SAIL

/

Code/ No Code - AI Asset Discovery

/

Lack of Clarity on AI System Purpose and Criticality

2.5

.

Lack of Clarity on AI System Purpose and Criticality

sail
2.5
Risk

Lack of Clarity on AI System Purpose and Criticality

Description

AI assets are identified, but their specific business purpose, intended use, and overall criticality to the organization are not clearly understood or documented.

Example

A discovered AI model is cataloged, but its function (e.g., critical decision support vs. minor automation) isn't known, leading to misprioritized security efforts.

Assets Affected

AI App

Model files

AI platform

Mitigation
  • For each discovered AI asset, document its intended purpose, users, and business impact
  • informs risk assessment and impact assessment
Standards Mapping
  • ISO 42001: A.6.2.2, A.4.2, A.5.2
  • NIST AI RMF: MAP 1.1, MAP 1.4