The state of SOC 2 readiness for organizations operating AI in production
Standard SOC 2 control libraries were developed before the current generation of AI-driven products. We outline the areas that consistently require additional attention during readiness work and audit preparation.
Read the post →Maintaining the relevance of cybersecurity maturity assessments
Maturity assessments deliver lasting value when they remain current as the environment changes. We discuss approaches to keeping assessment work aligned with operational reality over time.
Read the post →Implementing Article 14 oversight requirements in practice
Article 14 of the EU AI Act establishes specific human oversight requirements for high-risk AI systems. We translate the regulatory text into the design considerations that engineering and security teams need to address.
Read the post →Third-party risk management for organizations using AI vendors
AI vendors introduce risk considerations that traditional third-party risk frameworks address only partially. We outline the additional questions and contractual elements that warrant attention.
Read the post →Considerations for AI in professional services delivery
Professional services firms are integrating AI into delivery in various ways. We outline the considerations that affect the value clients receive and the questions worth asking when evaluating providers.
Read the post →Designing effective internal audit co-sourcing arrangements
Co-sourcing arrangements provide internal audit functions with specialist depth and flexibility. The arrangements that deliver lasting value share several design features worth examining.
Read the post →Privacy impact assessments for AI systems: practical considerations
Privacy impact assessment templates designed for traditional data processing address several aspects of AI systems incompletely. We outline the additional considerations that warrant attention.
Read the post →