Privacy Information Management System Considerations for ISO 42001

Andrew Shurbutt

Principal, Global Assurance, Coalfire

February 6, 2024
F4004f25 1c46 4e5b 9a10 45b08a262ada Coalfire Main Image Blog Privacy Information ISO42001 800x420 FINAL

Organizations that want to pursue ISO 42001 certification and have an existing ISO management system in place need to consider how to integrate an AI management system with their current management system to ensure common objectives and obligations are maintained. The following blog post explores how organizations can integrate an AI management system with their privacy information management system.

Key Takeaways

  • In December 2023, ISO released ISO/IEC 42001:2023, the world’s first AI management system standard.
  • The consistent structure of ISO’s management system standards can help organizations integrate ISO 42001 into their existing management system.
  • An AI management system can be integrated with a privacy management system to ensure privacy-related objectives and controls are included in the AI management system.

Hot on the heels of the European Parliament and Council’s provisional agreement on the Artificial Intelligence Act, ISO delivered its artificial intelligence management system standard (AIMS), ISO/IEC 42001:2023. ISO 42001 provides requirements for establishing, implementing, maintaining, and continually improving an AIMS. It is part of a suite of AI ISO standards, including AI risk management (ISO/IEC 23894:2023), a framework for AI systems using machine learning (ISO/IEC 23053:2022), and AI concepts and terminology (ISO/IEC 22989:2022). 

The harmonized structure of ISO’s management system standards (identical clause numbers, clause titles, and text) is present in ISO 42001 as well. 

This consistency helps an organization to integrate ISO 42001 into its existing management system. In ISO 42001 Appendix D, ISO provides a brief description of how ISO 42001 can be integrated with other management system standards, including ISO/IEC 27001 and ISO 9001. According to Appendix D.2, for AI systems that process personally identifiable information (PII), ISO 27701 (PIMS) can be integrated to ensure privacy-related objectives and controls are included in the AIMS. Appendix D specifically mentions privacy considerations for the control implementation guidance in B.2.3 (Alignment with other organizational policies) and B.5.4 (Assessing AI system impact on individuals or groups of individuals). ISO 27701 is cited as a reference for control implementation in B.8.4 (Communication of incidents) and B.10.2 (Allocating responsibilities). 

In addition to those ISO 42001 controls, there are other PIMS aspects that need to be considered when integrating ISO 42001 and ISO 27701. The following is a description of five PIMS considerations that organizations can take into account when integrating ISO 42001 with ISO 27701.

First PIMS Consideration

The first PIMS consideration involves ISO 42001 Clause 4 (Understanding the organization and its context). For Clause 4.1, an organization determines its roles with respect to the AIMS. When integrating ISO 42001 with ISO 27701, the role of PII controller, PII processor, or both needs to be included in the organizational context (see ISO 27701 Clause 5.2.1 and ISO 42001 Clause 4.1, Note 3). In Clause 4.1.a.1, AIMS external factors can include considerations regarding applicable legal requirements. When integrating ISO 42001 and ISO 27701, the legal requirements include privacy legislation, regulations, and judicial decisions (see ISO 27701 Clause 5.2.1) applicable to the PII processed by an organization’s AI system. For ISO 42001 Clause 4.2, an organization determines the needs and expectations of interested parties. When integrating ISO 42001 with ISO 27701, interested parties include those that have an interest in or responsibilities associated with the processing of PII, including PII principals (data subjects) (see ISO 27701 Clause 5.2.2). 

According to ISO 27701 Clause 5.2.2 Note 2, legal and regulatory requirements, contractual obligations, and an organization’s self-imposed objectives can determine the requirements of these interested parties.

Second PIMS Consideration

The second PIMS consideration involves ISO 42001 A.2.3. For this control activity, an organization determines if there are policies that can be affected by or apply to the organization’s AI objectives. If so, the organization can update the policies or include provisions in the AI policy. When integrating ISO 42001 and ISO 27701, the organization should consider whether or not the updates to existing privacy-related policies affect the organization’s ability to meet applicable PII protection legislation and/or regulations (see ISO 27701 Clause, Additional other information for 5.1.1).

Third PIMS Consideration

The third PIMS consideration is for ISO 42001 A.10.2. For A.10.2, an organization ensures that all of the parties involved in the AI system life cycle have been allocated responsibilities (ISO/IEC 22989:2022 provides a description of the AI system life cycle stages). Organizations integrating ISO 42001 and ISO 27701 should include the PII controller and PII processor responsibilities associated with the PII processed through the AI system. 

Depending on the organization’s role in the PII processing activities at various stages throughout the AI system life cycle, it is possible for the organization to have the role of PII controller, PII processor, or both. The organization’s role regarding PII processing in AI systems may differ depending on the stage of the AI system’s life cycle. As such, the organization should consider implementing a record of processing activities for each stage of the AI system life cycle. ISO 27701 provides guidance for PII controllers and PII processors for implementing a record of PII processing activities. This guidance can be used to create the record for each AI system life cycle stage.

Another aspect of roles and responsibilities is found in control A.8.4, for which the organization documents a plan for communicating incidents to users of the AI system. When organizations integrate ISO 42001 with ISO 27701, part of the process for determining the communication plan for incidents that include PII is the organization’s role as a PII controller or PII processor. 

This role determines the organization’s responsibilities and the details to be provided in incident communication. ISO 27701 Clause provides implementation guidance for PII controllers and PII processors on details to be included in communication of incidents involving PII. These details cover the topics listed in ISO 42001 B.8.4 (the implementation guidance for control A.8.4). Applicable PII legislation and/or regulations may also have requirements for communicating incidents involving PII, such as the requirements in GDPR Articles 33 and 34.

