AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

Implementation Layer

AI Governance Controls

Operational controls for real-world enterprise AI systems — organized by domain, mapped to regulations, with maturity levels and implementation guidance.

HOC

Human Oversight

Review gates, approval workflows, and override mechanisms for AI decisions.

6 controls

AGT

Agentic AI

Goal constraints, action boundaries, and escalation paths for autonomous AI agents.

8 controls

SEC

Security

Adversarial input defense, prompt injection protection, and model access controls.

5 controls

ALC

Audit & Logging

Immutable records of AI decisions, inputs, outputs, and model versions.

5 controls

CHM

Change Management

Model release governance, version rollback, and change approval workflows.

5 controls

DGC

Data Governance

Training data provenance, privacy controls, and data retention policies.

5 controls

MON

Monitoring & Drift

Performance drift detection, anomaly alerting, and operational dashboards.

5 controls

SAF

Safety & Reliability

Graceful degradation, fail-safe defaults, and reliability under adversarial inputs.

5 controls

IRC

Incident Response

Containment, investigation, and remediation procedures for AI system failures.

5 controls

PRC

Procurement

Third-party AI vendor due diligence, contractual obligations, and offboarding.

5 controls

Filter:
HOCAGTSECALCCHMDGCMONSAFIRCPRC
Low effortMedium effortHigh effort
Agent-relevant
Clear all

10 controls matching filters

AGT

Agentic AI

3 controls
AGT-001
Agenthigh

Agent Permission Boundaries

Apply least-privilege principles to AI agents by explicitly defining and enforcing the tools, APIs, data sources, and actions each agent is authorized to access.

AGT-004
Agenthigh

Multi-Agent Trust Hierarchy

Define explicit rules for which agents can instruct, invoke, or delegate authority to other agents in multi-agent systems.

AGT-008
Agenthigh

Agent Environment Isolation

Run AI agents in isolated execution environments that limit their ability to access host systems, network resources, or data beyond what their task requires.

SEC

Security

1 control
SEC-005
Agenthigh

Adversarial Robustness Testing

Systematically test AI systems against adversarial inputs, edge cases, and known attack techniques before deployment and on a recurring basis.

ALC

Audit & Logging

1 control
ALC-002
Agenthigh

High-Risk AI Audit Trail

Maintain a comprehensive, tamper-evident audit trail for AI systems operating in regulated domains, covering the full lifecycle from input to decision to outcome.

DGC

Data Governance

2 controls
DGC-001
high

Training Data Provenance

Track and document the origin, composition, licensing, and preprocessing history of data used to train or fine-tune AI models.

DGC-005
high

Cross-Border Data Transfer Controls for AI

Govern the international transfer of personal data through AI systems, including data sent to AI API providers, training pipelines, and cloud infrastructure in other jurisdictions.

MON

Monitoring & Drift

1 control
MON-003
high

AI Bias and Fairness Monitoring

Continuously monitor AI system outputs for discriminatory patterns across protected demographic attributes in production.

SAF

Safety & Reliability

1 control
SAF-001
Agenthigh

Hallucination Detection and Mitigation

Implement controls to detect, reduce, and manage AI-generated factual errors and fabrications before they reach end users or inform decisions.

PRC

Procurement

1 control
PRC-003
high

Third-Party AI Model Evaluation

Evaluate third-party AI models against defined performance, safety, and bias criteria before deploying them in enterprise workflows.