Cyber & IT Supervisory Forum - Additional Resources

Manage 4.3 Incidents and errors are communicated to relevant AI actors including affected communities. Processes for tracking, responding to, and recovering from incidents and errors are followed and documented. Regularly documenting an accurate and transparent account of identified and reported errors can enhance AI risk management activities., Examples include: About how errors were identified, incidents related to the error, whether the error has been repaired, and how repairs can be distributed to all impacted stakeholders and users. Suggested Actions Establish procedures to regularly share information about errors, incidents and negative impacts with relevant stakeholders, operators, practitioners and users, and impacted parties. Maintain a database of reported errors, near-misses, incidents and negative impacts including date reported, number of reports, assessment of impact and severity, and responses. Maintain a database of system changes, reason for change, and details of how the change was made, tested and deployed. Maintain version history information and metadata to enable continuous improvement processes. Verify that relevant AI actors responsible for identifying complex or emergent risks are properly resourced and empowered. Transparency & Documentation What corrective actions has the entity taken to enhance the quality, accuracy, reliability, and representativeness of the data? To what extent does the entity communicate its AI strategic goals and objectives to the community of stakeholders? How easily accessible and current is the information available to external stakeholders? Organizations can document the following:

204