Business Continuity Management and Operational Resilience
CSA AI Controls Matrix v1.1 domain
Maintain AI service continuity and recover safely from disruption.
What this domain means for procurement
AI services depend on models, accelerators, data pipelines, and third parties. Continuity plans must cover loss or degradation of any of those dependencies without silently changing risk posture.
How TrustAtlas dimensions support it
Business stability captures continuity capacity and recovery commitments; dependency chain captures upstream concentration and fallback risk.
Business stabilityDependency chain
This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.
Questions to ask vendors
Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.
- What recovery objectives apply to the AI service, its model endpoints, and supporting data pipelines?
- Which upstream failure scenarios are exercised, and when was the last documented continuity test?
- How are customers notified if failover changes the model, region, subprocessor, or service capability?
Related
- Back to all 18 CSA AICM v1.1 domains
- Official CSA AICM v1.1 artifact
- NIST AI RMF cross-walk
- TrustAtlas methodology — how the nine risk dimensions are scored