Offboarding AI assets review

  • Release version: Zurich
  • Updated June 16, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Offboarding AI assets review

    Offboarding AI assets—including AI systems, models, and datasets—is a critical process to ensure governance, risk, and compliance requirements are fully addressed before retirement. This process involves evaluating impacts, managing residual risks, preserving documentation, making data-handling decisions, and maintaining audit traceability. It combines governance reviews and technical lifecycle actions to responsibly retire AI assets while minimizing operational, legal, ethical, and safety risks.

    Show full answer Show less

    The offboarding workflow is a coordinated effort between two ServiceNow products: AI Risk and Compliance (AIRC), which handles governance reviews and documentation, and AI Control Tower (AICT), which manages technical lifecycle workflows based on governance outcomes.

    Offboarding Process and Responsibilities

    • Offboarding is initiated by AI asset owners or stewards submitting requests within AICT, triggering governance reviews in AIRC.
    • Governance activities assess the effects of retiring an AI asset on users, business processes, and downstream AI systems, ensuring updates or retirements of dependent systems.
    • Technical lifecycle actions focus on disabling access, removing dependencies, and updating AI inventory records after governance reviews are complete.
    • Governance reviews include evaluating any residual legal, ethical, safety, or compliance risks and documenting how these risks are mitigated or accepted prior to retirement.

    Role of AI Risk and Compliance (AIRC)

    • AIRC supports governance by enabling organizations to review and document risk, impact, and compliance considerations during offboarding.
    • It helps track offboarding activities at the AI system level to ensure comprehensive governance coverage.
    • The Operations tab in the AI Risk and Compliance Workspace provides visibility into AI assets and their governance status.
    • Practitioners can perform impact assessments, risk assessments, and conformity reviews to evaluate and confirm compliance with policies and regulatory requirements before asset retirement.
    • AIRC maintains historical governance records—including assessments, controls, issues, and attestations—that remain accessible after asset retirement for audit readiness.
    • Offboarding is complete only after all governance reviews are finalized, issues are resolved or accepted, and the AI asset lifecycle status is marked as retired.

    Assessment Practices During Offboarding

    • Governance reviews in AIRC are influenced by the AI asset’s risk classification, assessment status, and lifecycle state, but metadata categories do not affect assessment behavior.
    • New assessments are created if additional evaluation is required, but duplicates are avoided when active assessments exist.
    • Open governance assessments are closed or cancelled when offboarding completes, preserving all historical records for compliance and audit purposes.
    • Documentation, assessment results, and data-handling decisions are confirmed to be preserved for regulatory, audit, or investigative needs before retirement.

    Assessment Types and Governance Decisions

    • Impact Assessments: Evaluate operational, ethical, or safety impacts of retiring AI assets on users, processes, and systems.
    • Risk Assessments: Assess residual risks (legal, ethical, compliance) that might persist post-retirement and verify mitigation or acceptance of identified risks.
    • Conformity or Policy-Alignment Reviews: Confirm that AI assets meet regulatory or internal governance obligations before being offboarded.
    • AI Control Tower manages the sequencing and execution of these assessment tasks, while AI Risk and Compliance provides governance context and audit traceability.

    Offboarding AI systems, models, and datasets helps ensure that governance, risk, and compliance requirements are addressed throughout assessment, preparation, and retirement of AI assets, including impact evaluation, residual risk management, documentation preservation, data‑handling decisions, and audit traceability.

    How offboarding is handled across AI Risk and Compliance and AI Control Tower

    Offboarding AI models and datasets involves both governance activities and technical life cycle actions. These responsibilities are typically shared between AI Risk and Compliance (AIRC) and AI Control Tower (AICT), with each product addressing different aspects of the offboarding process.

    During offboarding, governance review may include assessing how retiring an AI asset affects users, business processes, and dependent systems, as well as determining whether continued use, reuse, or retirement of related models or datasets is appropriate.

    Assessments performed during offboarding are intended to confirm that governance obligations associated with the AI asset are fully addressed before retirement, rather than to introduce new ongoing monitoring or post‑retirement obligations.

    AIRC is used to perform and document governance reviews associated with offboarding, while AICT can be used to manage technical life-cycle workflows for AI assets based on governance outcomes. Offboarding is initiated when an AI asset owner [sn_ai_asset_mgmt.ai_asset_owner] or steward [sn_ai_governance_ai_steward] submits an offboarding request in AICT, which then drives governance review activities in AIRC. For more information, see Create offboarding requests for AI assets

    When an AI model or dataset is used by one or more governed AI systems, offboarding review may include evaluating downstream dependencies to help ensure that impacted systems are updated, remediated, or retired as needed before the asset is fully offboarded.

