1
00:00:00,050 --> 00:00:00,800
Case study.

2
00:00:00,800 --> 00:00:06,860
Managing third Party Risks in I innovate a comprehensive approach to data privacy and security.

3
00:00:06,890 --> 00:00:12,740
Artificial intelligence systems, while offering transformative potential, come with inherent risks,

4
00:00:12,740 --> 00:00:15,710
particularly when third party components are involved.

5
00:00:16,460 --> 00:00:22,430
Consider the case of innovate X, a leading financial technology company that leverages AI to enhance

6
00:00:22,430 --> 00:00:25,550
its customer experience and optimize operations.

7
00:00:25,940 --> 00:00:31,640
Innovate X is AI driven platform relies on data sets procured from third party vendors, proprietary

8
00:00:31,640 --> 00:00:37,160
algorithms, and third party software solutions to deliver personalized financial advice.

9
00:00:37,640 --> 00:00:43,130
The robustness of Innovate X's AI governance and risk management framework is put to the test when these

10
00:00:43,130 --> 00:00:46,250
external elements introduce unforeseen risks.

11
00:00:47,960 --> 00:00:54,470
Innovate X's CEO, Sarah, is a visionary who emphasizes innovation and ethical AI deployment.

12
00:00:54,800 --> 00:01:00,390
She is aware of the risks associated with third party components, but believes in balancing innovation

13
00:01:00,390 --> 00:01:02,850
with stringent risk management protocols.

14
00:01:03,300 --> 00:01:09,180
Sarah spearheaded a project to integrate a third party dataset from Data Ocean, a reputed data provider,

15
00:01:09,180 --> 00:01:12,390
to enhance predictive analytics for customer spending behavior.

16
00:01:12,990 --> 00:01:19,560
However, an incident in 2021 tested the company's preparedness and response to third party risks.

17
00:01:20,970 --> 00:01:27,240
One morning, Innovate X's risk officer, David noticed unusual activity in the company's data logs.

18
00:01:27,750 --> 00:01:33,450
A deeper investigation revealed that a data breach had occurred, exposing sensitive customer information.

19
00:01:34,290 --> 00:01:40,110
Immediately, a crisis meeting was called involving key stakeholders, including Sara David, the Chief

20
00:01:40,110 --> 00:01:44,280
Information Security Officer, Emma and the legal team led by Carlos.

21
00:01:44,760 --> 00:01:48,630
The breach was traced back to Data Ocean's compromised security protocols.

22
00:01:48,630 --> 00:01:52,020
The team had to quickly address several critical questions.

23
00:01:52,230 --> 00:01:57,930
How could innovate X ensure that their data providers adhered to stringent data protection standards?

24
00:01:58,140 --> 00:02:03,810
What mechanisms should be in place to verify compliance with regulations like the General Data Protection

25
00:02:03,810 --> 00:02:04,770
Regulation?

26
00:02:07,020 --> 00:02:13,020
David proposed a more rigorous vetting process for third party data providers, including detailed security

27
00:02:13,020 --> 00:02:14,910
audits and compliance checks.

28
00:02:15,570 --> 00:02:21,690
Furthermore, integrating contractual clauses obligating vendors to adhere to privacy regulations became

29
00:02:21,690 --> 00:02:22,800
non-negotiable.

30
00:02:23,460 --> 00:02:29,490
Emma suggested implementing continuous vulnerability assessments and penetration tests to proactively

31
00:02:29,490 --> 00:02:32,400
identify and mitigate potential security gaps.

32
00:02:33,270 --> 00:02:38,730
This approach acknowledged that despite the initial vetting, ongoing monitoring is crucial to managing

33
00:02:38,730 --> 00:02:40,050
dynamic risks.

34
00:02:41,040 --> 00:02:46,830
The incident also prompted innovate ECS to re-evaluate the ethical implications of their AI systems.

35
00:02:47,190 --> 00:02:52,560
During the breach investigation, it was discovered that the historical data used for developing predictive

36
00:02:52,560 --> 00:02:57,430
models contained inherent biases, particularly against minority groups.

