1
00:00:00,050 --> 00:00:04,820
Lesson managing third party risks post-deployment managing third party risks.

2
00:00:04,820 --> 00:00:10,730
Post-deployment of AI systems is a critical aspect of AI governance that ensures the continuous and

3
00:00:10,730 --> 00:00:13,610
effective operation of AI applications.

4
00:00:13,640 --> 00:00:19,430
These third party entities, which can include vendors, service providers, and partners, often play

5
00:00:19,430 --> 00:00:25,850
integral roles in the AI ecosystem, contributing to various stages from data sourcing to model maintenance.

6
00:00:26,090 --> 00:00:32,090
However, the involvement of these external parties introduces an array of risks that must be meticulously

7
00:00:32,090 --> 00:00:37,490
managed to safeguard the AI systems integrity, security and compliance.

8
00:00:38,510 --> 00:00:43,430
One of the primary risks associated with third party involvement is data security.

9
00:00:43,910 --> 00:00:49,310
Third parties often require access to sensitive data to perform their functions, which can introduce

10
00:00:49,310 --> 00:00:52,040
vulnerabilities if not properly managed.

11
00:00:52,280 --> 00:00:58,370
For instance, a breach at a third party vendor can expose valuable data, leading to significant financial

12
00:00:58,370 --> 00:01:00,590
losses and reputational damage.

13
00:01:00,620 --> 00:01:06,880
A survey by the Ponemon Institute found that 59% of companies experienced a data breach caused by a

14
00:01:06,880 --> 00:01:07,870
third party.

15
00:01:08,350 --> 00:01:14,110
This statistic underscores the importance of rigorous vetting and continuous monitoring of third party

16
00:01:14,110 --> 00:01:18,490
entities to ensure they adhere to stringent data security standards.

17
00:01:19,780 --> 00:01:25,930
Moreover, compliance with regulatory requirements is another critical area where third party risks

18
00:01:25,930 --> 00:01:27,190
must be managed.

19
00:01:27,880 --> 00:01:33,010
Different jurisdictions have varying regulations concerning data protection and AI ethics.

20
00:01:33,400 --> 00:01:39,460
Third party vendors operating across multiple regions may inadvertently cause compliance breaches if

21
00:01:39,460 --> 00:01:41,410
they fail to adhere to local laws.

22
00:01:41,590 --> 00:01:47,710
For example, the European Union's General Data Protection Regulation imposes strict guidelines on data

23
00:01:47,710 --> 00:01:52,060
handling practices, and non-compliance can result in hefty fines.

24
00:01:52,240 --> 00:01:57,970
Ensuring that third parties comply with such regulations necessitates robust contractual agreements

25
00:01:57,970 --> 00:02:01,750
and regular audits to verify adherence.

26
00:02:01,750 --> 00:02:06,910
Operational continuity is another significant concern in managing third party risks.

27
00:02:06,910 --> 00:02:13,300
The reliability and availability of third party services directly impact the AI system's performance.

28
00:02:13,300 --> 00:02:19,540
For example, if a third party cloud service provider experiences downtime, it can disrupt the AI systems

29
00:02:19,540 --> 00:02:24,820
functionality, leading to operational inefficiencies and potential financial losses.

30
00:02:25,480 --> 00:02:31,000
To mitigate this risk, it is essential to establish clear service level agreements that define the

31
00:02:31,000 --> 00:02:35,050
expected service standards and outline penalties for non-compliance.

32
00:02:35,560 --> 00:02:41,530
Additionally, having contingency plans and alternative service providers can ensure minimal disruption

33
00:02:41,530 --> 00:02:43,870
in case of third party service failures.

34
00:02:45,730 --> 00:02:51,010
Another dimension of third party risk management is the ethical considerations in AI deployment.

35
00:02:51,430 --> 00:02:56,860
Third parties involved in data collection and pre-processing may introduce biases that can propagate

36
00:02:56,860 --> 00:03:01,120
through the AI model, leading to unfair or discriminatory outcomes.

37
00:03:01,690 --> 00:03:03,460
A study by Obermaier et al.

38
00:03:03,490 --> 00:03:09,870
Highlighted that an algorithm used in health care to predict patient needs exhibited racial bias, primarily

39
00:03:09,870 --> 00:03:12,450
due to biased data from third party sources.

40
00:03:13,260 --> 00:03:19,140
To address such ethical concerns, it is crucial to implement thorough validation processes to detect

41
00:03:19,140 --> 00:03:22,440
and mitigate biases introduced by third party data.

42
00:03:22,710 --> 00:03:28,440
This can include techniques such as fairness aware machine learning and regular audits of data sources

43
00:03:28,440 --> 00:03:30,180
and pre-processing methods.

