AI Risk & Governance
Know where AI is used. Understand the risk. Establish control.
An integrated AI governance service built around four international references: ISO/IEC 42001, ISO/IEC 23894 - Artificial Intelligence — Guidance on Risk Management, ISO/IEC 42005 and ISO/IEC 38507.
The four references
A coherent governance stack.
ISO/IEC 42001
AI management system requirements.
ISO/IEC 23894 - Artificial Intelligence — Guidance on Risk Management
Guidance on AI risk management.
ISO/IEC 42005
Guidance on AI system impact assessment.
ISO/IEC 38507
Governance implications of AI for the governing body.
Service components
What you can engage us for.
- AI use-case inventory
- Governance review
- AI risk assessment
- AI impact assessment
- Supplier AI assessment
- Policy development
- Roles and accountability
- Human oversight design
- Data and privacy considerations
- Transparency and communication
- Incident and change management
- Board and leadership workshops
- Implementation roadmap
Pathways
Different starting points, same destination.
Organisations developing AI
Governance across design, training data, evaluation, deployment, monitoring and change.
Organisations providing AI products
Customer-facing transparency, supplier governance, incidents, support and lifecycle change.
Organisations using third-party AI
Use-case inventory, supplier assurance, employee guidance, data exposure and oversight.
Connect it up
Pair AI governance with information security and quality.
Most AI risk is also information risk, quality risk or continuity risk. We routinely integrate AI governance with ISO/IEC 27001 and ISO 9001 — one management system, one cadence.