37
00:02:57,640 --> 00:03:01,690
This revelation raised another critical question how can innovate?

38
00:03:01,900 --> 00:03:05,260
Ensure the fairness and ethical integrity of third party.

39
00:03:05,290 --> 00:03:06,940
Datasets and algorithms.

40
00:03:07,870 --> 00:03:13,540
Sarah emphasized the need for bias audits and stakeholder engagement to foster transparency.

41
00:03:13,900 --> 00:03:19,450
David suggested implementing fairness metrics to evaluate algorithmic outcomes continually.

42
00:03:20,200 --> 00:03:22,630
The situation recalled the Obermaier et al.

43
00:03:22,660 --> 00:03:27,610
Study, where biased algorithms in health care led to racial disparities.

44
00:03:27,910 --> 00:03:28,660
Innovate EQS.

45
00:03:28,660 --> 00:03:35,410
Data scientists led by Pria were tasked with conducting a comprehensive bias audit of all third party

46
00:03:35,440 --> 00:03:37,030
datasets and algorithms.

47
00:03:37,330 --> 00:03:42,850
They identified biased patterns and introduced corrective measures such as rebalancing datasets and

48
00:03:42,850 --> 00:03:45,790
incorporating fairness constraints in model training.

49
00:03:46,330 --> 00:03:52,000
Collaborating with diverse stakeholder groups, including customer advocacy organizations, provided

50
00:03:52,000 --> 00:03:57,440
valuable insights and reinforced the company's commitment to equitable AI deployment.

51
00:03:58,280 --> 00:04:03,980
Another dimension of third party risk management at innovate X involved regulatory compliance.

52
00:04:04,370 --> 00:04:09,950
The breach incident emphasized the importance of ensuring third party partners adherence to relevant

53
00:04:09,980 --> 00:04:11,150
legal frameworks.

54
00:04:11,480 --> 00:04:17,900
Carlos, the legal head, pointed out the potential for significant fines under GDPR for non-compliance.

55
00:04:18,050 --> 00:04:24,260
He advocated for integrating regulatory requirements into all third party contracts and conducting regular

56
00:04:24,260 --> 00:04:25,610
compliance audits.

57
00:04:26,090 --> 00:04:32,720
This raised a pertinent question what role does regulatory compliance play in third party risk management?

58
00:04:33,500 --> 00:04:39,620
To address this, innovate X developed a comprehensive compliance check protocol that included periodic

59
00:04:39,620 --> 00:04:45,860
audits, mandatory training for employees on data protection laws, and real time monitoring of regulatory

60
00:04:45,860 --> 00:04:46,580
changes.

61
00:04:46,610 --> 00:04:52,310
This proactive stance ensured that innovate X stayed ahead of legal developments, mitigating the risk

62
00:04:52,310 --> 00:04:53,870
of Noncompliance.

63
00:04:55,280 --> 00:04:59,450
Intellectual property rights management surfaced as another critical area.

64
00:04:59,810 --> 00:05:04,610
Innovate X utilized several third party algorithms and software solutions.

65
00:05:04,670 --> 00:05:09,440
Unauthorized use of these could lead to legal disputes and financial repercussions.

66
00:05:10,010 --> 00:05:16,160
The World Intellectual Property Organization report noted a surge in AI related patent applications,

67
00:05:16,160 --> 00:05:20,000
emphasizing the growing importance of IP in the AI domain.

68
00:05:20,390 --> 00:05:26,390
Carlos, with his legal team, conducted robust IP due diligence to secure necessary licenses and permissions

69
00:05:26,390 --> 00:05:28,910
before integrating third party components.

70
00:05:29,240 --> 00:05:35,210
This highlighted the question how can organizations safeguard against IP infringements when using third

71
00:05:35,240 --> 00:05:36,920
party AI components?

