Tag: iso 42001 ai

  • NIST AI Risk Management Framework for Research Offices

    The NIST AI Risk Management Framework (AI RMF) is a voluntary, four-function framework — Govern, Map, Measure, Manage — published by NIST in January 2023 to structure AI risk identification and mitigation across the system lifecycle, and it is increasingly the reference model research offices use to build AI-use policies for grant compliance and research computing.

    In one sentence: the NIST AI RMF is a voluntary, technology-neutral process framework — not a certification standard — that organises AI risk management into four continuous functions applied across governance, context-mapping, measurement and mitigation.

    What is the NIST AI Risk Management Framework?

    The NIST AI RMF (formally NIST AI 100-1) was directed by Congress under the National Artificial Intelligence Initiative Act of 2020 (P.L. 116-283) and published by the National Institute of Standards and Technology on 26 January 2023. It gives organisations a structured, repeatable way to identify, assess and manage AI-related risk without prescribing specific tools or vendors.

    Unlike a certification scheme, the AI RMF is deliberately flexible. Organisations apply it through “profiles” — documented mappings of the Core functions to a specific system, unit or risk context — supported by companion NIST materials including the AI RMF Playbook, Roadmap and sector Crosswalks. For a university research office, that flexibility matters: the same four functions can govern an AI-assisted grant-writing tool, a research-computing cluster running a locally hosted model, and a vendor’s generative-AI research assistant, each with a different risk profile.

    What are the four core functions — Govern, Map, Measure, Manage?

    The AI RMF Core is organised into four functions that operate continuously rather than sequentially: Govern establishes accountability and policy; Map identifies context and potential harms; Measure tests and monitors systems against trustworthy-AI characteristics; and Manage prioritises and resources mitigation. Each function contains categories and subcategories that a research office adapts rather than adopts wholesale.

    Function Purpose Typical research-office artefact
    Govern Sets accountability, policy and approval authority for AI use Institutional AI-use policy; PI attestation clause in proposal sign-off
    Map Documents context, stakeholders and where AI touches sponsored work Inventory of AI tools used in grant writing, review, and data analysis
    Measure Tests systems for validity, bias, security and privacy Vendor security questionnaire; bias check on AI-assisted scoring tools
    Manage Prioritises, mitigates and documents residual risk Incident log for AI-related data exposure; annual policy review

    The Core does not mandate a fixed maturity level. Organisations document which subcategories they have deferred, and why, alongside compensating controls — a discipline that maps onto existing research-compliance practices such as data management plans.

    What does NIST AI 600-1 add for generative AI?

    NIST AI 600-1, the Generative Artificial Intelligence Profile, was published in July 2024 as a companion to the AI RMF specifically for generative and foundation models. It does not replace the four-function Core; it applies Govern, Map, Measure and Manage to risks that are distinctive to generative systems.

    The profile documents risk across twelve categories, including confabulation (hallucinated outputs presented as fact), data privacy, harmful bias and homogenisation, information integrity, information security, intellectual property, and value-chain and component integration risk from third-party foundation models. For a research office, several of these map directly onto everyday research-computing and grant-compliance exposure:

    • Confabulation in AI-assisted literature review or preliminary-data summaries submitted in a proposal narrative
    • Data privacy exposure when researchers paste sponsor-restricted or human-subjects data into a public generative-AI tool
    • Intellectual property risk when proprietary or pre-publication research content is used as a prompt input to a third-party model that retains data for training
    • Information security gaps in export-controlled or ITAR-restricted research computing environments running locally hosted generative models

    How should research offices map RMF functions to grant compliance and research computing?

    Applying the AI RMF in a research office starts with an honest inventory, not a policy document. Most institutions already run parallel compliance regimes — IRB, export control, data use agreements, conflict of interest — and the AI RMF’s four functions slot into that existing governance architecture rather than requiring a new one.

    RMF function Research-office action Compliance touchpoint
    Govern Define who approves AI use in proposal preparation, peer review, and award administration Grant-compliance office; research integrity policy
    Map Inventory AI tools touching sponsor data, human-subjects data, or export-controlled research IRB, data use agreements, export-control review
    Measure Evaluate vendor AI tools for data retention, training-data use, and bias before procurement Procurement security review; research-computing vendor assessment
    Manage Maintain an incident-response path for AI-related data exposure or integrity failures Research integrity office; sponsor notification obligations

    Funders are beginning to require disclosure of AI use in proposal preparation and review; UKRI and the US National Institutes of Health have each issued guidance addressing generative-AI use in grant applications and peer review. A documented AI RMF-aligned policy gives a research office a defensible, auditable answer when a sponsor, an IRB, or an internal audit asks how AI risk is managed.

    How does the NIST AI RMF compare to ISO 42001 and the EU AI Act?

    The NIST AI RMF, ISO/IEC 42001, and the EU AI Act address the same problem — AI risk — through three different mechanisms, and international research offices often need to satisfy more than one at once.

