1 Artificial intelligence

• 1.1 History
• 1.2 Application areas
• 1.3 Principles and steps

1.1 History

The evolution of atificial intelligence since the 1990s, ISO standard

Top of the page

1.1 History

Since antiquity, myths and legends have evoked artificial beings endowed with intelligence or consciousness, reflecting an age-old fascination with the creation of intelligent machines.

In the 20th century, philosophers and mathematicians, such as Alan Turing, laid the theoretical foundations. In 1950, Turing proposed the famous "Turing test," a method for evaluating a machine's intelligence by measuring its ability to mimic human conversation. He posed the key question: "Can machines think?"

In 1956, the term "Artificial Intelligence" (AIartificial intelligence) was coined at the Dartmouth conference, organized by John McCarthy, Marvin Minsky, Claude Shannon, and Herbert Simon.

Researchers developed the first AIartificial intelligence programs and artificial neural networks, such as Frank Rosenblatt's Perceptron. Expectations were high, with optimistic predictions about the rapid creation of machines as intelligent as humans.

However, technological limitations and a lack of data led to an initial "AI winter" in the 1970s, marked by a reduction in funding.

AI experienced resurgence with the development of expert systems and machine learning. Algorithms became capable of improving themselves through data, paving the way for more dynamic applications.

Advances in computing power and the emergence of graphics processing units (GPUs) are accelerating research, particularly in deep learning.

Big data and advances in deep learning enabled major breakthroughs:

• image recognition
• natural language processing
• autonomous vehicles, etc.

Some significant dates:

1997: Deep Blue (IBM) defeated Garry Kasparov, the world chess champion.

2006: Geoffrey Hinton revived deep neural networks (deep learning).

2012: AlexNet (Hinton's neural network) on ImageNet achieves a spectacular victory in image recognition.

2016: AlphaGo (Google) defeats Lee Sedol, one of the world's best professional Go players.

2022–2025: ChatGPT, Claude, Gemini, Copilot, Mistral, etc., make generative AI accessible to the general public.

Faced with the rapid growth of AI and the ethical, security and reliability challenges it raises, the International Organization for Standardization (ISOInternational Organization for Standardization  ) and the International Electrotechnical Commission (IEC) are working together to develop a specific standards framework.

ISO/IEC 42001 is the first international standard dedicated to the management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) of artificial intelligence (AIartificial intelligence).

The standard is generic because it applies to the management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) of any organizationa structure that satisfies a need (see also ISO 9000, 3.2.1)  , without any constraints related to size, activityset of tasks to obtain a deliverable, or type. It is an international voluntary standard that allows certification by an accredited (certification) body.

The ISO/IEC 42001 standard was published in December 2023, marking a major milestone in the global governance of AIartificial intelligence. It became the first certifiable standard for AIartificial intelligence management systemsset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3), offering a structured methodology for risk managementactivities to restrict the possibility that something goes wrong (see also ISO Guide 73, 2.1), ethics, transparency, and continual improvementprocess allowing the improvement of the global performance of the organization (see also ISO 9000, 3.3.2).

ISO 42001 aims to help organizationsa structure that satisfies a need (see also ISO 9000, 3.2.1)   control algorithmic bias, protect privacy, ensure data confidentialityproperty of information accessible only to authorized persons (see also ISO 27000, 3.10), and guarantee conformityfulfillment of a specified requirement (see also ISO 9000, 3.6.11) with regulations, such as the AI Act in Europe.

It is based on a common structure (HLS – High Level Structure) to facilitate its integration with other management standards, such as ISO 27001 (information securitycontrols to protect the confidentiality, integrity and availability of information (see also ISO 27000, 3.28)).

Top of the page

1.2 Application areas

Application areas of AI

Artificial intelligence is everyone's business

The ISO/IEC 42001 standard applies to any organizationa structure that satisfies a need (see also ISO 9000, 3.2.1)   that designs, develops, deploys, or uses an artificial intelligence systemset of interacting processes (see also ISO 9000, 3.5.1).

Its objective is to ensure that AIartificial intelligence management is safe, transparent, accountable, and compliant.