72
00:05:38,420 --> 00:05:44,900
Innovate X's approach involved engaging external IP experts to navigate complex patent landscapes and

73
00:05:44,900 --> 00:05:52,110
implementing a centralized IP management system to track licenses and usage rights, meticulously Establishing

74
00:05:52,110 --> 00:05:57,000
clear governance structures was essential to overseeing third party risk management.

75
00:05:57,420 --> 00:06:03,060
Sarah appointed a dedicated risk management team with well-defined roles and responsibilities.

76
00:06:03,270 --> 00:06:09,390
This team conducted periodic reviews of third party relationships assessing associated risks.

77
00:06:09,870 --> 00:06:16,200
Innovate X embraced AI powered risk management platforms, providing real time insights into potential

78
00:06:16,200 --> 00:06:16,950
risks.

79
00:06:17,490 --> 00:06:23,310
This technological solution allowed the risk management team to respond proactively to emerging threats.

80
00:06:23,550 --> 00:06:29,100
The team's efficacy raised the question what impact do governance structures have on effective third

81
00:06:29,100 --> 00:06:30,450
party risk management?

82
00:06:31,830 --> 00:06:37,530
Training and awareness programs form the cornerstone of Innovate X's risk management strategy.

83
00:06:38,280 --> 00:06:43,560
Employees were educated on the potential risks associated with third party components through regular

84
00:06:43,560 --> 00:06:47,040
training sessions, workshops, and educational materials.

85
00:06:47,550 --> 00:06:51,880
This fostered a risk aware culture, enhancing overall resilience.

86
00:06:52,270 --> 00:06:57,640
Emma's training program included simulations of breach scenarios, reinforcing the protocols and best

87
00:06:57,640 --> 00:06:58,570
practices.

88
00:06:59,830 --> 00:07:05,920
Continuous monitoring and improvement underscored Innovate X's commitment to dynamic risk management.

89
00:07:06,310 --> 00:07:12,340
Given the evolving threat landscape, David advocated for leveraging AI and machine learning tools to

90
00:07:12,370 --> 00:07:15,700
detect anomalies and conduct regular risk assessments.

91
00:07:16,480 --> 00:07:22,090
Staying informed about the latest developments in AI governance ensured that Innovate X's risk management

92
00:07:22,090 --> 00:07:23,980
strategies remained effective.

93
00:07:25,690 --> 00:07:31,690
The proactive steps taken by innovate X to manage third party risks provided valuable insights for other

94
00:07:31,690 --> 00:07:32,950
organizations.

95
00:07:32,980 --> 00:07:39,460
By focusing on data privacy, security, ethical considerations, regulatory compliance, intellectual

96
00:07:39,460 --> 00:07:45,280
property governance structures, training, and continuous monitoring, innovate X created a robust

97
00:07:45,280 --> 00:07:47,950
framework for managing third party risks.

98
00:07:48,490 --> 00:07:53,200
The incident with Data Ocean, while challenging, ultimately strengthened the company's risk management

99
00:07:53,200 --> 00:07:59,470
protocols and reinforced the critical role of a comprehensive and proactive approach in AI governance.

100
00:08:01,750 --> 00:08:07,570
In conclusion, Innovate X's experience underscores the multifaceted nature of managing third party

101
00:08:07,570 --> 00:08:15,040
risks in AI systems by addressing data privacy through stringent vetting and compliance checks, mitigating

102
00:08:15,040 --> 00:08:20,800
security vulnerabilities with rigorous assessments, ensuring ethical integrity through bias audits,

103
00:08:20,800 --> 00:08:23,020
and maintaining regulatory compliance.

104
00:08:23,050 --> 00:08:27,250
Innovate X exemplified a holistic approach to risk management.

105
00:08:27,640 --> 00:08:33,130
The focus on intellectual property rights, governance structures, and continuous improvement further

106
00:08:33,130 --> 00:08:34,690
solidified their framework.

107
00:08:35,290 --> 00:08:41,650
As AI technologies evolve, the principles demonstrated by innovate X will remain vital for organizations

108
00:08:41,650 --> 00:08:47,620
aiming to deploy AI ethically and securely, fostering trust and confidence among stakeholders.