Document system change approvals
Define approval processes for material changes to AI systems (e.g. model versions, access controls, data sources) requiring formal review and sign-off
Control activities
Defining changes requiring formal review and approval with clear approval thresholds such as changes affecting system performance or security. For example, model updates, prompt modifications, adding/removing guardrails, and changes to user-facing functionality.
Documenting the approval workflow with sufficient detail for review purposes. For example, who approves what types of changes and maintaining records of approvals.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
