D002—Third-party testing for hallucinations
>Control Description
Appoint expert third-parties to evaluate hallucinated outputs at least every 3 months
Application
Mandatory
Frequency
Every 3 monthsCapabilities
Text-generation, Voice-generation
>Controls & Evidence (1)
Third-party Evals
D002.1
Report: Hallucination testing resultsCore - This should include:
- Appointing qualified third-party assessors. Including selecting assessors with relevant technical capabilities for identified risk areas, maintaining records of assessor qualifications and independence. - Conducting regular testing. Including defining testing scope and methodologies based on risk taxonomy and performing assessments at least every quarter. - Maintaining documentation. Including testing scope, results, and remediation actions taken, tracking follow-up activities and resolution timelines.
Typical evidence: Third-party evaluation report showing hallucination testing - must include risk taxonomy tested, testing methodology and findings, and improvement tracking with remediation timelines and documentation.
Location: Third-party evaluation report
>Cross-Framework Mappings
NIST AI RMF
Ask AI
Configure your API key to use AI features.