AI pillar

AI Fundamentals

A long-form reference for building and governing AI systems that stay safe, reliable, and auditable across design, training, deployment, and continuous monitoring.

The guidance maps to the NIST AI Risk Management Framework, ISO/IEC 42001 and 23894, EU AI Act conformity obligations, and U.S. OMB M-24-10 plus banking model risk management expectations.

Model lifecycle blueprint

Treat the AI lifecycle as an engineering process with gated checkpoints, evidence requirements, and rollback plans that mirror secure SDLC practices.

Controls

  • Maintain model cards and system cards tracing provenance, intended use, limitations, and evaluation results; ensure fields align to NIST AI RMF mappings, ISO/IEC 42001 documentation clauses, and Annex IV requirements for EU AI Act high-risk systems.
  • Require data lineage with documented consent basis, license terms, retention, and geographic residency; enforce dataset risk reviews for copyrighted, sensitive, or export-controlled material before training or fine-tuning.
  • Gate promotion with multi-layer testing: adversarial red-team runs, regression suites tied to user stories and abuse cases, and safety filter performance checks before rollout.
  • Codify rollback and fallback plans that include feature flags, staged traffic ramps, cached responses for critical intents, and human-over-the-loop criteria when confidence scores or safety signals degrade.

Metrics

  • Data provenance coverage: percentage of training and evaluation assets with verified license, consent, and residency metadata; number of datasets with unresolved legal or sensitivity flags.
  • Evaluation completeness: share of releases passing adversarial, safety, bias, and functional test suites; severity-weighted defects per release and mean time to remediation.
  • Rollback readiness: mean time to rollback (MTTRb), coverage of validated checkpoints, and proportion of endpoints with feature-flagged fallbacks.
  • Usage boundaries: percentage of endpoints protected by input/output content filters, rate limits, and prompt-injection defenses mapped to abuse taxonomies.

Regulatory hooks

The EU AI Act requires technical documentation, risk management, and post-market monitoring for high-risk systems. U.S. banking supervisors expect SR 11-7-style model risk management for generative models. ISO/IEC 42001 and ISO/IEC 23894 pair with the NIST AI RMF to supply control catalogues that can be embedded in internal policies.

Safety testing and accountability

Guard against harms with transparent design choices, repeatable safety testing, and accountable decision pathways.

Controls

  • Implement content moderation pipelines with policy-tuned classifiers, blocklists, layered filters for inputs and outputs, and human escalation for uncertain scores.
  • Run bias and fairness assessments on representative cohorts; document mitigations such as reweighting, counterfactual data augmentation, post-processing calibration, or retrieval constraints.
  • Execute safety and red-team testing for jailbreaks, prompt injections, data exfiltration, and safety-filter bypasses; capture reproducible prompts, expected behaviors, and remediation owners.
  • Require human oversight for consequential decisions, with audit trails of reviewer rationale, overrides, and user-facing notices where applicable.

Metrics

  • Safety filter efficacy: false negative and false positive rates across harmful content categories, plus time-to-patch for new prompt classes.
  • Bias deltas: disparity in false positive/negative or harmful output rates across protected classes or cohorts for each relevant task.
  • Explainability coverage: percentage of high-impact decisions with available explanations, retrieved evidence, or citation links.
  • Human-in-the-loop velocity: average turnaround time for escalated reviews, override frequency, and adherence to documented decision thresholds.

Regulatory hooks

Mandatory risk and bias reporting is emerging through the EU AI Act, New York City Local Law 144 for automated employment decisions, Colorado’s AI Act (SB24-205), and U.S. federal agency inventories under the AI in Government Act and OMB M-24-10. Health and finance use cases must also align to HIPAA, GDPR lawful processing, and FTC unfairness principles.

Operational diagrams for lifecycle, risk tiering, and evaluation

Use these reference visuals to brief engineering, risk, and product leaders on how lifecycle checkpoints, risk tiers, and evaluation gates align to evidence and approvals.

