Model + prompt versioning
Demonstrate that all production AI models and prompts are tracked through a formal versioning system with documented lineage, change approval, and rollback capability.
Description
What this control does
Model + prompt versioning establishes a formal change control and tracking mechanism for all iterations of machine learning models, large language models (LLMs), and their associated prompt templates deployed in production systems. Each model binary, configuration, and prompt must be assigned a unique identifier, stored in a version-controlled repository, and linked to approval records before deployment. This control ensures auditability, repeatability, and the ability to roll back to known-good states when model behavior degrades or produces unintended outputs. It is critical for environments where AI-generated outputs influence business decisions, customer interactions, or automated processes.
Control objective
What auditing this proves
Demonstrate that all production AI models and prompts are tracked through a formal versioning system with documented lineage, change approval, and rollback capability.
Associated risks
Risks this control addresses
- Unauthorized or untested model versions deployed to production, generating incorrect or harmful outputs without accountability
- Inability to reproduce prior model behavior during incident investigation or forensic analysis due to lack of version history
- Prompt injection or manipulation attacks succeeding because prompt changes are not tracked or peer-reviewed before deployment
- Model drift or degradation going undetected because no baseline version is documented for comparison
- Compliance failures when auditors cannot trace which model version processed specific transactions or made specific decisions
- Loss of intellectual property or competitive advantage when model evolution is not systematically documented and protected
- Rollback failures during incidents because previous working model versions are not retained or are inaccessible
Testing procedure
How an auditor verifies this control
- Obtain the organization's AI model inventory and identify all production models and associated prompt templates in scope for the audit period.
- Review the version control system configuration (e.g., Git repository, MLOps platform, model registry) to verify that model binaries, weights, configurations, and prompts are stored with unique version identifiers.
- Select a representative sample of 5-7 currently deployed models spanning different risk tiers or business functions.
- For each sampled model, trace the version identifier in production back to the corresponding artifact in the version control repository and confirm metadata includes timestamp, author, and change description.
- Examine change approval records (pull requests, change tickets, approval emails) to verify that each sampled model version was authorized before production deployment.
- Request evidence of at least one rollback event or test rollback procedure, verifying that a previous model version was successfully retrieved and redeployed.
- Review access logs for the version control repository to confirm that only authorized personnel can commit or merge model and prompt changes.
- Validate that automated deployment pipelines enforce version tagging and prevent deployment of unversioned or unapproved artifacts by testing or reviewing pipeline configuration.
Where this control is tested