https://doi.org/10.53656/str2024-5s-25-cyc

Резюме. The Plan – Do – Check – Act (PDCA) cycle is the basis of the process approach applied in ISO management system standards. The experience gained in working with management systems and summarized in the author’s monograph have been creatively adapted and applied in the analysis of the requirements of ISO/IEC 42001:2023 – the first standard for artificial intelligence management systems. This paper presents a method for determining the type of each requirement of the ISO/IEC 42001:2023 standard in relation to the PDCA cycle. The application of the PDCA cycle is demonstrated for selected processes and is used for creating process flowcharts. They can be based on the standards with requirements for quality, educational organizations, research and innovation centres, etc. Further on they can serve as the foundations for developing relevant documented procedures that comprise the artificial intelligence management system.

Ключови думи: PDCA cycle; artificial intelligence (AI); management systems (MS); ISO/IEC 42001:2023

1. Introduction

Modern management systems based on ISO standards (ISO 2024a) often follow an identical high-level structure, common terms and definitions, also known as Annex SL. In February 2024 a special communique has been published by the International Accreditation Forum (IAF) and the International Organization for Standardization (ISO). It is related to climate changes, and their effect on more than 30 international standards (IAF&ISO 2024). This change also affects Annex SL that has also been updated in the end of April 2024 (ISO 2024b). It is expected that this update will have an impact on more than 70 standards that use Annex SL as a basis onto which discipline or industry sector specific requirements are added.

All of the abovementioned standards apply the so called “Process Approach” to management. Invariably this is related to process management using the PDCA or Deming cycle. Aligned to this cycle, the four main management stages (types of process steps) are: planning (Plan), implementation (Do), verification (Check), and improvement (Act).

Specific examples how the PDCA cycle is applied at the system level of ISO management system standards, that are also accepted as Bulgarian standards, are:

– ISO 9001:2015 Quality management systems — Requirements (ISO 2015a);

– ISO 10014:2021 Quality management systems — Managing an organization for quality results — Guidance for realizing financial and economic benefits (ISO 2021a);

– ISO 10015:2019 Quality management — Guidelines for competence management and people development (ISO 2019a);

– ISO 14001:2015 Environmental management systems — Requirements with guidance for use (ISO 2015b);

– ISO 19011:2018 Guidelines for auditing management systems (ISO 2018a);

– ISO 21001:2018 Educational organizations — Management systems for educational organizations — Requirements with guidance for use (ISO 2018b);

– ISO 22163:2023 Railway applications — Railway quality management system — ISO 9001:2015 and specific requirements for application in the railway sector (ISO 2023);

– ISO 37002:2021 Whistleblowing management systems — Guidelines (ISO 2021b);

– ISO 45001:2018 Occupational health and safety management systems — Requirements with guidance for use (ISO 2018c);

– ISO 50001:2018 Energy management systems — Requirements with guidance for use (ISO 2018d);

– ISO 56002:2019 Innovation management — Innovation management system — Guidance (ISO 2019b), including the standard with requirements ISO/FDIS 56001:2024 that is expected to be published later in 2024;

– and many other standards for management systems.

The research hypothesis is whether such a well-known and widely applied management cycle like the PDCA can be also applied to the standard for AI management systems ISO/IEC 42001:2023 (ISO/IEC 2023).

This paper aims to answer this research question based on the requirements of the ISO/IEC 42001:2023 standard and the author’s rich experience that is summarized in his monograph devoted to the research and applications of the PDCA cycle in quality management systems (Gueorguiev 2023). The implementation of the PDCA cycle in public universities is recently discussed by (Do & Treve 2024). The way this leads to continuous quality improvement in higher education institutions is the focus of (Jha et al. 2024). Comprehending quality management in a strategic context is successfully justified by (Georgieva 2022), and (Atanasov & Ivanova 2022) present a framework for the evaluation of learning content. The focus on innovation supported by innovation and the human factor is substantiated in another recent research (Kalaydzhieva 2023).

