Glossary term
Glossary term
Governance and Compliance
The set of policies, requirements, standards, regulations, contractual commitments, and procedures against which an audit will assess AI governance, controls, or specific systems. Defining criteria explicitly is essential to avoid disputes during fieldwork and to give the audit a clear scope and defensible conclusions.
ISO 19011:2018 provides audit criteria guidance applicable to ISO 42001, ISO 27001, and integrated management system audits.
NIST AI RMF and NIST AI 600-1 GenAI Profile provide criteria adopted by many internal audit functions.
SOC 2 trust services criteria and AICPA TSP 100 are commonly used as audit criteria for AI service providers.