Home
Browse frameworks
Contact us
SAMMY premium
Sign in
SAMMY UI is optimized for resolutions with a width 1024px and higher.
AIMA
Browse AIMA
AIMA
ASVS
BSIMM 15
CIS Critical Security Controls
Cloud Controls Matrix
Cybersecurity Fundamentals
Cybersecurity Fundamentals 2.0
DSOMM
NIS2
NIST 800-171 Rev 2
NIST 800-171 Rev 3
NIST 800-34
NIST 800-53 v5
NIST CSF 2.0
NIST SSDF
OpenSAMM1.5
SAMM
Secure Controls Framework
Responsible AI Principles
Ethical and Societal Impact
Transparency and Explainability
Fairness and Bias
Governance
Strategy and Metrics
Policy and Compliance
Education and Awareness
Data Management
Data Quality and Integrity
Data Governance and Accountability
Data Training
Privacy
Data Minimization and Purpose Limitation
Privacy by Design and Default
User Control and Transparency
Design
Threat Assessment
Security Architecture
Security Requirements
Implementation
Secure Build
Secure Deployment
Defect Management
Verification
Security Testing
Requirement-based Testing
Architecture Assessment
Operations
Incident Management
Event Management
Operational Management
P-ML-A: Stream A
P-ML-B: Stream B
Maturity Level 1
Maturity Level 2
Maturity Level 3
P-ML-A-1
P-ML-A-1: Is there basic awareness and informal processes around data minimization?
Informal Approach:
Limited documentation of data collection and processing purposes.
Reactive Management:
Privacy actions taken primarily after incidents or upon request.
Undefined Responsibilities:
Privacy responsibilities not clearly assigned or formalized.
0
1
2
3
Description
Informal Approach:
Limited documentation of data collection and processing purposes.
Reactive Management:
Privacy actions taken primarily after incidents or upon request.
Undefined Responsibilities:
Privacy responsibilities not clearly assigned or formalized.
P-ML-A-2
P-ML-A-2: Are data collection purposes informally discussed or inconsistently documented?
Documented Policies:
Clear and comprehensive policies defining data minimization and purpose limitations.
Defined Accountability:
Specific roles (Privacy Officer, Data Steward) established with clear responsibilities.
Planned Compliance:
Proactive privacy reviews integrated into AI project planning and execution.
0
1
2
3
Description
Documented Policies:
Clear and comprehensive policies defining data minimization and purpose limitations.
Defined Accountability:
Specific roles (Privacy Officer, Data Steward) established with clear responsibilities.
Planned Compliance:
Proactive privacy reviews integrated into AI project planning and execution.
P-ML-A-3
P-ML-A-3: Are formal procedures established to regularly review and minimize data collection?
Fully Integrated Practices:
Privacy principles and policies deeply embedded in organizational workflows and practices.
Strategic Alignment:
Privacy practices explicitly aligned with business objectives, ethics, and regulatory frameworks.
Lifecycle Integration:
Continuous privacy impact assessments and controls throughout AI system development and operation phases.
0
1
2
3
Description
Fully Integrated Practices:
Privacy principles and policies deeply embedded in organizational workflows and practices.
Strategic Alignment:
Privacy practices explicitly aligned with business objectives, ethics, and regulatory frameworks.
Lifecycle Integration:
Continuous privacy impact assessments and controls throughout AI system development and operation phases.