>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GOVERN-1.6Mechanisms are in place to inventory AI systems and are resourced according to organizational risk priorities.

>Control Description

Mechanisms are in place to inventory AI systems and are resourced according to organizational risk priorities.

>About

An AI system inventory is an organized database of artifacts relating to an AI system or model. It may include system documentation, incident response plans, data dictionaries, links to implementation software or source code, names and contact information for relevant AI actors, or other information that may be helpful for model or system maintenance and incident response purposes. AI system inventories also enable a holistic view of organizational AI assets. A serviceable AI system inventory may allow for the quick resolution of:

  • specific queries for single models, such as “when was this model last refreshed?”
  • high-level queries across all models, such as, “how many models are currently deployed within our organization?” or “how many users are impacted by our models?”

AI system inventories are a common element of traditional model risk management approaches and can provide technical, business and risk management benefits. Typically inventories capture all organizational models or systems, as partial inventories may not provide the value of a full inventory.

>Suggested Actions

  • Establish policies that define the creation and maintenance of AI system inventories.
  • Establish policies that define a specific individual or team that is responsible for maintaining the inventory.
  • Establish policies that define which models or systems are inventoried, with preference to inventorying all models or systems, or minimally, to high risk models or systems, or systems deployed in high-stakes settings.
  • Establish policies that define model or system attributes to be inventoried, e.g, documentation, links to source code, incident response plans, data dictionaries, AI actor contact information.

>Documentation Guidance

Organizations can document the following

  • Who is responsible for documenting and maintaining the AI system inventory details?
  • What processes exist for data generation, acquisition/collection, ingestion, staging/storage, transformations, security, maintenance, and dissemination?
  • Given the purpose of this AI, what is an appropriate interval for checking whether it is still accurate, unbiased, explainable, etc.? What are the checks for this model?

AI Transparency Resources

  • GAO-21-519SP: AI Accountability Framework for Federal Agencies & Other Entities.
  • Intel.gov: AI Ethics Framework for Intelligence Community - 2020.

>References

“A risk-based integrity level schema”, in IEEE 1012, IEEE Standard for System, Software, and Hardware Verification and Validation. See Annex B.

Off. Comptroller Currency, Comptroller’s Handbook: Model Risk Management (Aug. 2021). See “Model Inventory,” pg. 26.

VertaAI, “ModelDB: An open-source system for Machine Learning model versioning, metadata, and experiment management.” Accessed Jan. 5, 2023.

>AI Actors

Governance and Oversight

>Topics

Risk Management
Governance
Data
Documentation

>Cross-Framework Mappings

ISO/IEC 42001

via Microsoft/NIST AI RMF to ISO 42001 Crosswalk
B.4.5
Compare
B.4.3
Compare
B.4.4
Compare
B.4.6
Compare

ISO/IEC 23894

via INCITS/AI AI RMF to ISO 23894 Crosswalk
5.1
Compare
5.2
Compare
6.3.5
Compare
6.4.2.1
Compare
6.5.2
Compare

Ask AI

Configure your API key to use AI features.