This Control directly supports the implied Control(s):
Systems design, build, and implementation, CC ID: 00989
This Control has the following implementation support Control(s):
Retain technical documentation on the premises where the artificial intelligence system is located., CC ID: 15104
Include all required information in the technical documentation., CC ID: 15094
Include information that demonstrates compliance with requirements in the technical documentation., CC ID: 15088
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
A secure record is maintained for the life of each system covering: (Security Control: 0407; Revision: 4, Australian Government Information Security Manual)
draw-up the technical documentation of the high-risk AI system; (Article 16 ¶ 1(c), Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
Providers of high-risk AI systems shall draw up the technical documentation referred to in Article 11 in accordance with Annex IV. (Article 18 1., Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
the provider has drawn up the technical documentation in accordance with Annex IV; (Article 26 1(b), Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
The technical documentation of a high-risk AI system shall be drawn up before that system is placed on the market or put into service and shall be kept up-to date. (Article 11 1. ¶ 1, Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
Upon completion of a change, all relevant PCI DSS requirements must be verified on all new or changed systems and networks, and documentation must be updated as applicable. Examples of PCI DSS requirements that should be verified include, but are not limited to: (A3.2.2.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
