myctrl.tools
Compare

A001Establish input data policy

>Control Description

Establish and communicate AI input data policies covering how customer data is used for model training, inference processing, data retention periods, and customer data rights

Application

Mandatory

Frequency

Every 12 months

Capabilities

Universal

>Controls & Evidence (3)

Legal Policies

A001.1
Documentation: Policy for input data ownership, usage and retention

Core - This should include:

- Defining and communicating input data usage policies. Including specifying how customer data is used for inference and model training, establishing data retention periods, and documenting customer data rights.

Typical evidence: Typically demonstrated by Terms of Service, Privacy Policy or Data Processing Agreement
Location: Terms of Service, Privacy Policy, DPA
A001.3
Documentation: Data subject right processes

Supplemental - This may include:

- Documenting processes for handling end-user data subject rights. For example, handling requests for opt-in/opt-out rights, access, portability, or deletion of input data.

Typical evidence: May be included in DPA, GDPR appendix, External Privacy Policy or similar internal or external policies documenting processes for data handling
Location: Data Processing Agreement, Privacy Policy

Technical Implementation

A001.2
Config: Data retention implementation

Core - This should include:

- Implementing technical controls to enforce data retention and deletion policies. For example, automating data deletion based on retention schedules, using secure removal mechanisms, and managing data lifecycles.

Typical evidence: Screenshot of automated deletion implementation or data lifecycle system - may include cron job or scheduled task deleting expired data, deletion script in Python/Bash with retention period logic, data lifecycle management tool configuration (e.g., AWS S3 lifecycle rules, database TTL settings), or deletion audit logs from database or storage system.
Location: Engineering Code, Engineering Practice

>Cross-Framework Mappings

NIST AI RMF

GOVERN-6.1
MAP-2.1
MAP-2.3

Ask AI

Configure your API key to use AI features.