Governance, Risk and Compliance
CSA AI Controls Matrix v1.1 domain
Assign accountability and manage AI risk and compliance as an ongoing program.
What this domain means for procurement
A dependable vendor can identify accountable owners, applicable obligations, risk appetite, exceptions, and evidence that governance decisions reach product operations.
How TrustAtlas dimensions support it
Compliance and jurisdiction capture obligations; transparency captures disclosed governance; agent governance captures accountability for autonomous behavior and human control.
Regulatory complianceJurisdictionTransparencyAgent governance
This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.
Questions to ask vendors
Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.
- Who is accountable for AI risk, agent behavior, privacy, security, and regulatory compliance?
- How do you identify applicable laws and customer obligations across the jurisdictions where the service operates?
- What risk exceptions are currently open for the service, who accepted them, and when do they expire?
- How are agents inventoried, risk-tiered, approved, monitored, and retired?
Related
- Back to all 18 CSA AICM v1.1 domains
- Official CSA AICM v1.1 artifact
- NIST AI RMF cross-walk
- TrustAtlas methodology — how the nine risk dimensions are scored