AI System

AI system repository and AI ID

Coordinated AI development, operation, and use are essential to organizations' sustainable AI operations. All organizations using AI systems should operate an AI system repository. The repository should 1) identify all AI systems the organization is developing, operates, uses, or has retired, 2) assign them a unique identifier, 3) contain the relevant documents the organization has produced or received on the AI system.

AI system use case

Identifying and understanding the intended use case of an AI system and its other possible uses is key to sustainable AI development and use. The use case affects the system's regulatory environment and may have significant reputational risk implications. The AI System Owner (T55) should ensure that the organization defines and documents 1) the intended use case of the AI system and 2) the possible other uses of the AI system. The AI System Owner should ensure that the use case definition aligns with the organization's values and risk tolerance. The AI System Owner should ensure that the organization takes adequate measures to prevent inappropriate AI system misuse.

AI system pre-design

Once an organization initiates an AI system development project, it should perform a preliminary pre-design of the system. The Head of AI (T54) should ensure that the organization 1) enters the AI system into the AI repository (T1), 2) assesses whether the AI system can align with the organization's values and risk tolerance, 3) initiates the development processes and assigns roles and responsibilities, 4) identifies and documents the planned AI system's key features and design constraints.

AI system user

People in organizations use AI systems. Some AI systems make decisions that directly or indirectly affect humans and their rights and obligations (affected persons). Sustainable AI system development and use require that the organization is conscious of who is using the AI system and whose rights and obligations it may affect. The organization should define and document 1) the intended AI system user organizations and human users, 2) the intended affected persons, and 3) possible other users and affected persons. The AI System Owner (T55) should ensure that the user definitions align with the organization's values and risk tolerance.

AI system operating environment

AI systems are embedded in the business and organizational environment. This environment typically consists of technological and social elements. The operating environment is a key driver of AI system impacts. The organization should define and document 1) the intended business or operational model and environment of the AI system, 2) the intended IT environment the AI system is embedded in and interacts with, 3) the other intended AI systems the AI system interacts with.

AI system operational metrics

Organizations can only assure desired AI system performance by deploying appropriate metrics to evaluate it. The AI System Owner should ensure that the organization defines and documents operational use performance metrics for assessing AI system performance during its operational use. The AI System Owner should ensure that the key target performance metrics align with the organization's values and risk tolerance.

AI system deployment metrics

The organization can only ensure desired AI system performance by deploying appropriate metrics to evaluate it. The AI System Owner should ensure that the organization defines and documents predeployment performance metrics that the AI system must meet before deployment or updates. The AI System Owner should ensure that the performance metrics align with the organization's values and risk tolerance.

AI system architecture

AI systems are part of IT systems. IT systems contain various data, computing infrastructures and resources, system architecture, and interfaces. The IT system architecture affects the AI system operations and may affect its risks and impacts. The organization should 1) define and document the position of the AI system in the organization's IT architecture, and 2) document and manage the AI system's interactions with the organization's other IT systems.

AI system version control

AI systems will likely undergo several redesigns and update cycles during their lifetime. Designing and implementing an effective version control system integrated with the AI governance framework processes is crucial. The AI System Owner should ensure that the organization defines, documents, and entrenches 1) quality control processes for new versions and updates and 1) version control and approval workflows. The AI System Owner should ensure that the AI system version control design aligns with the organization's values and risk tolerance.

AI system performance monitoring design

Monitoring AI system performance is crucial to ensuring that the system sustains the desired level of performance. The monitoring must be systematic and metrics-based to achieve consistency over time. The AI System Owner should ensure that the organization defines, documents, and entrenches 1) workflows and technical interfaces to facilitate the monitoring of AI system performance, including, for example a) the automated or manual production and reporting of performance metrics data, b) alarm thresholds, and c) workflows that allocate monitoring responsibilities. 2) workflows and technical interfaces to facilitate the detection of system malfunctions and other anomalous events, and 3) workflows to address issues detected during health checks. The AI System Owner should ensure that the AI system performance monitoring process aligns with the organization's values and risk tolerance.

AI system health check

AI systems may be subject to performance deterioration over the medium and long term. In addition, the business, operational, IT, and regulatory environments and stakeholder pressures will change over time. These processes may jeopardize system performance or lead to unacceptable risks. The AI System Owner should ensure that the organization conducts regular comprehensive reviews of the AI system (health checks) to ensure that the AI system aligns with the organization's values and risk tolerance. The AI System Owner should ensure that the organization defines, documents, and entrenches workflows and technical interfaces for reviewing 1) AI system use case, 2) AI system users, 3) AI system operational environment, 4) AI system technical environment, 5) AI system metrics, 6) AI system version control practices, 7) the AI system monitoring practices and 8) the AI system health check practices.

AI system verification and validation

Verifying and validating AI system performance is a crucial aspect of AI system development and quality control. In AI systems with machine learning components, verification will require comprehensive validation testing and theoretical and analytical verification. In many cases, validation will require that the developer organization builds a simulation environment where it can explore algorithm performance using comprehensive samples of real-world, non-training data inputs. The AI System Owner should ensure that the organization develops appropriate verification and validation methods for adequate AI system performance.

AI system approval

Decisions on approving AI systems and AI versions of AI systems for operational use should be informed and preceded by a careful review of the AI system documentation. Before deciding to deploy an AI system or AI system version, the AI System Owner should review all documentation on the AI system and ensure that the AI system impacts are acceptable and the system meets the performance targets for deployment.

AI system version control

The AI System Owner should ensure that the organization implements the planned AI system version control processes. If the system version control processes disclose a breach of version control practices or indicate a value or risk tolerance, the AI System Owner should initiate appropriate measures to address the breach or regain alignment.

AI system performance monitoring

The AI System Owner should ensure that the organization implements the planned AI system performance monitoring processes. If the system version control processes disclose a breach of performance standards or indicate a value or risk tolerance misalignment, the AI System Owner should initiate appropriate measures to address the breach or regain alignment.

AI system health checks

The AI System Owner should ensure that the organization performs the regular planned health checks. The reviews should assess whether the AI system aligns with the organization's values and risk tolerance. If a review discloses a misalignment, the AI System Owner should initiate appropriate measures to regain alignment.