Glossary term
Glossary term
Governance and Compliance
The selection and implementation of options to address risk. Treatments may include controls, risk avoidance, risk transfer, redesign, enhanced oversight, phased deployment, or documented acceptance. Treatment plans identify accountable owners, deadlines, control evidence, testing method, residual risk, and what happens if treatment is delayed or ineffective.
After identifying hallucination risk in legal advice use cases, many enterprises selected risk avoidance by prohibiting AI legal advice tools and routing queries to qualified counsel.
Munich Re launched aiSure in 2018 to provide risk transfer through performance guarantees for AI models, an example of contractual risk treatment for AI performance failure.
ISO/IEC 23894:2023 clause 6.5 describes risk treatment selection options aligned with ISO 31000 risk management principles, often used alongside ISO 42001.