Free Resource
AI Governance Checklist
A comprehensive checklist to assess your organization's AI governance maturity and identify gaps in your enterprise AI controls.
Checklist Preview
This checklist covers key areas of AI governance aligned with NIST AI RMF, ISO/IEC 42001, and industry best practices.
AI Governance Foundation
- AI governance council or committee established
- Clear roles and responsibilities (RACI) defined
- AI policy framework documented (acceptable use, data handling)
- Model lifecycle governance process in place
Risk Management (NIST AI RMF)
- AI risk taxonomy defined (harm, privacy, security, legal, operational)
- Risk tiering system (low/medium/high) implemented
- Controls mapped to NIST AI RMF functions (Govern, Map, Measure, Manage)
- Regular risk assessments conducted
Security Controls
- Prompt injection defenses implemented
- Output filtering and validation in place
- RAG security with access controls configured
- Monitoring for attacks and anomalies active
Compliance & Audit
- Model inventory and AI system cards maintained
- Audit evidence collection automated
- Documentation packages ready for review
- Regulatory requirements mapped (EU AI Act, etc.)
Operations & Monitoring
- LLMOps/MLOps pipelines established
- Drift detection and quality monitoring active
- Incident response runbooks documented
- FinOps controls for AI usage in place