SAIL

/

Monitor: AI Activity Tracing & Telemetry

/

Inadequate AI Audit Trails

7.4

.

Inadequate AI Audit Trails

sail
7.4
Risk

Inadequate AI Audit Trails

Description

Audit trails are incomplete, inconsistent, or lack the fidelity needed for investigations, compliance, or forensics.

Example

Audit trail cannot demonstrate model's decision path during legal dispute.

Assets Affected

App Usage log

Model files

Mitigation
  • Ensure logs are comprehensive, tamper-evident, time-synced, and retained as per policy
  • Regularly review and test audit trails
Standards Mapping
  • ISO 42001: A.6.2.8, A.8.5
  • NIST AI RMF: GOVERN 4.2, MEASURE 3.1
  • DASF v2: RAW DATA 1.10