Fourth PIMS Consideration

The fourth PIMS consideration involves the AI system impact assessment. ISO 42001 Clause 6.1.4 states that organizations should have a defined process that includes assessing the consequences for individuals, groups of individuals, and societies that may result from the use of AI systems. The impact assessment also must take into account the societal context where the AI system is deployed. The note for Clause 6.1.4 states that the context may require a discipline-specific AI system impact assessment and includes privacy as an example. The ISO 27701 control for privacy impact assessments (A.7.2.5) is for PII controllers, and there is no corresponding control for PII processors. 

However, ISO 42001 does not specifically state that only PII controllers should perform privacy impact assessment for AI systems that process PII. Integrating ISO 42001 with ISO 27701 requires an organization to perform an AI system impact assessment. As such, regardless of the PII controller or PII processor role, privacy needs to be at the least incorporated in the AI system impact assessment. 

ISO 42001 control requirements for AI system impact assessments are found in A.5.2 through A.5.5 and mirror the Clause 6.1.4 requirements for assessing potential impacts to individuals or groups of individuals and assessing potential societal impacts. Using ISO 27701 7.2.5 as a guide, PII controllers and PII processors are recommended to include in the impact assessment a list of the types of PII processed, where the PII is stored, and where the PII can be transferred. The items listed in the implementation guidance for ISO 27701 7.2.8 regarding records related to PII processing can also be included in the impact assessment. The items include the purposes for PII processing and the technical and organizational security measures. Applicable privacy regulations/legislation should also be included in the AI system impact assessment. Privacy regulations/legislation provide the privacy rights of individuals whose data is processed by the AI system. 

The impact assessment will inform the organization if data subjects’ privacy rights are violated by the PII processing activity of the AI system (i.e., the privacy impact on individuals). Privacy regulations/legislation should also be reviewed for requirements for privacy impact assessments (e.g., GDPR Article 35).

Fifth PIMS Consideration

The fifth PIMS consideration when integrating ISO 42001 with ISO 27701 is to ensure that privacy is included in the AI system development process. The objective of ISO 42001 A.6.1 controls is to ensure the responsible design and development of AI systems by identifying and documenting objectives (A.6.1.2) and defining and implementing specific processes (A.6.1.3). Integrating ISO 42001 and ISO 27701 helps an organization ensure that privacy by design and privacy by default as described in ISO 27701 Clause, Clause, Clause 7.4, and Clause 8.4 are implemented in the AI system development process. Privacy and the protection of PII processed by the AI system should be included among the objectives for responsible AI system development established for control A.6.1.2. 

The specific processes developed for control A.6.1.3 should include privacy as well. For example, certain considerations listed in the A.6.1.3 implementation guidance described in B.6.1.3 can be viewed through a privacy lens:

  • Privacy testing requirements
  • Human oversight requirements (e.g., for an automated process that has a legal effect on PII principals)
  • Including privacy in the AI system impact assessment or performing a privacy-specific AI system impact assessment
  • Privacy by design expertise required for AI system developers
  • Approvals and sign-offs by the legal and/or privacy team at various stages of the AI system development
  • Engagement of interested parties (i.e., privacy stakeholders such as legal and privacy teams)

Additional considerations for A.6.1.3 can include a description of the purpose(s) for PII processing and measures to minimize by default the processing of PII.

Including privacy as an AI system development objective and privacy considerations in system development processes help the organization to ensure privacy is built into the AI system design and development documentation required in controls A.6.2.2, A.6.2.3, and A.6.2.4. The A.6.2.2 implementation guidance described in B.6.2.2 includes factors that should be considered for documenting AI system requirements. An additional factor for privacy can include documenting the PII data requirements and how PII data requirements can be achieved using only the PII necessary for the purpose of processing.

For control A.6.2.3, organizations are required to document AI system design and development. The B.6.2.3 implementation guidance for A.6.2.3 includes a design choice for documenting security threats, which for PII principals include threats to the confidentiality, integrity and availability of their PII.

For control A.7.2.4, organizations must document the verification and validation measures for their AI system. The B.6.2.4 implementation guidance for A.7.2.4 provides examples of verification and validation measures, including the selection of test data, which must be in compliance with the documented data management processes for AI system design (see control A.7.2 and B.7.2 implementation guidance, which includes privacy-related topics for data management processes). Privacy must also be included in the AI system evaluation criteria described in B.6.2.4, in particular to evaluate for privacy risks related to impacts on individuals or groups of individuals, or both, and societies.

The above PIMS considerations are not the only aspects of a PIMS to take into account when integrating ISO 42001 with ISO 27701. For example, implementation guidance for the A.7 (Data for AI Systems) controls is more explicit about including privacy. However, the five PIMS considerations provide insight into how an organization can implement privacy practices from ISO 27701 in the development of an AIMS and how organizations certified to ISO 27701 can ensure their privacy-related objectives and controls are included in the AIMS.

Having implemented an AIMS, organizations that want to pursue ISO 42001 certification should consider undergoing a readiness assessment to determine if their AIMS is ready for an initial certification audit. Coalfire Certification offers ISO 42001 readiness assessments consisting of a workshop that includes a gap analysis with a sub-bullet point inspection of ISO 42001 requirements (Clauses 4-10), an evaluation of the operating effectiveness of Annex A controls, and a definition of the AIMS scope.

Coalfire Certification is in the process of ISO 42001 accreditation to ensure a qualified, competent audit of your AIMS.