Risk
Inadequate AI Policy
Description
AI policy lacks critical elements or hasn't been updated to reflect current AI capabilities, regulations, or organizational changes.
Example
AI policy missing production deployment guidelines, leading to unsafe model releases without required safety checks
Assets Affected
AI Policy
AI App
AI platform
3rd-party AI integration
Mitigation
- Regular policy review cycles
- Map to current regulations
- Include emerging AI tech
- Stakeholder feedback loops
- Version control
Standards Mapping
- ISO 42001: A.2.2, A.2.4
- NIST AI RMF: GOVERN 1.2, GOVERN 1.4
- DASF v2: