Home
Browse frameworks
Contact us
SAMMY premium
Sign in
SAMMY UI is optimized for resolutions with a width 1024px and higher.
AIMA
Browse AIMA
AIMA
ASVS
BSIMM 15
CIS Critical Security Controls
Cloud Controls Matrix
Cybersecurity Fundamentals
Cybersecurity Fundamentals 2.0
DSOMM
NIS2
NIST 800-171 Rev 2
NIST 800-171 Rev 3
NIST 800-34
NIST 800-53 v5
NIST CSF 2.0
NIST SSDF
OpenSAMM1.5
SAMM
Secure Controls Framework
Responsible AI Principles
Ethical and Societal Impact
Transparency and Explainability
Fairness and Bias
Governance
Strategy and Metrics
Policy and Compliance
Education and Awareness
Data Management
Data Quality and Integrity
Data Governance and Accountability
Data Training
Privacy
Data Minimization and Purpose Limitation
Privacy by Design and Default
User Control and Transparency
Design
Threat Assessment
Security Architecture
Security Requirements
Implementation
Secure Build
Secure Deployment
Defect Management
Verification
Security Testing
Requirement-based Testing
Architecture Assessment
Operations
Incident Management
Event Management
Operational Management
P-DD-A: Stream A
P-DD-B: Stream B
Maturity Level 1
Maturity Level 2
Maturity Level 3
P-DD-A-1
P-DD-A-1: Is there initial awareness or informal consideration of privacy aspects during AI design?
Ad Hoc Practices:
Privacy risks are addressed post-deployment and handled case-by-case.
Missing Standards:
No standardized processes for data minimization, DPIAs, or policy application.
Manual Communication:
Privacy notices and consents are manually generated, often retroactively.
0
1
2
3
Description
Ad Hoc Practices:
Privacy risks are addressed post-deployment and handled case-by-case.
Missing Standards:
No standardized processes for data minimization, DPIAs, or policy application.
Manual Communication:
Privacy notices and consents are manually generated, often retroactively.
P-DD-A-2
P-DD-A-2: Are default privacy settings informally considered in AI systems?
Policy Adoption:
A Privacy by Design policy is published and adopted organization-wide.
Assigned Roles:
Privacy Officers or Data Stewards are appointed to oversee compliance.
Integrated Processes:
DPIAs and privacy reviews are integrated into product development and procurement lifecycles.
0
1
2
3
Description
Policy Adoption:
A Privacy by Design policy is published and adopted organization-wide.
Assigned Roles:
Privacy Officers or Data Stewards are appointed to oversee compliance.
Integrated Processes:
DPIAs and privacy reviews are integrated into product development and procurement lifecycles.
P-DD-A-3
P-DD-A-3: Are formal privacy by design procedures integrated into AI development processes?
Automated Governance:
DPIAs and approvals are integrated into CI/CD with automated gates.
Code-Level Enforcement:
Data retention, access controls, and minimization are enforced via code.
Data-Driven Review:
Privacy KPIs are reviewed quarterly and linked to org-wide OKRs.
0
1
2
3
Description
Automated Governance:
DPIAs and approvals are integrated into CI/CD with automated gates.
Code-Level Enforcement:
Data retention, access controls, and minimization are enforced via code.
Data-Driven Review:
Privacy KPIs are reviewed quarterly and linked to org-wide OKRs.