Loading...
Taking longer than expected.
Reload the pageTaking longer than expected.
Reload the pagePage 3 of 6
A CISO-grade implementation playbook for EDPB Opinion 28/2024. Covers anonymity tests, legitimate interest assessments, Article 6 lawful bases, DPIAs, and the model-training vs deployment split for LLM systems.
An engineering-grade AIBOM playbook covering NTIA SBOM minimum elements adapted for AI, SPDX 3.0 AI profile fields, CycloneDX 1.6 ML-BOM components, EO 14110 reporting obligations, and how to generate one in CI.
An auditor-grade mapping of AICPA Trust Services Criteria to LLM systems. Covers CC6 logical access for inference endpoints, CC7 incident management for prompt injection and drift, A1 inference availability, PI1 output integrity, and P1-P8 privacy of training data.
A clinical-AI playbook covering PHI in retrieval-augmented generation, de-identification for embeddings, BAA requirements for LLM vendors, Section 1557 clinical decision support, and FDA SaMD classification for clinical LLMs.
A 2026 comparison of open-weight LLMs (Llama, Mistral, DeepSeek, Qwen, Gemma) against proprietary models (GPT, Claude, Gemini) on data residency, fine-tuning rights, audit access, and licence terms.
A practical AI incident response runbook mapping prompt injection, output toxicity, DLP breaches, and model supply-chain compromise to NIST SP 800-61r2 and the NIST AI 600-1 GAI Profile.
A regulator-grounded comparison of fine-tuning, RAG, and prompt engineering across data residency, GDPR right to erasure, EU AI Act provider obligations, audit completeness, drift, and cost.
An 87-question RFP template for AI Control Plane evaluation, mapped to NIST AI 600-1, ISO 42001, SOC 2, EU AI Act, Gartner TRiSM, and ENISA AI threat landscape references.
A 12-section retrospective template for CISOs running an AI governance program that turned one this year. Covers policy effectiveness, control coverage, incident review, training metrics, vendor performance, audit findings, regulatory drift, technology stack lessons, workforce capability, board confidence, year-2 priorities, and the 'what we would do differently' debrief - grounded in NIST AI 600-1, ISO/IEC 42001:2023, Gartner AI TRiSM, and the SANS 2024 AI Survey.
A 4-page section-by-section template for the quarterly AI governance board update - KPIs by quarter, AI risk heatmap, regulatory readiness scorecard, vendor risk matrix, incident summary, and recommended decisions - tuned to the tone of the NACD AI Director's Handbook 2024, ISS Sustainability Quality Score AI metrics, Glass Lewis 2024-2025 AI engagement guidance, and the UK Financial Reporting Council's 2024 board-level AI guidance.
A deep dive into how cyber liability policies treat AI-related loss in 2026 - broad-form AI usage exclusions, deepfake exclusions, autonomous-system carveouts - with the LMA 5400 series of Lloyd's model wordings compared, AI claim scenarios mapped, and a negotiation checklist of clauses brokers should be demanding. Grounded in Lloyd's of London model exclusions LMA 5400 / 5401 / 5403, the NAIC Cybersecurity Insurance Data Call 2024, the Marsh State of Cyber 2024 report, the AON Global Risk Management Survey 2024, and the CISA Tabletop Exercise Packages for cyber insurance.
A 60-question vendor risk questionnaire (VRQ) template for generative AI and AI-feature SaaS vendors, organised into six sections (model and provider, data governance, security, compliance and audit, operational, contractual), with each question referenced to the source standard - SIG 2024, CSA CCM v4, ISO/IEC 27036, NIST SP 800-161, and HHS HIPAA Risk Analysis guidance.
Want to see how Areebi solves the challenges discussed in these articles?