ISO/IEC TR 24028: Overview of trustworthiness in artificial intelligence

ISO/IEC TR 24028 is a Technical Report (TR) published by ISO/IEC that provides a comprehensive overview of trustworthiness in Artificial Intelligence. It is not a certifiable standard but a guidance document that establishes a common vocabulary for stakeholders to understand and discuss AI's complex characteristics. The report details key trustworthiness dimensions, including reliability, resilience, security, privacy, accountability, transparency, explainability, and fairness. It serves as a foundational document for more specific standards like ISO/IEC 23894 (AI Risk Management) and the certifiable ISO/IEC 42001 (AI Management System). For enterprises, it is a crucial reference for demonstrating due diligence in AI risk management, especially in alignment with emerging regulations like the EU AI Act.

Enterprises can apply the ISO/IEC TR 24028 framework in three practical steps. First, use its trustworthiness characteristics (e.g., fairness, transparency) as a standardized checklist to conduct a comprehensive risk identification and assessment of all AI systems. Second, integrate these identified AI-specific risks into the existing enterprise risk management (ERM) framework, such as one based on ISO 31000, mapping them to operational, legal, or reputational risk categories. Third, design and implement specific controls based on the assessment; for instance, deploying explainable AI (XAI) tools to mitigate transparency risks. A global bank used this approach to audit its loan approval algorithm, reducing discriminatory bias by 20% and improving its compliance score in regulatory reviews.

Taiwan enterprises face three primary challenges. First, the abstract nature of the TR lacks concrete implementation guidance. To overcome this, companies should supplement it with practical frameworks like the NIST AI Risk Management Framework (RMF) and start with a pilot project. Second, poor cross-departmental collaboration hinders effective governance. The solution is to establish a dedicated AI Governance Committee with representatives from legal, IT, and business units to create a unified AI risk policy. Third, a lack of specialized talent and resources, especially in SMEs, is a major barrier. A risk-based approach, prioritizing high-impact AI systems and leveraging external consultants for initial setup and training, is the most effective strategy to address this.

Winners Consulting specializes in ISO/IEC TR 24028 for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact