iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

EN ISO/IEC 23894:2024

(Main)

Information technology - Artificial intelligence - Guidance on risk management (ISO/IEC 23894:2023)

Information technology - Artificial intelligence - Guidance on risk management (ISO/IEC 23894:2023)

This document provides guidance on how organizations that develop, produce, deploy or use products, systems and services that utilize artificial intelligence (AI) can manage risk specifically related to AI. The guidance also aims to assist organizations to integrate risk management into their AI-related activities and functions. It moreover describes processes for the effective implementation and integration of AI risk management.
The application of this guidance can be customized to any organization and its context.

Informationstechnik - Künstliche Intelligenz - Leitlinien für Risikomanagement (ISO/IEC 23894:2023)

Technologies de l’information - Intelligence artificielle - Recommandations relatives au management du risque (ISO/IEC 23894:2023)

Le présent document fournit des recommandations relatives à la manière dont les organismes qui développent, produisent, déploient ou utilisent des produits, systèmes et services faisant appel à l’intelligence artificielle (IA) peuvent gérer le risque spécifiquement lié à l’IA. Ces recommandations visent également à assister les organismes dans l’intégration du management du risque à leurs activités et fonctions liées à l’IA. Le présent document décrit en outre des processus pour la mise en œuvre et l’intégration efficaces du management du risque lié à l’IA.
L’application de ces recommandations peut être adaptée à n’importe quel organisme et à son contexte.

Informacijska tehnologija - Umetna inteligenca - Smernice za obvladovanje tveganj (ISO/IEC 23894:2023)

General Information

Status
Published
Publication Date
20-Feb-2024
ICS
35.020 - Information technology (IT) in general
Technical Committee
CEN/CLC/JTC 21 - Artificial Intelligence
Drafting Committee
CEN/CLC/JTC 21/WG 2 - Operational aspects
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
21-Feb-2024
Due Date
07-Oct-2025
Completion Date
21-Feb-2024
Ref Project
SIST EN ISO/IEC 23894:2024 - Information technology - Artificial intelligence - Guidance on risk management (ISO/IEC 23894:2023)

Buy Standard

EN ISO/IEC 23894:2024EN ISO/IEC 23894:2024
PreviousNext
Standard
EN ISO/IEC 23894:2024
English language
34 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
prEN ISO/IEC 23894:2024prEN ISO/IEC 23894:2024
PreviousNext
Draft
prEN ISO/IEC 23894:2024
English language
31 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN ISO/IEC 23894:2024
01-maj-2024
Informacijska tehnologija - Umetna inteligenca - Smernice za obvladovanje tveganj
(ISO/IEC 23894:2023)
Information technology - Artificial intelligence - Guidance on risk management (ISO/IEC
23894:2023)
Informationstechnik - Künstliche Intelligenz - Leitlinien für Risikomanagement (ISO/IEC
23894:2023)
Technologies de l’information - Intelligence artificielle - Recommandations relatives au
management du risque (ISO/IEC 23894:2023)
Ta slovenski standard je istoveten z: EN ISO/IEC 23894:2024
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
35.020 Informacijska tehnika in Information technology (IT) in
tehnologija na splošno general
SIST EN ISO/IEC 23894:2024 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO/IEC 23894:2024

---------------------- Page: 2 ----------------------
SIST EN ISO/IEC 23894:2024


EUROPEAN STANDARD EN ISO/IEC 23894

NORME EUROPÉENNE

EUROPÄISCHE NORM
February 2024
ICS 35.020

English version

Information technology - Artificial intelligence - Guidance
on risk management (ISO/IEC 23894:2023)
Technologies de l'information - Intelligence artificielle Informationstechnik - Künstliche Intelligenz -
- Recommandations relatives au management du Leitlinien für Risikomanagement (ISO/IEC
risque (ISO/IEC 23894:2023) 23894:2023)
This European Standard was approved by CEN on 12 February 2024.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.






















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2024 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN ISO/IEC 23894:2024 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST EN ISO/IEC 23894:2024
EN ISO/IEC 23894:2024 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST EN ISO/IEC 23894:2024
EN ISO/IEC 23894:2024 (E)
European foreword
The text of ISO/IEC 23894:2023 has been prepared by Technical Committee ISO/IEC JTC 1 "Information
technology” of the International Organization for Standardization (ISO) and has been taken over as
EN ISO/IEC 23894:2024 by Technical Committee CEN-CENELEC/ JTC 21 “Artificial Intelligence” the
secretariat of which is held by DS.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by August 2024, and conflicting national standards shall
be withdrawn at the latest by August 2024.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN-CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN and CENELEC websites.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kin
...

