1
00:00:00,050 --> 00:00:02,960
Lesson managing third party risks in AI systems.

2
00:00:02,960 --> 00:00:09,050
Managing third party risks in AI systems is a critical aspect of implementing AI governance and risk

3
00:00:09,050 --> 00:00:09,890
management.

4
00:00:10,340 --> 00:00:17,000
The use of third party components, whether they be datasets, algorithms or entire AI systems, introduces

5
00:00:17,030 --> 00:00:22,880
a range of potential risks that must be carefully managed to ensure the integrity, security and ethical

6
00:00:22,880 --> 00:00:24,980
deployment of AI technologies.

7
00:00:25,250 --> 00:00:31,430
The reliance on third party elements necessitates a robust framework to mitigate risks associated with

8
00:00:31,430 --> 00:00:36,230
data privacy, security vulnerabilities, and ethical considerations.

9
00:00:36,470 --> 00:00:42,890
AI systems often require vast amounts of data to function effectively, and third party data sources

10
00:00:42,890 --> 00:00:45,620
are frequently utilized to meet this demand.

11
00:00:45,920 --> 00:00:52,220
However, the use of external data sources introduces the risk of data breaches and privacy violations.

12
00:00:52,220 --> 00:00:59,500
According to a study by Ponemon Institute, the average cost of a data breach in 2020 was $3.86 Million

13
00:00:59,530 --> 00:01:02,980
dollars, with significant portions of these breaches attributed to.

14
00:01:03,010 --> 00:01:04,420
Third party vendors.

15
00:01:04,810 --> 00:01:07,630
Ensuring that third party data providers adhere to.

16
00:01:07,660 --> 00:01:10,720
Stringent data protection standards is paramount.

17
00:01:11,140 --> 00:01:12,550
This can be achieved through.

18
00:01:12,580 --> 00:01:18,550
Thorough vetting processes, regular audits, and the implementation of contractual agreements that

19
00:01:18,550 --> 00:01:24,310
enforce compliance with privacy regulations, such as the General Data Protection Regulation.

20
00:01:25,810 --> 00:01:31,450
Security vulnerabilities are another significant concern when incorporating third party components into

21
00:01:31,480 --> 00:01:32,650
AI systems.

22
00:01:33,250 --> 00:01:38,830
The complexity of AI systems often results in a broad attack surface, and third party components can

23
00:01:38,830 --> 00:01:41,050
introduce additional vulnerabilities.

24
00:01:41,740 --> 00:01:47,410
A notable example is the SolarWinds cyberattack, where attackers compromised a widely used third party

25
00:01:47,440 --> 00:01:52,330
software, leading to significant breaches across multiple organizations.

26
00:01:52,750 --> 00:01:59,190
To mitigate such risks, it is essential to conduct rigorous security assessments of third party Components.

27
00:01:59,190 --> 00:02:04,890
This includes performing regular penetration testing, code reviews, and ensuring that third party

28
00:02:04,920 --> 00:02:07,980
vendors adhere to best practices in cybersecurity.

29
00:02:09,750 --> 00:02:15,000
Ethical considerations are equally important when managing third party risks in AI systems.

30
00:02:15,660 --> 00:02:21,720
The use of third party algorithms and data sets can sometimes result in biased or unfair outcomes.

31
00:02:22,320 --> 00:02:25,110
For instance, a study by Obermaier et al.

32
00:02:25,110 --> 00:02:31,440
Found that an algorithm used in the US health care system exhibited racial bias, leading to disparities

33
00:02:31,440 --> 00:02:33,750
in the allocation of medical resources.

34
00:02:34,200 --> 00:02:39,300
This bias was traced back to the historical data used to train the algorithm, highlighting the importance

35
00:02:39,300 --> 00:02:42,540
of scrutinizing third party data for inherent biases.

36
00:02:42,570 --> 00:02:48,990
Organizations must implement robust mechanisms to evaluate the fairness and ethical implications of

37
00:02:48,990 --> 00:02:50,520
third party components.

38
00:02:50,880 --> 00:02:56,910
This can involve conducting bias audits, fostering transparency in AI processes, and engaging with

39
00:02:56,910 --> 00:03:01,490
diverse stakeholder groups to ensure that AI systems are equitable and just.

40
00:03:03,140 --> 00:03:08,120
Moreover, regulatory compliance is a crucial aspect of managing third party risks.

41
00:03:08,540 --> 00:03:13,910
Various jurisdictions have implemented regulations that govern the use of AI and third party data.

42
00:03:14,240 --> 00:03:20,870
For example, the European Union's GDPR imposes strict requirements on data processing and imposes hefty

43
00:03:20,900 --> 00:03:22,700
fines for non-compliance.

