>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

MANAGE-4.1Post-deployment AI system monitoring plans are implemented, including mechanisms for capturing and evaluating input from users and other relevant AI actors, appeal and override, decommissioning, incident response, recovery, and change management.

>Control Description

Post-deployment AI system monitoring plans are implemented, including mechanisms for capturing and evaluating input from users and other relevant AI actors, appeal and override, decommissioning, incident response, recovery, and change management.

>About

AI system performance and trustworthiness can change due to a variety of factors. Regular AI system monitoring can help deployers identify performance degradations, adversarial attacks, unexpected and unusual behavior, near-misses, and impacts. Including pre- and post-deployment external feedback about AI system performance can enhance organizational awareness about positive and negative impacts, and reduce the time to respond to risks and harms.

>Suggested Actions

  • Establish and maintain procedures to monitor AI system performance for risks and negative and positive impacts associated with trustworthiness characteristics.
  • Perform post-deployment TEVV tasks to evaluate AI system validity and reliability, bias and fairness, privacy, and security and resilience.
  • Evaluate AI system trustworthiness in conditions similar to deployment context of use, and prior to deployment.
  • Establish and implement red-teaming exercises at a prescribed cadence, and evaluate their efficacy.
  • Establish procedures for tracking dataset modifications such as data deletion or rectification requests.
  • Establish mechanisms for regular communication and feedback between relevant AI actors and internal or external stakeholders to capture information about system performance, trustworthiness and impact.
  • Share information about errors, near-misses, and attack patterns with incident databases, other organizations with similar systems, and system users and stakeholders.
  • Respond to and document detected or reported negative impacts or issues in AI system performance and trustworthiness.
  • Decommission systems that exceed establish risk tolerances.

>Documentation Guidance

Organizations can document the following

  • To what extent has the entity documented the post-deployment AI system’s testing methodology, metrics, and performance outcomes?
  • How easily accessible and current is the information available to external stakeholders?

AI Transparency Resources

  • GAO-21-519SP - Artificial Intelligence: An Accountability Framework for Federal Agencies & Other Entities,
  • Datasheets for Datasets.

>References

Navdeep Gill, Patrick Hall, Kim Montgomery, and Nicholas Schmidt. "A Responsible Machine Learning Workflow with Focus on Interpretable Models, Post-hoc Explanation, and Discrimination Testing." Information 11, no. 3 (2020): 137.

>AI Actors

AI Deployment
Operation and Monitoring
End-Users
Human Factors
Domain Experts
Affected Individuals and Communities

>Topics

Monitoring
Participation
AI Deployment
AI Incidents
Risk Response
Adversarial
Risky Emergent Behavior

>Cross-Framework Mappings

ISO/IEC 42001

via Microsoft/NIST AI RMF to ISO 42001 Crosswalk
9.2.1
Compare
B.6.2.6
Compare
B.8.3
Compare
B.10.4
Compare

ISO/IEC 23894

via INCITS/AI AI RMF to ISO 23894 Crosswalk
6.3.5
Compare
6.4.2.4
Compare
6.4.4.3
Compare
6.6.4.2
Compare
6.6.4.3
Compare

EU AI Act

Art. 12
Compare
Art. 13
Compare
Art. 14
Compare
Art. 50(1)
Compare
Art. 50(2)
Compare
Art. 50(3)
Compare
Art. 50(4)
Compare

Ask AI

Configure your API key to use AI features.