Practical application areas:

• industry, manufacturing:
  • automated quality control
  • predictive maintenance
  • production line optimization
• healthcare, biotechnology:
  • automated diagnostics
  • medical imaging analysis
  • AI-powered patient monitoring
• finance, insurance:
  • credit scoring
  • fraud detection
  • risk analysis
• education, research:
  • intelligent tutoring systems
  • automated grading
  • translation
  • educational AI
• transportation, logistics:
  • autonomous vehicles
  • dynamic route planning
  • intelligent warehouse management
• IT, cyber security:
  • anomaly detection
  • automated defense
  • predictive AI for threats
• public sector, local authorities:
  • AI for citizen services
  • urban security
  • public data management
• commerce, marketing:
  • product recommendation
  • customer personalization
  • behavioral analysis

Application levels:

• strategic:
  • governance
  • AI policy
  • regulatory compliance
• operational:
  • design process
  • validation
  • deployment
  • AI model maintenance
• technical:
  • data management
  • algorithm architecture
  • security and explainability
• ethical and compliance:
  • bias assessment
  • traceability
  • documentation
  • social responsibility

The implementation of an AIartificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) is always:

• the result of a strategic decision by top management
• aligned with:
  • objectives of the organization
  • corporate culture
  • business processes

Top of the page

1.3 Principles and steps

Properties of artificial intelligence, quality management principles, preparation and implementation of an AIMS, Deming cycle

Artificial intelligence is a process

Artificial intelligence (AIartificial intelligence) is a mindset that begins with top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) as a top strategic priority and extends to all staff. Top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) defines the AIartificial intelligence policy, which sets the AIartificial intelligence objectivesmeasurable goal to be achieved applicable to all activitiesset of tasks to obtain a deliverable. The tool used to achieve these objectivesmeasurable goal to be achieved is the artificial intelligence management system (AIMSartificial intelligence management system).

Every AIartificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) comprises three distinct and interdependent approaches:

• the process approach
• the risk approach
• continual improvement

The seven quality managementactivities allowing the control of an organization with regard to quality (see also ISO 9000, 3.3.4) principles (cf. figure 1-1) will help us achieve sustainable performancemeasurable and expected results of the management system (see also ISO 9000, 3.7.8) (cf. ISO 9000:2015, § 2.3).

Figure 1-1. The 7 quality management principles

A well-prepared approach is half successful

The processactivities that transform inputs into outputs (see also ISO 9000, 3.4.1) for implementing an artificial intelligence management system involves several steps. An example of preparation is shown in figure 1-2.

Figure 1-2. AIMS preparation

Step 1 involves identifying the needs and expectations (requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4)) of stakeholdersperson, group or organization that can affect or be affected by a company (see also ISO 26000, 2.20):

• staff
• customers, consumers
• competitors
• shareholders, investors
• external providers (suppliers, subcontractors, partners)
• organizations and branch associations
• statutory and regulatory authorities

The involvement of top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) at its highest level is truly indispensable. The advice of a consultant is often solicited. Determining the current status of the management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) (whole or partial) would be welcome at this stage. An external certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996)   body is chosen.

One of the key questions that arises quickly (step 2) is the need for this decision. If this is not really necessary or if the estimated costs of the certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996)   approach exceed the available resources, it is better to reject this idea immediately.

The benefits of implementing an artificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) are often: 

• improved organizational image
• ethical and responsible development and use of the AI system
• better defined responsibilities and obligations (up-to-date legal obligations)
• reduced likelihood of AI incidents
• high level of risk management
• business interruptions avoided
• reduced insurance costs
• active employee involvement in the continual improvement of the AIMS
• strong integration of AI into business processes
• a competitive edge
• improved stakeholder confidence
• increased market share
• better financial performance

Benefits of a successful AIMSartificial intelligence management system implementation:

• regulatory conformity (European AI Act, GDPR)
• AI risk management (bias, security, compliance)
• reduction of legal, technical, and reputational risks
• increased reliability, traceability, and performance of AI practices and processes
• enhanced company value (responsible AI label)
• increased customer and partner trust

To prevent resistance to change from disrupting the companya structure that satisfies a need, some of the main challenges associated with adopting ISO 42001 and ways to overcome them are as follows:

