This checklist assesses the organization's AI literacy programs, specialized training, and awareness initiatives for stakeholders based on ISO 42001, CIS Controls, and NIST CSF frameworks.
| Organization Name: | Assessment Date: | ||
|---|---|---|---|
| Assessor Name: | Assessment Type: | Pre-Engagement / Post-Engagement |
| Status | Description |
|---|---|
| Compliant | The organization fully meets the requirements of the control. |
| Partially Compliant | The organization partially meets the requirements of the control. |
| Non-Compliant | The organization does not meet the requirements of the control. |
| Not Applicable | The control is not applicable to the organization's environment. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| LIT-7.1 | The organization has developed and implemented an AI literacy program that provides foundational knowledge about AI concepts, capabilities, limitations, and risks to all relevant stakeholders. |
Develop and implement an AI literacy program that provides foundational knowledge about AI concepts, capabilities, limitations, and risks to all relevant stakeholders. Ensure the program is tailored to different stakeholder groups and their specific needs. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| LIT-7.2 | The organization provides specialized training for key roles involved in AI governance, development, deployment, and use, including technical, ethical, and compliance aspects. |
Provide specialized training for key roles involved in AI governance, development, deployment, and use, including technical, ethical, and compliance aspects. Develop role-specific training curricula for positions such as CAISO, AIGC, AI developers, and business users. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| LIT-7.3 | The organization has implemented awareness initiatives that educate stakeholders about AI-specific risks, security threats, and compliance requirements. |
Implement awareness initiatives that educate stakeholders about AI-specific risks, security threats, and compliance requirements. Develop regular communications, workshops, and awareness campaigns focused on AI risks and security best practices. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| LIT-7.4 | The organization has established processes to evaluate and verify AI competencies for key roles, including knowledge assessments, certifications, and practical evaluations. |
Establish processes to evaluate and verify AI competencies for key roles, including knowledge assessments, certifications, and practical evaluations. Develop competency frameworks and assessment tools for different AI-related roles. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| LIT-7.5 | The organization maintains comprehensive documentation of AI training activities, including content, attendance, completion status, and effectiveness metrics. |
Maintain comprehensive documentation of AI training activities, including content, attendance, completion status, and effectiveness metrics. Implement a learning management system or other tracking mechanism for AI training activities. |
| Control ID | Control Description | Compliance Status | Evidence | Remediation |
|---|---|---|---|---|
| LIT-7.6 | The organization has implemented continuous education programs that keep stakeholders updated on evolving AI technologies, risks, regulations, and best practices. |
Implement continuous education programs that keep stakeholders updated on evolving AI technologies, risks, regulations, and best practices. Establish a regular cadence of updates, refresher courses, and advanced training opportunities. |
| Total Controls | Compliant | Partially Compliant | Non-Compliant | Not Applicable | Compliance Score |
|---|---|---|---|---|---|
| 6 | 0 | 0 | 0 | 0 | 0% |
| Assessor Signature: | Date: | ||
|---|---|---|---|
| Client Signature: | Date: |