Implementation Layer
AI Governance Controls
Operational controls for real-world enterprise AI systems — organized by domain, mapped to regulations, with maturity levels and implementation guidance.
Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →Human Oversight
Review gates, approval workflows, and override mechanisms for AI decisions.
7 controls
AGTAgentic AI
Goal constraints, action boundaries, and escalation paths for autonomous AI agents.
24 controls
SECSecurity
Adversarial input defense, prompt injection protection, and model access controls.
5 controls
ALCAudit & Logging
Immutable records of AI decisions, inputs, outputs, and model versions.
5 controls
CHMChange Management
Model release governance, version rollback, and change approval workflows.
5 controls
DGCData Governance
Training data provenance, privacy controls, and data retention policies.
6 controls
MONMonitoring & Drift
Performance drift detection, anomaly alerting, and operational dashboards.
6 controls
SAFSafety & Reliability
Graceful degradation, fail-safe defaults, and reliability under adversarial inputs.
6 controls
IRCIncident Response
Containment, investigation, and remediation procedures for AI system failures.
6 controls
PRCProcurement
Third-party AI vendor due diligence, contractual obligations, and offboarding.
15 controls
CMPRegulatory Compliance
Multi-jurisdiction regulatory mapping, standards monitoring, and compliance architecture for AI systems.
10 controls
BRDBoard & Executive Governance
Board education, committee charters, executive reporting, risk appetite, and enterprise-wide AI governance program design.
9 controls
MGVModel & Program Governance
Model lifecycle policy, intake and approval workflows, evaluation frameworks, and program-level AI governance maturity.
9 controls
SCTSector-Specific & Emerging
Healthcare, insurance, critical infrastructure, national security, and emerging-use-case controls not covered by domain-general frameworks.
9 controls
7 controls matching filters
Human Oversight
1 controlSecurity
1 controlChange Management
1 controlIncident Response
3 controlsAI Incident Classification
Define a taxonomy for AI incidents that categorizes events by type and severity, determining the appropriate response urgency and notification requirements.
AI Post-Incident Review
Conduct a structured review after every significant AI incident to identify root causes, contributing factors, and systemic improvements.
AI Incident Log and Tracking
Maintain a centralized, structured log of all AI incidents, near-misses, and governance concerns, accessible to the AI governance function.