• cultural resistance (teams are accustomed to informal processes or even working in silos and may perceive implementing the standard as additional bureaucracy)
  • involve leaders from all areas from the start of workshops to raise awareness of the benefits of ISO 42001 certification (such as increased security, enhanced reputation, and improved operational efficiency)
  • communicate the tangible gains that does the standard offer, such as reducing bias incidents in models or improving data quality
  • appoint AI “ambassadors” in each department to work on naturally and progressively disseminating best practices internally
• technical complexity (as a new technology, it can be difficult to interpret the data governance, algorithmic risk assessment, and human oversight requirements of ISO 42001, which may require specific advanced expertise)
  • partner with consulting firms specializing in AI governance and/or hire dedicated experts
  • adopt an incremental approach, starting with pilot processes on low-risk projects before scaling up across the organization
  • use open-source frameworks and tools that facilitate the implementation of explainability and oversight measures
• lack of internal skills (teams may not be familiar with risk management concepts, AI ethics, or conformity in the context of AI use)
  • plan a continuing education program, combining face-to-face training, e-learning, and mentoring
  • encourage certifications in responsible AI and other ISO standards that complement ISO 42001
  • integrate ISO 42001 into career plans, recognizing and rewarding skills in this area and ensuring employees have a detailed understanding of the standard's requirements
• initial implementation cost (investments in consulting, technology, and training can be considered a budgetary barrier, especially in small businesses)
  • develop a case study that quantifies the risks avoided (fines, rework, market share loss) relative to the investment, thus demonstrating the benefits of adopting ISO 42001 certification
  • break down the expenditure into phases:
    • diagnostic
    • deployment
    • pilot
    • certification
  • take advantage of grants, sectorial incentives or lines of credit for innovation and digitalization
• integration with existing processes (for companies using multiple applications, adapting existing systems and workflows to meet ISO documentation, audit, and continuous improvement requirements can be challenging)
  • map current processes and identify points of convergence with the standard
  • use data governance applications and platforms that connect to business intelligence systems and machine learning pipelines. To facilitate this, the ideal approach is to have a governance, risk, and compliance system
  • document changes in an agile manner, using templates and checklists to simplify document management
• maintain conformity over time (after initial certification, it can be challenging to maintain ongoing follow-up audits and updates)
  • establish regular internal audit cycles, with clear accountability within an AI governance committee
  • integrate key performance indicators (KPIs) into company dashboards to actively monitor metrics such as bias rate, response time, and incidents
  • foster a culture of feedback and continual improvement, where lessons learned generate periodic reviews of policies and procedures

More than one and a half million businesses worldwide cannot be wrong!

The third step shall determine whether this approach receives the approval of the staff. A communication campaign is launched in-house on the objectivesmeasurable goal to be achieved of an artificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) (AIMSartificial intelligence management system). The staff is aware and understands that, without their participation, the projecttemporary effort initiated with the goal of solving a problem cannot succeed.

Have confidence: success will come with the involvement and effort of all!

The vision (what we want to be), the mission (why we exist) and the business plan of the companya structure that satisfies a need are determined. The following step (4) includes the establishment of an outline of the AIartificial intelligence policy and objectivesmeasurable goal to be achieved. If you do not have a copy of the ISO 42001 standard, now is the time to get it (cf. sub-clause 2.1 of the present course).

Planning is the last step (5) of the projecttemporary effort initiated with the goal of solving a problem preparation for obtaining ISO 42001 certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996)  . A reasonable period is between 12 to 24 months (each companya structure that satisfies a need is unique and specific). The financial resources and staff are confirmed by top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1). A top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) representative is appointed as projecttemporary effort initiated with the goal of solving a problem leader. Top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) commitment is formalized in a documentany support allowing the treatment of information (see also ISO 9000, 3.8.5) communicated to all staff. A person is appointed as projecttemporary effort initiated with the goal of solving a problem leader for obtaining ISO 42001 certificationwritten recognition by an independent organization of the conformity of a product, process or organization with requirements established in a standard (see also ISO/IEC Guide 2: 1996)  .

The establishment and implementation of an ISO 42001 artificial intelligence management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) are shown in figure 1-3.

Top of the page

• Home
• My account
• Site map
• FAQ
• GTU