Governance, Risk and Compliance

CSA AI Controls Matrix v1.1 domain

Assign accountability and manage AI risk and compliance as an ongoing program.

What this domain means for procurement

A dependable vendor can identify accountable owners, applicable obligations, risk appetite, exceptions, and evidence that governance decisions reach product operations.

How TrustAtlas dimensions support it

Compliance and jurisdiction capture obligations; transparency captures disclosed governance; agent governance captures accountability for autonomous behavior and human control.

Regulatory complianceJurisdictionTransparencyAgent governance

This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.

Questions to ask vendors

Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.

  1. Who is accountable for AI risk, agent behavior, privacy, security, and regulatory compliance?
  2. How do you identify applicable laws and customer obligations across the jurisdictions where the service operates?
  3. What risk exceptions are currently open for the service, who accepted them, and when do they expire?
  4. How are agents inventoried, risk-tiered, approved, monitored, and retired?
← Data Security and Privacy Lifecycle Management Human Resources →

Related