2. Discussion

The research and application of the PDCA cycle in artificial intelligence (AI) management systems (MS) is developed and realized on two levels:

– the system level, and

– the process level based on the clauses in the structure of ISO/IEC 42001:2023.

The PDCA at the System Level

The structure of ISO/IEC 42001:2023 consists of: Foreword, Introduction, three more general clauses (1. Scope; 2. Normative references, and 3. Terms and definitions), seven clauses with requirements (see Table 1), two normative annexes (Annex А – Reference control objectives and controls, and Annex В – Implementation guidance for AI controls), as well as two informative annexes (Annex C – Potential AI-related organizational objectives and risk sources, and Annex D – Use of the AI management system across domains or sectors).

Regardless of the fact that the PDCA at system level is not explicitly expressed as a figure, similar to other ISO management system standards, the use of the structure of Annex SL significantly facilitates the process of identification of the steps Plan-Do-Chek-Act.

Table 1 presents the structure of the clauses having requirements (from Clause 4 to Clause 10), organized and aligned to the PDCA cycle.

In general, one should first identify the core processes (type Do), namely Clause 8 Operations, and Clause 7 Support. Any process that sets the stage for the core processes is considered as type Plan, and what follows the core processes will correspond to type Act. The comparison of type Do with type Plan is considered type Check.

The PDCA cycle at the process level

In order to demystify the type of the ISO/IEC 42001:2023 requirements in relation to the PDCA cycle at the process level, it is necessary to carry out a meticulous and in-depth analysis of the text of each one of the clauses of the standard. The requirements in ISO/IEC 42001:2023 are formulated after the word “shall”. The number of individual requirements in each sentence depends on the number of the verbs contained in it. If words such as “to determine” and “to plan” are encountered in the text, this means that the requirement is of type “Plan”. If one reads the words “to carry out”, “to perform”, “to implement”, etc., then the type of the requirement is of type “Do”. If there is a comparison between what has been done and the criteria for it, for example, “to verify”, “to control”, “to validate”, “to audit” or “to monitor”, then the requirement is of type “Check”. The type of requirement is “Act” if the text contains words or phrases such as “to improve”, “to update”, “to make changes”, etc.

Figure 1 presents an overall flowchart for the process of allocating roles, responsibilities and authorities within the organization. It is based on the requirements of ISO/IEC 42001:2023. Nevertheless, the same flowchart can be applied to the processes with identical titles in the standards for quality (ISO 9001:2015), educational organizations (ISO 21001:2018), innovation management (ISO 56002:2019), etc. The specific responsibilities and authorities may differ, but the type and sequence of activities within the process remains unchanged.

Arguably the most important clause in respect to educational policies, strategies, and digital competencies is Clause 7.2. Figure 2 uses the same methodology applied for Clause 5.3 “Roles, responsibilities and authorities” and focuses on the process steps and PDCA cycle for competence management within an organization.

Similar flowcharts are developed by the author for all of the remaining AI MS processes. They can be used for developing documented procedures and work instructions for the AI MS, and can help in integrating its requirements with other management systems based on ISO standards. The University of Ruse has established, implemented and maintains a quality management system based on ISO 9001, and has developed additional elements and modules that allow integration with ISO 21001, ISO 56002, and ISO/IEC 42001.

3. Conclusions

The PDCA cycle is widely used in many management systems based on ISO standards. This paper proves that the PDCA cycle is also applicable to an AI management system developed in conformity with ISO/IEC 42001:2023 requirements.

In the context of educational and research organizations, the application of the PDCA cycle can significantly facilitate the integration of several management systems with requirements and guidance for quality (ISO 9001), educational organizations (ISO 21001), innovation management (ISO 56001 and ISO 56002), intellectual property management (ISO 56005), and AI (ISO/IEC 42001).

