New ISO Standard - AI Security: United States
To correctly and effectively create a new ISO standard in the United States for artificial intelligence security, a company must contact the INCITS with its standard proposal and be assigned to the Artificial Intelligence Committee. Once assigned to the correct committee, the company should follow the steps for developing a standard, together with industry experts and members of the INCITS.
- It usually takes three years for the process to be published.
- The time needed is usually determined from the first proposal to the final publication.
Steps of the process:
- The first step is writing a new standard proposal.
- The next step would be building an experts’ consensus.
- A consensus is then built within technical specifications.
- The next step is to then write a final draft for processing titled as the “Final Draft International Standard.”
- Then, the writing has to be proof checked.
- Finally, the International Standard is published.
How does it work?
- ISO can develop a standard through a request from industry or other stakeholders (like consumer groups), which communicates the proposal for a standard to its national member.
- The American National Standards Institute (ANSI), is the organization that coordinates the “development of voluntary consensus standards” within the United States.
- The organization is also known to represent various US stakeholders in different standardization forums found all over the world.
- ANSI is responsible for accrediting standards developers that establish consensus among qualified groups.
- There are many Standards Developing Organizations (SDOs) that play a role in the US system.
- This includes the INCITS who specializes in creating standards for technology and innovation.
- INCITS is segmented into “projects,” each related to the development of a specific Standard, and each project is assigned to a Technical Committee, in this case, the Artificial Intelligence (AI) Committee.
- It is then the INCITS Executive Board’s job to give the final approval call to the standards in the INCITS process.
The INCITS has several standardization options:
- First, a preliminary draft is worked upon by various teams to create a standard.
- This will then result in the American National Standard.
- After this, various US delegations are then offered by the INCITS to participate in various “Standards Development Arena” designed for information technology standards.
- INCITS accepts candidate standards made by external bodies for adoption as American National Standards.
Why stakeholders (people within a company or organization) are important
- All the members of the various committees are experts in representing the organizations’ interest in the sector matter of the proposal and appointed for the purpose.
- They also serve as Technical Advisory Groups (TAG).
- All members of the Executive Board are essential because they give the final approval to standards in the INCITS.
- These come from hardware and software vendors, government agencies, universities, consortia, and other organizations.
- Regarding the company interested in creating the new standard, “C-suite executives, senior public policy officials, and upper/middle managers” are essential, because they are the ones who will decide on sending a proposal.
how they should go about creating and then implementing an ISO standard
The following steps are suggested for creating an ISO Standard:
- First, the company should contact the INCITS with its standard proposal.
- This step is essential so that the organization can be assigned to the Artificial Intelligence Committee.
- Once assigned to the correct committee, the company should start building an experts’ consensus with the help of the members of this committee.
- Next, the proposal needs to meet technical specifications approved by consensus.
- This should be followed by the writing of a final draft, which will then be proof-checked.
- After the final approval by an Executive Board, the standards should be ready to be published and implemented.