< Previous standard      ^ Up a level ^      Next standard >

 ISO/IEC AWI 27091 — Cybersecurity and Privacy — Artificial intelligence — Privacy protection [DRAFT]

Abstract

TBA

Introduction

TBA

Scope of the standard

“[ISO/IEC 27091 will] provide guidance for organizations to address privacy risks in artificial intelligence (AI) systems and machine learning (ML) models. The guidance[will] help organizations identify privacy risks throughout the AI system lifecycle, and establish mechanisms to evaluate the consequences of and treat such risks.”

[Source: SC 27 project proposal]

Content of the standard

TBA

Status

The project started in 2023.

It is at Preliminary Work Item stage.

Personal notes

The project proposal indicates that the standard will identify [generic] privacy risks applicable to AI/ML, and describe the corresponding privacy controls - in other words, the standard will promote a risk-led approach, which sounds good to me.

In line with ISO/IEC 27005, I hope it also mentions the possibility of accepting, sharing or avoiding the privacy risks, aside from mitigating them with privacy controls.

< Previous standard      ^ Up a level ^      Next standard >