SLOVENSKI STANDARD
oSIST prEN ISO/IEC 23894:2024
01-januar-2024
Informacijska tehnologija - Umetna inteligenca - Smernice za obvladovanje tveganj
(ISO/IEC 23894:2023)
Information technology - Artificial intelligence - Guidance on risk management (ISO/IEC
23894:2023)
Informationstechnik - Künstliche Intelligenz - Leitlinien für Risikomanagement (ISO/IEC
23894:2023)
Technologies de l’information - Intelligence artificielle - Recommandations relatives au
management du risque (ISO/IEC 23894:2023)
Ta slovenski standard je istoveten z: prEN ISO/IEC 23894
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
35.020 Informacijska tehnika in Information technology (IT) in
tehnologija na splošno general
oSIST prEN ISO/IEC 23894:2024 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO/IEC 23894:2024

---------------------- Page: 2 ----------------------
oSIST prEN ISO/IEC 23894:2024
INTERNATIONAL ISO/IEC
STANDARD 23894
First edition
2023-02
Information technology — Artificial
intelligence — Guidance on risk
management
Technologies de l’information — Intelligence artificielle —
Recommandations relatives au management du risque
Reference number
ISO/IEC 23894:2023(E)
© ISO/IEC 2023

---------------------- Page: 3 ----------------------
oSIST prEN ISO/IEC 23894:2024
ISO/IEC 23894:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 4 ----------------------
oSIST prEN ISO/IEC 23894:2024
ISO/IEC 23894:2023(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles of AI risk management . 1
5 Framework . 5
5.1 General . 5
5.2 Leadership and commitment . 5
5.3 Integration. 6
5.4 Design . 6
5.4.1 Understanding the organization and its context . 6
5.4.2 Articulating risk management commitment . 8
5.4.3 Assigni
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
CEN/CLC ISO/IEC/TR 24029-1:2023(Main)
Artificial Intelligence (AI) - Assessment of the robustness of neural networks - Part 1: Overview (ISO/IEC TR 24029-1:2021)
SIST-TP EN ISO/IEC/TR 24029-1:2024

This document provides background about existing methods to assess the robustness of neural networks.

  • Technical report
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
prEN ISO/IEC 8183(Main)
Information technology - Artificial intelligence - Data life cycle framework (ISO/IEC 8183:2023)
oSIST prEN ISO/IEC 8183:2024
  • Draft
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/CLC ISO/IEC/TR 24029-1:2023(Main)
Artificial Intelligence (AI) - Assessment of the robustness of neural networks - Part 1: Overview (ISO/IEC TR 24029-1:2021)
SIST-TP EN ISO/IEC/TR 24029-1:2024

This document provides background about existing methods to assess the robustness of neural networks.

  • Technical report
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 2382-37:2023(Main)
Information technology - Vocabulary - Part 37: Biometrics (ISO/IEC 2382-37:2022)
SIST EN ISO/IEC 2382-37:2024

This document establishes a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings. This document also reconciles variant terms in use in pre-existing International Standards on biometrics against the preferred terms, thereby clarifying the use of terms in this field.
This document does not cover concepts (represented by terms) from information technology, pattern recognition, biology, mathematics, etc. Biometrics uses such fields of knowledge as a basis.
In principle, mode-specific terms are outside of scope of this document.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 17884:2022(Main)
ICT accessibility competences - Guidelines for a more inclusive ICT development
SIST-TP CEN/TR 17884:2022

This document specifies the knowledges, skills, responsibility and autonomy of ICT experts involved in the development of products and services (including digital contents) to increase the accessibility knowledge in different fields, for different competences and responsibilities.
This document:
—   considers accessibility as "base line" (accessibility has been also recognized in EN 16234-1:2019 as a Transversal aspect);
—   recognizes accessibility as the requirement in procurement for both public and private sectors;
—   provides an overview of useful CEN, ISO and ESCO publications in the field;
—   defines a set of knowledges, skills, responsibility and autonomy for different ICT areas to improve accessibility in the current professional roles and job positions (hardware, software, web);
—   refers to ESCO ICT profiles, that can be adapted for the three main areas: hardware, software, web;
—   refers to W3C activities for define knowledges, skills, responsibility and autonomy in web accessibility role profiles;
—   supports activities for educational providers and exam/certification institutes.
This document should help, for example, to:
—   avoid issues on the definition of third level profiles derived from European ICT Professional Role Profiles without missing accessibility requirements;
—   enable easy application of accessibility related EU-level standards and references from CEN, ISO and ESCO;
—   allow the market to adapt their current job profiles and/or training courses adding the accessibility skills.
This document supports the definition of knowledge and skills for each ICT professional role without creating new ICT role profiles which includes accessibility competences.

