Implementation Layer
AI Governance Controls
Operational controls for real-world enterprise AI systems — organized by domain, mapped to regulations, with maturity levels and implementation guidance.
Not sure where to start? Answer 3 questions and get a tailored compliance action plan.
What applies to me? →Human Oversight
Review gates, approval workflows, and override mechanisms for AI decisions.
7 controls
AGTAgentic AI
Goal constraints, action boundaries, and escalation paths for autonomous AI agents.
24 controls
SECSecurity
Adversarial input defense, prompt injection protection, and model access controls.
5 controls
ALCAudit & Logging
Immutable records of AI decisions, inputs, outputs, and model versions.
5 controls
CHMChange Management
Model release governance, version rollback, and change approval workflows.
5 controls
DGCData Governance
Training data provenance, privacy controls, and data retention policies.
6 controls
MONMonitoring & Drift
Performance drift detection, anomaly alerting, and operational dashboards.
6 controls
SAFSafety & Reliability
Graceful degradation, fail-safe defaults, and reliability under adversarial inputs.
6 controls
IRCIncident Response
Containment, investigation, and remediation procedures for AI system failures.
6 controls
PRCProcurement
Third-party AI vendor due diligence, contractual obligations, and offboarding.
15 controls
CMPRegulatory Compliance
Multi-jurisdiction regulatory mapping, standards monitoring, and compliance architecture for AI systems.
10 controls
BRDBoard & Executive Governance
Board education, committee charters, executive reporting, risk appetite, and enterprise-wide AI governance program design.
9 controls
MGVModel & Program Governance
Model lifecycle policy, intake and approval workflows, evaluation frameworks, and program-level AI governance maturity.
9 controls
SCTSector-Specific & Emerging
Healthcare, insurance, critical infrastructure, national security, and emerging-use-case controls not covered by domain-general frameworks.
9 controls
18 controls matching filters
Human Oversight
2 controlsAI Output Review Workflow
Define a structured, documented process for reviewing AI outputs before they are acted upon or distributed.
Override and Escalation Procedures
Document the procedures, authority levels, and logging requirements when humans reject, modify, or escalate AI-generated decisions.
Security
1 controlAudit & Logging
1 controlChange Management
3 controlsAI Model Version Control
Track model versions, configurations, prompts, and deployment history so that any production state can be reproduced and compared.
AI Model Change Documentation
Record what changed between model versions, why the change was made, what testing was performed, and who approved the deployment.
Model Deprecation Procedure
Define the process for retiring AI models from production, including notification, data handling, audit trail preservation, and transition planning.
Monitoring & Drift
1 controlIncident Response
3 controlsAI Incident Classification
Define a taxonomy for AI incidents that categorizes events by type and severity, determining the appropriate response urgency and notification requirements.
AI Post-Incident Review
Conduct a structured review after every significant AI incident to identify root causes, contributing factors, and systemic improvements.
AI Incident Log and Tracking
Maintain a centralized, structured log of all AI incidents, near-misses, and governance concerns, accessible to the AI governance function.
Procurement
5 controlsVendor AI Incident Notification Requirements
Require AI vendors to notify the organization of incidents affecting their AI systems within defined timeframes and with specified information.
Vendor Governance Change Monitoring
Monitor material changes to AI vendors' governance structures, safety leadership, and organizational policies that may affect the risk profile of deployed systems.
AI Vendor Financial Stability Assessment
Assess the financial stability and organizational viability of AI vendors as part of vendor selection and periodic due diligence, applying criteria calibrated to the current market environment including consolidation pressure, regulatory cost exposure, and dependence on continued investor funding.
AI Safety Index and Benchmark Monitoring
Track external AI safety indices, benchmark ratings, and third-party evaluation results for AI vendors and models used by the organization, and incorporate material findings into the vendor risk assessment and re-assessment cycle.
AI Platform Conflict-of-Interest Assessment
Assess and manage conflicts of interest that arise when an AI vendor both develops or deploys AI models and provides the oversight tooling, monitoring, or safety evaluation services used to govern those same models, ensuring governance decisions are not structurally dependent on vendor-controlled inputs.
