Cyber & IT Supervisory Forum - Additional Resources

GOVERN 2.2 The organization’s personnel and partners receive AI risk management training to enable them to perform their duties and responsibilities consistent with related policies, procedures, and agreements. About To enhance AI risk management adoption and effectiveness, organizations are encouraged to identify and integrate appropriate training curricula into enterprise learning requirements. Through regular training, AI actors can maintain awareness of: AI risk management goals and their role in achieving them. Organizational policies, applicable laws and regulations, and industry best practices and norms. Suggested Actions Establish policies for personnel addressing ongoing education about: Applicable laws and regulations for AI systems. Potential negative impacts that may arise from AI systems. Organizational AI policies. Trustworthy AI characteristics. Ensure that trainings are suitable across AI actor sub-groups - for AI actors carrying out technical tasks (e.g., developers, operators, etc.) as compared to AI actors in oversight roles (e.g., legal, compliance, audit, etc.). Ensure that trainings comprehensively address technical and socio technical aspects of AI risk management. Verify that organizational AI policies include mechanisms for internal AI personnel to acknowledge and commit to their roles and responsibilities. Verify that organizational policies address change management and include mechanisms to communicate and acknowledge substantial AI system changes. Define paths along internal and external chains of accountability to escalate risk concerns. See MAP 3.4 and 3.5 for additional relevant information.

21