What processes do you follow to audit AI models for compliance with evolving privacy regulations? How frequently do you run these audits?

Governance, Risk & Compliance Privacy Risk

787 views3 Comments

Sort by:

CISO in Software14 days ago

For every release and update!

Director Information Security & Trusta month ago

Specifically, regarding auditing AI models, our organization primarily consumes models intended for generic purposes, such as Microsoft OpenAI. We are not training or maintaining local models. While we do have an annual review cadence for the use of cases that go through our governance process, we do not directly audit the models themselves since we are not responsible for their maintenance. As a result, our focus is on reviewing use cases rather than underlying AI models.

Chief Information Security Officer2 months ago

We audit AI-related initiatives primarily on demand. For any AI solution to even be considered for audit, it must first go through our governance process. Our governance committee meets every other week without fail and includes me, the CIO, Chief Compliance Officer, Chief Legal Officer, our possible CMIO, and the relevant business stakeholder representing the specific program. Once an AI solution is selected, the audit process may differ depending on the situation. In California, we have significant legislative requirements to follow, so we typically conduct audits as needed or incorporate them into larger, scheduled audits by expanding the scope to include AI as a component.

Content you might like

What are some examples of business value creation through AI/Machine Learning?

What are your preferred tactics for building effective collaboration on cross-functional teams involved in AI governance and risk management (e.g., joint steering committees, shared KPIs, etc.)? Which roles are currently involved?

How would you rate the readiness of your systems and data to work with AI?

data is scattered across different applications23%

some systems have APIs, but not everything connects59%

we have a single source of data, but without AI integration16%

our data is already being used by AI models1%

View Results

Which of the following are the most challenging aspects of implementing cloud governance (in terms of cost, security, compliance, and operations at your organization?

Balancing the implementation of organizational policies and developer velocity32%

In-flexibility of existing governance tools in terms of the policy implementation48%

Lack of in-house expertise and knowledge56%

Validating governance policies earlier in the development cycle33%

Ever-changing cloud provider APIs and tools31%

Lack of real-time visibility into resources and configurations across multiple clouds and accounts23%