Service Bill of Material (BOM)
Specification
Define, implement, and enforce a process for establishing a Bill of Material for the service supply chain. Review and update the Bill of Material at least annually or upon significant changes.
Threat coverage
Architectural relevance
Lifecycle
Resource provisioning
Design, Guardrails
Evaluation, Validation/Red Teaming
Orchestration, AI Services supply chain
Operations, Maintenance, Continuous monitoring, Continuous improvement
Archiving, Data deletion, Model disposal
Ownership / SSRM
PI
Owned by the Customer (AIC)
The Customer (AIC) is responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies services or products they consume.
Model
Owned by the Model Provider (MP)
The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.
Orchestrated
Owned by the Orchestrated Service Provider (OSP)
The Orchestrated Service Provider (OSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The OSP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the OSP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The OSP is accountable for ensuring that its providers upstream (e.g MPs) implement the control as it relates to the service/product the develop and offered by the OSP. This refers to entities that create the technical building blocks and management tools that enable AI implementation. This can include platforms, frameworks, and tools that facilitate the integration, deployment, and management of AI models within enterprise workflows. These providers focus on model orchestration and offer services like API access, automated scaling, prompt management, workflow automation, monitoring, and governance rather than end-user functionality or raw infrastructure. They help businesses implement AI in a structured and efficient manner. Examples: AWS, Azure, GCP, OpenAI, Anthropic, LangChain (for AI workflow orchestration), Anyscale (Ray for distributed AI workloads), Databricks (MLflow), IBM Watson Orchestrate, and developer platforms like Google AI Studio.
Application
Owned by the Customer (AIC)
The Customer (AIC) is responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies services or products they consume.
Implementation guidelines
Auditing guidelines
1. Verify the cloud service provider (CSP) has a documented SBoM process, with regular reviews triggered by infrastructure or security changes. 2. Check that the SBoM defines all key components, including APIs, versions, scaling, dependencies, security controls, and risk classifications with relevant metadata. 3. Ensure the SBoM includes both cloud and AI-specific elements, such as compute, networking, model endpoints, and monitoring. 4. Confirm the SBoM is securely stored with role-based access for authorized stakeholders, including cloud security teams. 5. Verify timely SBoM updates after changes, with documented impact assessments reviewed by cloud security providers. 6. Check that SBoM details are clearly communicated, including service capabilities, SLAs, limitations, and integration protocols, with validated security disclosures.
Standards mappings
42001: D.2 - Integration of AI management system with other management system standards 42001: B.10.3 - Suppliers 27001: A.5.20 - Addressing information security within supplier agreements 27001: A.5.22 - Monitoring review and change management of supplier services
Addendum
The ISO 42001 nor 27001 speak specifically to the STA-09 topic of creating "Service Bill of Material" and the information required of such. No clear direction for: Requiring a Bill of Materials, Governing how it is maintained, and defining how frequently it must be updated.
Article 11 Article 13 Article 25 Article 51 Article 52
Addendum
There is currently no formal definition of a Bill of Material (BoM), obligation for mandatory BoM creation process, enforcement mechanisms for a BoM process, lifecycle review/update requirement, visibility of all subcomponents or third-party software/services, or inclusion of a component inventory or BoM.
GV-6.1-005
Addendum
N/A
BC-01 DM-03 PF-05 PF-10 EX-01
Addendum
Include reference for a specific BOM Standard.
AI-CAIQ questions (1)
Are processes defined, implemented, enforced, and evaluated for establishing a Bill of Material for the entire AI service supply chain, including the model, orchestrated services, and AI applications?