Home
Browse frameworks
Contact us
SAMMY premium
Sign in
SAMMY UI is optimized for resolutions with a width 1024px and higher.
AIMA
Browse AIMA
AIMA
ASVS
BSIMM 15
CIS Critical Security Controls
Cloud Controls Matrix
Cybersecurity Fundamentals
Cybersecurity Fundamentals 2.0
DSOMM
NIS2
NIST 800-171 Rev 2
NIST 800-171 Rev 3
NIST 800-34
NIST 800-53 v5
NIST CSF 2.0
NIST SSDF
OpenSAMM1.5
SAMM
Secure Controls Framework
Responsible AI Principles
Ethical and Societal Impact
Transparency and Explainability
Fairness and Bias
Governance
Strategy and Metrics
Policy and Compliance
Education and Awareness
Data Management
Data Quality and Integrity
Data Governance and Accountability
Data Training
Privacy
Data Minimization and Purpose Limitation
Privacy by Design and Default
User Control and Transparency
Design
Threat Assessment
Security Architecture
Security Requirements
Implementation
Secure Build
Secure Deployment
Defect Management
Verification
Security Testing
Requirement-based Testing
Architecture Assessment
Operations
Incident Management
Event Management
Operational Management
P-CT-A: Stream A
P-CT-B: Stream B
Maturity Level 1
Maturity Level 2
Maturity Level 3
P-CT-A-1
P-CT-A-1: Is there basic, informal communication to users regarding data use and AI operations?
Opaque Communication:
Disclosures are written in legal terms with limited accessibility.
Generic Consent:
Consent mechanisms are generic and often bundled.
Unclear Ownership:
No clear ownership for transparency or user agency.
0
1
2
3
Description
Opaque Communication:
Disclosures are written in legal terms with limited accessibility.
Generic Consent:
Consent mechanisms are generic and often bundled.
Unclear Ownership:
No clear ownership for transparency or user agency.
P-CT-A-2
P-CT-A-2: Are informal processes in place to occasionally respond to user data control requests?
Policy Enforcement:
A user transparency and control policy is published and enforced.
Assigned Roles:
Roles (e.g., UX Privacy Leads or Product Compliance Liaisons) are assigned.
Reviewed Consent Flows:
User consent flows are aligned with legal bases and reviewed periodically.
0
1
2
3
Description
Policy Enforcement:
A user transparency and control policy is published and enforced.
Assigned Roles:
Roles (e.g., UX Privacy Leads or Product Compliance Liaisons) are assigned.
Reviewed Consent Flows:
User consent flows are aligned with legal bases and reviewed periodically.
P-CT-A-3
P-CT-A-3: Are clear, formal transparency practices regularly provided to users regarding AI data usage?
Measured Transparency:
User transparency KPIs (e.g. consent clarity, user opt-out rates) are tracked across products.
Live Consent Tracking:
Real-time consent and preference tracking is integrated with systems.
Contextual Explanations:
User-facing explanations are tailored based on context and usage.
0
1
2
3
Description
Measured Transparency:
User transparency KPIs (e.g. consent clarity, user opt-out rates) are tracked across products.
Live Consent Tracking:
Real-time consent and preference tracking is integrated with systems.
Contextual Explanations:
User-facing explanations are tailored based on context and usage.