Document system transparency policy

Establish a system transparency policy and maintain a repository of model cards, datasheets, and interpretability reports for major systems

Keywords

Transparency

System Cards

Application

Optional

Frequency

Every 12 months

Type

Preventative

Crosswalks

AML-M0023: AI Bill of Materials

AML-M0025: Maintain AI Dataset Provenance

Article 11: Technical Documentation

A.4.2: Resource documentation

A.4.3: Data resources

A.4.4: Tooling resources

A.4.5: System and computing resources

A.6.2.3: Documentation of AI system design and development

A.2.2: AI policy

A.2.4: Review of the AI policy

4.3: Determining the scope of the AI management system

5.2: AI policy

GOVERN 1.2: Trustworthy AI policies

GOVERN 1.6: AI system inventory

MAP 1.6: System requirements

MEASURE 2.8: Transparency and accountability

MEASURE 2.9: Model explanation

MEASURE 4.3: Performance tracking

GRC-13: Explainability Requirement

GRC-14: Explainability Evaluation

MDS-03: Model Documentation

MDS-04: Model Documentation Requirements

MDS-05: Model Documentation Validation

STA-16: Service Bill of Material (BOM)

DSP-20: Data Provenance and Transparency

Control activities

Typical evidence

Establishing a transparency policy defining documentation requirements for major AI systems. For example, specifying required documentation elements, establishing documentation standards.

E017.1 Documentation: Transparency policy

Policy document defining transparency documentation requirements - may include criteria for systems requiring documentation, required documentation elements (capabilities, limitations, use cases, risks), or documentation standards and templates.

AIUC-1 is built with industry leaders

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Phil Venables

Former CISO of Google Cloud

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."