Stakeholder oriented AI Governance processes

The EU AI Act and ISO/IEC 42001 international standard are critical frameworks for ensuring the responsible and ethical development, deployment, and governance of AI applications, products & services. Together, they play a pivotal role in governance promoting transparency, data governance, effective risk management and quality assurance throughout the AI lifecycle.

The EU AI Act establishes legal requirements for high-risk AI systems, emphasizing transparency, accountability and robust oversight to safeguard fundamental rights and freedoms. It ensures that AI systems are developed and used in compliance with ethical standards, fostering trust among users and stakeholders. By requiring AI systems to be auditable and explainable, the Act enhances transparency, which is vital for organizations to meet public and regulatory expectations.

On the other hand, the ISO/IEC 42001 international standard provides a structured approach (Plan-Do-Check-Act - PDCA cycle) to managing specific requirements, risks and issues arising from using AI in an organization. The standard’s focus on continuous improvement ensures that organizations are proactive in adapting to emerging threats and vulnerabilities in AI technology.

Together, these frameworks foster a holistic approach to Governance and in particular data governance, risk management and quality assurance, ensuring that AI systems are not only secure but also transparent and accountable. ISO/IEC 42001’s principles of AI specific information management and the EU AI Act’s regulatory requirements complement each other, driving the ethical use of AI across industries.

Furthermore, the use of a SIPOC process map during the AI lifecycle is essential in ensuring effective governance. By clearly mapping out the Suppliers, Inputs, Process, Outputs & Customers of an AI system, organizations can identify key touchpoints where governance, transparency and quality controls must be applied. This process model & process map helps to ensure that AI systems are developed and managed with appropriate oversight at each stage, from initial conception to deployment, maintenance and decommissioning. It provides clarity on roles, responsibilities and interactions among various stakeholders, enabling a more organized approach to managing risks and maintaining the quality & integrity of AI systems.

Incorporating a SIPOC process map not only supports the operationalization of the EU AI Act and ISO/IEC 42001 international standard but also aligns all stakeholders with a shared understanding of how governance, risk management, and quality assurance will be executed throughout the AI lifecycle. This leads to a more sustainable, ethical and accountable AI ecosystem, driving trust and innovation while minimizing risks.

Using the following link you can access this sandbox SIPOC data & process model in the ProcessHorizon web app and adapt it to your needs (easy customizing) and export or print the automagically created visual AllinOne process map as a PDF document or share it with your peers: https://app.processhorizon.com/enterprises/xvcKb6WMT3arfjtXhnNC7n4f/frontend

Please consult the EU AI act https://www.euaiact.com/ and the ISO/IEC 42001 international standard https://www.iso.org/standard/81230.html for compliance of your AI applications.