    • NIST AI RMF: voluntary US guidance, published January 2023, no certification mechanism, technology-neutral
    • ISO/IEC 42001:2023: an internationally certifiable AI management system standard, published December 2023, auditable by an accredited body
    • EU AI Act (Regulation (EU) 2024/1689): binding law, entered into force August 2024, with risk-tiered obligations phasing in through August 2027 for high-risk systems

    Institutions with Horizon Europe funding, EU partners, or EU-based subsidiaries generally need to track the EU AI Act’s binding obligations separately from a voluntary AI RMF programme; the AI RMF’s four functions nonetheless provide a practical operational baseline that can be extended toward either ISO 42001 certification or EU AI Act compliance evidence without rebuilding the governance structure from scratch.

    Answer-first questions on the NIST AI RMF

    What are the seven steps of the NIST Risk Management Framework?

    The seven steps — Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor — belong to NIST Special Publication 800-37, the general-purpose cybersecurity Risk Management Framework, not the AI RMF. The NIST AI Risk Management Framework uses a separate four-function structure (Govern, Map, Measure, Manage) with no authorisation-cycle requirement. Research offices should not conflate the two documents.

    What is the difference between ISO 42001 and the NIST AI RMF?

    ISO/IEC 42001:2023 is a certifiable AI management system standard that an accredited body can audit, published December 2023. The NIST AI RMF is voluntary US guidance with no certification mechanism. Many research offices use the AI RMF’s four functions to build the internal controls that ISO 42001 certification later formalises against an external auditor.

    What are the four types of AI risk?

    NIST’s AI RMF and its Generative AI Profile group AI risk broadly into performance risk (validity, reliability), societal risk (harmful bias, fairness), security risk (adversarial manipulation, data leakage), and third-party or value-chain risk from vendor models and training data. Research offices typically encounter all four simultaneously when adopting AI-assisted research tools.

    What are 5 risks of AI?

    For research administration specifically, the highest-priority risks are data privacy breaches in sponsor-data pipelines, confabulation in AI-assisted literature synthesis, intellectual property exposure through third-party model training on prompts, harmful bias in automated review or scoring tools, and information security gaps in procured generative-AI platforms.

    Implications for research administration

    The AI RMF’s voluntary status will not last as a governance shortcut. Grant-making agencies and international funders are moving toward AI-use disclosure requirements in proposal and reporting workflows, and institutions without a documented, RMF-aligned policy will increasingly answer ad hoc rather than from a defensible framework.

    Research offices already manage layered compliance regimes across research administration functions — export control, human-subjects protection, conflict of interest — and the AI RMF’s four functions sit inside that structure rather than replacing it. Starting with Govern (assign accountability) and Map (inventory AI touchpoints in sponsored work) gives most offices a defensible position within one administrative cycle, ahead of any future mandatory requirement.

  • ISO 42001 Certification for Research Offices

    ISO 42001 (ISO/IEC 42001:2023) is the first international standard specifying requirements for an Artificial Intelligence Management System (AIMS) — the governance framework an organisation puts around how it designs, procures, deploys and monitors AI. For a research institution, certification means running a documented, audited system of AI policies, risk assessments and human-oversight controls, not simply buying compliant software. It follows the same Plan-Do-Check-Act structure as ISO 27001, but its controls are built around AI-specific harms: algorithmic bias, opacity, data quality and misuse.

    ISO/IEC 42001:2023 is defined by the International Organization for Standardization as a management-system standard for establishing, implementing, maintaining and continually improving an AI management system within an organisation of any size or sector.

    Contents

    What is ISO/IEC 42001 and what does an AIMS cover?

    An AI Management System is a structured set of policies, roles, risk processes and records that governs how an organisation develops, procures or uses AI across its lifecycle. ISO/IEC 42001:2023 sets requirements for that system in its main clauses (4–10), plus an AI-specific Annex A control set — AI policy, resourcing, AI system impact assessment, data for AI systems, and third-party AI relationships.

    Unlike a product certification, ISO 42001 does not certify a specific model as “safe”. It certifies that the organisation has a working management system for whichever AI systems fall inside its declared scope — a research-grants triage tool, an admissions-screening system, or a plagiarism-detection service, for example.

    What does ISO 42001 certification actually involve?

    Certification is run by an accredited, independent certification body — in the UK, accreditation is overseen by the United Kingdom Accreditation Service (UKAS). The organisation implements first; the certification body then verifies.

    • Scope and gap analysis: define which AI systems, departments and data flows the AIMS covers, then assess current practice against ISO 42001’s clauses and Annex A controls.
    • AI system impact assessment: a formal review of the potential effects of each in-scope AI system on individuals and groups — bias, fairness, transparency, data provenance and human oversight.
    • Risk treatment and controls: implement policies, technical controls and role assignments (an “AI owner” is typically named for each system) to treat identified risks.
    • Internal audit and management review: test the system internally before the external audit and correct nonconformities.
    • Stage 1 audit: the certification body reviews documentation and AIMS design for readiness.
    • Stage 2 audit: the certification body tests whether the AIMS is operating effectively in practice, not just on paper.

    Once granted, certification is valid for three years, with annual surveillance audits to confirm the AIMS is still being maintained. This mirrors the certification cycle used for ISO 27001 and ISO 9001, since all three share the same Annex SL high-level structure.

