Skip to main content
Skip table of contents

How to manage AI policies and compliance

AI policies and compliance can be managed at Saidot in both space and system levels.

  • Control Catalogue allows legal and compliance teams to define the applicable AI policies, standards and legal frameworks that are relevant for the organisation. The Control Catalogue also provides ways to manage and measure compliance progress.

  • The automated workflows provides capability to define specific rules for assigning relevant policies to Systems, including AI Act Classification and Policy assignment rules.

  • The System’s Policies tab enables system level compliance management, from identifying policies, managing control details and status, providing evidence and following progress.

Step 1. Manage organisation policies in Control Catalogue

Policy tab in the Control Catalogue is used for activating and managing the Organisation level policy frameworks for compliance with different AI and data protection laws and organisation’s own AI Policies. Control Catalogue’s Policies tab allows identifying and selecting policies relevant for the organisation and these policies will be then available for registered AI systems instead of surfacing all Policies from the Saidot Policy Library. The process of identifying relevant policies and managing the system's compliance with the relevant policies is documented as part of Saidot Policy analysis methodology.

image-20260522-120911.png

Step 2. Add policies

Add policies manually on System level

Users can identify and add policies relevant to the registered either through Automated workflows or manually through the 'Add policies'. The manual policy selection in the System level shows the Policies that have been activated to the Space in the Control Catalogue.

image-20260522-121504.png

Link AI Act automatically based on classification

Saidot allows Admins to activate EU AI Act Classification workflow in Automations. This automation triggers AI Act classification automation on a System level when specific, customisable criteria, such as Region, is met. Based on the classification results, the EU AI Act Policy will be automatically linked to the System, including the compliance assessment template with requirements and controls applicable to the system based on its classification outcome.

image-20260522-125157.png

Link other Policies automatically based on specific criteria

For other policies, the system level controls will be automatically applicable on a system level as a default when the policy has been activated in system level. Admins can also configure specific rules for assigning policies automatically to systems, based on specific criteria. Criteria can include:

  • System context fields

  • System custom fields

  • Value chain widgets (Customers, Suppliers, Use cases)

  • Linked Models and specific fields

  • Linked Agents and specific fields

  • Linked Datasets and specific fields

image-20260522-123629.png

Step 3. Review compliance assessments

Once relevant policies have been identified and added either manually or through automated workflows, the compliance assessment will be automatically linked to policies, including the relevant controls and ability to follow the progress. Compliance assessment can be opened in the editor where the compliance with the respective controls is documented and evidenced. Once the selected assessment is opened in the editor, it will appear under the respective policy in the Policies-tab.

image-20260522-125729.png
image-20260522-130211.png

Step 4. Prove compliance with evidence

The policy editor allows you to add evidence to the controls to document your compliance. Evidence can be added for the specific controls by opening the control editor and using the “Add evidence” button. Control editor is also used to define control specific Lifecycle stages, Recurrence, Type, Due date and Status. Policy editor view allows you to evidence the relevant system's compliance with the applicable controls. If activated, approvals can be requested for specific controls through the control editor. Controls can be also linked to related risks and other policies.

image-20260522-130324.png

Left side of the compliance assessment editor view allows you to navigate the outline of the policy and see all the relevant requirement sections and controls in the policy. You can switch between the outline and guide - the guide provides you with information on how to comply with the individual requirements.

Step 4. Follow the progress of controls

Once Policies and Compliance assessments have been added and and evidencing work is progressing, the status can be analysed in the Policy tab. The tab shows metrics, such as

  • Number of policies

  • Number of total controls

  • Control overlap rate

  • Control implementation rate

The Control completion rate can be also analysed on a Policy level.

image-20260522-130919.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close