scope:

This document outlines best practices on assessing security and privacy in artificial intelligence use cases, covering in particular those published in ISO/IEC TR 24030. The following aspects are addressed: - an overall assessment of security and privacy on the AI system of interest; - security and privacy concern; - security and privacy risks; - security and privacy controls; - security and privacy assurance; and - security and privacy plan. Security and privacy are treated separately as the analysis of security and the analysis of privacy can differ.