Machine Learning and Artificial Intelligence Standard
A foundational governance and security standard for organizations deploying, procuring, or interacting with machine learning models and generative AI.
Establish guardrails for AI adoption before shadow AI creates unmanaged risk.
As organizations increasingly adopt machine learning (ML), artificial intelligence (AI), and generative AI solutions, the need for clear governance, security, and privacy guardrails has become critical. This sample standard provides a foundational framework to manage the risks associated with AI adoption while enabling business innovation.
What the standard covers
- Purpose and Scope: Defines the technologies covered, including generative AI (e.g., ChatGPT, Copilot), predictive models, and third-party integrations.
- Roles and Responsibilities: Outlines expectations for AI system owners, data governance, security, and compliance teams.
- Acceptable Use: Specifies permitted and prohibited uses of AI, particularly regarding public models and sensitive data.
- Data Privacy and Protection: Establishes requirements for data minimization, consent, and data handling in AI workflows.
- Security and Risk Management: Details controls for model protection, adversarial testing, input sanitization, and continuous monitoring.
- Third-Party AI Risk: Connects AI procurement to existing vendor due diligence and right-to-audit requirements.
When to use this standard
This standard is a good fit when:
- Employees are using generative AI tools and you need to prevent data leakage.
- You are procuring third-party platforms that include embedded AI capabilities.
- Your organization is developing internal AI/ML models.
- Customers, auditors, or regulators are asking for your formal position on AI risk management.
Download the Sample Standard
Get started with a customizable Word document designed to fit SMB and regulated organization requirements.
Download the Standard →