This checklist assesses the organization's AI-specific incident response procedures, recovery capabilities, and business continuity planning based on ISO 42001, CIS Controls, and NIST CSF frameworks.
| Organization Name: | Assessment Date: | ||
|---|---|---|---|
| Assessor Name: | Assessment Type: | Pre-Engagement / Post-Engagement |
| Status | Description |
|---|---|
| Compliant | The organization fully meets the requirements of the control. |
| Partially Compliant | The organization partially meets the requirements of the control. |
| Non-Compliant | The organization does not meet the requirements of the control. |
| Not Applicable | The control is not applicable to the organization's environment. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| IR-5.1 | The organization has developed and implemented AI-specific incident response procedures that address unique AI failure modes, security incidents, and ethical breaches. |
Develop and implement AI-specific incident response procedures that address unique AI failure modes, security incidents, and ethical breaches. Include playbooks for different types of AI incidents and ensure they are integrated with the organization's overall incident response plan. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| IR-5.2 | The organization has implemented and tested AI system rollback capabilities, including version control, configuration backups, and deployment automation. |
Implement and test AI system rollback capabilities, including version control, configuration backups, and deployment automation. Conduct regular rollback tests to ensure capabilities function as expected during incidents. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| IR-5.3 | The organization has established comprehensive backup procedures for AI assets, including models, training data, and configurations, with regular testing of restoration processes. |
Establish comprehensive backup procedures for AI assets, including models, training data, and configurations, with regular testing of restoration processes. Implement automated backup solutions and ensure they are properly secured. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| IR-5.4 | The organization has developed and tested a business continuity plan that addresses AI system failures, including alternative processes and recovery time objectives. |
Develop and test a business continuity plan that addresses AI system failures, including alternative processes and recovery time objectives. Ensure the plan includes manual fallback procedures for critical AI-dependent processes. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| IR-5.5 | The organization has implemented post-incident analysis processes for AI-related incidents, including root cause analysis, impact assessment, and improvement recommendations. |
Implement post-incident analysis processes for AI-related incidents, including root cause analysis, impact assessment, and improvement recommendations. Establish a structured methodology for analyzing AI incidents and tracking remediation actions. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| IR-5.6 | The organization provides specialized training for incident response team members on AI-specific incident scenarios, including technical, ethical, and reputational aspects. |
Provide specialized training for incident response team members on AI-specific incident scenarios, including technical, ethical, and reputational aspects. Conduct regular tabletop exercises and simulations for AI incident scenarios. |
| Total Controls | Compliant | Partially Compliant | Non-Compliant | Not Applicable | Compliance Score |
|---|---|---|---|---|---|
| 6 | 0 | 0 | 0 | 0 | 0% |
| Assessor Signature: | Date: | ||
|---|---|---|---|
| Client Signature: | Date: |