bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
2nd/10_Wiki/Topics/AI_and_ML/Global-Standard.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

7.1 KiB
Raw Permalink Blame History

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack
id title category status canonical_id aliases duplicate_of source_trust_level confidence_score verification_status tags raw_sources last_reinforced github_commit tech_stack
wiki-2026-0508-global-standard Global Standard 10_Wiki/Topics verified self
international standards
ISO
IEC
IEEE
W3C
RFC
none A 0.85 applied
standards
iso
ieee
w3c
rfc
governance
compliance
2026-05-10 pending
language applicable_to
Standard
Compliance
Engineering
Governance

Global Standard

매 한 줄

"매 international consensus 의 의 의 의 의 specification". 매 ISO, IEC, IEEE, W3C, IETF, ANSI. 매 software / hardware / quality / safety / AI ethics. 매 modern: ISO/IEC 42001 (AIMS), 매 EU AI Act, 매 NIST AI RMF.

매 핵심

매 organization

  • ISO (International Org for Standardization).
  • IEC (Electrotechnical).
  • ITU (Telecommunication).
  • IEEE (Engineering).
  • W3C (Web).
  • IETF (Internet — RFCs).
  • ANSI (American National).
  • CEN/CENELEC (Europe).
  • NIST (US).

매 modern AI standards

  • ISO/IEC 42001: AI Management System.
  • ISO/IEC 23894: AI risk management.
  • ISO/IEC 5338: AI lifecycle.
  • NIST AI RMF 1.0.
  • EU AI Act (regulation, 2024).
  • IEEE 7000 series: AI ethics.

매 software / quality

  • ISO 9001: Quality management.
  • ISO 27001: Info security.
  • ISO 27701: Privacy.
  • SOC 2 (US).
  • GDPR (EU privacy).

매 응용

  1. Compliance certification.
  2. B2B procurement requirement.
  3. Regulated industry (medical, automotive).
  4. Cross-border trade.
  5. AI governance.

💻 패턴

ISO/IEC 42001 (AI management)

# 매 high-level requirements
ai_management_system:
  context: "Organization's AI strategy, scope, stakeholders"
  leadership: "AI policy, roles, responsibilities"
  planning:
    - risk_assessment
    - opportunity_identification
    - objectives
  support:
    - resources
    - competence
    - awareness
    - communication
    - documentation
  operation:
    - ai_lifecycle_management
    - third_party_ai_oversight
  performance_evaluation:
    - monitoring
    - internal_audit
    - management_review
  improvement: "Continual + corrective"

NIST AI RMF (4 functions)

ai_rmf:
  govern:
    - policies
    - accountability
  map:
    - context
    - risks
  measure:
    - methods
    - testing
  manage:
    - prioritize
    - respond

Compliance audit trail

class ComplianceLog:
    def __init__(self, standard):
        self.standard = standard
        self.entries = []
    
    def log(self, control_id, evidence, auditor, timestamp=None):
        self.entries.append({
            'control': control_id,
            'evidence': evidence,
            'auditor': auditor,
            'timestamp': timestamp or datetime.now(),
        })
    
    def export_for_audit(self):
        return pd.DataFrame(self.entries).to_excel('audit.xlsx')

SBOM (Software Bill of Materials, NIST)

import json
def generate_sbom(project):
    """매 NTIA minimum elements."""
    return {
        'metadata': {'project': project.name, 'version': project.version, 'timestamp': now()},
        'components': [
            {'name': c.name, 'version': c.version, 'license': c.license, 'supplier': c.supplier, 'hash': c.sha256}
            for c in project.dependencies
        ],
    }

# 매 SPDX or CycloneDX format

Privacy (GDPR data subject rights)

def gdpr_request(user_id, request_type):
    if request_type == 'access':
        return all_user_data(user_id)
    if request_type == 'erasure':
        delete_user_data(user_id, retain_legal_basis=True)
    if request_type == 'portability':
        return export_user_data_json(user_id)
    if request_type == 'rectification':
        return enable_user_self_correction(user_id)

Security (ISO 27001 control sample)

controls:
  A.5.1: "Information security policies"
  A.6.1: "Internal organization (roles)"
  A.8.1: "Asset management"
  A.9.1: "Access control"
  A.10.1: "Cryptography"
  A.12.4: "Logging and monitoring"
  A.16.1: "Incident management"
  A.18.1: "Compliance with legal"

AI risk register (ISO 23894)

@dataclass
class AIRisk:
    risk_id: str
    description: str
    likelihood: str  # 매 low / med / high
    impact: str
    inherent_score: int
    controls: list
    residual_score: int
    owner: str

Standards compliance checker

def check_compliance(system, standard):
    """매 high-level."""
    requirements = load_standard(standard)
    results = {}
    for req in requirements:
        results[req.id] = verify_evidence(system, req)
    return results

W3C web standards

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Compliant</title>
</head>
<body>
  <main>
    <h1 id="page-title">Title</h1>
    <article aria-labelledby="page-title">...</article>
  </main>
</body>
</html>

RFC compliance (IETF)

# 매 RFC 7231 HTTP semantic
# 매 RFC 8259 JSON
# 매 RFC 7519 JWT
import jwt
token = jwt.encode({'sub': user_id, 'exp': exp_time}, secret, algorithm='HS256')

EU AI Act (risk-tier compliance)

def eu_ai_act_compliance(use_case, model):
    risk_tier = classify_risk_tier(use_case)
    if risk_tier == 'unacceptable': return 'PROHIBITED'
    if risk_tier == 'high':
        return {
            'risk_management_system': required,
            'data_governance': required,
            'technical_documentation': required,
            'record_keeping': required,
            'transparency': required,
            'human_oversight': required,
            'accuracy_robustness_security': required,
        }
    if risk_tier == 'limited':
        return {'transparency_disclosure': required}
    return 'minimal_obligations'

매 결정 기준

상황 Standard
AI governance ISO/IEC 42001 + NIST AI RMF
Quality ISO 9001
Security ISO 27001 + SOC 2
Privacy ISO 27701 + GDPR
Web W3C + WCAG 2.2
Internet protocol IETF RFC
EU market EU AI Act + GDPR
Healthcare HIPAA / GDPR + ISO 13485

기본값: 매 industry-relevant 의 baseline + 매 ISO 27001 (info sec) + 매 product-specific. 매 AI = ISO 42001 + EU AI Act.

🔗 Graph

🤖 LLM 활용

언제: 매 enterprise. 매 regulated industry. 매 cross-border. 언제 X: 매 internal prototype.

안티패턴

  • Compliance-as-checkbox: 매 paper but no practice.
  • Single-standard focus: 매 multi 의 ignore.
  • No update tracking: 매 standards evolve.
  • Self-attestation only: 매 third-party audit 의 lack.

🧪 검증 / 중복

  • Verified (ISO websites, NIST, EU AI Act 2024, W3C).
  • 신뢰도 A.

🕓 Changelog

날짜 변경
2026-04-20 Auto
2026-05-08 Phase 1
2026-05-10 Manual cleanup — orgs + 매 ISO 42001 / NIST RMF / SBOM / EU AI Act code
Reference in New Issue View Git Blame Copy Permalink