AI Governance & Compliance in the SDLC
Evaluates the responsible use of AI in development processes, including ethical considerations and compliance.
Sample assessment questions for each level:
- Level -1: “Does the organisation deliberately avoid establishing AI governance policies?”
- Level 0: “Are AI governance considerations handled reactively without established frameworks?”
- Level 1: “Has the team identified AI governance requirements relevant to their software?”
- Level 2: “Are basic AI ethics guidelines documented for development teams?”
- Level 3: “Are AI tools reviewed for responsible use during SDLC phases?”
- Level 4: “Are ethical concerns about AI-assisted decisions reviewed?”
- Level 5: “Are AI risks scored and reviewed at each SDLC milestone?”
Key metrics to track:
- AI transparency score: Percentage of AI decisions with clear explanation capabilities
- Compliance verification: Percentage of AI components that pass automated ethical checks
- Governance adherence: Percentage of AI initiatives with documented governance reviews
- Risk management effectiveness: Ratio of identified AI risks to mitigated risks
- AI decision auditability: Percentage of AI decisions with complete audit trails
