like our laptops or desktops, rather these are very large systems

with huge memory capacity, huge analytical capacity.

So, this system will analyze very vast data sets, these systems will have the

capability to recognize patterns and then make decisions with unprecedented speed and accuracy.

So, for example, Amazon's Alexa can anticipate your needs or AI driven drug development

accelerate things in medical breakthroughs. So, AI's applications are quite vast and varied

and every day nowadays we experience this.

So, now, when the artificial intelligence was being used by various organizations,

there was a risk of getting wrong results or misleading results or getting the right results,

but misuse of the system. So, hence there was a need felt globally to have a system wherein

the AIMS can be implemented. Artificial intelligence management system is what we are talking about.

Hence, in the year 2023, ISO along with IEC, these are two different organizations. ISO is

International Organization for Standardization and IEC is the International Electrotechnical

Commission. These two organizations formed a joint technical committee and they published,

developed and published the standard in 2023 with the designation 42,001.

So, the title of the standard is ISO, IEC, 42,001, 2023, Information Technology,

Artificial Intelligence Management System.

Now, there are other related standards also. So, as I was mentioning, the standards have been

developed jointly by ISO, IEC, Joint Technical Committee Number 1 under subcommittee Number 42.

So, this is the JTC and SC which is focusing on artificial intelligence. So, it has played a

very pivotal role in addressing the responsible development and responsible use of AI technologies.

There are other standards also. So, one is 42,001, 2023. Other is 23894, 2023,

which talks about AI guidance on risk management. Then, there is a standard 2,3053, 2022 which

provides a framework for AI systems using machine learning. So, these standards provide decision

as well as the policy makers with a very structured framework to create a consistent and transparent

AI systems, closing the regulatory gaps and the best is these are now auditable.

So, independent certification bodies can do the assessment of an organization's

artificial intelligence management system and the organizations now can get certified on ISO,

IEC, 42,001, 2023. So, this international standard is applicable to

all organizations irrespective of their geographical boundaries irrespective of the sector they belong to,

irrespective of even their size, whether small or large.

This standard specifies the requirements for establishing, implementing, maintaining and

continually improving an artificial intelligence management system within the organizations.

So, typically if you look at

this is a PDCA approach, plan, do, check, act and go back to planning. So, PDC is basically a

cyclic approach. It keeps on getting repeating. So, this leads to continual improvement.

So, establishing is plan, implementing is do, execute what we have planned,

maintaining is monitoring, check part and continual improvement is at part.

Whatever gaps get identified, organizations mitigate those gaps and continually improve their

system. So, this standard is designed for all such entities which are either providing or

utilizing the AI based products or services, main focuses responsible development and responsible

use of AI systems. So, ISO IEC 42,001 is the world's first AI management system standard which

provides valuable guidance for the rapidly changing field of technology.

This standard addresses very unique challenges which AI poses to start with ethical considerations.

As I said, misuse of AI can lead to a havoc.

Then transparency on what basis the results are being predicted by the AI system and then of course,

continuous learning. So, for organizations, this standard sets out a structured way to manage

risks as well as opportunities which are associated with use of AI balancing the innovation.

But at the same time with good governance also.

Now, some of the sectors which have been using AI technology, health care has been using it.

In the health care sector, AI can process and analyze vast amounts of patient data.

When we say vast amount, we are talking about running into millions of the data.

It enables accurate diagnosis. It is being used for predictive analytics and personalized

treatment recommendation for better health outcomes. It also plays a very crucial role in drug

discovery in medical imaging, helping the doctors to detect diseases earlier and in a more

effective manner.

Then AI has been very widely used in the business and manufacturing sector also.

So, there are AI driven automation which has enhanced the efficiency across industries.

Whether you take it fraud detection or risk assessment to market trend analysis,

all these decisions are now being done by using some or the other AI technology.

In the manufacturing sector, AI powered robots have helped the organization to streamline the

production and predictive maintenance has helped to prevent equipment failures before they happen.

Even in the retail sector, AI enables personalized shopping experiences, smart inventory management.

Nowadays, you would have seen that most of the organizations are using chatbot for customer support.

And the organizations use AI for data driven advertising strategy which has them to increase the

sales. Now, AI has also been used in the transport sector. It gives a traffic moving,

frequency breakdown, streamlines, logistics and shipping and supply chains.

So, use of AI you can find in fleet tracking, in automated scheduling,

wherein this use ensures faster smarter and more efficient operations.

