This document outlines best practices on assessing security and privacy in artificial intelligence use cases, covering in particular those published in ISO/IEC TR 24030. The following aspects are addressed: — an overall assessment of security and privacy on the AI system of interest; — security and privacy concerns; — security and privacy risks; — security and privacy controls; — security and privacy assurance; and — security and privacy plans. Security and privacy are treated separately as the analysis of security and the analysis of privacy can differ.