“Artificial Intelligence” is a new term that is sweeping the software world and naturally it has also percolated into the discussions of “Privacy” and DPDPA 2023.
The industry is now presented with a new ISO standard 42001 so that along with ISMS, PIMS, the concept of AIMS has now become the buzzword.
ISO 42001 is a standard that tries to establish the requirements of an AIMS (Artificial Intelligence Management System” that will focus on the system being a “Responsible AI System”. The standard can be used both by the Ai developer as well as the user.
Though the standard should be a good guideline for many companies, it appears that as regards privacy, the AIMS as suggested needs some more tweaking.
AIMS as is envisaged is like PIMS and has to be considered part of the ISMS. In otherwords, though a stand alone certification is envisaged under ISO 42001, an organization cannot avoid ISO27701 and ISO 27001 if it has to adopt ISO 42001 for Privacy. In other words about 40 new controls will get added to 93 controls of ISO 27001 and 49 controls of ISO 27701.
In the DGPSI system FDPPI proposes to consider AIMS, PIMS and ISMS as part of the DGPMS and accommodates all the controls within 50 implementation specifications. In this approach most of the individual controls of the ISO system that makes it bulky and unwieldy get absorbed in the customization of controls through the policies and processes developed in the user environment.
We hope this simplification would be useful to the industry and leave the scope for designing the controls by the implementers as per their specific needs.
Naavi
