|
A determination is made as to whether the AI system achieves its intended purposes and stated objectives and whether its development or deployment should proceed. |
|
Treatment of documented AI risks is prioritized based on impact, likelihood, and available resources or methods. |
|
Responses to the AI risks deemed high priority, as identified by the MAP function, are developed, planned, and documented. Risk response options can include mitigating, transferring, avoiding, or accepting. |
|
Negative residual risks (defined as the sum of all unmitigated risks) to both downstream acquirers of AI systems and end users are documented. |
|
Resources required to manage AI risks are taken into account - along with viable non-AI alternative systems, approaches, or methods - to reduce the magnitude or likelihood of potential impacts. |
|
Mechanisms are in place and applied to sustain the value of deployed AI systems. |
|
Procedures are followed to respond to and recover from a previously unknown risk when it is identified. |
|
Mechanisms are in place and applied, and responsibilities are assigned and understood, to supersede, disengage, or deactivate AI systems that demonstrate performance or outcomes inconsistent with intended use. |
|
AI risks and benefits from third-party resources are regularly monitored, and risk controls are applied and documented. |
|
Pre-trained models which are used for development are monitored as part of AI system regular monitoring and maintenance. |
|
Post-deployment AI system monitoring plans are implemented, including mechanisms for capturing and evaluating input from users and other relevant AI actors, appeal and override, decommissioning, incident response, recovery, and change management. |
|
Measurable activities for continual improvements are integrated into AI system updates and include regular engagement with interested parties, including relevant AI actors. |
|
Incidents and errors are communicated to relevant AI actors, including affected communities. Processes for tracking, responding to, and recovering from incidents and errors are followed and documented. |