Skip to content

Latest commit

 

History

History
44 lines (31 loc) · 4.09 KB

File metadata and controls

44 lines (31 loc) · 4.09 KB

5.4 Manage

The MANAGE function entails allocating risk resources to mapped and measured risks on a regular basis and as defined by the GOVERN function. Risk treatment comprises plans to respond to, recover from, and communicate about incidents or events.

Contextual information gleaned from expert consultation and input from relevant AI actors -- established in GOVERN and carried out in MAP -- is utilized in this function to decrease the likelihood of system failures and negative impacts. Systematic documentation practices established in GOVERN and utilized in MAP and MEASURE bolster AI risk management efforts and increase transparency and accountability. Processes for assessing emergent risks are in place, along with mechanisms for continual improvement.

After completing the MANAGE function, plans for prioritizing risk and regular monitoring and improvement will be in place. Framework users will have enhanced capacity to manage the risks of deployed AI systems and to allocate risk management resources based on assessed and prioritized risks.


Categories and Subcategories

MANAGE 1: AI risks based on assessments and other analytical output from the MAP and MEASURE functions are prioritized, responded to, and managed.

Subcategory Description
MANAGE 1.1 A determination is made as to whether the AI system achieves its intended purposes and stated objectives and whether its development or deployment should proceed.
MANAGE 1.2 Treatment of documented AI risks is prioritized based on impact, likelihood, and available resources or methods.
MANAGE 1.3 Responses to the AI risks deemed high priority, as identified by the MAP function, are developed, planned, and documented. Risk response options can include mitigating, transferring, avoiding, or accepting.
MANAGE 1.4 Negative residual risks (defined as the sum of all unmitigated risks) to both downstream acquirers of AI systems and end users are documented.

MANAGE 2: Strategies to maximize AI benefits and minimize negative impacts are planned, prepared, implemented, documented, and informed by input from relevant AI actors.

Subcategory Description
MANAGE 2.1 Resources required to manage AI risks are taken into account -- along with viable non-AI alternative systems, approaches, or methods -- to reduce the magnitude or likelihood of potential impacts.
MANAGE 2.2 Mechanisms are in place and applied to sustain the value of deployed AI systems.
MANAGE 2.3 Procedures are followed to respond to and recover from a previously unknown risk when it is identified.
MANAGE 2.4 Mechanisms are in place and applied, and responsibilities are assigned and understood, to supersede, disengage, or deactivate AI systems that demonstrate performance or outcomes inconsistent with intended use.

MANAGE 3: AI risks and benefits from third-party entities are managed.

Subcategory Description
MANAGE 3.1 AI risks and benefits from third-party resources are regularly monitored, and risk controls are applied and documented.
MANAGE 3.2 Pre-trained models which are used for development are monitored as part of AI system regular monitoring and maintenance.

MANAGE 4: Risk treatments, including response and recovery, and communication plans for the identified and measured AI risks are documented and monitored regularly.

Subcategory Description
MANAGE 4.1 Post-deployment AI system monitoring plans are implemented, including mechanisms for capturing and evaluating input from users and other relevant AI actors, appeal and override, decommissioning, incident response, recovery, and change management.
MANAGE 4.2 Measurable activities for continual improvements are integrated into AI system updates and include regular engagement with interested parties, including relevant AI actors.
MANAGE 4.3 Incidents and errors are communicated to relevant AI actors, including affected communities. Processes for tracking, responding to, and recovering from incidents and errors are followed and documented.