It will not be long before artificial intelligence systems have to be certified. Companies and public institutions will be forced, either by regulation or by market demand, to have their AI models and processes audited. The industry still has time to adapt to this, but there are signs of how it might work.
There are already standards for the certification of AI systems. The ISO standards contain regulations for the development and use of this technology. One of these standards that focuses specifically on AI is ISO/IEC 42001:2023, which dates from 2023 and is intended to provide a framework for companies using AI technology. However, other standards will also have an impact on the AI market. ISO/IEC 17021-1:2015, for example, is a standard that defines the requirements for bodies that provide audit and certification services for management systems. The title of this standard is "Assessment of conformity. Requirements for organizations that audit and certify management systems:" This standard is the basis for the MSAP certification (Management Systems Audit Program), a global seal of approval.
What are management systems?
To understand the importance of this standard, you first need to know what management systems are. The key lies in management systems, which represent how companies organize themselves. They comprise the structures and processes of companies in order to act systematically and achieve the desired results.
These management systems are often based on processes such as PDCA (Plan-Do-Check-Act) or PHVA (Plan, Do, Check, and Act). From there, companies test and develop their processes, both internally and for customers.
Examples include environmental management systems, quality management systems and information security management systems. The ISO/IEC 17021-1:2015 standard relates specifically to these systems, but also applies to any type of management system that affects an organization's activities, products or services. The aim is to ensure that all systems are reviewed against regard to company policy and the requirements of the standard.
What is the purpose of the ISO/IEC 17021-1:2015 standard?
This standard specifies certain requirements for organizations that carry out audits and certifications of management systems. And here's the question: Is it a certification for organizations that also certify? Yes, it is. But it's easier to explain if we focus on the organization's activity.
We can talk about a company that audits information security management systems. This is about assessing how another company or public body has structured the protection of its information and computer resources. To be able to do this with confidence, the audit company acquires the ISO/IEC 17021-1:2015 standard, which means that it is internationally recognized and meets the stringent requirements for conducting its audits. The result is a seal of quality for its work that others do not have.
And what does all this have to do with AI?
Just as a safety information system or an environmental management system can be certified, so can an AI system. Given the rapid pace at which the AI market is developing, algorithms and models are likely to be used in many areas. Certification of all these systems provides greater guarantees for their use.
Companies that should carry out this certification or audit are those that have ISO/IEC 17021-1:2015 certification. This standard guarantees that its holders are competent to carry out the corresponding assessments.
The standard summarizes its requirements as follows: "Compliance with these requirements is intended to ensure that certification bodies carry out the certification of management systems in a competent, consistent and impartial manner, thus facilitating the recognition of these bodies and the acceptance of their certifications at national and international level."
What are the requirements of the ISO/IEC 17021-1:2015 standard?
There are several factors that a certifying company must fulfill in order to obtain this standard. They can be summarized in five points:
- Competence: certification bodies must have a team of auditors who have the necessary skills and knowledge to carry out audits effectively.
- Consistency: Bodies must follow a consistent process for all audits and certifications.
- Impartiality: Independence and the absence of conflicts of interest are prerequisites for all bodies that carry out certifications.
- Confidentiality: Bodies must be able to manage sensitive information responsibly and securely.
- Risk control: Certification bodies must be able to identify and manage potential risks to the certification process.