Back

Establish and maintain technical documentation.


CONTROL ID
15005
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Systems design, build, and implementation, CC ID: 00989

This Control has the following implementation support Control(s):
  • Retain technical documentation on the premises where the artificial intelligence system is located., CC ID: 15104
  • Include all required information in the technical documentation., CC ID: 15094
  • Include information that demonstrates compliance with requirements in the technical documentation., CC ID: 15088


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • A secure record is maintained for the life of each system covering: (Security Control: 0407; Revision: 4, Australian Government Information Security Manual)
  • draw-up the technical documentation of the high-risk AI system; (Article 16 ¶ 1(c), Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
  • Providers of high-risk AI systems shall draw up the technical documentation referred to in Article 11 in accordance with Annex IV. (Article 18 1., Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
  • the provider has drawn up the technical documentation in accordance with Annex IV; (Article 26 1(b), Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
  • The technical documentation of a high-risk AI system shall be drawn up before that system is placed on the market or put into service and shall be kept up-to date. (Article 11 1. ¶ 1, Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
  • Upon completion of a change, all relevant PCI DSS requirements must be verified on all new or changed systems and networks, and documentation must be updated as applicable. Examples of PCI DSS requirements that should be verified include, but are not limited to: (A3.2.2.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)