Five-stage lifecycle showing intake, design, build and train, deploy and monitor, and refresh or retire with evidence produced at each gate.
Make lifecycle gates explicit: intake captures lawful basis and vendor diligence; design locks in misuse redlines, DPIA/TIA coverage, and evaluation plans; build and train tracks versioned data, SBOMs, and safety test runs; deployment keeps kill switches, disclosures, and incident playbooks ready; refresh or retirement updates model cards, deletes data per consent, and logs validation results.
Four-column matrix listing Tier 0 to Tier 3 AI risk levels with example use cases, controls, approvals, and evidence expectations.
Anchor oversight to impact: minimal-risk utilities stay with team owners and baseline logging, while Tier 1 assistants require DPIA-lite reviews and safety baselines. Tier 2 external or credit-facing systems trigger full DPIA/TIA work, model cards, rollback hooks, and risk committee sign-off. Tier 3 systemic systems mandate independent validation, disclosure and appeal workflows, and board-level approval backed by adversarial and bias stress tests.
Evaluation pipeline showing data preparation, sandboxing, functional and safety test suites, governance gates, deployment paths, and continuous monitoring with feedback loops.
Keep evaluations wired into delivery: curate prompts and fixtures, enforce signed artifacts in staging, and run deterministic functional, safety, fairness, and robustness suites. Promotion requires policy fit, documented DPIA evidence, threshold adherence, and independent review for higher tiers. Deploy with canaries and runtime guardrails, then feed drift, feedback, and incidents back into new evaluation runs.

Operations, observability, and testing at scale

Operate AI reliably by integrating observability, safety testing automation, and dependency hygiene across training, inference, and retrieval workflows.

Controls

  • Instrument model observability: latency, token counts, quality scores, hallucination and factuality rates, drift on prompts and embeddings, and safety filter events.
  • Automate evaluation and red teaming in CI/CD with seeded prompt libraries, safety regression packs, and data leak detection for retrieval-augmented generation (RAG) flows.
  • Harden prompt and model supply chains with source control, approvals, secrets hygiene, and dependency scanning; generate SBOMs and attestations for inference images and custom operators using SLSA guidance.
  • Control cost-to-value by tracking GPU utilization, cache hit rates, retrieval precision, and fallback routing to lower-cost models without sacrificing safety or latency.

Metrics

  • Quality and drift: movement of task accuracy, toxicity rates, hallucination rate, BLEU/ROUGE or retrieval precision/recall against baselines.
  • Operational health: p95/p99 latency, timeouts, saturation, and unavailability minutes attributed to model or dependency issues; rollback frequency tied to model changes.
  • Supply-chain integrity: percentage of artifacts with attested provenance and signed SBOMs; count and age of unresolved CVEs in inference images and custom extensions.
  • Unit economics: cost per successful task, GPU utilization, cache efficiency for frequently used prompts, and inference cost deflection via model routing.

Regulatory hooks

Operational evidence supports SOC 2 trust principles, ISO/IEC 27001 Annex A.8 on development security, and the U.S. Executive Order on Safe, Secure, and Trustworthy AI reporting expectations for critical models.

Governance, risk, and measurement

Establish a governance model with clear ownership, evidence chains, risk tiers, and measurement cadences that keep AI accountable.

Controls

  • Maintain an AI system inventory with owners, risk classification, data categories, deployment context, and supplier dependencies; review quarterly and upon material changes.
  • Link policies and standards to frameworks such as NIST AI RMF, ISO/IEC 42001, ISO/IEC 23894, and sector guidance (e.g., EBA outsourcing, OCC SR 11-7 for banking) with mapped controls and evidence locations.
  • Set up model risk committees and change authorities with defined approval thresholds, exception handling for experiments, and independence from build teams.
  • Run post-deployment monitoring with issue triage, user feedback loops, incident postmortems, and corrective-action tracking that updates training data, prompts, and policies.

