In 2023, the National Institute of Science and Technology (NIST) released its Artificial Intelligence Risk Management Framework (AI RMF), which is aimed at managing risks to individuals, organisations and society that are posed by AI.  Whilst alignment with the NIST AI RMF is voluntary, its adoption is extremely valuable in demonstrating to existing and prospective clients that your organisation’s systems are secure, trustworthy, and ethical, as well as supporting your compliance with regulations such as the EU AI Act.

The NIST AI RMF is organised into 4 Core Functions (Govern, Manage, Map and Measure), each of which address similar topics from different perspectives, covering governance activities, implementation and measurement of activities.  It is designed to be sector agnostic, and therefore applies broadly across industries that develop, deploy or use AI systems.

The Framework is considered a living document and will be updated as technologies and risks evolve.  As such, alignment with the NIST AI RMF will enable you to continuously adapt your organisation’s use of AI to emerging challenges, stay ahead of regulatory developments, and implement best practices that reflect the latest advancements in AI governance and risk management.

Gap Analysis

URM’s consultants can conduct a gap analysis to facilitate your alignment with the NIST AI RMF. Our approach involves a comprehensive evaluation of your current AI systems and risk management practices to both identify where you are already following the guidance set out in the Framework, and any areas requiring improvement.  The output of the analysis is a report, in which we provide a detailed breakdown of your current alignment status and recommend appropriate actions your organisation can take to achieve full alignment with the Framework.

Why URM for NIST AI RMF?

Track record

URM has a 20-year track record of providing high-quality training and consultancy services, assisting organisations to improve their governance and risk management programmes.  Whilst the NIST AI RMF is a relatively new framework and AI an emerging and rapidly evolving field, URM’s extensive experience supporting organisations to implement other NIST frameworks, such as the NIST Cybersecurity Framework (CSF), means we are ideally positioned to support your alignment with the AI RMF.  

Tailored solutions

We at URM appreciate that the use and development of AI will never be the same across any two organisations and, therefore, neither will the AI risk management programme.  The unique requirements of your organisation, its industry, size and structure, risk appetite, products and services provided, legal and obligatory requirements, etc., will always shape the approach we take in supporting your alignment with the NIST AI RMF.  Meanwhile, we will ensure the advice and guidance we offer you reflects your existing culture and working practices, enabling you to integrate AI risk management into business-as-usual operations as seamlessly as possible.

Knowledge transfer

One of the most fundamental aspects of the way we work at URM is our ‘real world’ knowledge transfer philosophy.  This enables you to benefit from our large team of consultants’ extensive practical experience and knowledge of AI best practice and, ultimately, independently improve your AI risk management by virtue of what you have learned from them, without needing to rely on ongoing consultancy support.