    Governance activities associated with offboarding focus on evaluating business, legal, ethical, and safety impacts, while technical life-cycle actions focus on disabling access, removing operational dependencies, and updating AI inventory records based on completed governance outcomes.

    Governance activities may also include evaluating whether legal, ethical, safety, or compliance risks remain after retirement and documenting how those residual risks are mitigated, accepted, or formally closed.

    What is completed in AI Risk and Compliance during offboarding

    AIRC supports the governance portion of AI asset offboarding. Through AIRC, organizations review and document risk, impact, and compliance considerations related to retiring AI models and datasets. When AI models or datasets are associated with a governed AI system, offboarding activities may be reviewed and tracked at the AI system level to help ensure complete governance coverage.

    You can view AI assets and their governance status on the Operations tab in the AI Risk and Compliance Workspace. For more information, see Operations tab.
    Figure 1. Operations tab
    The list page showing AI assets in an offboarding-related state in the AI Risk and Compliance workspace.

    For more information about the AI governance life cycle and how offboarding fits into the broader AI asset life cycle, see AI governance life cycle and AI asset lifecycle.

    In AIRC, practitioners can perform activities such as reviewing regulatory risk classifications, completing or updating impact assessments, and conducting conformity or policy-alignment reviews as part of the AI life cycle.

    For more information, see Perform impact assessment on an AI use case and Initiate risk assessment on AI asset.

    AIRC maintains governance records related to AI assets, including assessments, controls, issues, and attestations. These records remain available after an AI asset is retired, supporting audit readiness and historical traceability.

    Risks and issues identified during offboarding review can be tracked and formally closed in AIRC, helping ensure that governance concerns are addressed before an AI asset is retired.

    Offboarding is considered complete when required governance reviews are finished, related issues are resolved or formally accepted, and the AI asset life-cycle status is updated to retired.

    For more information about resolving governance issues before asset retirement, see Remediate an issue in AI Risk and Compliance.

    Assessment behavior during offboarding

    During offboarding, governance activities in AI Risk and Compliance are driven by risk classification, assessment status, and life-cycle state. AI system or model categories selected during intake (for example, Agentic or Generative) are captured as descriptive metadata only and don’t change assessment creation, scoring, or life-cycle behavior.

    Impact or risk assessments may be created during offboarding when governance review determines that additional evaluation is required based on the asset’s risk classification and existing assessment coverage. If an active assessment of the same type already exists, a duplicate assessment isn’t created.

    When offboarding is completed and the AI asset life-cycle state is updated to retired, any remaining open governance assessments associated with the asset are closed or cancelled according to configured governance rules. Historical records remain available for audit and traceability.

    Offboarding review may also confirm that documentation, assessment results, and data‑handling decisions required for regulatory, audit, or investigative purposes are preserved before the AI asset is retired.

    Assessment guidance during AI asset offboarding

    During offboarding, organizations may use different types of assessments in AI Risk and Compliance to support governance decisions related to retiring AI systems, models, or datasets. The specific assessments considered depend on the asset’s risk classification, usage context, and existing governance coverage.

    Impact assessments are commonly used when offboarding decisions require evaluating how retiring an AI asset affects users, business processes, downstream systems, or decision‑making workflows. These assessments help determine whether retirement introduces operational, ethical, or safety impacts that must be addressed before the asset is retired.

    Risk assessments may be used during offboarding to evaluate residual risks associated with an AI asset, including legal, ethical, or compliance risks that may persist after operational use ends. Risk assessments can also be used to confirm that previously identified risks are adequately mitigated, accepted, or formally closed prior to retirement.

    Conformity or policy‑alignment reviews may be performed for AI assets subject to regulatory or internal governance requirements to confirm that applicable obligations have been satisfied before offboarding is finalized.

    The creation and sequencing of offboarding‑related assessment tasks are managed through AI Control Tower, while AI Risk and Compliance provides the governance context, assessment records, and audit traceability needed to support offboarding decisions.

    For more information about performing specific assessment types, see Perform impact assessment on an AI use case, Perform risk assessments on AI systems, Initiate risk assessment on AI asset, and Initiate risk assessment on AI asset's risks.