0
21.0.1
Zurich Patch 1, Zurich, Yokohama Patch 6, Yokohama Patch 4, Yokohama Patch 3, Xanadu Patch 9
AI Risk and Compliance Management involves a strategic framework designed to identify, assess, and mitigate the inherent risks associated with the development and deployment of AI technologies. As organizations increasingly rely on AI systems, it becomes essential to navigate the complexities of compliance with global regulations such as the GDPR and the EU’s AI Act. This framework includes a comprehensive risk assessment process to evaluate potential challenges such as, algorithmic bias, data privacy, and transparency. It ensures that AI systems are developed and used in an ethical and responsible manner. Engaging diverse stakeholders, including ethicists and legal experts, enhances the organization's ability to address the social and ethical implications of AI technologies while fostering a culture of accountability.
- AI System Intake Form to request AI use case, AI model, and Datasets.
- AI Risk and Compliance workspace to manage and monitor the risk and compliance posture of AI systems.
- Perform impact assessments (using Smart Assessments) to identify how AI systems, models, and datasets affect fundamental rights.
- New Roles & Access Controls to handle AI Risk and Compliance Management.
- Identify the AI systems from the CMDB by enhancing or leveraging the Entity filter capability.
- Advance Risk Assessment (ARA) integration to identify individual and specific risks associated with AI assets, such as AI systems, models, and datasets. Perform risk assessments on each identified risk separately.
- Auto-creation or resolving entity
- Based on the existence of the CMDB AI System record, an Entity can be auto-created or resolved to an existing record.
- 360-Relationship View:
- Explore the relationships between critical AI assets that impact your business, including controls, risks, and issues.
- New
- Deliver system level AI risk score aggregation and visualization
- Provide aggregated AI system-level risk scoring by integrating heatmaps and residual risk score widgets directly within AI asset overview records. These visual tools help surface cumulative risk exposure and enable users to track residual risks effectively across the entire AI asset inventory. This capability supports proactive risk management by offering clear, data-driven insights into the overall AI system risk posture.
- Filter the risk heatmap by Risk Assessment Methodology for targeted risk analysis
- From the AI risk and compliance home page, apply the Risk Assessment Methodology filter to customize the display of the risk heatmap based on specific risk evaluation frameworks. This capability enables you to segment and analyze AI risks according to the assessment of models your organization adopts, such as internal standards, regulatory frameworks, or industry benchmarks. By narrowing the view to a particular methodology, you can better understand how different risk factors are identified, scored, and distributed, facilitating more informed decision-making. This targeted analysis supports the development of precise mitigation plans aligned with the organization’s risk governance strategy.
- Grouping control attestations
- Control attestations can be grouped based on predefined criteria such as control objectives, frameworks, or assessment cycles. This grouping functionality enables more efficient management and review of attestations, reduces redundancy, and improves visibility into compliance status across related controls for AI Risk and Compliance team. It also supports better planning and execution of control assurance activities by organizing attestations in a logical, structured manner.
- Deliver system level AI risk score aggregation and visualization
- Changed
- The Risk and compliance tab features dedicated Risk overview and Compliance overview sections to support continuous monitoring of the risk and compliance posture of AI assets.
- The Risk overview section provides a filtered view of AI assets based on inherent and residual risk levels, enabling informed risk evaluation. The Compliance overview section displays the regulatory risk classification of AI systems, models, and datasets using donut charts.
Permissions and roles:
- Role required to install the app: System Admin (admin)