Glossary term
Glossary term
Governance and Compliance
Controlled documents and retained records used to operate and evidence the AIMS. Examples include policies, procedures, risk assessments, impact assessments, approvals, training records, and audit results. Documentation should prove both design and operation: a policy is not sufficient without evidence that risk reviews, approvals, training, and monitoring actually occur.
ISO 42001 clause 7.5 requires documented information for both the standard and items determined necessary by the organization, with controlled distribution, access, and retention.
Anthropic's Trust Center hosts SOC 2 reports, ISO 42001 certificates, and the Responsible Scaling Policy as documented evidence of governance commitments.
Under EU AI Act Article 11, providers of high-risk AI must maintain technical documentation per Annex IV including system description, monitoring, and risk management records.