44
00:03:31,740 --> 00:03:36,630
Additionally, intellectual property risks are inherent in third party collaborations.

45
00:03:37,350 --> 00:03:43,800
AI systems often incorporate proprietary algorithms and technologies which need protection against unauthorized

46
00:03:43,800 --> 00:03:45,030
use or theft.

47
00:03:45,900 --> 00:03:51,240
When engaging with third parties, clear IP agreements are necessary to delineate the ownership and

48
00:03:51,240 --> 00:03:53,970
usage rights of any developed technology.

49
00:03:54,480 --> 00:04:00,090
Ensuring that third parties have robust IP protection measures in place can mitigate the risk of IP

50
00:04:00,120 --> 00:04:04,710
theft, which could otherwise lead to competitive disadvantages and legal disputes.

51
00:04:06,090 --> 00:04:11,840
The integration of AI systems with third party components also necessitates robust interoperability

52
00:04:11,840 --> 00:04:13,340
and integration testing.

53
00:04:13,610 --> 00:04:20,180
Third party software or services must seamlessly integrate with the AI system to ensure smooth operation.

54
00:04:20,570 --> 00:04:25,760
Incompatibilities or integration issues can lead to system failures or degraded performance.

55
00:04:26,150 --> 00:04:32,180
Therefore, comprehensive testing protocols must be established to validate that all third party components

56
00:04:32,180 --> 00:04:35,120
function correctly within the AI ecosystem.

57
00:04:35,690 --> 00:04:41,480
This can involve joint testing efforts with third parties and the use of standardized integration frameworks.

58
00:04:43,550 --> 00:04:49,070
Furthermore, continuous monitoring and performance assessment of third party entities are essential

59
00:04:49,070 --> 00:04:50,930
to manage risks effectively.

60
00:04:51,470 --> 00:04:57,380
This involves regular reviews of third party performance metrics, security practices, and compliance

61
00:04:57,380 --> 00:04:58,130
status.

62
00:04:58,580 --> 00:05:04,460
Automated monitoring tools can be employed to detect anomalies and potential risks in real time, enabling

63
00:05:04,460 --> 00:05:06,170
prompt corrective actions.

64
00:05:06,320 --> 00:05:12,310
For example, security information and event management systems can provide continuous oversight of

65
00:05:12,310 --> 00:05:18,490
third party activities, ensuring that any deviations from expected behavior are quickly identified

66
00:05:18,490 --> 00:05:19,390
and addressed.

67
00:05:20,920 --> 00:05:26,890
Effective communication and collaboration with third party entities are also pivotal in managing risks.

68
00:05:27,280 --> 00:05:33,640
Establishing transparent communication channels ensures that any issues or changes in third party operations

69
00:05:33,670 --> 00:05:36,310
are promptly communicated and addressed.

70
00:05:36,610 --> 00:05:42,370
Regular meetings and updates can foster a collaborative relationship, enabling proactive risk management

71
00:05:42,370 --> 00:05:45,430
and continuous improvement of third party practices.

72
00:05:47,230 --> 00:05:53,260
Lastly, fostering a culture of risk awareness and accountability within the organization is crucial.

73
00:05:53,920 --> 00:05:59,470
Employees and stakeholders involved in managing third party relationships must be well versed in risk

74
00:05:59,470 --> 00:06:01,810
management principles and practices.

75
00:06:02,320 --> 00:06:08,260
Providing regular training and resources can enhance their ability to identify and mitigate third party

76
00:06:08,260 --> 00:06:09,910
risks effectively.

77
00:06:10,090 --> 00:06:16,690
The organization should also establish clear accountability structures, ensuring that individuals responsible

78
00:06:16,690 --> 00:06:20,710
for third party management are held accountable for their performance.

79
00:06:22,240 --> 00:06:28,840
In conclusion, managing third party risks post-deployment of AI systems is a multifaceted endeavor

80
00:06:28,840 --> 00:06:33,790
that requires meticulous planning, continuous monitoring, and robust collaboration.

81
00:06:34,060 --> 00:06:40,120
By addressing data security, regulatory compliance, operational continuity, ethical considerations,

82
00:06:40,120 --> 00:06:46,000
intellectual property protection, interoperability, and performance assessment, organizations can

83
00:06:46,000 --> 00:06:49,210
mitigate the risks associated with third party involvement.

84
00:06:49,240 --> 00:06:54,520
Implementing these strategies not only safeguards the AI systems integrity and performance, but also

85
00:06:54,520 --> 00:06:59,860
ensures that the organization remains compliant with regulatory standards and ethical principles.

86
00:07:00,250 --> 00:07:05,740
Effective third party risk management is thus an integral component of AI governance that underpins

87
00:07:05,740 --> 00:07:09,310
the successful and sustainable deployment of AI systems.