The continuation of this particular research uncovers new opportunities for continual improvement of the management system. This positive effect will be based on the scanning for best practices and the latest state-of-the-art in the field of technologies, including educational technologies, and enhancing digital competences of both students and university employees (professors and administrative staff).

Acknowledgments & Funding

This study is financed by the European Union – NextGenerationEU, through the National Recovery and Resilience Plan of the Republic of Bulgaria, project № BG-RRP-2.013-0001-C01.

REFERENCES

ATANASOV, V. & IVANOVA, A., 2022. A framework for evaluation of web-based learning content. International Journal on Information Technologies & Security, vol. 14, pp. 13 – 24, ISSN 1313-8251.

DO, D-T, TREVE, M., 2024. Developing the quality culture in public universities: a case study in Vietnam. International Journal of Management in Education, vol. 18, no. 3, pp. 198 – 213. DOI: 10.1504/ IJMIE.2024.138241.

GEORGIEVA, S. D., 2022. Strategies for Education Quality Management. Strategies for Policy in Science and Education-Strategii na Obrazovatelnata i Nauchnata Politika, vol. 30, no. 5. DOI: 10.53656/ str2022-5-4-str.

GUEORGUIEV, T., 2023. Research and Applications of the PDCA Cycle in Quality Management Systems. Monograph, Primax, Ruse, 185 p. ISBN 978-619-7726-14-5.

JHA, S.; KAUR, R. & SAKLANI, A., 2024. Impact of stakeholder involvement in continuous quality improvement in Indian higher education institutions. Evaluating Global Accreditation Standards for Higher Education, pp. 309 – 328. DOI: 10.4018/979-8-3693-1698-6. ch021.

KALAYDZHIEVA, V., 2023.The role of education and the human factor in innovation activity. Strategies for Policy in Science and EducationStrategii na Obrazovatelnata i Nauchnata Politika, vol. 31, no. 5. DOI: 10.53656/str2023-5-2-rol.

International Accreditation Forum [IAF] & International Organization for Standardization [ISO]. IAF/ISO Joint Communiqu on the addition of Climate Change considerations to Management Systems Standards. [Online]. Available at: https://www.iso.org/files/live/sites/ isoorg/files/standards/popular_standards/management_systems/ISOIAF%20Joint%20Communique%20Feb%202024.pdf [viewed 10 May 2024].

ISO (2024a). Management system standards [Online]. Available at: https:// www.iso.org/management-system-standards.html [viewed 10 May 2024].

ISO (2024b). Annex SL Guidance documents, [Online]. Available at: https://www.iso.org/committee/54996.html?t=-Duqtv8HDoUiDQTNCpLN0UhREpjaZ130Orwm4_WLY97n2yln9bslL_ OpNRJZCit&view=documents#section-isodocuments-top [viewed 10 May 2024].

ISO (2015a) ISO 9001:2015 Quality management systems – Requirements.

ISO (2015b) ISO 14001:2015 Environmental management systems.

ISO (2018a) ISO 19011:2018 Guidelines for auditing management systems.

ISO (2018b) ISO 21001:2018 Educational organizations – Management systems for educational organizations — Requirements with guidance for use.

ISO (2018c) ISO 45001:2018 Occupational health and safety management systems.

ISO (2018d) ISO 50001:2018 Energy management systems.

ISO (2019a) ISO 10015:2019 Quality management – Guidelines for competence management and people development.

ISO (2019b) ISO 56002:2019 Innovation management – Innovation management system.

ISO (2021a) ISO 10014:2021 Quality management systems – Managing an organization for quality results — Guidance for realizing financial and economic benefits, ISO.

ISO (2021b) ISO 37002:2021 Whistleblowing management systems — Guidelines, ISO.

ISO (2023) ISO 22163:2023 Railway applications — Railway quality management system — ISO 9001:2015 and specific requirements for application in the railway sector, ISO.

ISO / International Electrotechnical Commission [IEC] (2023) ISO/ IEC 42001:2023 Information technology – Artificial intelligence – Management system, ISO/IEC.