IBM has a long history as a trusted partner in the technology industry and deep experience in deploying AI Ethics best practices, both internally and with clients. As such, IBM strongly supports the development and implementation of leading standards for using technology responsibly. IBM contributed to the development of the National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF), which was released on January 26, 2023.

 

“IBM applauds NIST on the release of the AI Risk Management Framework, and on the multi-year, inclusive, multistakeholder process that contributed to its development. We are happy to have contributed to that process throughout the last few years and gratified to see the Framework come to fruition. This initiative lays important groundwork for advancing trustworthy AI and showcasing the United States’ commitment to the responsible development and deployment of this crucial technology. IBM commends NIST for its tireless effort in developing this framework and looks forward to helping to promote it as best-in-class practices for both AI developers and deployers.”  – IBM statement in “Perspectives about the NIST Artificial Intelligence Risk Management Framework”

 

Immediately following the launch of the NIST AI RMF, IBM began a three-phase approach to analyzing the framework to confirm alignment of IBM’s own internal risk management standards, policies, and practice guidance with the framework. The three-phase approach was developed and implemented by a team within IBM’s Chief Privacy Office. This team gathered input from other stakeholders across IBM to support the process.

 

Phase 1: Study and prepare

Phase one began with a detailed study of the published NIST AI RMF and associated playbook. The team discussed their observations and defined the approach and scope of the next phases of analysis. In this phase, the team identified relevant documentation for comparison, such as IBM’s internal Ethics by Design playbook and corporate policies that pertain to AI.

The goal of IBM’s Ethics by Design framework is to integrate tech ethics in the technology development pipeline and overall lifecycle, including but not limited to AI systems. It has three areas of focus: methodology, adoption, and governance. This framework helps guide internal developers, data scientists, and other stakeholders on IBM’s requirements and recommended best practices, and includes guidance on using trustworthy AI tools.

 

Phase 2: Map to internal methodology

Phase two involved a mapping exercise of the NIST AI RMF to IBM’s Ethics by Design methodology. In this phase, the team mapped the core NIST AI RMF function of Govern, Map, Measure, and Manage to IBM’s internal methodology steps. The team observed that IBM’s methodology was well aligned and covered all core functions through the AI lifecycle. Findings from this phase were presented to senior leadership.

 

Phase 3: Systematic analysis

Phase three built upon the information gathered and analyzed during the first two phases and involved a detailed analysis of the NIST AI RMF functions. The team systematically evaluated IBM’s internal standards, policies and practice guidance for alignment with the NIST AI RMF function, categories, and subcategories.

 

For example, the NIST AI RMF subcategory GOVERN 2.2 states the following: “The organization’s personnel and partners receive AI risk management training to enable them to perform their duties and responsibilities consistent with related policies, procedures, and agreements.” IBM’s practice of clearly specifying responsibilities and providing training aligns with this NIST AI RMF subcategory. IBM provides training to both internal IBM employees and our partners. As highlighted in the 2022 IBM Impact Report, “in 2022, we trained over 1,000 ecosystem partners in technology ethics, surpassing our initial commitment, and we have launched a new commitment to train 1,000 technology suppliers in tech ethics over two years.”

 

Key Findings:

• IBM’s internal standards, policies, and practice guidance are aligned with the NIST AI RMF
• IBM’s AI governance structure and AI Ethics Board work are critical to enabling this alignment
• The NIST AI RMF and associated playbook are useful tools that organizations can use to help identify additional guidance that can be added or more fully addressed within existing internal guidance

Recommendations for policymakers using the NIST AI RMF as a foundation for regulation:

• Provide expectations around where and how companies and organizations should track policies, processes, procedures, and practices across the organization related to mapping, measuring, and managing AI risks
• Require government agencies to adopt the NIST AI RMF in their development, use, and procurement of AI systems
• Define self-certification schemes for compliance with the framework

 

Recommendations for companies looking to implement the NIST AI RMF:

• Identify relevant documentation for comparison with the NIST AI RMF, including corporate policies related to AI
• Map the company’s internal AI ethics methodology to the core NIST AI RMF function of Govern, Map, Measure, and Manage
• Systematically evaluate and track alignment of company AI standards, policies, and practice guidance to the NIST AI RMF function, categories, and subcategories

 

Moving forward, IBM plans to continuously adapt its best practices to meet the evolving capabilities of AI systems. An agile approach is important given the rapid advancement of this technology. The steps IBM has taken to analyze and internalize the NIST AI RMF are evidence of how IBM views the importance of this work for the entire industry. IBM encourages other organizations to conduct similar efforts to help manage the potential risks and enhance the benefits of AI.

 

-Heather Domin, IBM Program Director, Tech Ethics by Design, Associate Director, Notre Dame-IBM Tech Ethics Lab

-Alina Glaubitz, AI Ethics Program Manager, IBM

 

 

 

Share this post: