How to analyse AI policies
Step 1. Start policy management
Policy management is used for identifying and managing system compliance with different AI and data protection laws. Policy management allows identifying and selecting policies relevant for the particular registered system from the Saidot Policy Library. The process of identifying relevant policies and managing the system’s compliance with the relevant policies is documented as part of Saidot Policy analysis methodology.
Step 2. Add policies
Identify and add policies relevant to the registered system through the ‘add policies’. The policy selection modal gives recommendations on policies that may be relevant for your system. The policies are recommended based on the region of your system. Furthermore, AI laws and data protection laws are prioritised over soft laws in the recommendations.
In addition to the recommendations, policy selection modal allows also browsing of policies. Policies can also be filtered based on the owner, region, sector, industry, and type of policy. The policy selection modal is connected to the Policy Library - thus all policies available in the Library can be selected in the policy selection modal. Furthermore, in case you have followed any policies in the Library, you can find those by making use of the ‘followed’ filter.
Policy Library is ever growing collection of policies - if you are not able to find a specific policy in the policy selection modal, you can make a suggestion for a policy to be added in the Library by making use of the ‘Suggest policy’ function.
Step 3. Add policy templates
Once relevant policies have been identified and added, relevant templates can be added for the policy.
Template is a structured framework that is derived from a policy. It includes the requirements outlined in the policy and provides a standardised format for the users of the platform to document their compliance with the given policy. Templates are created for specific roles and policy coverage categories. Thus, one policy can have one or more templates.
Policy templates can be added to the policy through ‘add templates’. For policies that do not yet have existing templates, you can make suggestions for templates though ‘suggest template’.
The template selection modal gives recommendations on policy templates that may be relevant for your system. The recommendations are based on your organisation role, provider coverage and tags. Templates can also be filtered based on the role and policy coverage.
The templates indicate for which role and for which policy coverage the template is relevant - for example, ‘AI Act for Providers of High-Risk Systems’ is applicable for providers of high-risk AI systems.
Selected template can be opened in the policy editor where the compliance with the respective requirements shown in the template is documented and evidenced. Once the selected template is opened in the policy editor, it will appear under the respective policy in the policy-tab.
Step 4. Prove compliance with evidence
Policy editor view allows you to evidence and document the relevant system’s compliance with the applicable requirements.
The policy editor allows you to add evidence to the requirements to document your compliance. Evidence can be added for the specific requirements through ‘add evidence’. Requirements for which documentation has been finalised, can be marked as completed.
Left side of the policy editor view allows you to navigate the outline of the policy and see all the relevant requirement sections in the policy, as well as view the individual requirements contained in the requirement section. You can switch between the outline and guide - the guide provides you with information on how to comply with the individual requirements.
Step 4. Follow the progress of controls
Once relevant policies have been added and policy templates have been taken into use, you can manage the policies and templates and oversee the status of compliance with the respective templates in the policy-tab.
