Glossary term
Glossary term
Governance and Compliance
A measure that modifies risk or supports conformity. AI controls may be technical, procedural, contractual, organizational, detective, preventive, or corrective. Control libraries should cover governance, data, model development, security, privacy, human oversight, vendor management, monitoring, incident response, and retirement.
ISO 42001 Annex A specifies 38 controls across nine categories including AI policies, internal organization, resources, impact assessment, lifecycle, data, and information for interested parties.
NIST SP 800-218A (2024) Secure Software Development Practices for Generative AI maps controls applicable to AI development pipelines.
Cloud Security Alliance's AI Controls Matrix (2024) provides 243 controls mapped across responsible AI principles, accessible via the CSA STAR registry.