Metrics

  • Inventory coverage: percent of AI systems registered with complete metadata, risk tiering, and supplier listings.
  • Policy alignment: number of critical controls mapped to external frameworks with evidence links; exception aging and closure rate.
  • Incident learning: mean time from incident to corrective action deployment; recurrence rate of similar failure modes and closure of action items.
  • Stakeholder transparency: cadence of reports to risk committees and business owners, completion of user-facing disclosures, and availability of evaluation summaries.

Regulatory hooks

Governance records underpin EU AI Act conformity assessments, Canadian AIDA risk logs, and U.S. state AI transparency laws such as Colorado’s AI Act. Financial institutions map these to SR 11-7, Basel operational risk expectations, and supervisory requests for model inventories and testing evidence.

Control checklist for trustworthy AI delivery

Verify each lifecycle gate is backed by controls, owners, and logged evidence before models reach production.

Governance and intake

  • System registry current. All AI systems recorded with risk tier, data categories, deployment context, and supplier contracts aligned to ISO/IEC 42001 and NIST AI RMF profiles.
  • Policy fit confirmed. DPIAs, TIAs, copyright assessments, and lawful-basis checks completed for training data and prompts; approvals captured with expiry dates.
  • Third-party verification. Supplier attestations (SOC 2, ISO/IEC 27001), SBOMs, and model cards reviewed; adverse findings documented with compensating controls.

Build, deploy, and run

  • Evaluation packs. Functional, safety, bias, and robustness suites versioned in source control with thresholds and rollback criteria; red-team scenarios refreshed quarterly.
  • Runtime guardrails. Abuse monitoring, content filters, grounding checks for RAG, and kill switches wired to incident playbooks with on-call coverage.
  • Data lifecycle. Retention, deletion, and consent-refresh routines enforced for training and feedback data; lineage and provenance logs available for regulator or customer evidence.

Cross-check the checklist against the AI governance guide, Safety evaluations guide, and privacy and data access briefings to keep requirements synchronized.

KPI and KRI scorecard

Measure whether AI systems remain safe, reliable, and compliant after launch.

Focus area KPIs KRIs Evidence sources
Model quality & safety Task accuracy against golden sets; toxicity and safety block rates below threshold; regression test pass rate per release. Safety overrides per 1k calls; ungrounded response rate; drift in embedding or prompt distributions. Evaluation dashboards; red-team logs; Model evaluation guide.
Operations p95 latency and availability; cache hit rate; GPU utilisation and cost per successful task. Unbudgeted GPU hours; sustained error spikes from dependency outages; rollback frequency exceeding target. Observability traces; cost reports; Cloud observability guide.
Governance % systems with current DPIA/TIA; model cards refreshed within 90 days; completion of quarterly control attestations. Expired approvals; unresolved exceptions; gaps between production systems and registry entries. Registry exports; approval workflows; AI procurement controls guide.
User trust Disclosure coverage for end users; appeal/feedback cycle time; satisfaction or CSAT for AI-assisted journeys. Escalated complaints; privacy requests involving AI data; unreviewed user feedback over SLA. Support tickets; consent logs; Workforce enablement guide.

Implementation pitfalls to avoid

  • Shadow AI deployments. Teams launching assistants without registry entries or DPIAs leave policy and transparency gaps; enforce registry checks in CI and procurement.
  • Incomplete evaluations. Shipping on functional accuracy alone misses systemic safety risks; require safety and fairness suites with signed thresholds for every high-impact release.
  • Unbounded data capture. Retaining prompts or outputs without consent refresh or deletion paths triggers privacy violations; align data handling to jurisdictional retention limits.
  • Supplier lock-in without exit paths. No tested migration plan for models or embeddings increases operational and compliance risk; maintain exportable formats and escrow for critical systems.
  • Guardrails without monitoring. Content filters or grounding checks that are not monitored and tuned drift quickly; track precision/recall of safety signals and recalibrate monthly.

Use the AI incident response guide and model monitoring guide to wire mitigations into your operating model.