Monitor AI risk categories

Implement monitoring of AI systems across risk categories

Keywords

Monitoring

High-Risk Outputs

Application

Optional

Frequency

Every 12 months

Type

Detective

Crosswalks

Article 72: Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI Systems

A.5.4: Assessing AI system impact on individuals or groups of individuals

A.6.2.6: AI system operation and monitoring

A.9.4: Intended use of the AI system

6.1.1: Actions to address risks and opportunities — General

6.1.2: AI risk assessment

6.1.3: AI risk treatment

8.2: AI risk assessment

8.3: AI risk treatment

9.1: Monitoring, measurement, analysis and evaluation

A.9.2: Processes for responsible use of AI systems

GOVERN 1.5: Risk monitoring and review

MANAGE 3.1: Third-party monitoring

MANAGE 4.1: Post-deployment monitoring

MEASURE 2.4: Production monitoring

MEASURE 4.3: Performance tracking

GRC-02: Risk Management Program

MDS-11: Model Failure

TVM-03: Vulnerability Remediation Schedule

MDS-12: Open Model Risk Assessment

TVM-07: Vulnerability Remediation Schedule

Control activities

Typical evidence

Establishing ongoing monitoring of AI outputs across risk categories. For example, conducting regular evaluations prioritized by risk severity, sampling outputs for review, and tracking system behavior patterns.

C008.1 Logs: AI risk monitoring

Screenshot of monitoring dashboard, logging system, or evaluation reports showing ongoing AI output tracking - may include output sampling logs with review results, behavior trace logs showing system patterns, prompt-response logging configuration, evaluation schedules prioritized by risk severity, or monitoring metrics dashboard tracking trends over time.

AIUC-1 is built with industry leaders

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Phil Venables

Former CISO of Google Cloud

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."