Build trust not risk

Last week, I had the pleasure of speaking on the ‘ISO42001in practice’ webinar hosted by Drata. It was the first webinar of our three-way partnership with Drata and Prescient Security, which is driven by a collective desire to educate organizations and help them navigate an increasingly complex compliance landscape. This webinar focused specifically on ISO42001, when you should consider implementing it, how it works in practice, and the role of continuous monitoring.

ISO42001 is the first international AI management standard and on the webinar, I described it as a Rosetta Stone, meaning that if you implement it, you’re in a great position to comply with the other existing and forthcoming regulations. But ISO42001is not just a compliance tick box exercise; it’s a process that, beyond compliance, is important for providing reassurance for stakeholders and customers and for knowing that you’re deploying AI sensibly and safely.

A key element of the standard is Clause 9 which requires continuous monitoring. Whereas ISO27001 oversees deterministic software, i.e. where little changes after deployment, we know that AI doesn’t work that way. It continues to evolve; models drift, anomalies happen and behavior deviates from what was intended. This is particularly true as AI models become more sophisticated and self-evolve and, as this happens, continuous monitoring becomes more critical. Just recently there was a report of an AI agent which attempted crypto mining without being instructed to do so, for example.

At the same time, we can never know exactly what AI is doing because we can’t see its inner workings. Indeed, much of the AI organizations use is from third party vendors that they might then build on top of. This means they will only ever have access to input and outputs of model, not what happens in between. Through ‘black box monitoring’ RAIDS uses inputs and outputs to determine a baseline and monitor for deviations. It flags anything that falls outside of the parameters set so teams can investigate. Importantly, every detection creates an audit trail; evidence is recorded and time stamped. In turn, auditors have all the information they need to understand what has happened.

RAIDS’ partnership with Drata and Prescient Security means you’re covered end-to-end: Drata helps you build and document your AI Management System, RAIDS provides continuous monitoring and evidence for Prescient Security to validate and certify, enabling you to build trust rather than risk.

AI regulation is moving fast, so it’s critical that organizations know how this looks in the real world. ISO42001 provides acritical foundation that will be essential for future-proofing AI governance.

Thanks again to Drata and Prescient Security for your continued support and partnership.

You can watch a recording of the webinar here: https://drata.ondemand.goldcast.io/on-demand/f4b2b04a-2c70-4113-a373-f4d9920626e2