Approved-model list + procurement gate
Demonstrate that the organization maintains an authoritative approved-model list and enforces procurement controls preventing unauthorized AI model deployment into production or business-critical environments.
Description
What this control does
This control establishes and enforces a centrally maintained list of pre-approved AI models (including large language models, machine learning frameworks, and generative AI tools) that have undergone security, privacy, and compliance vetting. Organizations implement a procurement gate requiring all AI model acquisitions—whether commercial APIs, open-source models, or internally developed systems—to pass through approval workflow before deployment. The control prevents shadow AI adoption, ensures models meet data handling and intellectual property requirements, and establishes accountability for AI risk decisions before production use.
Control objective
What auditing this proves
Demonstrate that the organization maintains an authoritative approved-model list and enforces procurement controls preventing unauthorized AI model deployment into production or business-critical environments.
Associated risks
Risks this control addresses
- Deployment of untrusted AI models with embedded backdoors, data exfiltration capabilities, or adversarial poisoning that compromise confidentiality or integrity
- Shadow AI adoption where business units deploy unapproved models that process sensitive data without legal review, creating regulatory liability and data sovereignty violations
- Use of deprecated or unmaintained AI models containing known vulnerabilities (e.g., prompt injection vectors, model inversion weaknesses) that remain unpatched
- Intellectual property contamination through models trained on unlicensed datasets, exposing the organization to copyright infringement claims
- Inconsistent model versioning across environments leading to unpredictable outputs, audit trail gaps, and inability to reproduce decisions for regulatory investigations
- Procurement of AI services from vendors lacking SOC 2 attestation or adequate data processing agreements, failing third-party risk management requirements
- Resource exhaustion and budget overruns from uncoordinated model subscriptions creating redundant spend and architectural complexity
Testing procedure
How an auditor verifies this control
- Obtain the current approved AI model inventory or registry, including model names, versions, vendor or source, approval dates, and authorized business use cases.
- Review the formal procurement policy or procedure document specifying the approval workflow, required assessments (security, legal, privacy), and designated approval authorities for AI models.
- Select a sample of 5-8 AI models currently deployed in production environments through interviews with DevOps, data science teams, and IT asset management systems.
- Cross-reference each sampled production model against the approved-model list to verify prior authorization and check that deployed versions match approved versions.
- Examine procurement or change control records for 3-5 recently approved models to confirm completion of required security assessments, data processing impact analysis, and formal sign-off before deployment.
- Test the enforcement mechanism by reviewing firewall rules, API gateway configurations, or endpoint protection policies that block or alert on unauthorized model API calls or downloads.
- Interview personnel from at least two business units to assess awareness of the approval requirement and identify any undocumented AI tools in use (shadow AI).
- Review exception handling records for any emergency deployments or post-deployment approvals to verify documented rationale, compensating controls, and remediation timelines.
Where this control is tested