0
21.1.1
Zurich Patch 4, Zurich Patch 1, Zurich, Yokohama Patch 6, Yokohama Patch 4, Yokohama Patch 3, Xanadu Patch 9
AI Risk and Compliance Management involves a strategic framework designed to identify, assess, and mitigate the inherent risks associated with the development and deployment of AI technologies. As organizations increasingly rely on AI systems, it becomes essential to navigate the complexities of compliance with global regulations such as the GDPR and the EU’s AI Act. This framework includes a comprehensive risk assessment process to evaluate potential challenges such as, algorithmic bias, data privacy, and transparency. It ensures that AI systems are developed and used in an ethical and responsible manner. Engaging diverse stakeholders, including ethicists and legal experts, enhances the organization's ability to address the social and ethical implications of AI technologies while fostering a culture of accountability.
- AI System Intake Form to request AI use case, AI model, and Datasets.
- AI Risk and Compliance workspace to manage and monitor the risk and compliance posture of AI systems.
- Perform impact assessments (using Smart Assessments) to identify how AI systems, models, and datasets affect fundamental rights.
- New Roles & Access Controls to handle AI Risk and Compliance Management.
- Identify the AI systems from the CMDB by enhancing or leveraging the Entity filter capability.
- Advance Risk Assessment (ARA) integration to identify individual and specific risks associated with AI assets, such as AI systems, models, and datasets. Perform risk assessments on each identified risk separately.
- Bulk risk assessment feature enables product owners to assess the regulatory and operational risks of multiple AI use cases in a unified workflow.
- Auto-creation or resolving entity
- Based on the existence of the CMDB AI System record, an Entity can be auto-created or resolved to an existing record.
- 360-Relationship View:
- Explore the relationships between critical AI assets that impact your business, including controls, risks, and issues.
- Entity based access control
- Implemented Entity based access control feature which facilitates object access via entities. You can map entities to specific users or user groups, enabling you with a granular level of access control.
- Bulk AI Risk Assessments, secure AI Risks and Controls using Entity-based Access Control, Unified Content Management, Email-driven AI Misuse or Inquiry reporting.
- New
- Entity-based access control
- Implemented the Entity-based Access Control feature, which facilitates object access through entities. You can map entities to specific users or user groups, enabling a granular level of access control.
- Administrators can grant access to an entity’s related records by adding users, user groups, entity user fields, or entity user group fields, minimizing the risk of unnecessary data exposure.
- You can now configure any user or user group field on a record to provide additional access beyond what is defined in the EBA configuration.
- Bulk Risk Assessment
- The Bulk Risk Assessment feature enables product owners to assess the regulatory and operational risks of multiple AI use cases in a unified workflow. Instead of reviewing and responding to risk questionnaires one by one, the system groups AI use cases with similar characteristics (such as model type, data sensitivity, and business impact) and presents a consolidated risk assessment form.
- Integration with unified content accelerator
- A new unified content interface shows the sequence of steps for importing related content and reviewing the selected content. This provides a step-by-step process for importing content into the product.
- Entity-based access control
- Changed
- Introduced an 'Active flag' in the GRC Choice table; updates to these flags are now reflected in the AI risk and compliance management application
- Implemented the impacts of Citation to control mapping feature across the dashboards and overview pages.
- Fixed
- Resolved a security vulnerability that allowed unintended edits to read-only fields.
- Replaced hard-coded admin role dependencies with granular roles to improve security and align with least privilege principles.
Permissions and roles:
- Role required to install the app: System Admin (admin)