  • Technical report
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17834:2022(Main)
European Professional Ethics Framework for the ICT Profession (EU ICT Ethics)
SIST-TS CEN/TS 17834:2022

This document will provide an “European Professional Ethics Framework for the ICT Profession (EU ICT Ethics)” to support the vision of establishing a profession for the ICT workforce. It will thereby offer the possibility to coalesce other ethics focused initiatives around a common structure.
This ethics framework will be directly linked to EN 16234-1. It will incorporate the structural concept of EN 16234-1 and, in a comparable way, describe a blueprint of what is required and what competencies, skills and knowledge are needed to identify and address the ethical challenges that ICT professionals face in their work.
Therefore it will extend the ethics principles already described in the "Transversal Aspects of the e-Competence Framework" in such a way that concrete requirements and procedures can be defined and implemented in the respective context on the basis of the roles, methods and processes defined in the framework.
The Scope therefore is to crystalize ‘ICT Professional Ethics” into a manageable, structure “European Professional Ethics Framework for the ICT Profession” and to provide guidance on practical application provided by a methodology and application guide that will support the establishment of codes of ethics.

  • Technical specification
    103 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17748-1:2022(Main)
Foundational Body of Knowledge for the ICT Profession (ICT BoK) - Part 1: Body of Knowledge
SIST EN 17748-1:2022

This document provides a reference of 42 knowledge units as required and applied in the Information and Communication Technology (ICT) professional work environment that can be understood across Europe. An intrinsic link with the EN 16234-1 (e-CF) is an essential characteristic of this document.
The document is created for application by:
—   educational institutions, learning programme and certification providers of all types including:
•   Vocational and Educational Training (VET);
•   Higher education (HE);
•   Continuous Professional Development (CPD);
—   ICT service, user and supply organisations;
—   ICT professionals, managers and human resource (HR) departments;
—   social partners (trade unions and employer associations), professional associations, accreditation, validation and assessment bodies;
—   market analysts and policy makers; and
—   other organisations and stakeholders in public and private sectors.
This document is provided as one fundamental building block of ICT Professionalism for Europe.
The prime objective of this document is to provide a significant contribution to the broad concept of ICT professionalism founded upon four building blocks, body of knowledge, e-CF competence, professional ethics and education and training. Complementary to the EN 16234-1 (e-CF) that provides an efficient and broadly accepted common European language about ICT professional competence, the European ICT Foundational Body of Knowledge (ICT BoK) makes an additional contribution to ICT professional knowledge, increasing transparency and maturity of the ICT Profession across Europe.
Specifically, the document provides a structured library of knowledge elements applicable to ICT professionals across a broad spectrum of disciplines. The knowledge elements are identified as either:
a)   common knowledge applicable to all ICT professionals regardless of speciality;
b)   base knowledge that provides a foundation and underpins each of a range of different disciplines/specialisms;
c)   specialised knowledge pertaining to in-depth, very specific expert knowledge.
Although providing and adding value to all stakeholders, knowledge defined by this document, provides a particularly useful perspective and entry point for educational institutions seeking to participate in ICT professional competence development. As a natural extension to EN 16234-1 (e-CF) dimension 4 knowledge examples, this document further facilitates the use of the shared European language for ICT Professional competence. By expanding the knowledge content of the EN 16234-1 (e-CF), it adds value to its application alongside further connected references.

  • Standard
    104 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 17802:2022(Main)
e-Competence performance indicators and common metrics
SIST-TP CEN/TR 17802:2022

The aim of this document is to enable unbiased and consistent use of indicators and measurements to enable verification of an individual’s competence to the EN 16234-1 (e-CF) to facilitate its consistent application.
The document addresses the assessment of competence as articulated within the EN 16234-1 (e-CF), regardless of where, when and how the competence was attained or developed.
The aim is to provide guidance on the use of indicators and measurements to support the assessment and/or verification of an IT professional’s competence.
Guidance is confined to possible indicators and how they can be applied to achieve consistency and transparency for the verification of an e-CF competence at a specific level (1-5).
This document guides readers through objective assessment of e-CF competence to avoid possible influence from personal feelings, interpretations or prejudice.
Finally, this document aims to offer, at least, examples of indicators and metrics for each of the e-competences listed in EN 16234-1 (e-CF).

