GRN 2.2 - AI Risk Management Training

NIST AI RMF (in the playbook companion) states:

GOVERN 2.2

The organization’s personnel and partners are provided AI risk management training to enable them to perform their duties and responsibilities consistent with related policies, procedures, and agreements.

About

Through regular training, AI actors should maintain awareness of:

  • AI risk management goals and their role in achieving them.

  • Organizational policies, applicable laws and regulations, and industry best practices and norms.

Actions
  • Establish policies for personnel addressing ongoing education about:

    • Applicable laws and regulations for AI systems.

    • Negative impacts that may arise from AI systems.

    • Organizational AI policies.

    • Trustworthy AI characteristics.

  • Verify that organizational AI policies include mechanisms for internal AI personnel to acknowledge and commit to their roles and responsibilities.

  • Verify that organizational policies address change management and include mechanisms to communicate and acknowledge substantial AI system changes.

  • Define paths along internal and external chains of accountability to escalate risk concerns.

Transparency and Documentation

Organizations can document the following:

  • Are the relevant staff dealing with AI systems properly trained to interpret AI model output and decisions as well as to detect and manage bias in data?

  • How does the entity determine the necessary skills and experience needed to design, develop, deploy, assess, and monitor the AI system?

  • How does the entity assess whether personnel have the necessary skills, training, resources, and domain knowledge to fulfill their assigned responsibilities?

  • What efforts has the entity undertaken to recruit, develop, and retain a workforce with backgrounds, experience, and perspectives that reflect the community impacted by the AI system?

Last updated