What AI-specific risk sources does ISO/IEC 23894 identify?

ISO/IEC 23894 identifies AI-specific risk sources related to the entire AI system lifecycle, data governance, third-party relationships, and the assessment of AI system impacts.

Concrete controls for managing these risks include:

• AI Policy and Organization: Establish a documented AI policy aligned with business objectives and define AI roles, responsibilities, and reporting lines within the organization [ISO/IEC 42001 A.2, ISO/IEC 42001 A.3].
• AI Impact Assessment: Implement processes to assess the impacts of AI systems on individuals, groups, and society throughout their lifecycle [ISO/IEC 42001 A.5]. This cross-maps to NIST-MAP-5.1, which focuses on identifying potential positive and negative impacts.
• AI System Lifecycle Management: Ensure responsible design, development, deployment, operation, and retirement of AI systems, with controls applied at each stage [ISO/IEC 42001 A.6]. This includes procedures to deactivate, roll back, or retire AI systems that exceed risk tolerances [NIST-MANAGE-2.3].
• Data Governance for AI Systems: Implement robust data governance practices covering provenance, quality, preparation, and management of data used by AI systems across its lifecycle [ISO/IEC 42001 A.7]. This addresses risks like data and model poisoning (OWASP LLM04) and data privacy (NIST GenAI "Data privacy").
• Third-Party Relationships: Establish controls for suppliers and third parties in the AI value chain, such as model providers, data providers, and tool/plugin vendors [ISO/IEC 42001 A.10]. This aligns with NIST-GOVERN-6.1, which addresses risks from third-party models, datasets, and tools, and cross-maps to OWASP LLM03/LLM05 (supply chain).
• Human Oversight and Responsible Use: Implement responsible-use controls and human oversight for the operation of AI systems [ISO/IEC 42001 A.9]. This includes defining how humans oversee AI, including override authority and the boundary of agent autonomy [NIST-GOVERN-3.2].