  • Technical report
    66 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17699:2022(Main)
Guidelines for developing ICT Professional Curricula as scoped by EN 16234-1 (e-CF)
SIST-TS CEN/TS 17699:2022

This document provides guidance and inspiration on how to design/redesign, develop, maintain, adjust, and compare ICT Professional curricula and learning programmes as scoped by EN 16234 1:2019 and related documents.
EN 16234 1:2019 (e-CF) is the starting guiding point for this document, for a shared European language for ICT professional development. Other framework sources can be used to apply the methodology outlined in this document.
This document is for application by educational institutions, learning programmes and certification providers of all types (public and private), providing ICT Professional education and training including:
•   Higher Education (HE);
•   Vocational Education and Training (VET);
•   Any other educational or training institution or provider in professional ICT, e.g. Continuous Professional Development (CPD).
This document is focused on guiding education providers on how to align curricula and learning programmes with the structure and principles of EN 16234 1 (e-CF) e-Competences and CWA 16458 1 ICT Professional Role Profiles. It applies to all forms of education, supporting educational providers who plan to use a shared European language on knowledge, skills, competences and roles, as ingredients for the successful provision of ICT Professional education and training.
The guidelines, provided by this document, include formal, non-formal and industry developed education and training through the provision of high-level, consistent recommendations and guidance for ICT curriculum or learning programme design by any education provider.
In this document, a distinction is made between a learning programme and a curriculum. The term “curriculum” is strongly associated with formal educational institutions and degrees, the term “learning programme” indicates a broader, more encompassing concept, also incorporating training and other learning programmes, not restricted to only “curricula”. As the proposed methodology in this document relates to both curricula and learning programmes, the term ‘learning programme’ is used throughout the text. If the term ‘curriculum’ is used, then that narrower meaning is explicitly applicable in that situation.

  • Technical specification
    148 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 17748-2:2022(Main)
Foundational Body of Knowledge for the ICT Profession (ICT BoK) - Part 2: User Guide and Methodology
SIST-TP CEN/TR 17748-2:2022

This document supports understanding, adoption and use of EN 17748-1 (ICT BoK) that provides a reference of 42 knowledge units as required and applied in the Information and Communication Technology (ICT) professional work environment that can be understood across Europe.
This document supports Information and Communication Technology (ICT) stakeholders dealing with ICT Professional knowledge, skills and competences from multiple perspectives, in particular:
- educational institutions, learning programmes and certification providers of all types including:
- Vocational and Educational Training (VET);
- Higher education (HE);
- Continuous Professional Development (CPD);
- ICT service, user and supply organizations;
- ICT professionals, managers and human resource (HR) departments;
- social partners (trade unions and employer associations), professional associations, accreditation, validation and assessment bodies;
- market analysts and policy makers;
- and other organizations and stakeholders in public and private sectors across Europe
to adopt, apply and use the Foundational Body of Knowledge in their environment as one fundamental building block of ICT Professionalism for Europe.
See Figure 1 for illustration of document scope and target groups.
A close connection with EN 16234-1 (e-CF) and CWA 16458 (ICT Profiles) are a design element of EN 17748-1 (ICT BoK). This application support document details how to approach the complementary application of each structure by varied stakeholders of the European ICT Professionalism eco-system. It supports the use of a shared neutral reference for ICT professional development. This interconnected application is illustrated in Figure 2. Nevertheless, the ICT BoK can also be used as a stand-alone tool.
This document provides:
- An ICT BoK EXECUTIVE OVERVIEW of the scope, target groups, underlying principles and main characteristics is provided in Clause 4.
- The ICT BoK USER GUIDE in Clause 5: guidance on how to apply the Foundational Body of Knowledge for the ICT Profession from multiple ICT stakeholder perspectives. It addresses the need to further enhance the flexibility and applicability of the competences described within the e-CF as it offers further delineation and articulation of the knowledge components of competences. EN 17748-1 (ICT BoK) is intended for guidance and is designed to provide a common shared reference tool which can be implemented, adapted and used in accordance with ICT stakeholder requirements. The following implementation guidance is structured by target groups and complemented by two ICT BoK application cases. During the course of the EN 17748-1 (ICT BoK) development, real world experience was a necessary contribution to ensuring future application of the structure. Dissemination of the ICT BoK development progress enabled testing of the structure as it developed. One outcome of this open approach was that some examples of practical application, despite that at the time, not published, could be tested and made available as two application cases.
- The ICT BoK METHODOLOGY DOCUMENTATION in Clause 6: here the ICT BoK creation process is explained as well as important aspects of its development. This section supports the methodology grounding for the development, implementation and future maintenance of the ICT BoK.
- A series of ANNEXES, allowing user-targeted ICT BoK navigation according to particular viewpoints.

  • Technical report
    60 pages
    English language
    sale 10% off
    e-Library read for
    1 day