Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Submit a Peer Review for the AI Controls Matrix—a groundbreaking framework to address AI risks and strengthen security.

Download Publication

Home
Publications
AI Organizational Responsibilities - Governance, Risk Management, Compliance and Cultural Aspects
AI Organizational Responsibilities - Governance, Risk Management, Compliance and Cultural Aspects
Who it's for:
  • CISOs, business leaders, and investors
  • AI researchers, engineers, and developers 
  • Policymakers and regulators 
  • Customers
  • The general public 

AI Organizational Responsibilities - Governance, Risk Management, Compliance and Cultural Aspects

Release Date: 10/21/2024

Continuing CSA's efforts to address the evolving AI landscape, this latest publication covers AI governance, risk management, and culture. Understand various roles and their responsibilities in AI strategy, compliance, technical security, and operations. Find comprehensive best practices that are a must-read for CISOs, AI developers, business leaders, and many others.

This publication steers organizations toward responsible and secure development and deployment of AI. Learn about AI security policies, audit processes, and legislation like the EU AI Act and US AI Executive Order. Delve into strategies for managing risk, developing a strong safety culture, managing inventory, controlling access, and monitoring activities.

For every responsibility listed, understand its evaluation criteria, responsibility matrix, implementation strategies, continuous monitoring and reporting mechanisms, access controls, and applicable regulations. Ensure that your organization can successfully assess, implement, and manage AI initiatives.

This guidance was a collaborative effort by the AI Organizational Responsibilities Working Group and builds on their foundational guidance.

Key Takeaways:
  • The potential job roles within AI governance, technical support, development, and strategic management
  • AI risk management strategies, including threat modeling, risk assessments, attack simulations, incident response planning, and data drift surveillance
  • How to establish and maintain a robust AI governance structure while ensuring adherence to relevant regulations and standards
  • How to build a robust AI safety culture and implement effective training programs
  • Strategies for identifying, managing, and preventing shadow AI
Download this Resource

Bookmark
Share
Related resources

Related Resources

PublicationsBlogsWebinars
Zero Trust Guidance for Small and Medium Size Businesses (SMBs)
Zero Trust Guidance for Small and Medium Size B...
Download Now
Map the Transaction Flows for Zero Trust
Map the Transaction Flows for Zero Trust
Download Now
AI Risk Management: Thinking Beyond Regulatory Boundaries
AI Risk Management: Thinking Beyond Regulatory ...
Download Now
View all publications
The Trouble with Large Language Models and How to Address AI “Lying”
The Trouble with Large Language Models and How to Address AI “Lying”
Published: 01/13/2025
Next-Gen Cybersecurity with AI: Reshaping Digital Defense
Next-Gen Cybersecurity with AI: Reshaping Digital Defense
Published: 01/10/2025
The Rise of Malicious AI: 5 Key Insights from an Ethical Hacker
The Rise of Malicious AI: 5 Key Insights from an Ethical Hacker
Published: 01/03/2025
The EU AI Act and SMB Compliance
The EU AI Act and SMB Compliance
Published: 12/18/2024
View all blogs
Cloudbytes Webinar Series
Cloudbytes Webinar Series
January 1 | Online
Learn more
View all webinars

Acknowledgements

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.

Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His lea...

Read more

Ken Huang
Ken Huang
Chief AI Officer at DistributedApps.ai

Ken Huang

Chief AI Officer at DistributedApps.ai

Ken Huang is an acclaimed author of 8 books on AI and Web3. He is the Co-Chair of the AI Organizational Responsibility Working Group and AI Control Framework at the Cloud Security Alliance. Additionally, Huang serves as Chief AI Officer of DistributedApps.ai, which provides training and consulting services for Generative AI Security.

In addition, Huang contributed extensively to key initiatives in the space. He is a core contributor t...

Read more

Marina Bregkou
Marina Bregkou
Senior Research Analyst, CSA EMEA

Marina Bregkou

Senior Research Analyst, CSA EMEA

Sean Wright Headshot Missing
Sean Wright

Sean Wright

Chris Kirschke
Chris Kirschke
Cloud Portfolio Information Security Officer at Albertsons Companies

Chris Kirschke

Cloud Portfolio Information Security Officer at Albertsons Companies

Security Leader with over 20+ years of experience across Financial Services, Streaming, Retail and IT Services with a heavy focus on Cloud, DevSecOps and Threat Modeling. Advises multiple security startups on Product Strategy, Alliances and Integrations. Sits on multiple Customer Advisory Boards helping to drive security product roadmaps, integrations and feature developments. Avid hockey player, backpacker and wine collector in his spare t...

Read more

Ashish Vashishtha
Ashish Vashishtha
Security Compliance Leader

Ashish Vashishtha

Security Compliance Leader

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Lars Ruddigkeit
Lars Ruddigkeit
Account Technology Strategist, Swiss FedGov

Lars Ruddigkeit

Account Technology Strategist, Swiss FedGov

Lars Ruddigkeit completed his PhD in Chemistry at the University of Bern in 2013 with a focus on computer-aided drug design. He began his professional career at Accenture in technology consulting in Big Data and Data Science. At UBS, he specialized in operational machine learning and cybersecurity as a machine learning architect in the Financial Service industry. He is a contributor to the Cloud Security Alliance working groups for Zero Tru...

Read more

Alex Kaluza
Alex Kaluza
Research Analyst, CSA

Alex Kaluza

Research Analyst, CSA

Sean Heide
Sean Heide
Technical Research Director, CSA

Sean Heide

Technical Research Director, CSA

Kurt Seifried
Kurt Seifried
Chief Innovation Officer, CSA

Kurt Seifried

Chief Innovation Officer, CSA

For over two decades, Kurt has excelled in information security, starting with Windows and Linux, and advancing to cloud computing and AI. With a strong focus on AI security, privacy, and open source, Kurt brings extensive expertise to the Cloud Security Alliance (CSA).

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Join this Working Group
View all Working Groups

Related Certificates & Training