As a Compliance Engineer, I'm focused on developing robust methodologies for emerging compliance challenges. A recent IEEE webinar that I attended on AI Safety for Automotive provided valuable insights into the upcoming ISO PAS 8800 standard, introducing a pragmatic approach to AI safety assurance that I believe warrants sharing.
Requirements Isolation Strategy: A Systems Engineering Approach
The webinar presented what I'll call the "Requirements Isolation Strategy" - a methodical approach to AI safety compliance. Rather than treating AI as a complete system overhaul, this strategy focuses on isolating specific safety requirements that are allocated to AI functionality. By precisely identifying these requirements, we can develop targeted assurance processes for just these elements.
This builds on established practices from other industries such as the medical device industry, where requirements traceability, verification, and validation are paramount.
At the same time, this approach acknowledges that the fundamental requirements for automotive safety haven’t changed with the integration of AI. Instead, we’re confronted with additional uncertainty surrounding specific requirements that necessitate structured assurance and risk measures.
Critical Distinction: Assurance vs. Risk Management
The webinar did not address, but is crucially important, the critical distinction between assurance and risk management activities in the context of safety.
Assurance processes are not sufficient to handle risk
Assurance entails the provision of quantifiable evidence demonstrating the fulfillment of requirements and the system’s effectiveness.
In contrast, Risk Management systematically addresses uncertainty through:
Methodical reduction of controllable risks, and
Establishing engineering margins for unavoidable or irreducible risk
This distinction is crucial for implementing effective management processes, technical controls, and risk measures to achieve the outcome of safety.
Applications Beyond Automotive
The Requirements Isolation Strategy used in ISO PAS 8800 has broad application for other compliance domains, including:
Security requirements
Sustainability commitments
Quality expectations
Regulatory compliance
Ethical conduct
and others
The methodology remains the same:
Identify and isolate requirements allocated to the AI system
Establish specific assurance protocols for these requirements, and
Implement appropriate risk controls and measures.
This targeted approach significantly reduces the complexity of managing AI-related risks across a variety of compliance objectives.
Looking Forward
This requirements-based approach offers a structured path forward as organizations integrate AI systems into their operations.
By isolating AI-specific requirements and their associated assurance and risk needs, we can maintain robust compliance without creating unnecessary complexity in our existing systems. This allows for clear traceability between requirements, verification methods, and assurance evidence.
What do you think of this approach? What strategies are you using to advance AI Safety within your operations and systems?