Xanadu |
No updates for this release. |
Yokohama |
- AI asset lifecycle management
- Manage the complete life-cycle of AI assets, from selecting appropriate AI systems to developing, deploying, and monitoring AI models and datasets. This feature helps maintain a centralized inventory, confirms consistent
governance practices, and improves traceability and oversight across all stages of AI development and usage.
- Perform impact assessment on an AI use case
- Perform impact assessments to identify how AI systems, models, and datasets affect fundamental rights. This feature detects potential risks, such as copyright issues, algorithmic bias, privacy breaches, misinformation, and
surveillance concerns, to support better oversight and risk management.
- AI asset inventory risk management
- Identify individual and specific risks associated with AI assets, such as AI systems, models, and datasets. Perform risk assessments on each identified risk separately.
- AI case management
- Manage and track cases or incidents related to AI use cases across the organization. This feature provides a structured approach to documenting, investigating, and resolving AI-related issues and cases, supporting consistent
oversight and accountability.
- AI framework content pack
- Use the default AI framework content pack to prepare a compliance-ready inventory of AI assets. The content pack provides mappings to key AI regulations and standards, such as the European Union AI Act and the National
Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF). This feature helps organizations to align AI governance activities with regulatory requirements.
- AI Risk and Compliance workspace
- See a comprehensive overview of all your AI inventory-related information in the AI Risk and Compliance workspace. The AI Risk and Compliance workspace enables you to:
- Identify the risk classification of AI asset inventory.
- Identify the compliant and noncompliant controls for authority documents and policies.
- View AI systems based on state and department.
- View the AI assessments and risk assessments information.
- View information related to the control attestation, indicators, AI issues, AI cases, and policy exceptions.
- Generate report to help leaders identify, assess, and mitigate risks.
- 360° Relationship Visualization of AI assets
- Explore the relationships between critical AI assets that impact your business, including controls, risks, and issues.
- Collaborate with internal users
- Collaborate with internal users by starting chats focused on the ethical, transparency, and accountability aspects of AI assets. Use discussions to document considerations, share feedback, and drive informed decision-making
throughout the AI asset life-cycle.
- Roles installed
- The following roles related to AI Risk and Compliance for managing AI systems across the enterprise were added:
- AI Risk and Compliance Admin [sn_grc_ai_gov.ai_risk_and_compliance_admin]: Configure AI Risk and Compliance and delete AI systems.
- AI Risk and Compliance Manager [sn_grc_ai_gov.ai_risk_and_compliance_manager]: Initiate impact assessment, risk assessment, and control attestations. Manage the life cycle of the AI system.
- AI Risk and Compliance Analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst]: Initiate impact assessment, risk assessment, and control attestations. Manage the life cycle of the AI system.
Note: AI Risk and Compliance
Analyst can perform these actions only on the records assigned to them.
- AI Risk and Compliance User [sn_grc_ai_gov.ai_risk_and_compliance_business_user]: Create an AI case on the Employee Center and work on the assigned tasks. Perform control attestations.
- AI Risk and Compliance Reader [sn_grc_ai_gov.ai_risk_and_compliance_reader]: Read the AI systems and AI impact assessments.
|
Zurich |
- Assess multiple risks and controls for AI assets simultaneously
- Create a risk assessment project to perform bulk assessments on multiple risks for an AI asset, enabling assessors to evaluate them in a single project. This approach reduces time and effort, confirms consistency across
multiple assessments, and provides a more comprehensive view of risks and controls within the same project. You can scope multiple risks related to the assessable entity within the project and perform assessments.
AI Risk and Compliance team can determine inherent risks, control effectiveness, residual risks, and target risks in the risk assessment project. They can also reassess completed assessments or reassign
in-progress assessment projects to another assessor.
- AI asset data segregation with entity based access
- Enhance data segregation and security to ensure that only authorized users can access sensitive AI Risk and Compliance data while maintaining visibility into core entities. AI Risk and Compliance managers can control access risks, controls, related entities, issues, indicators, AI asset tasks, risk assessments, attestations, and AI assets data through entity-based access.
Entities themselves stay visible to all users, while visibility of linked records is limited to authorized users.
- AI Risk and Compliance content accelerator
- Use the AI Risk and Compliance content accelerator icon on the AI Risk and Compliance workspace to activate the pre-configured content packs. Content Accelerator includes regulatory packs such as the EU Artificial Intelligence Act and NIST AI Risk Management Framework,
offering citations, control objectives, and risk statements. The unified content hub helps to streamline scoping, reduce manual navigation between frameworks, and promote consistent use of regulatory content accelerator packs.
This feature supports AI Risk and Compliance team in meeting relevant business requirements, maintaining team consistency, and speeding up the activation and management of global regulatory frameworks.
- Automatic AI case and inquiry creation from email
- Report AI cases or raise AI inquiries by sending an email to a dedicated email address. Your email automatically creates a new AI Case or AI Inquiry record in the system. This feature remove manual work and scattered
reporting methods, ensuring every case or inquiry is automatically captured, categorized, and tracked.
