| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
AI Standards and Frameworks: COBIT, Four Pillars, Laws, and Regulations
This episode of the ISACA Advanced in AI Security Management (AAISM) exam prep series untangles the three layers of the AI rulebook: voluntary standards, broad governance frameworks, and binding laws. It shows how recognized frameworks map onto AI work and where today’s regulatory landscape still leaves real gaps. The goal is to help you pick a credible framework, spot compliance risk early, and advise leadership on which rules apply across the markets your organization touches.
What this episode covers
- The voluntary AI standards that define good practice — including ISO/IEC 23053, ISO/IEC 42001, and IEEE 7000.
- Wider AI frameworks such as the OECD AI Principles, the NIST AI Risk Management Framework, and Singapore’s Model AI Governance Framework.
- COBIT applied to the AI life cycle across its five domains from design through monitoring.
- The CSA Four Pillars framework — model card, data sheet, risk card, and scenario planning as a continuous learning loop.
- Binding AI laws and the risk-based, tiered approach behind the EU AI Act, plus emerging laws elsewhere.
- Four compliance considerations every AI program must address: confidentiality, privacy, intellectual property, and employee rights.
- The dangerous gaps that remain — cross-border conflicts, sector lag, and the absence of a clear internal owner.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What are the main AI standards and frameworks?
Key voluntary standards include ISO/IEC 23053 which describes a generic AI system using machine learning, ISO/IEC 42001 which is a management-system standard for ethical AI use and accountability, and IEEE 7000 which gives developers a process for addressing ethical concerns during design. Additional frameworks include the OECD AI Principles, the NIST AI Risk Management Framework, and Singapore’s Model AI Governance Framework.
How does COBIT apply to the AI life cycle?
COBIT’s five domains map onto the AI life cycle: Evaluate, Direct, and Monitor guides design decisions; Align, Plan, and Organize shapes development policies; Build, Acquire, and Implement governs deployment integration and testing; Deliver, Service, and Support runs daily operations; and Monitor, Evaluate, and Assess drives continuous checking against performance, compliance, and risk goals.
What is the Four Pillars framework from the Cloud Security Alliance?
The Four Pillars framework consists of the model card which describes a model’s objectives, training data, capabilities, and limits; the data sheet which documents the training dataset including biases and ethical concerns; the risk card which identifies and analyzes model risks and planned mitigations; and scenario planning which imagines misuse or malfunction situations to surface unforeseen risks.
What is the European Union AI Act?
The EU AI Act is the flagship risk-based AI law, sorting AI into four tiers from prohibited to minimal risk and imposing transparency duties for systems like chatbots and deepfakes. Penalties can reach tens of millions of euros or a large slice of global revenue. Similar laws are emerging in Brazil, South Korea, US states such as Colorado, California, and Texas, and at the US federal level.
What are the four compliance considerations for AI?
The four considerations are confidentiality, because users can accidentally expose trade secrets or intellectual property; privacy, which requires protecting personal data by design and running a privacy impact assessment before go-live; intellectual property, because copyright status of AI-generated content is debated and training on copyrighted material creates legal exposure; and employee rights, ensuring AI used in hiring stays fair and within labor law.
📚 Master the ISACA AAISM Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA AAISM certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in AI Standards & Frameworks.