    How does ISO 42001 differ from ISO 27001?

    ISO 42001 governs the management of AI systems; ISO 27001 governs the management of information security. They share the same clause numbering and audit mechanics, so organisations already certified to ISO 27001 typically find AIMS implementation faster — but the two standards are not interchangeable and neither certifies the other.

    Feature ISO/IEC 42001:2023 ISO/IEC 27001:2022
    Primary focus Governance of AI systems across their lifecycle Confidentiality, integrity and availability of information assets
    Distinctive controls AI impact assessment, data quality for AI, AI system life cycle, third-party AI relationships Access control, cryptography, physical security, supplier security
    Typical risk concerns Bias, opacity, misuse, unintended AI behaviour Breach, unauthorised access, data loss
    Structure Annex SL clauses 4–10 + Annex A Annex SL clauses 4–10 + Annex A
    Certification cycle 3 years, annual surveillance audits 3 years, annual surveillance audits

    In practice, most institutions treat ISO 42001 as an addition to an existing information-security baseline rather than a replacement for it — an AI management system without underlying information-security controls leaves the data feeding those AI systems unprotected.

    Does ISO 42001 satisfy EU AI Act conformity assessment?

    ISO 42001 certification does not, by itself, satisfy EU AI Act conformity assessment obligations for high-risk AI systems. Regulation (EU) 2024/1689 (the AI Act) entered into force on 1 August 2024, with obligations for high-risk systems applying progressively from 2 August 2026. The Act’s presumption-of-conformity mechanism (Article 40) attaches to harmonised European standards, which are being drafted separately by CEN-CENELEC Joint Technical Committee 21 — ISO 42001, an international rather than harmonised European standard, is not automatically one of them.

    This matters directly for universities. Annex III of the AI Act lists AI systems used to determine access or admission to education, or to evaluate learning outcomes, as high-risk by default. A university deploying an AI-assisted admissions or grant-triage tool is a “deployer” under the Act regardless of ISO 42001 status, carrying deployer obligations — human oversight, logging, incident reporting — regardless.

    What ISO 42001 does provide is a documented, auditable governance framework that maps cleanly onto many AI Act requirements — risk management, data governance, human oversight, technical documentation — making a future conformity assessment faster to prepare for, even though it is not a substitute for one.

    Is it worth pursuing for a research institution?

    For a research office or university IT/AI-governance function, the case for ISO 42001 rests less on legal necessity and more on institutional risk management and funder or partner assurance. Certification demonstrates that AI used in grant review, research-integrity screening, or student-facing systems is governed by a documented, externally audited process rather than ad hoc practice.

    Costs mirror any ISO management-system certification: staff time for gap analysis and internal audit, the certification body’s audit fees, and ongoing annual surveillance costs. Institutions already holding ISO 27001 (or ISO 9001), with a research administration function already handling risk registers and compliance documentation, will find the incremental lift smaller than a first-time management-system project.

    The pragmatic sequencing: map which AI systems are actually in scope (research-tools procurement, admissions, integrity-checking), run a gap analysis against Annex A, then decide whether formal certification adds enough external assurance value to justify the audit cost — before, not instead of, tracking the EU AI Act’s phased high-risk obligations, which apply irrespective of certification status.

    Common questions about ISO 42001 certification

    What is ISO 42001 certification standard?

    It is third-party verification that an organisation’s AI management system meets the requirements of ISO/IEC 42001:2023 — covering AI policy, risk treatment, impact assessment and continual improvement — confirmed through a two-stage audit by an accredited certification body and maintained via annual surveillance audits.

    What is the difference between ISO 27001 and ISO 42001?

    ISO 27001 manages information security risk (confidentiality, integrity, availability of data); ISO 42001 manages AI-specific risk (bias, transparency, data quality, human oversight) across an AI system’s lifecycle. Both share the same clause structure, so many controls and much documentation can be reused between them.

    Is ISO 42001 certification worth it?

    It is worth it where an institution needs demonstrable, externally audited AI governance for funders, partners or regulators — particularly if it already holds ISO 27001. It is less clearly worth it as a standalone first management-system project, given the audit cost and the fact that certification alone does not satisfy EU AI Act conformity-assessment duties.

    Is ISO 27001 mandatory in the UK?

    No. ISO 27001 is voluntary in the UK; it is not a statutory requirement under UK GDPR or the Data Protection Act 2018, though it is widely used to evidence the “appropriate technical and organisational measures” those laws require. The same voluntary status applies to ISO 42001 — no UK or EU law currently mandates it.

    AI governance of this kind sits within the broader discipline of research administration, where risk, compliance and data-governance functions increasingly have to account for AI tools used across the grant and research lifecycle.

    What this means for research offices next

    Expect ISO 42001 adoption in the research sector to track two forces: institutional risk appetite around AI-assisted decision-making, and the EU AI Act’s phased high-risk obligations landing through August 2026 and August 2027. CEN-CENELEC’s harmonised standards work will eventually clarify how far ISO 42001 conformity can be credited toward AI Act presumption of conformity — research offices tracking AI governance now will be better placed when that mapping firms up.