AI Governance Controls

AI System Risk Classification

Assign every AI system a risk tier that determines the oversight requirements, review frequency, and documentation standards applied to it.

HOC-002

Human Approval Gate for Consequential AI Decisions

Require a qualified human to review and approve AI-generated recommendations before they produce irreversible or high-stakes outcomes.

HOC-003

AI Output Review Workflow

Define a structured, documented process for reviewing AI outputs before they are acted upon or distributed.

HOC-004

Automation Bias Prevention

Implement measures to detect and counteract the tendency for human reviewers to defer to AI recommendations without adequate critical evaluation.

HOC-005

Reviewer Competency Requirements

Define minimum competency requirements for humans who review, approve, or override AI-generated outputs in high-risk contexts.

HOC-006

Override and Escalation Procedures

Document the procedures, authority levels, and logging requirements when humans reject, modify, or escalate AI-generated decisions.

AGT

Agentic AI

8 controls

AGT-001

Agent Permission Boundaries

Apply least-privilege principles to AI agents by explicitly defining and enforcing the tools, APIs, data sources, and actions each agent is authorized to access.

AGT-002

Agent Prompt Injection Defense

Protect AI agents from prompt injection attacks — adversarial instructions embedded in external content that hijack agent behavior.

AGT-003

Agent Memory and Context Governance

Define policies governing what AI agents store in memory or persistent context, how long it is retained, who can access it, and under what conditions it is deleted.

AGT-004

Multi-Agent Trust Hierarchy

Define explicit rules for which agents can instruct, invoke, or delegate authority to other agents in multi-agent systems.

AGT-005

Human Approval Gate for Irreversible Agent Actions

Require explicit human approval before an AI agent takes actions that are difficult or impossible to reverse, such as sending communications, modifying records, executing transactions, or deleting data.

AGT-006

Agent Action Audit Trail

Log every tool call, decision step, memory read/write, and external interaction made by an AI agent so that the full action sequence can be reconstructed after the fact.

AGT-007

Agent Scope and Task Boundaries

Define and enforce the boundaries of what an AI agent is permitted to do, preventing it from expanding its activity beyond its intended purpose.

AGT-008

Agent Environment Isolation

Run AI agents in isolated execution environments that limit their ability to access host systems, network resources, or data beyond what their task requires.

SEC

Security

5 controls

SEC-001

Prompt Injection Prevention

Detect and block adversarial inputs designed to override AI system instructions, extract sensitive information, or cause the model to behave in unintended ways.

SEC-002

AI System Access Controls

Apply authentication, authorization, and role-based access controls to AI systems, APIs, and the sensitive data they process.

SEC-003

Sensitive Data Handling in AI Pipelines

Prevent personally identifiable information, credentials, health data, and other sensitive content from entering AI models, prompts, or logs inappropriately.

SEC-004

AI API Credential Management

Securely manage, rotate, and audit API keys and credentials used to access AI services and model providers.

SEC-005

Adversarial Robustness Testing

Systematically test AI systems against adversarial inputs, edge cases, and known attack techniques before deployment and on a recurring basis.

ALC

Audit & Logging

5 controls

ALC-001

AI Decision Logging

Record AI system inputs, outputs, model version, confidence scores, and contextual metadata for every decision that affects individuals or business outcomes.

ALC-002

High-Risk AI Audit Trail

Maintain a comprehensive, tamper-evident audit trail for AI systems operating in regulated domains, covering the full lifecycle from input to decision to outcome.

ALC-003

AI Log Retention Policy

Define how long AI decision logs, audit trails, and system logs are retained, in what format, and the procedures for their eventual deletion.

ALC-004

AI Explainability Documentation

Document how AI systems reach decisions in sufficient detail that affected individuals, reviewers, and regulators can understand and challenge outcomes.

ALC-005

Regulatory Audit Readiness

Maintain AI documentation, logs, and governance records in a state that can be produced efficiently in response to a regulatory inquiry or audit.

CHM

Change Management

5 controls

CHM-001

AI Model Version Control

Track model versions, configurations, prompts, and deployment history so that any production state can be reproduced and compared.

CHM-002

Model Deployment Gate Process

Require formal approval before new model versions, prompt changes, or configuration updates are deployed to production AI systems.

