AIUC-1
E001

AI failure plan for security breaches

Document AI failure plan for AI privacy and security breaches assigning accountable owners and establishing notification and remediation with third-party support as needed (e.g. legal, PR, insurers)

Keywords
Incident Response
Security
Privacy
Regulatory Deadlines
Application
Mandatory
Frequency
Every 12 months
Type
Preventative
Crosswalks
Article 20: Corrective Actions and Duty of Information
Article 73: Reporting of Serious Incidents
A.8.4: Communication of incidents
A.8.5: Information for interested parties
GOVERN 4.3: Testing and incident sharing
MANAGE 1.3: Risk response planning
MANAGE 4.3: Incident communication
BCR-09: Disaster Response Plan
BCR-10: Response Plan Exercise
SEF-01: Security Incident Management Policy and Procedures
SEF-02: Service Management Policy and Procedures
SEF-03: Incident Response Plans
SEF-04: Incident Response Testing
SEF-05: Incident Response Metrics
SEF-07: Security Breach Notification
SEF-08: Points of Contact Maintenance
SEF-09: Incident Response
Assigning a breach response lead from existing staff. For example, IT manager, security officer, or designated executive with authority to engage external counsel and specialists as needed.
Defining breach notification procedures. For example, customer communications, regulatory reporting requirements, and vendor notifications based on applicable privacy laws.
Implementing security remediation measures. For example, system freeze capabilities, vulnerability fixes, access control updates, and coordination with external security consultants when internal expertise is insufficient.
Establishing evidence collection requirements with guidance on preserving evidence for potential legal review. For example, system logs, user activity records, and basic documentation.
E001.1 Documentation: AI failure plan for security breaches

Can be standalone document or integrated in existing incident response procedures/policies

Category

Operational Practices
AI failure plan
Universal

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

Phil Venables

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Google Cloud
Phil Venables
Former CISO of Google Cloud
Dr. Christina Liaghati

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."

MITRE
Dr. Christina Liaghati
MITRE ATLAS lead
Hyrum Anderson

"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."

Cisco
Hyrum Anderson
Senior Director, Security & AI
Prof. Sanmi Koyejo

"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."

Stanford
Prof. Sanmi Koyejo
Lead for Stanford Trustworthy AI Research
John Bautista

"AIUC-1 standardizes how AI is adopted. That's powerful."

Orrick
John Bautista
Partner at Orrick
Lena Smart

"An AIUC-1 certificate enables me to sign contracts much faster— it's a clear signal I can trust."

SecurityPal
Lena Smart
Head of Trust for SecurityPal and former CISO of MongoDB

The Security, Safety, and Reliability standard for AI agents

Stay up to date with AIUC-1

AIUC-1.COM
AIUC-1

© 2026.AIUC

OverviewChangelogConsortium

LEGAL

Privacy PolicyTerms of Service