Paper provides comprehensive, industry-neutral guidelines and best practices for various stakeholders, from CISOs and AI developers to business leaders and policymakers
SEATTLE – Oct. 22, 2024 – Driven by the need to address the evolving landscape of Artificial Intelligence (AI) and its associated risks and ethical considerations, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, has released a new report, AI Organizational Responsibilities - Governance, Risk Management, Compliance, and Cultural Aspects. The second in a series focused on delineating organizational responsibilities for AI, the report offers a detailed approach to managing AI-related risks, adhering to regulatory requirements, and maintaining ethical standards all while leveraging AI technologies.
Drafted by CSA’s AI Organizational Responsibilities Working Group, the paper builds on the foundational document AI Organizational Responsibilities - Core Security Responsibilities — which focuses on data security, model security, and vulnerability management — and provides a comprehensive framework for integrating AI within organizational structures with an emphasis on governance, risk management, and cultural aspects.
“The true potential of AI can only be realized when governance, risk management, and culture are integrated into its deployment. These elements ensure responsible innovation, mitigate unintended consequences, and promote an AI ecosystem that is not only efficient but also ethical and inclusive. It's our hope that the framework provided in this paper will guide enterprises toward responsible and secure AI development and deployment,” said Ken Huang, co-chair of the AI Organizational Responsibilities Working Group and a lead author of the paper.
Structured into four main areas of responsibility — risk management, governance and compliance, safety culture and training, and shadow AI prevention — each section is further analyzed across six cross-cutting areas of concern to ensure that organizations can comprehensively assess, implement, and manage their AI initiatives while addressing key aspects such as accountability, implementation strategies, monitoring, access control, and regulatory compliance.
Future papers in the series will tackle additional AI challenges as organizations adopt and implement AI applications, supply chain integrity, and mitigation of misuses.
Download AI Organizational Responsibilities - Governance, Risk Management, Compliance, and Cultural Aspects.
The AI Organizational Responsibilities Working Group is committed to pioneering and setting industry standards for the definition of roles and responsibilities within security teams, specifically adapted to the emerging challenges and opportunities presented by AI technologies. It aims to identify the shifts in tasks and knowledge bases that are imperative for various security sub-teams, such as product security and detection and response teams, in the age of AI. Individuals interested in becoming involved in future research and initiatives are invited to join the working group.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
Media Contacts
Kristina Rundquist
ZAG Communications for the CSA
[email protected]