- 360° AI asset view
- Use the 360° AI asset view in the AI Control Tower to explore the relationship between your AI assets and all its associated records in a distinctive visualization. This visualization provides valuable insights into how these objects interact
and relate to each other within the AI asset. You can view related records such as, datasets, AI model, risks, controls, and assessments.
- AI asset offboarding workflow
- Manage AI asset changes and retirements through structured workflows that ensure compliance and reduce operational risk. Track and approve modifications to models, datasets, and systems while automatically identifying
impacts on dependent assets. Initiate formal offboarding processes that remove access, close documentation, and update related controls when retiring underperforming or deprecated AI assets. Maintain complete audit trails
integrated with your policy and risk frameworks to demonstrate governance continuity during lifecycle transitions.
- Deliver system-level AI risk score aggregation and visualization
- Aggregate AI system-level risk scores by integrating heatmaps and residual risk score widgets directly within your AI asset overview records. These visual tools help you to see the cumulative risk exposure and track the
residual risks across the entire AI asset inventory. With this feature, you get clear, data-driven insights into the overall AI system risk posture.
- Enable AI risk and compliance views with updated content packs
- Get the dedicated AI risk and compliance views for your AI models and dataset records. With these views, you get a structured and comprehensive overview of the related risks, controls, and compliance obligations, including
the refreshed content packs that feature the updated assessment questionnaires and templates that align with the latest governance frameworks and regulatory standards. Your organization can perform accurate and timely risk
assessments while maintaining compliance with evolving AI governance requirements.
- Implement robust access control and AI asset management capabilities
- Apply role-based access controls across AI assets and dashboards to ensure that data access is based on user roles. You can enable employees to request access to AI assets through a governed process and enforce consistent
tracking of life-cycle states (such as development, deployment, monitoring, and retirement) across all AI assets.
- Use the AI cases tab to monitor and manage AI case activity
- Gain a centralized overview of all your AI asset cases and inquiries by using the AI cases tab in the AI Risk and Compliance workspace. On this tab, you see a list of records that include the case details such as the status, priority, owner, and timeline of your AI cases. You can monitor the progression of a
case, stay informed about ongoing investigations, follow up on pending actions, and ensure timely resolutions. On the tab, you can also find filtering and sorting options that help you to prioritize cases that require
immediate attention.
- Filter the risk heatmap by Risk Assessment Methodology for targeted risk analysis
- Apply the Risk Assessment Methodology filter to customize the display of the risk heatmap that is based on the specific risk evaluation frameworks from the AI risk and compliance home page. You can segment and analyze the AI
risks according to the risk assessment models that your organization adopts, such as the internal standards, regulatory frameworks, or industry benchmarks, so that you can understand how different risk factors are identified,
scored, and distributed.
- Group control attestations
- Group control attestations by such predefined criteria as the control objectives, frameworks, or assessment cycles so that you can more efficiently manage and review attestations, reduce redundancy, and improve your
visibility into the compliance status across related controls for the AI Risk and Compliance team.
- Scan and analyze updates from global regulators
- Enable the AI Risk and Compliance team to scan and interpret regulatory updates that are issued by global authorities. Your organization can stay informed about emerging compliance requirements, assess their potential
impact, and take timely action.
- Manage reporting compliance posture insights on key regulations or policies
- Control the reporting of compliance posture insights that are related to key regulations and internal policies by using a setting to determine which insights are shared, their level of detail, and the reporting cadence. Your
organization can align reporting outputs with regulatory obligations and internal governance requirements.
|
Australia |
- Risk‑based classification during intake
- After upgrading to version 22.0.3, if you have the AI risk and compliance business user [sn_grc_ai_gov.ai_risk_and_compliance_business_user] role, you can now classify AI systems using a risk‑based approach at intake,
enabling organizations to capture AI risk context early and align governance workflows with regulatory and internal risk requirements. This improvement to the AI use case request form supports more accurate AI oversight
throughout the system life cycle.
- Report an AI case anonymously
- After upgrading to version 22.0.3, if you have the AI case business user [sn_ai_case_mgmt.ai_case_business_user] role, you can navigate to the Employee Center to access the Anonymous Reporting Center and submit AI cases anonymously, enabling broader participation in AI governance while protecting the identity of reporters. No additional role is
required to submit an anonymous report directly through the Anonymous Reporting Center. Broader participation helps organizations identify potential AI risks earlier by removing barriers to case submission.
- Offboard AI models and datasets
- After upgrading to version 22.0.3, if you have the AI risk and compliance analyst [sn_grc_ai_gov.ai_risk_and_compliance_analyst] or AI risk and compliance manager [sn_grc_ai_gov.ai_risk_and_compliance_manager] role you can
manage AI asset offboarding life cycle tasks. Managing these tasks helps ensure that governance‑related activities, such as risk and impact assessments, conformity reviews, issue closure, and audit documentation, are addressed
when an AI asset is retired or removed from active use.
|