Data

Training and operational data protection, privacy, classification, and DLP systems.

📖
Data Domain Handbook (v3.0)
Full v3.0 practitioner reference, Parts I–V, all 12 practices, 108-question assessment workbook with scoring methodology and improvement roadmap
Read the Handbook →

⚖ Governance

Strategy & Metrics (SM)

Stand up an AI/HAI Data Assurance program that discovers, inventories, and strategically governs all data flowing into and out of AI/HAI systems, with shadow-data-in-AI prevention as the primary L1 outcome and a defensible risk-tier rubric as the primary L2 deliverable.

☑ Questionnaire

Explore →

Policy & Compliance (PC)

Publish the priority policies and compliance map that make the AI/HAI Data Assurance program enforceable, so every data asset flowing into or out of AI/HAI systems is governed by a documented set of rules, reviewed before it enters production AI use, and defensible to auditors and regulators.

☑ Questionnaire

Explore →

Education & Guidance (EG)

Build the AI-assurance data-handler literacy every engineer and data scientist touching AI/HAI data assets needs and the practitioner skills the smaller population performing lineage verification, classification review, DPIA composition, and data-flow security review must have, with shadow-data-in-AI awareness as the primary L1 cultural outcome.

☑ Questionnaire

Explore →

⚒ Building

Threat Assessment (TA)

Build and maintain a reusable threat library for the data flowing into and out of AI/HAI systems, one archetype-level threat model per data-asset type, so every data asset entering or produced by an AI system carries a documented threat view before it is ingested, routed, logged, or published.

☑ Questionnaire

Explore →

Security Requirements (SR)

Translate the threats from TA-Data and the policies from PC-Data into a reusable Requirements Pack for AI/HAI data assets, a base set plus per-archetype deltas, so every data asset entering or produced by an AI pipeline carries a testable Requirements-Evidence Map (REM) rather than a blank slate.

☑ Questionnaire

Explore →

Security Architecture (SA)

Publish the reference architectures for safely ingesting, storing, routing, and retiring each AI/HAI data archetype the organization uses, so data engineering and MLOps teams have a vetted "green path" that already implements SR-Data requirements and contains the threats identified by TA-Data.

☑ Questionnaire

Explore →

✓ Verification

Design Review (DR)

Operate the design checkpoint between intake approval and build-out for every new data flow feeding AI/HAI systems, confirming the proposed flow follows the applicable SA-Data reference pattern, covers the SR-Data requirements pack, and documents residual risks before pipeline engineering begins.

☑ Questionnaire

Explore →

Implementation Review (IR)

Verify, at go-live and on a recurring cadence, that the actually-deployed data flows feeding AI/HAI systems match the design approved at DR-Data, and that they stay there as pipelines, classification schemes, and consumer AI artifacts evolve.

☑ Questionnaire

Explore →

Security Testing (ST)

Prove that every AI/HAI data flow the organization operates behaves correctly under adversarial conditions, by running a foundational per-archetype test battery in CI, maintaining versioned regression corpora, and escalating to scheduled red-team and continuous adversarial testing at higher maturity levels.

☑ Questionnaire

Explore →

⚙ Operations

Issue Management (IM)

Run the single unified backlog for AI/HAI data issues across the Data domain, findings from TA-Data threat snapshots, SR-Data REM gaps, DR-Data approve-with-conditions items, IR-Data drift findings, ST-Data failures, ML-Data detections, and external advisories, with a tier-calibrated incident playbook containing AI-specific data containment plays, and regulatory SLA tracking covering GDPR Arts. 33/34, EU AI Act Art. 73, HIPAA breach notification, NYDFS Part 500, and state privacy law notification windows.

☑ Questionnaire

Explore →

Environment Hardening (EH)

Harden the storage, pipeline, access, cross-border, and egress envelopes that surround the data flowing into and out of AI/HAI systems, training corpora, inference inputs, retrieval stores, prompt/completion logs, embeddings, fine-tuning datasets, and evaluation/test sets, so each data asset rests, moves, and leaves the boundary under controls that match its classification tier.

☑ Questionnaire

Explore →

Monitoring & Logging (ML)

Establish the logging baseline per AI/HAI data archetype, operate a small high-signal detection set targeted at the top TA-Data threats, and produce the evidence trail that proves EU AI Act Art. 12 deployer duties, GDPR Art. 30 records-of-processing obligations, and ISO/IEC 42001 AIMS requirements, on demand, inside a published SLA.

☑ Questionnaire

Explore →