The Cloud Security Alliance has released new guidance for auditing AI systems that go beyond compliance requirements.
The document, titled “AI Risk Management: Thinking Beyond Organizational Boundaries,” provides a comprehensive framework for evaluating AI systems. It was developed by the AI Governance and Compliance Working Group of the Cloud Security Alliance (CSA).
“The proliferation of intelligent systems in today's world requires auditors to be not only willing, but able to evaluate these systems beyond simply checking checkboxes,” said Ryan Gifford, research analyst at Cloud Security Alliance, who is also part of the working group's leadership team. While the need for rigorous, purposeful, results-based AI auditing is critical, trust in AI can only be achieved through a far-reaching approach to auditing that goes beyond what is required and we hope that auditors can begin to address compliance proactively and comprehensively, Using the framework described in this document.”
The guidelines follow the document AI Resilience: A Revolutionary Benchmarking Model for AI Safety, and are intended to be applied across industries. They focus on privacy, security and trust through an approach that encourages critical and investigative thinking. The guidelines are designed to help auditors evaluate AI systems for unintended behaviors.
Based on current best practices, the document addresses the entire AI lifecycle, from development and deployment to monitoring and decommissioning. Includes sample questions for audits and evaluations, providing basic knowledge about AI resilience, types of AI systems, and other key concepts such as responsibility, accountability, and accountability.
Sections within the guidelines cover AI governance, applicable legal standards, and management of external suppliers and infrastructure. The goal is to mitigate risks, enhance transparency, and ensure that AI systems are compliant and trustworthy.
The AI Governance and Compliance Working Group seeks to be a central figure in setting AI governance and compliance standards. It aims to influence policies and legislation, and set standards for best practices.
