AI Sales Call Platform

This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

This document specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving an AI (artificial intelligence) management system within the context of an organization.

This document is intended for use by an organization providing or using products or services that utilize AI systems. This document is intended to help the organization develop, provide or use AI systems responsibly in pursuing its objectives and meet applicable requirements, obligations related to interested parties and expectations from them.

This document is applicable to any organization, regardless of size, type and nature, that provides or uses products or services that utilize AI systems.

This document provides guidance on how organizations that develop, produce, deploy or use products, systems and services that utilize artificial intelligence (AI) can manage risk specifically related to AI. The guidance also aims to assist organizations to integrate risk management into their AI-related activities and functions. It moreover describes processes for the effective implementation and integration of AI risk management.

The application of this guidance can be customized to any organization and its context.

This document provides guidance for members of the governing body of an organization to enable and govern the use of Artificial Intelligence (AI), in order to ensure its effective, efficient and acceptable use within the organization.

This document also provides guidance to a wider community, including:

—    executive managers;

—    external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies;

—    public authorities and policymakers;

—    internal and external service providers (including consultants);

—    assessors and auditors.

This document is applicable to the governance of current and future uses of AI as well as the implications of such use for the organization itself.

This document is applicable to any organization, including public and private companies, government entities and not-for-profit organizations. This document is applicable to an organization of any size irrespective of their dependence on data or information technologies.

ISO 9000:2015 describes the fundamental concepts and principles of quality management which are universally applicable to the following:

• organizations seeking sustained success through the implementation of a quality management system;
• customers seeking confidence in an organization's ability to consistently provide products and services conforming to their requirements;
• organizations seeking confidence in their supply chain that their product and service requirements will be met;
• organizations and interested parties seeking to improve communication through a common understanding of the vocabulary used in quality management;
• organizations performing conformity assessments against the requirements of ISO 9001;
• providers of training, assessment or advice in quality management;
• developers of related standards.

ISO 9000:2015 specifies the terms and definitions that apply to all quality management and quality management system standards developed by ISO/TC 176.

This document specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by:

a) a customer seeking services and requiring assurance regarding the quality of those services;

b) a customer requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain;

c) an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services;

d) an organization to monitor, measure and review its SMS and the services;

e) an organization to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS;

f) an organization or other party performing conformity assessments against the requirements specified in this document;

g) a provider of training or advice in service management.

The term "service" as used in this document refers to the service or services in the scope of the SMS.

ISO 9001:2015 specifies requirements for a quality management system when an organization:

a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and

b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.

This document specifies requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).

Guidance is also provided to assist in the implementation of the requirements in this document.

This document is intended for personally identifiable information (PII) controllers and PII processors holding responsibility and accountability for PII processing.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.

The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.

This document is applicable to all types and sizes of organizations that:

a) implement, maintain and improve a BCMS;

b) seek to ensure conformity with stated business continuity policy;

c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;

d) seek to enhance their resilience through the effective application of the BCMS.

This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.

This document describes the properties, related risk factors, available methods and processes relating to:

—     use of AI inside a safety related function to realize the functionality;

—     use of non-AI safety related functions to ensure safety for an AI controlled equipment;

—     use of AI systems to design and develop safety related functions.

This document provides guidance for organizations performing artificial intelligence (AI) system impact assessments for individuals and societies that can be affected by an AI system and its foreseeable applications. It includes considerations for how and when to perform such assessments and at what stages of the AI system life cycle, as well as guidance for AI system impact assessment documentation.

Additionally, this guidance includes how this AI system impact assessment process can be integrated into an organization’s AI risk management and AI management system.

This document is intended for use by organizations developing, providing or using AI systems. This document is applicable to any organization, regardless of size, type and nature.

This document establishes an Artificial Intelligence (AI) and Machine Learning (ML) framework for describing a generic AI system using ML technology. The framework describes the system components and their functions in the AI ecosystem. This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are implementing or using AI systems.

This document specifies a basic framework with principles, characteristics and approaches for the realization and enhancement for automated artificial intelligence (AI) systems’ controllability.

The following areas are covered:

—     state observability and state transition;

—     control transfer process and cost;

—     reaction to uncertainty during control transfer;

—     verification and validation approaches.

This document is applicable to all types of organizations (e.g. commercial enterprises, government agencies, not-for-profit organizations) developing and using AI systems during their whole life cycle.

This document provides guidance for identifying the context, opportunities and processes for developing and applying AI applications. The guidance provides a macro-level view of the AI application context, the stakeholders and their roles, relationship to the life cycle of the system, and common AI application characteristics and considerations.

This document provides a detailed description and implementation guidance for the Application Security Management Process.

This document provides an introduction to AI-based systems. These systems are typically complex (e.g. deep neural nets), are sometimes based on big data, can be poorly specified and can be non-deterministic, which creates new challenges and opportunities for testing them.

This document explains those characteristics which are specific to AI-based systems and explains the corresponding difficulties of specifying the acceptance criteria for such systems.

This document presents the challenges of testing AI-based systems, the main challenge being the test oracle problem, whereby testers find it difficult to determine expected results for testing and therefore whether tests have passed or failed.

This document provides guidelines to plan and prepare for incident response and to learn lessons from incident response. The guidelines are based on the “plan and prepare” and “learn lessons” phases of the information security incident management phases model presented in ISO/IEC 27035-1:2023, 5.2 and 5.6.

The major points within the “plan and prepare” phase include:

—    information security incident management policy and commitment of top management;

—    information security policies, including those relating to risk management, updated at both organizational level and system, service and network levels;

—    information security incident management plan;

—    Incident Management Team (IMT) establishment;

—    establishing relationships and connections with internal and external organizations;

—    technical and other support (including organizational and operational support);

—    information security incident management awareness briefings and training.

The “learn lessons” phase includes:

—    identifying areas for improvement;

—    identifying and making necessary improvements;

—    Incident Response Team (IRT) evaluation.

The guidance given in this document is generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance given in this document according to their type, size and nature of business in relation to the information security risk situation.

This document defines and establishes a framework for access management (AM) and the secure management of the process to access information and information and communications technologies (ICT) resources, associated with the accountability of a subject within some contexts.

This document provides concepts, terms and definitions applicable to distributed access management techniques in network environments.

This document also provides explanations about related architecture, components and management functions.

The subjects involved in access management can be uniquely recognized to access information systems, as defined in the ISO/IEC 24760 series.

The nature and qualities of physical access control involved in access management systems are outside the scope of this document.

This document gives guidance on the selection and application of tools that can be used in a quality management system to:

a)       characterize a process or a variable;

b)       facilitate problem solving;

c)        highlight areas for improvement;

d)       improve effectiveness.

This document provides guidelines for developing and maintaining business continuity plans and procedures. It is applicable to all organizations regardless of type, size and nature, whether in the private, public, or not-for-profit sectors, that wish to develop effective business continuity plans and procedures in a consistent manner.

This document gives guidance for business continuity strategy determination and selection. It is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors.

It is intended for use by those responsible for, or participating in, strategy determination and selection.