Now, when it comes to an organization using AI, organization can play different roles.

And it is important to understand those roles.

And that is why we are together here because as a different role player, you will have different issues.

Your interested parties would be different. Their needs and expectations would be different.

So, broadly an organization can be an AI provider.

It can be an AI producer. It can be an AI partner. It can be an AI customer or even AI subject.

And these roles are not mutually exclusive. There can be an organization which is

AI provider as well as producer.

There could be an AI customer as well as an AI subject. So, today we will just have a brief insight

into these different roles.

So, to start with AI provider,

AI provider can be taken as the originator. Now, who are these AI providers?

These are the big tech companies, big research labs which will create the core intelligence.

They will create the AI foundation models.

Now, because to ensure that the machines, the systems are mimicking the human behavior,

they are able to do the reasoning, do the logical thinking and give the results close to accuracy.

We need not only vast amount of data, we also need the machines which have very high processing

capabilities. So, the AI providers are the entities which will spend billions on GPUs.

They will consume a huge amount of electricity and train the massive models,

like GPT, Claude, Lama etc. And these organizations also define the legal boundaries of such models

in terms of safety filters, in terms of capabilities.

Now, the regulatory burden for safety is very heavily implemented on these AI providers,

especially under laws like EU AI Act.

So, they have to ensure that the models that they are developing, they are in compliance to

safety regulations, safeguarding the privacy data as per the EUI AI Act.

Now, EU AI Act has already been published. Other countries are likely to follow within next 10-12

months or maybe at the most two years. So, AI provider organizations are the ones like Open AI,

Google Define, Anthropa, Meta, Mistral etc.

Next type of the organization is AI producer. These are the product builders.

Now, these are the companies which will take the raw model from the AI provider and then

provide a usable consumer product. Just like in manufacturing, a manufacturer sources the raw

material and then gives a usable consumer product. Similarly, here also AI producer is doing the

same job. So, an AI provider will give you a raw API with a code interface

and producer will give you a polished app with buttons, logic screen, specific features so that

it becomes user-friendly. So, after taking the raw models from the AI providers,

the AI producers will fine tune the model to be good at one specific thing. For example,

writing legal contracts, creating your policies.

Now, just for the sake of having a distinction, Open AI is an AI provider of chat GPT

and Microsoft which is also a very large organization is acting as a AI producer.

So, Microsoft has created co-pilot which uses the GPT-4 inside it.

Then, there can be AI partners. Now, these are the enablers. So, that's why the term partner

is being used here. So, consultants, system integrators, cloud platforms, these are the ones that

will help the organizations in adopting the AI for their use. So, they do not be the model.

The model is already there. They do not own the product. Product is owned by AI producer.

Model is given by AI provider. So, what do AI partners do? They will connect the dots.

So, they will help a non-tech company to install an AI system or model in a secure manner.

So, organizations like Accenture which acts like a consulting partner to various other consumers

or clients. AWS acts like a hosting partner. Nvidia is a hardware partner which provides those

high performance GPUs which can do the data processing in a matter of seconds.

Then, there are AI customers. Now, AI customer, we can consider as an organization

acting as a deployer which deploys which uses the AI systems. So, they would be paying for its use

and they would be using the AI systems to solve the problem or for their own use.

So, these are the ones who will control the inputs. These are the ones who are responsible

how the AI is used in the real world. So, consider an example in a B2B segment.

A bank is an AI customer because it has bought an AI tool to screen loan applicants.

So, now here, how is bank using this tool? Anyone who can share some thoughts,

please use a chat box to share your thoughts on how a bank would be benefiting from using an AI tool

while screening the loan applicants. This is one of the most important roles and organization

plays. So, what are the benefits to banks when they are using an AI tool?

First, a processing selection rejection based on credit history, financial verification,

eligibility, quick validation, saving time, no discrimination, no bias,

online video KYC, previous history, civil score,

is processing large amount of data as a reference point and then scrutinizing the application

for your inputs. Now, take another example. You and me, B2C, business to customer,

you are paying some amount to use chat GPT. This is an AI product.

So, just share for what purpose have you used any of these AI models? Yes,

persplexi also, copilot also. So, just share your inputs on how have you used it? How has it

benefited you? In what terms? Yes, the art of using the AI is learning to use the right kind

of prompts. So, prompt engineering would be quite useful there. Academic purpose, very true.

