AICM AtlasCSA AI Controls Matrix
GRC · Governance, Risk and Compliance
GRC-02Cloud & AI Related

Risk Management Program

Specification

Establish and maintain a formal, documented, and leadership-sponsored AI Risk Management (AIRM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of risks.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Team and expertise

Development

Guardrails

Evaluation

Validation/Red Teaming, Evaluation

Deployment

Orchestration, AI Services supply chain

Delivery

Continuous monitoring, Continuous improvement, Operations, Maintenance

Retirement

Data deletion

Ownership / SSRM

PI

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Owned by the Orchestrated Service Provider (OSP)

The Orchestrated Service Provider (OSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The OSP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the OSP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The OSP is accountable for ensuring that its providers upstream (e.g MPs) implement the control as it relates to the service/product the develop and offered by the OSP. This refers to entities that create the technical building blocks and management tools that enable AI implementation. This can include platforms, frameworks, and tools that facilitate the integration, deployment, and management of AI models within enterprise workflows. These providers focus on model orchestration and offer services like API access, automated scaling, prompt management, workflow automation, monitoring, and governance rather than end-user functionality or raw infrastructure. They help businesses implement AI in a structured and efficient manner. Examples: AWS, Azure, GCP, OpenAI, Anthropic, LangChain (for AI workflow orchestration), Anyscale (Ray for distributed AI workloads), Databricks (MLflow), IBM Watson Orchestrate, and developer platforms like Google AI Studio.

Application

Owned by the Customer (AIC)

The Customer (AIC) is responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies services or products they consume.

Implementation guidelines

[Application Provider/Orchestrated Service Provider/AI Customer] 
1. Establish AI Risk Ownership: Define clear ownership for AI-related risks within your organization, ensuring alignment with the provider's risk management strategies. 

2. Validate AI Model Usage: Identify key risks (e.g., data privacy, potential biases) in the AI solutions consumed and work with the provider to implement safeguards. 

3. Integrate AI Into ERM Processes: Incorporate AI-specific risk categories, such as accuracy, fairness, and explainability, into your existing ERM and governance frameworks. 

4. Conduct Independent (from Model Provider) Evaluations: Regularly assess critical AI solutions for performance, fairness, and security issues. Request evidence of the provider's compliance with internal risk management policies. 

5. Establish Incident Response Collaboration: Collaborate with the provider to handle AI-related incidents promptly. Document shared responsibilities for remediation, including communication and escalation procedures.

Auditing guidelines

1. Program Examination
a. Verify that the organization has established a formal, documented AI Risk Management (AIRM) program that is approved and sponsored by senior leadership.
b. Confirm the AIRM program includes documented policies and procedures for identifying, evaluating, owning, treating, and accepting risks specific to CSP-operated AI infrastructure and services.

2. Program Assessment
a. Review documentation to assess whether the AIRM program addresses risks related to CSP-specific responsibilities such as model training environments, data leakage prevention, shared resource security, and customer-facing AI services.
b. Verify that risk ownership is defined and that responsibilities are assigned to accountable roles or functions within the CSP organization.

3. Program Evaluation
a. Assess whether risk treatment strategies (e.g., mitigation, transfer, acceptance) are documented and reviewed regularly in response to platform changes or emerging AI risks.
b. Confirm that the AIRM program includes processes for updating risk registers and communicating accepted risks to stakeholders.

4. Program Implementation Validation
a. Examine records of AIRM program reviews (e.g., risk register updates, leadership reviews) conducted at least annually or after significant changes to AI services.
b. Verify that identified issues or gaps in the risk management process are tracked, remediated, and closed in a timely manner.

From CCM:
1. Examine the policy and/or procedures related to the Enterprise Risk Management (ERM) program to determine whether the organization has developed a comprehensive strategy to manage risk to organizational operations and assets, and individuals.
2. Review ERM documentation, processes, and supporting evidence to confirm if the ERM program includes provisions for cloud security and privacy risk.  
3. Examine measure(s) that evaluate(s) the organization's compliance with the risk management policy and determine if the measure(s) address(es) implementation of the policy/control requirement(s) as stipulated in the policy level. 
4. Obtain and examine supporting evidence to determine if the office or individual responsible reviews the information and, if issues were identified, if they were investigated and remediated appropriately.

Standards mappings

ISO 42001No Gap
42001 6.1.1 (planning for the AI management system)
42001 6.1.2 (AI risk assessment)
42001 6.1.3 (AI risk treatment)
42001 6.1.4 (AI system impact assessment)
42001 8.2 (AI risk assessment)
42001 8.3 (AI risk treatment)
42001 8.4 (AI system impact assessment)
42001: B.5.2 (AI system impact assessment process)
42001 A.5.3 (Documentation of AI system impact assessments)
42001 A.5.4 (Assessing AI system impact on individuals or groups of individuals)
42001 B.5.3 (Documentation of AI system impact assessments)
42001 B.5.4 (Assessing AI system impact on individuals or groups of individuals)
Addendum

N/A

EU AI ActPartial Gap
Article 9
Article 15 (4)
Article 15 (5)
Article 16 (c)
Article 17 (1[g])
Article 17(1[m])
Article 27 (1)
Article 27 (3)
Addendum

Require leadership sponsorship, formal risk ownership, risk acceptance procedures, and explicit AIRM program structure.

NIST AI 600-1Partial Gap
GV-1.3-001
GV-1.3-002
MG-3.2-009
Addendum

NIST AI 600-1 does not speak to the GRC-02 topic of establishing an AI Risk Management program.

BSI AIC4Partial Gap
C4 PC-02
C5 OIS-01
OIS-06
OIS-07
SSO-02
BCM-02
Addendum

the AIC4 and the C5 don't mention any ERM Products. But some controls are very much in this direction

AI-CAIQ questions (1)

GRC-02.1

Is a formal, documented, and leadership-sponsored AI risk management (AIRM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of risks, established and maintained?