Audits & Assessments
Audits & Assessments for AI
"With great power comes great responsibility." This expression captures exactly the immense potential of Artificial Intelligence (AI). It drives innovation, but also has potential adverse impact on privacy, ethics, human rights, and the environment.
Rhite offers a team of experts in identifying and managing such risks, helping you build responsible solutions, from the technical details of applications to the policies at organizational level.
AI Impact Assessments
We can examine solutions to determine the potential impact on individuals and society. For this we use different tools and impact assessment frameworks.
Possible use cases include:
- Assessment of an AI solution during development;
- Assessment of a third-party AI solution before use;
- Due diligence of AI solutions, for investors.
We guide your organisation during the performance of different types of impact assessments such as: IAMA, ALTAI, DPIA, PLOT4ai, FRIA and more. Depending on the type of organisation you are (government, large or medium organisation, SME, start-up) and the type of solution and context, we will guide you through the impact assessment tool that is more adequate for your specific circumstances and legal requirements.
We can facilitate the sessions and the whole process from beginning till end. We can also provide custom-made training sessions for your organisation to learn how and when to implement the different assessment tools during and after the development life cycle of a solution.
Assessing and auditing of algorithms and AI systems
We use our purpose-built self-assessment open-source framework SARAI® to perform assessments and external audits on AI systems while also assessing the Responsible AI maturity level of the organization. This allows us to be flexible.
The approach can be light weight for smaller start-ups, or more extensive for larger organizations. Additional controls are included for high-risk solutions.
We will also offer soon external audit services based on the IEEE framework CertifAId.
What is the difference between an assessment and an external audit?
In both cases, systems and organisations can be assessed based on different controls. These controls usually come from an approved standard or framework. Currently there is not such an approved European standard for auditing AI systems and organisations and that is why there are not accredited bodies that can offer audit certifications yet.
This doesn’t mean your organisation cannot be audited by an external party. An external party can audit your system based on available frameworks, sometimes only based on interviews and review of documentation and other times also analysing your system or having together with you a look at it.
The result of the audit will be a report indicating what is the compliance status that your system and organisation has according to the requirements and measurements of the controls assessed.
An assessment is a similar process that an audit, with the difference that the company performing the assessment can also offer guidance to the organisation to implement the right controls and increase the maturity level.
An external audit should be done by an impartial party. This means that the same party offering guidance and consultancy should not be the same party auditing the system.
Privacy Impact Assessments
It is important to start with a Data Protection Impact Assessment (DPIA) on time. We focus specifically on the technically challenging DPIAs within your organisation. In addition to the legal and technical aspects, we help you find the possible risks* and assess if they are acceptable or measures need to be taken.
*We do not only look at risks related to data protection and security, but also other risks that could arise from the design and that could have an adverse impact on the indiviual and/or society.
At Rhite we provide both audits and assessments.
For more information, contact us.