In searching definitions of keywords, analyzing data, analyzing logs which are

very voluminous. Okay, very interesting input in the chat box, replaced Google search with AI

overview. Now, if you look at a Google search used to give us the results on a preset data.

There is now with the AI overview, do not only get the results on the Google search,

but also you get better insight.

Yes, persplexity is also gaining popularity. So, here we are acting like AI customer.

We are the employers. So, customers can be B2B, customers can be B2C as well.

Then, there are AI subjects, the affected person, and AI subject is an individual about whom the

AI makes a prediction or decision or generation. Now, these subjects will not be buying or controlling

the AI, but they will be experiencing its effects.

Now, take an example of a patient whose diagnosis is done based on an AI model.

Now, that patient is an individual who has not bought any AI, who is not having any control on AI,

but whatever will be the output that is going to affect this person.

Now, this is the privacy data. Hence, it is important to focus.

Privacy laws like GDPR are there to protect these people who are in GDPR, they are called as

data subjects.

Now, even though GDPR is a European Union law or act meant for citizens of European Union

countries, there are 27 European Union countries plus UK, which has come out of European Union.

So, but UK also uses GDPR under the title UK GDPR.

So, protection of privacy data is the foundation of such laws.

Now, every country has bought one or the other privacy law, the focus on protecting privacy

related information is increasing. Even the ISO 27001,

when it was a 2013 standard, it was simply information technology,

not technology, sorry, let me write it again.

ISO IEC 27001, 2013, was information technology, security techniques,

information security management system. When this 2013 standard was reviewed and republished

as ISO IEC 27001, 2022. Now, this standard became information security,

cyber security and privacy protection,

information security management system. It provides the requirements for

information security, cyber security and privacy protection. So, the focus on privacy

is increasing worldwide and views of artificial intelligence

can impact individuals and societies.

So, AI subject, one, I told you a patient can be an AI subject.

Now, if a bank is using the AI to decide on your loan application,

bank is acting like an AI customer and in the same process, you are the AI subject.

Why? Because you will experience the effect of the decision.

So, these are the main roles. Now, let us understand what are their goals.

So, this is for your easy understanding. AI provider will focus on capabilities.

Producers will focus on usability of the system. Partner will be focusing on integration

of the system. Customer will look at the value and the subject would be concerned with the rights.

So, for an AI provider, the primary goal is building the smartest and the safest model.

Whereas, producer will focus on building a product from the raw data or raw model taken

from the provider and trying to solve a specific user need.

Partners are the one who focus on integration. So, they help others use the technology successfully.

Customer focuses on value. So, their focus is to save money, to save time and gain efficiency.

As a subject, our goal is to get a fair treatment and still maintain our data privacy.

So, if you take an analogy of building a house, a provider is the one who is providing

to the raw material, brick manufacturer for example, your home builder who is actually going to

build the house using that brick raw material is a producer. The real estate agent is acting like

a consultant helping you to find or buy the house. So, that is the role of a partner.

Customer is a homeowner who actually buys the house to live in.

Now, subject could be a neighbor who can be affected by how the house is being built or even

how the house is being used. So, now, in the real world, when we talk about AI,

Google DeepMind is an AI provider. So, their specific action includes, they will invest

huge money billions into research and training the massive computer vision model

that would learn to recognize the shapes, recognize tumors.

Now, narrative is a producer. So, what they have done is they buy access to this model

and when build a specific software called as Uncle Scan Pro to be used for cancer detection.

So, it has got a very user friendly interface for doctors. Now, the doctors can find

units specifically for medical images. Accenture is acting like a partner.

So, now the hospital has got doctors, but they do not have expertise on using artificial

intelligence. So, they hire consultants to install such models. Uncle Scan Pro into their secure

servers and then training the doctors on using this software or application.

Now, take for instance myoclinic. It's acting like a customer. It is paying for the software.

So, they are employers. They will decide when to use this. For example, every patient over 50

will get scan. The patient is the AI subject because it is the patient's x-ray which is being

analyzed. Patient is not buying the AI, but patient's life is getting affected by the decision

based on AI. So, now as an organization, when we go for implementing AI MS,

we need to check what role is our organization playing.

Now, as I said, these roles are not mutually exclusive. An organization might be using AI in

different roles. Now, take for example myoclinic. Now, it is acting like an AI customer,

a employer. Now, it might be using some chatbot for patients.

So, one, it is using it for own use. Second, it is interacting with the patients through

a different tool, which is a different AI product.

So, this was the brief introduction to the AI roles.