G-SM-A-1: Is there an initial AI strategy documented, even informally?
Minimal Alignment: AI security and RAI efforts are not consistently linked to business or ethical goals.
Unclear Accountability: No formal ownership for AI security or ethical governance; responsibilities may be scattered.
Ad Hoc Processes: AI security actions happen on-demand (e.g., after an incident), with no strategic roadmap.
Description
Minimal Alignment: AI security and RAI efforts are not consistently linked to business or ethical goals.
Unclear Accountability: No formal ownership for AI security or ethical governance; responsibilities may be scattered.
Ad Hoc Processes: AI security actions happen on-demand (e.g., after an incident), with no strategic roadmap.
G-SM-A-2
G-SM-A-2: Are there any metrics informally tracked related to AI initiatives?
Documented Strategy: A formal AI security and RAI strategy exists, referencing relevant enterprise risk, compliance, and ethical needs.
Clear Governance: Defined roles (AI Security Lead, AI Ethics Officer, AI Security Committee) ensure accountability, fairness, and decision-making.
Planned Integration: AI security and ethical oversight efforts included in project roadmaps, budgets, and organizational planning.
Description
Documented Strategy: A formal AI security and RAI strategy exists, referencing relevant enterprise risk, compliance, and ethical needs.
Clear Governance: Defined roles (AI Security Lead, AI Ethics Officer, AI Security Committee) ensure accountability, fairness, and decision-making.
Planned Integration: AI security and ethical oversight efforts included in project roadmaps, budgets, and organizational planning.
G-SM-A-3
G-SM-A-3: Has the AI strategy been formally defined and communicated to stakeholders?
Fully Embedded: AI security and RAI strategy integrated into broader corporate governance and ethics frameworks, continuously updated.
Executive Sponsorship: Senior leadership proactively supports AI security and responsible AI as strategic investments.
Lifecycle Integration: Mandatory AI security controls (model audits, fairness assessments, transparency measures, human oversight protocols) throughout all AI development and deployment phases.
Description
Fully Embedded: AI security and RAI strategy integrated into broader corporate governance and ethics frameworks, continuously updated.
Executive Sponsorship: Senior leadership proactively supports AI security and responsible AI as strategic investments.
Lifecycle Integration: Mandatory AI security controls (model audits, fairness assessments, transparency measures, human oversight protocols) throughout all AI development and deployment phases.