44
00:03:22,940 --> 00:03:29,120
Organizations must ensure that their third party partners comply with relevant regulations and standards.

45
00:03:29,270 --> 00:03:34,970
This can be achieved through comprehensive compliance checks, integrating regulatory requirements into

46
00:03:34,970 --> 00:03:40,340
contractual agreements, and maintaining up to date knowledge of evolving legal frameworks.

47
00:03:42,050 --> 00:03:48,140
The integration of third party AI components also necessitates a focus on intellectual property rights.

48
00:03:48,620 --> 00:03:53,930
Unauthorized use of third party IP can result in legal disputes and financial penalties.

49
00:03:54,590 --> 00:04:00,030
According to a report by the World Intellectual property organization, AI related patent applications

50
00:04:00,030 --> 00:04:04,710
have surged, indicating the growing importance of IP in the AI domain.

51
00:04:05,100 --> 00:04:10,410
Organizations must ensure that they have the appropriate licenses and permissions for third party components,

52
00:04:10,410 --> 00:04:13,080
and that their use complies with IP laws.

53
00:04:13,230 --> 00:04:18,990
This involves conducting thorough IP due diligence, securing necessary licenses, and implementing

54
00:04:18,990 --> 00:04:21,480
robust IP management practices.

55
00:04:23,250 --> 00:04:29,220
In addition to these considerations, it is essential to establish clear governance structures to oversee

56
00:04:29,250 --> 00:04:30,990
third party risk management.

57
00:04:31,020 --> 00:04:36,900
This includes defining roles and responsibilities, implementing risk management policies, and fostering

58
00:04:36,900 --> 00:04:38,550
a culture of accountability.

59
00:04:39,420 --> 00:04:45,240
For example, creating a dedicated risk management team that regularly reviews third party relationships

60
00:04:45,240 --> 00:04:51,390
and assesses associated risks can enhance an organization's ability to manage third party risks effectively.

61
00:04:52,080 --> 00:04:58,280
Furthermore, leveraging technology solutions such as AI powered Risk management platforms can provide

62
00:04:58,280 --> 00:05:03,680
real time insights into third party risks and facilitate proactive risk mitigation.

63
00:05:05,360 --> 00:05:09,800
Training and awareness programs are also vital in managing third party risks.

64
00:05:10,100 --> 00:05:16,100
Employees must be educated on the potential risks associated with third party components, and the importance

65
00:05:16,100 --> 00:05:19,070
of adhering to established risk management protocols.

66
00:05:19,460 --> 00:05:24,890
This can be achieved through regular training sessions, workshops and the dissemination of educational

67
00:05:24,890 --> 00:05:25,820
materials.

68
00:05:26,450 --> 00:05:32,690
By fostering a risk aware culture, organizations can enhance their overall resilience to third party

69
00:05:32,690 --> 00:05:33,500
risks.

70
00:05:35,300 --> 00:05:41,000
Finally, continuous monitoring and improvement are essential components of an effective third party

71
00:05:41,000 --> 00:05:42,620
risk management strategy.

72
00:05:43,220 --> 00:05:49,310
The dynamic nature of AI technologies and the evolving threat landscape necessitate ongoing vigilance.

73
00:05:49,940 --> 00:05:56,320
Organizations should implement continuous monitoring mechanisms to detect and respond to emerging risks

74
00:05:56,320 --> 00:05:57,160
promptly.

75
00:05:57,190 --> 00:06:03,040
This can involve leveraging AI and machine learning tools to identify anomalies, conducting regular

76
00:06:03,040 --> 00:06:09,100
risk assessments, and staying informed about the latest developments in AI governance and risk management.

77
00:06:10,780 --> 00:06:17,050
In conclusion, managing third party risks in AI systems is a multifaceted challenge that requires a

78
00:06:17,050 --> 00:06:23,860
comprehensive and proactive approach by focusing on data privacy, security, ethical considerations,

79
00:06:23,860 --> 00:06:30,070
regulatory compliance, intellectual property governance structures, training, and continuous monitoring,

80
00:06:30,070 --> 00:06:35,020
organizations can effectively mitigate the risks associated with third party components.

81
00:06:35,020 --> 00:06:41,110
This not only ensures the integrity and security of AI systems, but also fosters trust and confidence

82
00:06:41,110 --> 00:06:42,430
among stakeholders.

83
00:06:43,030 --> 00:06:48,820
As AI technologies continue to evolve, the importance of robust third party risk management will only

84
00:06:48,820 --> 00:06:54,310
grow, making it an essential component of AI governance and risk management frameworks.