Topic-specific policies
ISO/IEC 27091

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


New project Jan ISO/IEC AWI 27091 — Cybersecurity and Privacy — Artificial intelligence — Privacy protection [DRAFT]







Scope of the standard

“[ISO/IEC 27091 will] provide guidance for organizations to address privacy risks in artificial intelligence (AI) systems and machine learning (ML) models. The guidance[will] help organizations identify privacy risks throughout the AI system lifecycle, and establish mechanisms to evaluate the consequences of and treat such risks.”
[Source: SC 27 project proposal]


Content of the standard




The project started in 2023.

It is at Preliminary Work Item stage.


Personal notes

The project proposal indicates that the standard will identify [generic] privacy risks applicable to AI/ML, and describe the corresponding privacy controls - in other words, the standard will promote a risk-led approach, which sounds good to me.

In line with ISO/IEC 27005, I hope it also mentions the possibility of accepting, sharing or avoiding the privacy risks, aside from mitigating them with privacy controls.


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2023 IsecT Ltd.