Review internal processes
Establish regular internal reviews of key processes and document review records and approvals
Control activities
Reviewing decision processes every quarter including AI system changes, foundational model selection, security assessment.
Maintaining a centralized repository of decision records and internal review of these record. For example, supporting evidence reviewed, remediation plans.
Documenting and tracking remediation of any risks identified.
Collecting and implementing external feedback on AI systems. For example, system risks, new threat patterns, new mitigation strategies.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts must faster— it's a clear signal I can trust."
