SAIL

/

AI Policy & Safe experimentation (Plan)

/

Undefined Risk Tolerance & Categorization

1.4

.

Undefined Risk Tolerance & Categorization

sail
1.4
Risk

Undefined Risk Tolerance & Categorization

Description

Lack of clear criteria for AI risk tolerance and classifying AI systems by risk level (regular/high/critical).

Example

Critical healthcare AI system classified as "regular," missing required safety controls.

Assets Affected

Framework

AI inventory

Impact assessments

Mitigation
  • Define risk tolerance thresholds
  • Establish risk categories with clear criteria
  • Impact assessment process
  • Classification guidelines
Standards Mapping
  • ISO 42001: 6.1.1, A.5.2
  • NIST AI RMF: GOVERN 1.3, MAP 1.5