myctrl.tools
Compare

E017Document system transparency policy

>Control Description

Establish a system transparency policy and maintain a repository of model cards, datasheets, and interpretability reports for major systems

Application

Optional

Frequency

Every 12 months

Capabilities

Universal

>Controls & Evidence (3)

Legal Policies

E017.1
Documentation: Transparency policy

Core - This should include:

- Establishing a transparency policy defining documentation requirements for major AI systems. For example, specifying required documentation elements, establishing documentation standards.

Typical evidence: Policy document defining transparency documentation requirements - may include criteria for systems requiring documentation, required documentation elements (capabilities, limitations, use cases, risks), or documentation standards and templates.
Location: Internal policies

Technical Implementation

E017.2
Documentation: Model cards and system documentation

Core - This should include:

- Creating transparency documentation for major AI systems. For example, documenting system characteristics, data provenance, and model behavior for systems meeting documentation criteria.

Typical evidence: Transparency documentation artifacts - may include model card (PDF, Markdown, web page) with system capabilities/limitations/intended use, datasheet showing training data sources and characteristics, interpretability report with example inputs/outputs and decision explanations, technical documentation describing model architecture and performance metrics, or an AI Bill of Materials (may follow CycloneDX or SPDX 3.0)
Location: Engineering Code

Operational Practices

E017.3
Documentation: Transparency report sharing policy

Supplemental - This may include:

- Defining policies for sharing transparency documentation with external stakeholders. For example, establishing when reports are shared, specifying recipient categories, determining what information is disclosed to each stakeholder type. - Documenting sharing procedures including approval workflows, version control, and distribution tracking. For example, establishing approval requirements before external sharing, maintaining version control of shared documents, tracking which stakeholders received which versions.

Typical evidence: Policy document defining transparency sharing practices - may include sharing triggers, recipient categories with disclosure levels (regulators, customers, affected parties, public), or matrix mapping stakeholder types to shared documentation (model cards, datasheets, performance reports, incident summaries).
Location: Internal processes, Internal policies

>Cross-Framework Mappings

NIST AI RMF

GOVERN-1.4
GOVERN-4.1
MAP-3.4

Ask AI

Configure your API key to use AI features.