Presented at the SECON Conference, the 3rd Annual International ISC2 Chapter Conference
Artificial intelligence is making advancements in industries, bringing both incredible opportunities and significant risks. As AI systems become more integrated into business operations, governments and organizations are working to establish governance frameworks that promote ethical, transparent, and secure AI development.
At the SECON Conference, the 3rd Annual International ISC2 Chapter Conference hosted by the ISC2 New Jersey Chapter, a session focused on three key AI governance frameworks: the NIST AI Risk Management Framework (AI RMF), ISO/IEC 42001, and the European Union AI Act. Each of Q management, but they differ in scope and application.
- NIST AI RMF is a flexible, voluntary framework primarily used in the U.S., making it a great choice for organizations that need adaptable guidelines.
- ISO 42001 provides a structured, globally recognized standard, offering certification for organizations that want a formalized AI governance system.
- The EU AI Act is a strict, legally binding regulation with enforceable penalties, making it the most rigid approach, especially for high-risk AI applications.
NIST and ISO focus more on best practices, while the EU AI Act enforces compliance through legal consequences. Another key difference is risk categorization—while the EU AI Act clearly defines risk tiers, NIST and ISO rely on more flexible, context-driven risk assessments.
Conclusion
Each framework plays a vital role in shaping the future of AI governance. Organizations looking for flexibility may prefer NIST, while those needing structured AI management can adopt ISO 42001. Compliance with the EU AI Act is a necessity for businesses operating in or serving the European market.
Choosing the right framework depends on factors like industry, regulatory exposure, and organizational goals. As AI continues to evolve, these governance models will help businesses balance innovation with ethical responsibility, transparency, and risk management.
About the Speaker
Dr. Enzo Tolentino, Head of Corporate Digital Audit at Banco de Crédito del Perú, delivered this presentation. Dr. Tolentino specializes in AI governance, risk management, and digital transformation. He has held executive roles at Citibank, Motorola, E&Y, and SUNAT, bringing extensive experience in AI oversight and regulatory compliance.
With a Doctorate in Business Administration from Florida International University, an MBA and Master of Information Systems from Case Western Reserve University, and a Bachelor’s in Economics from Pontificia Universidad Católica del Perú, Dr. Tolentino is a leading voice in the AI governance space. He also teaches postgraduate courses on risk and audit and frequently speaks at industry events worldwide.
