Security Incident Management, E-Discovery, & Cloud Forensics
CSA AI Controls Matrix v1.1 domain
Prepare for, investigate, contain, and disclose AI-related security incidents.
What this domain means for procurement
AI incidents may involve sensitive prompts, model behavior, agent actions, or shared providers. Buyers need notification commitments and evidence preservation suitable for investigation and legal obligations.
How TrustAtlas dimensions support it
Security covers response and forensics; compliance and jurisdiction govern notification and evidence duties; data handling covers preservation without uncontrolled exposure.
This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.
Questions to ask vendors
Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.
- What events qualify as an AI or security incident, and what contractual notification timeline applies?
- Can you preserve model versions, prompts, tool calls, identity events, and policy decisions for forensic reconstruction?
- How do regional notification, legal-hold, and evidence-location requirements affect incident handling?
- When did you last exercise an AI-specific incident scenario with customers or critical suppliers?
Related
- Back to all 18 CSA AICM v1.1 domains
- Official CSA AICM v1.1 artifact
- NIST AI RMF cross-walk
- TrustAtlas methodology — how the nine risk dimensions are scored