Use the AI Exchange’s control families to extend your ISMS. Align AI risks and controls to Annex A (2022) and make audits a byproduct of delivery.
Quick mapping ideas
- A.5 policies & roles → AI governance charter, RACI, model owner/steward.
- A.8 secure development → AI threat modeling, evaluation gates, model registry with approvals.
- A.5.23 change management → versioned prompts/system instructions, review & rollback.
- A.8.21 logging → prompt, tool, and decision trails retained with integrity controls.
Outcome: defensible operations and faster audits.