ProcedureReady to Usev2.0
AI Risk Management Procedure
Comprehensive risk management procedure covering identification, assessment, mitigation, and monitoring of AI-related risks per Article 9 requirements. Includes GPAI risk assessment and third-party AI risk management.
45 min
Read Time
Advanced
Level
Topics:Risk identificationRisk assessmentMitigation strategiesResidual riskGPAI riskThird-party AI risk
PROC-AI-RM-001
AI Risk Management Procedure
STD-AI-002: AI Risk Management Standard
Controls Covered
RM-001RM-002RM-003RM-004RM-005RM-006RM-007RM-008RM-009RM-010RM-011RM-012RM-013RM-014
Effective Date
[To be filled]
Next Review
[To be filled]
Purpose & Scope
Purpose
This procedure establishes the step-by-step process for implementing a continuous, iterative AI risk management system that identifies, assesses, treats, and monitors risks throughout the AI system lifecycle in compliance with EU AI Act Article 9 and ISO/IEC 42001.
Applies To
- All AI systems classified as high-risk per AI System Classification Standard (STD-AI-001)
- All AI systems that process personal data
- All AI systems used in critical decision-making
- All AI system development, deployment, and operation activities
Does Not Apply To
- Minimal-risk AI systems (unless specifically requested)
- Third-party AI systems (covered by AI Vendor Management Procedure (PROC-AI-VENDOR-001))
AI RISK MANAGEMENT SYSTEM FRAMEWORK
1
GOVERNANCE & OVERSIGHT
AI Governance Committee
Risk Management Policy
Risk Appetite & Tolerance
2
RISK IDENTIFICATION & ASSESSMENT
Risk Identification Process
Risk Analysis & Scoring
Bias & Discrimination Assessment
Risk Register Maintenance
3
RISK TREATMENT & CONTROL
Risk Treatment Strategy Selection
Control Design & Implementation
Residual Risk Assessment
Risk Acceptance & Approval
4
RISK MONITORING & REVIEW
Continuous Risk Monitoring
Periodic Risk Reviews
Incident Risk Assessment
Escalation & Response
5
CONTINUOUS IMPROVEMENT
Lessons Learned Process
Framework Effectiveness Review
Framework Updates
19
Procedure Steps
6
Roles Defined