The potential benefits of implementing the knowledge management and artificial intelligence ISO standards together

As part of World Standards Day celebrations this week, the International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), and International Telecommunication Union (ITU) announced a joint effort to launch the 2025 International AI Standards Summit.

This initiative follows the adoption of the Global Digital Compact by world leaders in September, as part of the Pact for the Future. It is a direct response to a call to action by the United Nations (UN) to enhance artificial intelligence (AI) governance through international standards.

Given the emerging use of AI in knowledge management (KM), a tangible way that the global KM community can respond to the UN’s call for enhanced AI governance is through encouraging and facilitating adoption of the new ISO/IEC 42001:2023 Information technology—Artificial intelligence—Management system standard.

In a newly published paper¹ in the journal Machine Learning and Knowledge Extraction, authors Natalia Khazieva, Alena Pauliková, and Henrieta Hrablik Chovanová propose that an effective way of doing this is through the joint implementation of the ISO/IEC 42001:2023 AI standard and ISO 30401:2018 Knowledge management systems—Requirements.

For their research, Khazieva, Pauliková, and Chovanovám carried out a literature review, an analysis of the application of the ISO/IEC 42001:2023 and ISO 30401:2018 management system standards, and interviews with European organisations. Because of the limitations of interviews as an objective research tool and the lack of global representativeness in a European research sample, only the literature review and standards analysis aspects of the research findings are discussed in this article.

Benefits of implementing an artificial intelligence management system (AIMS)

ISO/IEC 42001:2023 specifies the requirements and provides guidance for establishing, implementing, maintaining, and continually improving an AI management system (AIMS) within the context of an organisation.

Khazieva, Pauliková, and Chovanovám identify the main benefits of an AIMS as being:

• framework for managing risk and opportunities
• demonstration of responsible use of AI
• traceability, transparency, and reliability
• bridging information asymmetries between partners
• increased level of trust and confidence among partners
• cost savings and efficiency gains.

These benefits give effect to the UN’s call to action for enhanced artificial intelligence (AI) governance, with particular benefits addressing already identified serious issues with the use of AI. For example, the risk management, responsible use, transparency, reliability, and trust and confidence aspects of these benefits go to the heart of the serious “botshit” problems² evident in the appalling horror cases of Australia’s robodebt scheme and the UK Post Office Horizon scandal. The ways in which an AIMS could rigorously address such issues include through the formal development and implementation of a risk management framework based on the AI Risk Repository³.

Synergies between an ISO/IEC 42001:2023 AIMS and ISO 30401:2018 KMS

ISO 30401:2018 includes the important Annex B, titled “Relation between Knowledge Management and Adjacent Disciplines.” This Annex highlights the relationships and synergy between the ISO 30401:2018 knowledge management system (KMS) and other management systems. As ISO 30401:2018 was released before ISO/IEC 42001:2023, Annex B of ISO 30401:2018 does not yet include the newly developed AI management system. However, Khazieva, Pauliková, and Chovanovám have extended the management systems in Annex B to include AI, as summarised in Figure 1.

Supporting this synergy, ISO/IEC 42001:2023 and ISO 30401:2018 both apply the same harmonised or consolidated structure developed to enhance alignment among management system standards (MSS), as shown in Figure 2. This consolidated structure includes identical clause numbers, clause titles, text, common terms, and core definitions. It means that organisations can much more readily and efficiently implement two or more MSS in an integrated way.

Khazieva, Pauliková, and Chovanovám further suggest that there is also potential synergy with ISO 9001:2015 Quality management systems—Requirements. ISO 9001:2015 includes clause 7.1.6 Organisational knowledge, and as I’ve previously discussed, jointly implementing ISO 9001:2015 and ISO 30401:2018 can give effect to clause 7.1.6 of ISO 9001:2015.

Supporting this, Khazieva, Pauliková, and Chovanovám advise that the common characteristics of ISO 9001:2015 and ISO 30401:2018 are:

• context of organisation, which means determination of interested parties and their requirements and establishment, implementation, maintenance, and continual improvement of the system, including needed processes and their interactions
• leadership, which means the role and responsibilities of top management to support the process
• planning, which means establishing objectives and how they can be reached
• support, which means needed resources and capabilities, communication channels, creating and updating information, and documenting
• performance evaluation, which means identifying points to monitor and evaluate, methods, and analysing the results
• improvements, which mean continually improving the system’s suitability, adequacy, efficiency, and effectiveness.

KM problem prevention using ISO 30401:2018 together with ISO/IEC 42001:2023

From their literature review, Khazieva, Pauliková, and Chovanovám identify the most common problems experienced during implementation and deployment of a KMS as being:

• Inconsistency of KM with general goals. The organisation should determine its general goals before developing any knowledge management system. This refers to making a profit and formulating clear, consistent, and reachable goals.
• A lack of detailed planning and timing for the KM project and infrastructure. Organisations often do not indicate the deadlines, resources, working time distribution, and responsible people for implementing and running KM. An absence of special technical tools and software limits data collection and analysis.
• Organisational mismatch. The organisation does not explain to its employees what it assumes from them regarding KM, nor when or how it correlates with their main duties and what is expected.
• Lack of knowledge sharing. Sometimes, employees are unable or unwilling to share their knowledge. The main reasons for this are protecting their position and benefits within the organisation, distrust among employees, and an unfriendly environment as a whole.
• Inefficient reward system. Participation in any KM is usually an additional task for employees, and employees believe that this performance should be appropriately appreciated.

Then, from their literature review and analysis of the synergies between an ISO/IEC 42001:2023 AIMS and ISO 30401:2018 KMS, they identify the following prevention suggestions for these problems:

For an organisation seeking to implement these suggestions, Khazieva, Pauliková, and Chovanovám strongly emphasise the role of leadership and organisational culture in a KMS, as shown in Figure 3.

They also stress the importance of:

• Considering risks that may occur in ISO 30401:2018 KMS certification. These are the risk of low uptake, the risk of low-quality certification, the risk that organisations implement the KM standard symbolically rather than meaningfully, and the risk that the standard is not specific enough or too specific.
• The use of an agile approach to continually retrain and refresh AI models is a must. AI systems must undergo rigorous and continuous monitoring and maintenance to continue performing as trained, meet the desired outcome, and solve the business challenges

Article source: © Khazieva, Pauliková,, & Chovanová, 2024, CC BY 4.0.

Header image source: fauxels on Pexels.

References: