The latest episode of GRC Uncensored dove deep into the magical world of AI governance, specifically on ISO 42001. This week, our guests are Chris Honda, Whistic’s Manager of Security, Risk, and Compliance; and Jonathan LeBaron, MasterControl Senior GRC Engineer with the golden voice. Our due shared their firsthand experiences navigating compliance, business adoption, and the broader implications of AI risk management.

Key Takeaways

• ISO 42001 is becoming essential for companies adopting AI, not just for compliance but to build customer trust.
• AI risk assessments are more complex than traditional security frameworks, requiring new approaches to impact analysis.
• Shadow IT and vendor AI features introduce unexpected risks—companies must proactively monitor and review new AI functionalities.
• AI governance isn’t just about compliance; it’s about trust. Businesses that prioritize transparency and ethical AI use will have a competitive edge. Also, AI may or may not be making us dumber.

02:23 Discussing AI in GRC and ISO 42001

02:56 ChatGPT and AI Experiences

08:07 Implementing ISO 42001: Challenges and Insights

19:20 Third-Party Risk Management and AI

26:43 Scope and Complexity of AI in Software Products

27:57 Challenges in High-Risk AI Applications

29:43 Regulatory Landscape and AI

32:02 Driving Forces Behind ISO Certification

38:53 AI Risks and Business Understanding

43:56 Ethical and Societal Impacts of AI

Hosted on Acast. See acast.com/privacy for more information.