As technologies advance rapidly, they are changing how we live and work and along with this, the expectations of people and businesses. Leadership and management of public, private and not-for-profit organizations must stay up to date with this evolution.
This is challenging as business operations are often complex, involving data rich systems which provide diverse services. New technologies bring different terminology, definitions, ways of doing things, opportunities for innovation and new threats to business viability.
One way to address these issues is through standardization. IEC and ISO develop international standards for ICT, which cover many areas, including artificial intelligence, cloud computing, cyber security and more.
Jan Begg is Chair of ISO/IEC JTC 1/SC 40, which develops standards for IT services and IT governance. Among some of the key standards already published is ISO/IEC 38500, Governance of IT for the organization, which is a guidance document comprising six principles that can be applied to any technology or service enabled by technology.
SC 40 has also developed the ISO/IEC 30105 series of standards for IT enabled business process outsourcing (BPO). The five-part series defines processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. More recently it has added Part 6, an exemplar for maturity assessment, which gives clients an opportunity to see how their outsourced supplier is measuring up against others.
During a meeting in New Delhi last November, Begg talked about some of the work SC 40 is doing around data and AI.
“We are seeing in the regulatory landscape that there is a real emphasis on privacy and protecting the liberty of individuals. Our standards in SC 40 are around principles for governance of technology and that can give boards a head start on getting their policies, procedures, their risk management in place, well before the regulators pass laws”.
“Every organization creates data and their customers and suppliers are creating data. We have obligations to protect that, classify it and use it. Our standards are evolving in that space. SC 40 has 38505 Part 1, which is an application of our governance principles, specifically for data.
“It helps boards understand: What are the key things they need to protect? Who owns what? How can they classify it? We are now expanding that into data classification and in the future, we will look at the whole realm of digital data governance”.
SC 40 is working with SC 42: Artificial intelligence, on the governance implications of the use of AI technologies by organizations.
“We are looking at what the role of the board is when it comes to AI technologies. Some organizations think it is about ethics at the core, governance, risk management, but SC 40 and SC 42 think there is more to it. We think the governance of technology needs foundations in principles that extend beyond that and help boards make decisions and execute their accountability”, said Begg.
The collaboration between SC 40 and SC 42 covers different industries and related technology areas, such as analytics, big data, IoT, cyber security and more, in order to come up with a guidance document that can be understood by both audiences. Find out more here.