Framework Mappings

10.2 – Continual Improvement

1 related control

6.5

5.2 – AI Policy

3 related controls

5.3 – Roles, Responsibilities, Authorities

8 related controls

6.1 – Actions to Address AI Risk

8 related controls

6.2 – AI Objectives and Planning

2 related controls

7.2 – Competence & Training

4 related controls

7.4 – Communication / Documentation

7 related controls

8.2.1 – Data Governance & Access Control

8 related controls

8.2.2 – Data Privacy & Anonymization

9 related controls

+1 more

8.2.3 – Data Provenance & Supply Chain Integrity

2 related controls

1.5

8.3.1 – Model Development & Testing (Fairness, Safety)

9 related controls

+1 more

8.3.2 – Model Deployment & Versioning

8 related controls

8.3.3 – Human Oversight

2 related controls

6.11

8.4.1 – Security of Runtime Environments

21 related controls

+13 more

8.4.2 – Resilience & Fail-Safes

2 related controls

8.4.3 – Robustness, Red-Teaming, Stress Testing

3 related controls

9.1 – Monitoring, Measurement & Performance

4 related controls

9.2 – Internal Audit / External Certification

4 related controls

9.3 – Management Review

1 related control

6.6

ISACA AI Audit Toolkit Mappings

Data → Access Control & Tamper-Evidence

7 related controls

Data → Lineage, Provenance, Cataloging

2 related controls

3.2

Data → Retention & Deletion

7 related controls

Fairness → Bias Detection/Testing

2 related controls

2.4

Governance → AI Policy & Strategy

3 related controls

Governance → Regulatory Alignment & Reporting

7 related controls

Governance → Risk Appetite & ERM Integration

4 related controls

Governance → Roles & Responsibilities

9 related controls

+1 more

Governance → Vendor/Third-Party Risk Management

2 related controls

3.7

Impact → DPIAs & Privacy Controls

5 related controls

Impact → External Audit/Attestation

2 related controls

Impact → Societal & Ethical Impact Assessments

4 related controls

Impact → Transparency Portals

4 related controls

Performance → Benchmarking Against Standards

4 related controls

Performance → Continuous Monitoring Dashboards

2 related controls

3.4

5.2

Performance → Drift Detection & SLA Monitoring

5 related controls

Performance → Versioning & Rollback Criteria

3 related controls

2.11

2.14

Rationale → Alignment with Strategy & Objectives

2 related controls

Rationale → Purpose Clarity for Stakeholders

2 related controls

1.2

Responsibility → Accountability Structures

1 related control

Responsibility → Assigned Roles

4 related controls

Responsibility → Training & Awareness

4 related controls

Safety → Adversarial Robustness Testing

3 related controls

Safety → Fail-Safes, Kill-Switches, Rollback Plans

2 related controls

BAICS - Banking AI Controls Standard

Safety → Runtime Environment Hardening

19 related controls

+11 more

Safety → Secure Coding & Patching

2 related controls

1.1

2.5

Framework Mappings

BAICS controls by the Financial Services AI Council mapped to industry standards and frameworks

ISO/IEC 42001

AI Management System Standard

20 mappings

across 65 controls

ISACA AI Audit Toolkit

AI Audit and Assurance Framework

26 mappings

across 58 controls

ISO/IEC 42001 Mappings

10.1 – Nonconformity & Corrective Action

1 related control

10.2 – Continual Improvement

1 related control

6.5

5.2 – AI Policy

3 related controls

5.3 – Roles, Responsibilities, Authorities

8 related controls

6.1 – Actions to Address AI Risk

8 related controls

6.2 – AI Objectives and Planning

2 related controls

7.2 – Competence & Training

4 related controls

7.4 – Communication / Documentation

7 related controls

8.2.1 – Data Governance & Access Control

8 related controls

8.2.2 – Data Privacy & Anonymization

9 related controls

+1 more

8.2.3 – Data Provenance & Supply Chain Integrity

2 related controls

1.5

8.3.1 – Model Development & Testing (Fairness, Safety)

9 related controls

+1 more

8.3.2 – Model Deployment & Versioning

8 related controls

8.3.3 – Human Oversight

2 related controls

6.11

8.4.1 – Security of Runtime Environments

21 related controls

+13 more

8.4.2 – Resilience & Fail-Safes

2 related controls

8.4.3 – Robustness, Red-Teaming, Stress Testing

3 related controls

9.1 – Monitoring, Measurement & Performance

4 related controls

9.2 – Internal Audit / External Certification

4 related controls

9.3 – Management Review

1 related control

6.6

ISACA AI Audit Toolkit Mappings

Data → Access Control & Tamper-Evidence

7 related controls

Data → Lineage, Provenance, Cataloging

2 related controls

3.2

Data → Retention & Deletion

7 related controls

Fairness → Bias Detection/Testing

2 related controls

2.4

Governance → AI Policy & Strategy

3 related controls

Governance → Regulatory Alignment & Reporting

7 related controls

Governance → Risk Appetite & ERM Integration

4 related controls

Governance → Roles & Responsibilities

9 related controls

+1 more

Governance → Vendor/Third-Party Risk Management

2 related controls

3.7

Impact → DPIAs & Privacy Controls

5 related controls

Impact → External Audit/Attestation

2 related controls

Impact → Societal & Ethical Impact Assessments

4 related controls

Impact → Transparency Portals

4 related controls

Performance → Benchmarking Against Standards

4 related controls

Performance → Continuous Monitoring Dashboards

2 related controls

3.4

5.2

Performance → Drift Detection & SLA Monitoring

5 related controls

Performance → Versioning & Rollback Criteria

3 related controls

2.11

2.14

Rationale → Alignment with Strategy & Objectives

2 related controls

Rationale → Purpose Clarity for Stakeholders

2 related controls

1.2

Responsibility → Accountability Structures

1 related control

Responsibility → Assigned Roles

4 related controls

Responsibility → Training & Awareness

4 related controls

Safety → Adversarial Robustness Testing

3 related controls

Safety → Fail-Safes, Kill-Switches, Rollback Plans

2 related controls