Sophia Rowland, Kristi Boyd, and Vrushali Sawant collaborated on this article. The National Institute of Standards and Technology (NIST), which operates under the U.S. Department of Commerce, has recently released the AI Risk Management Framework. This framework provides a set of standards and best practices for building Responsible AI Systems. NIST’s mission is to promote innovation and industrial competitiveness, and they offer measurements, standards, and legal metrology to ensure traceability, quality assurance, and harmonization of standards and practices.
While these standards are not mandatory, they are designed to enhance the trustworthiness of AI systems. The framework provides detailed recommendations across four functions: govern, map, measure, and manage. This article focuses on some of these recommendations and how they fit into the lifecycle of a model.
In the “govern” function, accountability structures are established to empower and train teams and individuals responsible for mapping, measuring, and managing AI risks. Collaboration among various groups such as data scientists, IT/engineering, risk analysts, data engineers, and business representatives is essential for successful AI projects. Clear definition of roles and responsibilities prevents duplication of efforts and ensures a streamlined process.
In the “map” function, context is established by understanding AI capabilities, targeted usage, goals, expected benefits and costs, and potential risks for all components of the AI system. It is crucial to document and store relevant information related to the proposed model usage, end users, expected performance, issue resolution strategies, deployment strategies, data limitations, privacy concerns, and testing strategies.
The framework also emphasizes the importance of considering socio-technical implications and addressing AI risks in design decisions. Organizations should ensure the removal or masking of Personally Identifiable Information (PII) and other sensitive data when not required for modeling, following data and information security best practices.
In the “measure” function, organizations should review how well the training data represents the target population. Using non-representative training data can result in less accurate models for specific groups, leading to unjust harm. Organizations must also be cautious of protected class variables and proxy variables that may inadvertently introduce bias into the model.
Model performance evaluation is crucial to understanding the accuracy and usefulness of the model. Data scientists need to assess how well the model performs across various groups, as a model that performs worse on specific groups may indicate a lack of representation in the training data. Model explainability helps stakeholders understand the relationship between inputs and predictions, ensuring fairness and capturing well-known connections between factors.
Monitoring the functionality and behavior of the AI system and its components is important to detect model decay and maintain accuracy. After deployment, organizations should implement post-deployment monitoring plans, including mechanisms for capturing user input, incident response, recovery, and change management.
In the “manage” function, organizations are recommended to regularly review and validate project parameters to ensure their ongoing relevance. This allows for the removal of systems that are no longer in use, minimizing risks and saving infrastructure costs.
Adopting these recommendations may seem challenging, but SAS Viya provides tools like SAS Workflow Manager that can help map these recommendations to workflow steps. SAS also offers a Trustworthy AI Lifecycle Workflow that predefines these steps, making it easier for organizations to adopt NIST’s recommendations.
Source link
