Model & Program Governance
Operational controls for model & program governance — with maturity levels, evidence requirements, and implementation guidance.
Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →5 controls matching filters
AI Model Preview and Staged Release Policy
Establish an internal policy that distinguishes preview and experimental AI system access from approved production deployment, and requires documented governance sign-off at each release stage before a system advances to broader use.
AI System Intake and Approval Workflow
Define a standardized intake process for all new AI system deployments that captures use case, data classification, risk tier, and ownership before the system enters the organization's environment, with cross-functional approval routing and GRC recordkeeping.
AI Governance Program Milestone Framework
Define structured governance milestones — evaluated at intervals across a deployment's lifecycle — that must be completed before an AI system advances to the next stage, treating governance readiness as a project dependency rather than a parallel or post-hoc activity.
Generative AI Input Data Classification
Establish a classification policy for data entering generative AI systems as inputs — prompts, context windows, retrieved documents, tool outputs, and conversation history — addressing privacy, confidentiality, and regulatory risks specific to the generative AI input surface that general data classification policies do not cover.
Emerging AI Modality Classification and Governance Extension
Establish a process for detecting when new AI modalities — ambient AI, multimodal agents, brain-computer interfaces, always-on AI assistants, and other emerging capability types — enter the organization's environment, and for extending governance coverage to those modalities before they are widely deployed.