Human Resources
CSA AI Controls Matrix v1.1 domain
Ensure personnel are screened, trained, accountable, and offboarded appropriately.
What this domain means for procurement
People who build, operate, review, or support AI systems can introduce or mitigate risk. Role-specific training and privileged-access lifecycle controls are procurement-relevant evidence.
How TrustAtlas dimensions support it
Security covers workforce access and insider-risk safeguards; agent governance covers competence and accountability for people supervising autonomous systems.
SecurityAgent governance
This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.
Questions to ask vendors
Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.
- Which roles receive AI security, privacy, safety, and responsible-use training, and how is completion verified?
- What screening and confidentiality requirements apply to personnel with customer-data or model access?
- How quickly are privileged access and service credentials revoked after role changes or departure?
Related
- Back to all 18 CSA AICM v1.1 domains
- Official CSA AICM v1.1 artifact
- NIST AI RMF cross-walk
- TrustAtlas methodology — how the nine risk dimensions are scored