CHM-003

Model Rollback and Emergency Shutdown

Maintain tested procedures to rapidly revert an AI system to a prior version or disable it entirely in response to detected failures or safety events.

CHM-004

AI Model Change Documentation

Record what changed between model versions, why the change was made, what testing was performed, and who approved the deployment.

CHM-005

Model Deprecation Procedure

Define the process for retiring AI models from production, including notification, data handling, audit trail preservation, and transition planning.

DGC

Data Governance

5 controls

DGC-001

Training Data Provenance

Track and document the origin, composition, licensing, and preprocessing history of data used to train or fine-tune AI models.

DGC-002

PII Handling in AI Systems

Establish controls governing how personally identifiable information is handled when it flows through AI inputs, outputs, training pipelines, and logs.

DGC-003

Data Minimization for AI Systems

Ensure AI systems only process the data strictly necessary for their defined purpose, avoiding unnecessary collection, retention, or use of personal information.

DGC-004

AI Output Retention and Deletion

Define and enforce retention schedules and deletion procedures for AI-generated content, decisions, and the personal data contained within them.

DGC-005

Cross-Border Data Transfer Controls for AI

Govern the international transfer of personal data through AI systems, including data sent to AI API providers, training pipelines, and cloud infrastructure in other jurisdictions.

MON

Monitoring & Drift

5 controls

MON-001

AI Performance Baseline

Establish documented, quantified performance baselines for production AI systems against which ongoing performance can be compared.

MON-002

Model Drift Detection

Monitor production AI systems for data drift, concept drift, and output distribution shifts that indicate degraded or changed model behavior.

MON-003

AI Bias and Fairness Monitoring

Continuously monitor AI system outputs for discriminatory patterns across protected demographic attributes in production.

MON-004

AI Output Anomaly Detection

Automatically detect unusual, unexpected, or potentially harmful AI outputs in production for investigation and response.

MON-005

Continuous Model Evaluation

Run ongoing evaluation pipelines against held-out test sets and curated adversarial examples to continuously measure model performance in production.

SAF

Safety & Reliability

5 controls

SAF-001

Hallucination Detection and Mitigation

Implement controls to detect, reduce, and manage AI-generated factual errors and fabrications before they reach end users or inform decisions.

SAF-002

AI Output Validation

Validate AI-generated outputs against defined quality, safety, and format criteria before they are presented to users or used in downstream processes.

SAF-003

AI Graceful Degradation

Define and implement fallback behavior for AI systems when they are unavailable, underperforming, or producing outputs below acceptable quality thresholds.

SAF-004

AI Reliability Testing

Systematically test AI systems for consistency, repeatability, edge-case handling, and behavior under load before deployment and on a recurring basis.

SAF-005

Harmful Content Filtering

Apply input and output filtering to prevent AI systems from generating or acting on harmful, toxic, illegal, or policy-violating content.

IRC

Incident Response

5 controls

IRC-001

AI Incident Classification

Define a taxonomy for AI incidents that categorizes events by type and severity, determining the appropriate response urgency and notification requirements.

IRC-002

AI Incident Response Playbook

Document step-by-step procedures for identifying, containing, investigating, and resolving AI system incidents, including role assignments and escalation paths.

IRC-003

AI Harm Notification Procedures

Define procedures for notifying regulators, affected individuals, and other required parties when an AI system causes or contributes to harm.

IRC-004

AI Post-Incident Review

Conduct a structured review after every significant AI incident to identify root causes, contributing factors, and systemic improvements.

IRC-005

AI Incident Log and Tracking

Maintain a centralized, structured log of all AI incidents, near-misses, and governance concerns, accessible to the AI governance function.

PRC

Procurement

5 controls

PRC-001

AI Vendor Due Diligence

Assess AI vendors against security, governance, and compliance criteria before procurement and at defined intervals during the vendor relationship.

PRC-002

AI Contractual Requirements

Define minimum contractual provisions that must be present in agreements with AI vendors, covering data handling, transparency, audit rights, and incident notification.

PRC-003

Third-Party AI Model Evaluation

Evaluate third-party AI models against defined performance, safety, and bias criteria before deploying them in enterprise workflows.

PRC-004

Vendor AI Incident Notification Requirements

Require AI vendors to notify the organization of incidents affecting their AI systems within defined timeframes and with specified information.

PRC-005