Skip to main content
Lab Notes
Frameworks

Controls Map — Risks → Controls (AI Safety Pack)

AI Safety Pack Component

PeopleSafetyLab|February 24, 2026|5 min read|intermediate

Controls Map — Risks → Controls (AI Safety Pack)

Version: v1.0

How to use

  • Use this list to define minimum controls for “Conditional” use‑cases in 02a-ai-use-case-matrix.md.
  • In the risk register (03-people-harm-risk-register.md), reference controls by ID.

Control groups

  • C‑D Data & Privacy
  • C‑A Access & Identity
  • C‑V Vendor / Model Risk
  • C‑L Logging & Monitoring
  • C‑H Human‑in‑the‑Loop / Workflow
  • C‑Q Quality & Safety Testing
  • C‑I Incident Response
  • C‑G Governance
  • C‑T Training

Controls catalog

Data & Privacy (C‑D)

C‑D1 — Approved tools only for Confidential/Restricted data

  • Owner: IT/Security
  • Implementation: block unapproved tools where feasible; provide approved alternative; document exceptions.
  • Evidence: approved tools register; network controls; exception log.

C‑D2 — Data classification + AI handling rules (plain language)

  • Owner: Data Governance / Legal
  • Implementation: publish “what can be pasted” examples; add redaction/minimization guidance.
  • Evidence: classification policy; AI addendum; training slide(s).

C‑D3 — Secrets protection (no keys in prompts)

  • Owner: Engineering / IT
  • Implementation: secret scanning; pre‑commit hooks; rotate exposed keys; educate.
  • Evidence: scan reports; incident tickets; training completion.

Access & Identity (C‑A)

C‑A1 — Role‑based access for AI tools

  • Owner: IT
  • Implementation: least privilege; separate high‑risk capabilities; quarterly access review.
  • Evidence: IAM groups; access review report.

C‑A2 — Strong auth + device posture for AI access

  • Owner: IT/Security
  • Implementation: SSO/MFA; conditional access; session timeouts.
  • Evidence: IdP config; audit logs.

Vendor / Model Risk (C‑V)

C‑V1 — Vendor due diligence checklist

  • Owner: Procurement / Security
  • Implementation: data residency; retention; training‑on‑your‑data; sub‑processors; breach terms.
  • Evidence: completed checklist; approvals.

C‑V2 — IP / licensing review for training data and outputs

  • Owner: Legal
  • Implementation: permitted sources; output usage constraints; attribution rules.
  • Evidence: legal memo; updated guidance.

Logging & Monitoring (C‑L)

C‑L1 — Usage logging for approved AI tools

  • Owner: IT/Sec
  • Implementation: log access and key actions; tag use‑cases where possible; protect employee privacy.
  • Evidence: SIEM dashboard; log retention config.

C‑L2 — Audit trail for high‑impact decisions

  • Owner: Business Owner + Risk
  • Implementation: store prompt/inputs summary, reviewer, decision rationale, timestamp.
  • Evidence: ticket records; decision logs.

Human‑in‑the‑Loop / Workflow (C‑H)

C‑H1 — Mandatory human review for external outputs

  • Owner: Business Owner
  • Implementation: approval step in CRM/ticketing; no auto‑send by default.
  • Evidence: workflow config; sampled approvals.

C‑H2 — Prohibit automated HR decisions (default)

  • Owner: HR / Risk
  • Implementation: policy statement + enforcement; exceptions require governance approval via EDR.
  • Evidence: policy; use‑case register; EDR records.

C‑H3 — Contestability / appeal path (HR + high‑impact decisions)

  • Owner: HR / Legal / Risk
  • Implementation: document an appeal route; require documented human rationale.
  • Evidence: appeals process doc; sampled case reviews; decision logs.

C‑H4 — Bias review cadence (if exception approved)

  • Owner: HR / Risk
  • Implementation: quarterly bias review + sampling plan; remediate quickly.
  • Evidence: bias review report; corrective action tickets.

Quality & Safety Testing (C‑Q)

C‑Q1 — QA sampling and hallucination monitoring

  • Owner: Support / Risk
  • Implementation: weekly sample; measure hallucination and escalation compliance; fix prompts/KB.
  • Evidence: QA reports; corrective action log.

C‑Q2 — Bias testing for people decisions (if allowed at all)

  • Owner: HR / Risk
  • Implementation: define fairness metrics; test for proxies; independent review.
  • Evidence: bias test report; remediation log.

C‑Q3 — Content accuracy + claims review for comms

  • Owner: Comms / Legal
  • Implementation: require source links; fact‑check checklist.
  • Evidence: approvals; checklists.

Incident Response (C‑I)

C‑I1 — AI incident definition + reporting channel

  • Owner: Risk / Security
  • Implementation: define “AI incident” and “near‑miss”; one channel; 24h reporting expectation.
  • Evidence: playbook; training slide; channel details.

C‑I2 — Triage, containment, and post‑incident review

  • Owner: Security / Comms
  • Implementation: triage steps; containment; vendor notification steps; customer comms path; postmortem.
  • Evidence: incident tickets; postmortems.

C‑I3 — Kill switch + rollback runbook (for Conditional/exception use‑cases)

  • Owner: Business Owner + Security
  • Implementation: define triggers; who can disable; how to disable; how to revert workflow to a safe baseline.
  • Evidence: kill‑switch runbook; on‑call assignment; test record (table‑top or drill).

Governance (C‑G)

C‑G1 — Use‑case approval workflow + exception handling

  • Owner: Risk Committee
  • Implementation: require Use‑Case Card; classify via matrix; document exceptions and sign‑off.
  • Evidence: use‑case register; exception log; approvals.

C‑G2 — Privacy / DPIA‑style review for Restricted data

  • Owner: Privacy / Legal
  • Implementation: assess minimization, retention, access, and data-sharing terms; obtain privacy/legal sign‑off where applicable.
  • Evidence: DPIA (or equivalent privacy review); approvals.

C‑G3 — Exception Decision Record (EDR) for prohibited‑by‑default requests

  • Owner: Risk / Legal / Privacy (as applicable)
  • Implementation: time‑box exceptions (expiry date); document compensating controls; require monitoring + kill switch.
  • Evidence: completed EDR (08-exception-decision-record-template.md); review reminders; revocation record.

Training (C‑T)

C‑T1 — Mandatory AI safety training (role‑based)

  • Owner: HR / Risk
  • Implementation: 60–90 min baseline; role add‑ons; annual refresh.
  • Evidence: LMS completion; quiz results.

Minimal control bundles (quick reference)

  • External drafted outputs (support/comms): C‑H1 + C‑L1 + C‑Q1/C‑Q3 + C‑I1
  • Confidential internal data: C‑D1 + C‑D2 + C‑A1 + C‑L1
  • High‑impact decisions: C‑G1 + C‑L2 + (often prohibit by default)
P

PeopleSafetyLab

Independent AI safety research for organisations and families in Saudi Arabia and the GCC. All research is editorially independent. PeopleSafetyLab has no consulting clients and does not conduct paid audits.

Share this article: