Risk
Inadequate AI Audit Trails
Description
Audit trails are incomplete, inconsistent, or lack the fidelity needed for investigations, compliance, or forensics.
Example
Audit trail cannot demonstrate model's decision path during legal dispute.
Assets Affected
App Usage log
Model files
Mitigation
- Ensure logs are comprehensive, tamper-evident, time-synced, and retained as per policy
- Regularly review and test audit trails
Standards Mapping
- ISO 42001: A.6.2.8, A.8.5
- NIST AI RMF: GOVERN 4.2, MEASURE 3.1
- DASF v2: RAW DATA 1.10