Skip to content
AI Development Knowledge Base

Untitled

This module contains AI governance frameworks, compliance materials, and risk management resources.

Overview

The AI Governance module provides comprehensive resources for implementing responsible AI practices, including regulatory compliance, risk management frameworks, and governance templates.

Relationship to Other Directories

This directory is the implementation layer of a wider AI knowledge base: it holds the control templates, risk artefacts, and organisation-specific program material that operationalise what the sibling directories describe normatively. Use the siblings for the authoritative deep-dives; use this directory for the templates that put them into practice.

DirectoryRoleUse it for
This directory (AI-Governance/)Implementation — controls, templates, risk artefacts, organisation programPutting standards into practice (registry, transparency cards, incident response, monitoring, risk registers)
standards/Normative technical/management standardsCanonical deep-dives: ISO/IEC SC 42 family (42001, 23894, …), NIST AI RMF, EU AI Act
../AI-security/Threat models & ISMSMITRE ATLAS, NCSC/CISA/ASD secure-development guidance, ISO/IEC 27001/27701
../AI-assurance/Engagement & regulator layerHow controls are independently assured — ASAE 3000/3150, APES 110, IIA, APRA AI letter, SOC 2
../AI-security/agentic/Agentic security toolingSandboxing, agent identity, policy controls, prompt security for AI agents

Avoiding duplication-with-drift: several documents here summarise standards that have authoritative deep-dives in the sibling directories. Where a summary and a deep-dive both exist, the deep-dive is canonical and this directory’s copy should be treated as an implementation-oriented digest:

The AI Governance Mega-Map (frameworks/The Company Ethos/Ai_Governance_Mega_Map.md) is the cross-framework spine that ties these together; see AI-Knowledge-Base-Mega-Map-Index.md for the control-by-control map to sibling-directory deep-dives.

Structure

AI-Governance/
├── README.md                         # This file
├── standards/                        # Normative deep-dives (ISO/IEC SC 42, NIST AI RMF, EU AI Act)
├── frameworks/                       # Governance implementation layer
│   ├── controls/                    # Control frameworks, incident response, monitoring, registry, transparency templates
│   ├── risk-management/             # Risk appetite statement, risk register templates
│   ├── NIST RMF/                    # Framework summary, core 100-1 RMF, 600-1 GenAI profile, crosswalks
│   ├── OWASP/                       # OWASP AI threats/controls libraries
│   ├── MIT/                         # MIT AI Risk Repository consolidated analysis
│   └── The Company Ethos/           # Materials from The Company Ethos (CC BY 4.0): AI use policy, mega-map, risk management, impact assessment checklist
└── references/                       # Curated external reference extracts
    ├── anthropic/                   # RSP, Clio privacy, third-party testing
    ├── australian/                  # National AI Plan, Responsible AI Index, voluntary safety standard
    ├── UK/                          # UK AISI frontier AI reports
    ├── US/                          # NAIC AI adoption guide
    ├── International AI Safety/     # International AI safety reporting
    └── International Standards/     # International AI standards summary

Key Resources

Frameworks

  • AI Controls Framework: Comprehensive control implementation guide
  • AI Governance Framework: Overall governance structure
  • AI Risk Management: Risk assessment and mitigation strategies
  • Incident Response: AI incident response procedures
  • Monitoring Dashboard: AI system monitoring framework

References

  • Anthropic: RSP (Responsible Scaling Policy), Clio privacy, third-party testing guidance
  • Australian: National AI Plan, Responsible AI Index, voluntary safety standard
  • UK: UK AISI frontier AI and threat reports
  • US: NAIC AI adoption guide 2025
  • International: AI safety reporting, international standards summaries

Compliance Materials

  • ISO Integration: ISO 27001 and 42001 integration matrices
  • Risk Registers: AI system risk tracking templates
  • System Registry: AI system documentation templates
  • Transparency Cards: Client-facing AI transparency documentation

Getting Started

  1. Review Framework Overview: Start with frameworks/controls/AI_Governance_Framework_Overview.md
  2. Assess Current State: Use gap analysis templates in the frameworks/ directory
  3. Implement Controls: Follow control frameworks in frameworks/controls/
  4. Monitor Compliance: Set up monitoring using dashboard frameworks

Key Documents

Core Frameworks

  • AI_Governance_Framework_Overview.md - Main governance framework
  • AI_Controls_Framework.md - Detailed control implementation
  • AI_Risk_Appetite_Statement.md - Risk tolerance guidelines

Templates

  • AI_Risk_Register_Template.md - Risk tracking template
  • AI_System_Registry_Template.md - System documentation template
  • Client_AI_Transparency_Card_Template.md - Client transparency template

Implementation

  • Implementation_Roadmap.md - Governance implementation guide
  • AI_Incident_Response_Procedure.md - Incident response procedures
  • AI_Monitoring_Dashboard_Framework.md - Monitoring setup guide

Compliance Standards

This module supports compliance with:

  • ISO 27001: Information security management
  • ISO 42001: AI management systems
  • Australian AI Standards: Voluntary and mandatory guidelines
  • Industry Best Practices: Anthropic RSP, responsible AI principles

Usage Guidelines

For Organizations

  1. Adapt frameworks to organizational context
  2. Customize templates for specific use cases
  3. Implement monitoring and controls incrementally
  4. Regular review and updates based on regulatory changes

For Development Teams

  1. Integrate AI governance into development lifecycle
  2. Use risk assessment templates for new AI systems
  3. Implement required controls and monitoring
  4. Document AI systems using provided templates

Contributing

When contributing to AI governance resources:

  1. Ensure compliance with current regulations
  2. Reference authoritative sources
  3. Provide practical implementation guidance
  4. Update related templates and frameworks
  5. Maintain consistency with existing structure

License

Governance frameworks and templates are provided under applicable organizational licenses. Reference materials maintain their original licensing.