With over 25 years of experience working with companies and organizations related to new technologies, Javier Peris was not surprised by the rise of artificial intelligence. This IT business strategy consultant holds a long list of certifications and holds responsible positions in various entities linked to ISO standards.
Peris tells us about the impact that ISO standards can have in the field of artificial intelligence. There are already some standards specifically oriented towards AI, but there are also others that will influence the evolution of technology in terms of organizational, process, and system management in general.
There are different ISO standards that refer to artificial intelligence and relate to different parts of companies. How do we begin to understand this?
In all organizations, public, private, large, small or medium-sized, even startups, whether for profit or non-profit, there are always three well-differentiated levels of responsibility. On one hand, there is a governing body, in the form of a Board of Directors, Management Committee, or owner, that has the right to define the purpose and responsibility to govern the entity appropriately. This is the governance level. In addition to this governing body, there is a second level of responsibility more involved in defining and managing the strategy that will lead the organization towards achieving the objectives and purpose defined by the governance and outlined by the governance, which is the management level. Finally, there is a third level of responsibility, more tactical and operational, dedicated to carrying out routine, daily, or everyday tasks supervised at all times by management.
How is it defined what responsibility each part has in the implementation or deployment of an artificial intelligence service?
In this organizational environment, when it comes to the implementation, adoption, or provision of a particular service, each level of responsibility must be clear about how it impacts their day-to-day activities and, above all, what their role and responsibility are in risk-taking or decision-making related to any new paradigm, being a responsibility that cannot be avoided or delegated.
But the truth is that humans are eminently tactical; we rush into action confusing agility with haste. We adopt technologies with enthusiasm without thinking about the risks, threats, and implications, later lamenting with the usual "if we had thought about it before."
Should ISO standards be there to avoid this situation?
From the Standardization Committees, where impressive efforts are invested, certain groups of professionals work intensely and incessantly to solve the challenges and needs posed by society and specifically help organizations that want to implement artificial intelligence responsibly to avoid the "if we had thought about it" regret, creating standards and guidelines for each level of responsibility.
For AI, there are ISO/IEC 42001:2023 and ISO/IEC 38507:2022 standards; to what extent are they linked?
The ISO 38507 standard is a specific governance standard for organizations of any size, sector, or nature that wish to implement artificial intelligence responsibly and adequately governed through the establishment of a governance framework for artificial intelligence. For this purpose, instructions will be given so that the governing body can be sure that no major errors are made, no inappropriate practices are carried out, ethics are properly observed, and lessons are learned to achieve greater maturity in the use of this new paradigm.
On the other hand, ISO 42001 is a specific management standard also for organizations of any size, sector, or nature that wish to implement artificial intelligence effectively, efficiently, and adequately managed through the establishment of a responsible artificial intelligence system to establish the necessary controls to ensure that the will of the government is fulfilled and that the use of artificial intelligence can have a positive impact throughout the organization.
Therefore, regardless of the artificial intelligence adopted in the organization, this implementation will be adequately governed thanks to ISO 38507 and adequately managed thanks to ISO 42001.
What importance do ISO standards have in developing or deploying AI systems?
Whether we develop tools that will ultimately provide artificial intelligence services or if we intend to carry out a proper implementation of artificial intelligence in our organization, ISO standards serve as a perfect guide for this fantastic journey.
When addressing any initiative related to the adoption of new technology or a new paradigm, we must assume that it is not a "project"; the matter is much more complex as it is actually a "program of projects" and, therefore, should be undertaken through the appropriate methodology for it, such as "programme management," not just from "project management."
What recommendations would you give to an entity that wants to develop or deploy AI systems?
Artificial intelligence, both in the context of use by an organization and if it is a service provided by an artificial intelligence service provider, is not merely a result. It is a new capability or a new service and, therefore, will be enjoyed or, in the worst case, suffered for a long time beyond the life of any project. Therefore, organizations must define from the strategy what levels of capability and maturity they will achieve regarding artificial intelligence in their organization and in what time periods. This will clarify and help define realistic adoption plans that will include artificial intelligence in the organizational strategy.
Addressing disjointed, disparate, or fleeting artificial intelligence projects in the organizational environment is short-term thinking that will cause more problems than it solves, increasing the risk perimeter of the organization.
In other words, is a pre-thought and clearly defined strategy needed?
At this point in the 21st century, every organization must have a clear artificial intelligence strategy in its portfolio, whether it is an adoption or the provision of artificial intelligence services, involving its governing and management bodies from the outset.
First, let's define 'why' we want artificial intelligence and then properly define the 'for what' and the 'what.' Let’s avoid adopting this new and fantastic paradigm haphazardly, crazily, or without analyzing our weaknesses, strengths, threats, and opportunities, especially our available capabilities and resources. And let's make the governing body the owner of the artificial intelligence program, because without their proper active and conscious involvement we can never achieve success.
As Sun Tzu famously wrote in his book 'The Art of War': "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat."
Zertia
In a booming sector such as artificial intelligence, where the benefits of its implementation are so high, the demand for companies capable of carrying out audits that guarantee these types of ISO certifications is increasing. Although this market niche is more developed in North America, we can find pioneers like Zertia in Spain.
This young audit firm focuses on offering cutting-edge services to ensure that AI models and algorithms meet the highest global standards and regulations. The possession of ISO certifications is not only a sign of quality but also ensures greater business confidence, ensuring that the use of AI is fair, transparent, scalable, explainable, and sustainable.