The Five Must-Haves of an AI Governance Framework

SANS AI Cybersecurity Summit 2025
The Five Must-Haves of an AI Governance Framework
Varun Prasad, Managing Director, BDO USA

Companies must look to adopt a robust and flexible AI governance framework to systematically identify, assess, mitigate and monitor the safety and security risks for AI systems. An AI governance framework is typically made up of a variety of components including policies and procedures; administrative and technical controls and monitoring and oversight mechanisms. Due to the lack of an authoritative framework that companies can refer to or benchmark against, implementing a strong AI governance mechanism is always going to be a challenging endeavor, Drawing upon the requirements of existing AI standards and learnings from several audits of AI systems, this article outlines the five mandatory building blocks for operationalizing a strong and comprehensive AI governance framework:

Model inventory
AI risk and impact management program
Data management processes
Model verification and validation requirements
AI system observability requirements
Responsible AI refers to an ideal desired state of the AI ecosystem at an organization. It is critical to implement these building blocks to create a solid foundation to effectively plan, track, manage and monitor the development or deployment of AI and thereby, enhance stakeholder trust.

View upcoming Summits: http://www.sans.org/u/DuS