Logging and Monitoring

CSA AI Controls Matrix v1.1 domain

Record and detect security, safety, operational, and agent behavior events.

What this domain means for procurement

AI-specific monitoring should connect system activity, model behavior, tool use, safety events, and human interventions while respecting data-minimization requirements.

How TrustAtlas dimensions support it

Security covers detection and audit telemetry; transparency covers customer-visible evidence; agent governance covers behavioral monitoring and intervention records.

SecurityTransparencyAgent governance

This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.

Questions to ask vendors

Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.

  1. Which prompt, model, policy, tool-call, identity, and safety events are logged, and for how long?
  2. Can customers export logs to their security tooling without exposing unnecessary prompt or personal data?
  3. What alerts detect anomalous agent behavior, policy bypass, data leakage, or unexplained model drift?
  4. Are human approvals, overrides, and emergency stops captured in tamper-evident audit history?
← Infrastructure Security Model Security →

Related