Table of contents
Executive summary
Foreword
Chapter 1. AI and Software Engineering
Chapter 2. Common threats of AI for organizations
Chapter 3. Compliance
Chapter 4. AI-readiness guide
Our AI readiness guide equips organizations with practical steps to navigate AI's challenges and seize opportunities.
A total of 19 steps are discussed, across four key areas of the organization:
AI readiness isn't just about technology—it’s about leadership and accountability. This guide provides essential insights into how to get started and stay ahead in a rapidly evolving AI landscape.
Software Improvement Group (SIG) leads in traditional and AI software quality assurance. Empowering organizations to become more resilient and agile by guiding them to enhance their software quality and security through deep source code analysis and tailored, strategic advice.
Sigrid® - its software assurance platform - leverages the world’s largest database of over 270 billion lines of code across more than 20,000 systems in 300+ technologies, and intelligently recommends the most crucial initiatives for organizations.
SIG was founded in 2000 and has offices in New York, Copenhagen, Brussels, and Frankfurt, and is headquartered in Amsterdam.
Sigrid®, together with expert software engineering consultants, and nearly 25 years of industry-leading research, position SIG as the foremost authority on software excellence.
24
YEARS OF EXPERIENCE
20K+
SYSTEMS EVALUATED
300+
TECHNOLOGIES
270+
BILLION LINES OF CODE ANALYZED
Laurie Cunningham, CTO at Terraquest
Software Improvement Group’s first-class guidance aided us greatly. Our maintenance costs are lower, development is more efficient. One of the many benefits has been the reduction of our technical debt by 20%.
Anthony Fitzpatrick, VP of Engineering at Kallidus
We’ve significantly enhanced our expanding software portfolio’s quality, slashing maintenance costs by 400%, effectively mitigating open-source security risks, and allowing us to make better-informed investment decisions.
Joe Bohman, Executive Vice President at Siemens Digital Industries Software
Making sure your product is secure, protected, and compliant throughout the entire lifecycle, from design to end-of-life, has become truly business-critical. This partnership with SIG offers strong support for cybersecurity.
A pragmatic guide for leaders to navigate AI implementation responsibly and at scale.
By clicking 'Download the guide', you'll receive occasional communications from us. You can opt out at any time. For more information, visit our privacy policy.
AI Principal Expert, SIG
Leading AI Author, EU AI Act & ISO 5338 Standard
Rob van der Veer
AI Readiness Guide
by Rob van der Veer
Senior principal expert AI at SIG, and author of AI standards including ISO/IEC 5338 and the EU AI Act security standard.
AI Principal Expert, SIG
Leading AI Author, EU AI Act & ISO 5338 Standard
by Rob van der Veer
AI Readiness Guide
1. AI and software engineering
What is AI?
Use case 1: Using AI to help create code
Use case 2: Developing an AI-system
Demystify AI’s role in engineering, explore how AI can drive software development without compromising security and quality. Learn about real-world AI use cases, from code generation to AI system development.
2. Common threats of AI for organizations
AI's opportunities and risks
Key threats
AI system quality issues
Discover the hidden risks AI poses to organizations, from cybersecurity threats to reputational damage. Learn the most common threats organizations face today, including bias, data issues, and governance challenges, with practical steps to mitigate them.
4.1 The board
Step 1: Attain Basic Understanding of AI in the board
Step 2: Assign Roles and Responsibilities
Step 3: Build on Existing Practices
Step 4: Form a multidisciplinary AI committee
Ensure your AI initiatives meet global regulatory standards. This chapter provides an essential guide to navigating the complex AI compliance landscape, including key regulations like the EU AI Act, U.S. legislation, and includes an overview of relevant ISO/IEC standards.
3. Compliance
Trends and themes in AI regulations
European AI Act
US AI legislation and principles
ISO/IEC standards
Set the foundation for AI success at the highest level. This chapter guides board members through the critical steps to ensure AI aligns with business goals, ethics, and legal requirements. Learn how to assign roles, build on existing practices, and form a multidisciplinary AI committee to lead your organization’s AI transformation.
4.2 GRC
Step 5: Identify relevant laws and regulations
Step 6: Create and maintain an inventory of AI applications
Step 7: Evaluation of AI applications
Step 8: Communicate evaluation results
Step 9: Create and implement AI policies
Step 10: Upskilling and creating a learning organization
Step 11: Stakeholder communication
Step 12: Implement and improve AI readiness program
Implement an effective AI management system that ensures compliance and mitigates risk. This chapter explains how to create a robust AI governance framework, inventory AI applications, and enforce policies that protect data and uphold transparency, helping you stay compliant with regulations like the GDPR and EU AI Act.
4.3 CISO
Step 13: Incorporate AI Security Threats and Controls
Step 14: Incorporate security attacks by AI
Step 15: Collaborate with GRC
Step 16: Collaborate with the CTO
Strengthen your security protocols to protect against AI-specific threats. This chapter provides security officers with practical strategies to extend existing security measures to AI systems, from securing AI models and data to preventing attacks and breaches.
4.4 CTO
Step 17: Incorporate AI into the system lifecycle
Step 18: Manage AI-supported programming
Step 19: Organize a community of practice for AI development
Integrate AI into your existing IT and development processes. This chapter offers practical steps for CTOs and IT leaders to manage AI development, minimize technical debt, and ensure AI systems are secure, scalable, and aligned with the organization’s long-term strategy.
Lead author: Rob van der Veer
Rob van der Veer has more than 32 years of experience in AI, as researcher, data scientist, programmer, hacker, and CEO. Rob established the security & privacy practice and the AI practice at Software Improvement Group (SIG). He is also the co-founder of OpenCRE a platform that harmonizes security standards and guidelines into a single online resource.
Rob is the main author of the ISO/IEC 5338 standard on AI engineering, the co-editor for the AI Act security standard, and he open sourced the global discussion on AI security by founding the OWASP AI Exchange and the liaison partnership with international standards.
Practical steps for leaders to implement AI in organizations, focusing on AI governance, risk management, development, and security.