Business Continuity Management and Operational Resilience

CSA AI Controls Matrix v1.1 domain

Maintain AI service continuity and recover safely from disruption.

What this domain means for procurement

AI services depend on models, accelerators, data pipelines, and third parties. Continuity plans must cover loss or degradation of any of those dependencies without silently changing risk posture.

How TrustAtlas dimensions support it

Business stability captures continuity capacity and recovery commitments; dependency chain captures upstream concentration and fallback risk.

Business stabilityDependency chain

This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.

Questions to ask vendors

Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.

  1. What recovery objectives apply to the AI service, its model endpoints, and supporting data pipelines?
  2. Which upstream failure scenarios are exercised, and when was the last documented continuity test?
  3. How are customers notified if failover changes the model, region, subprocessor, or service capability?
← Application & Interface Security Change Control and Configuration Management →

Related