Controls

Controls are actionable translations of policy requirements that help ensure AI governance compliance within your use cases.

Each control:

• Is associated with a single lifecycle stage of a use case
• Is associated with one or multiple use case risk classifications
• May include automated checks

Default vs custom controls

Default controls

Default controls originate from one of Deeploy's standard control frameworks. You can't modify default controls, ensuring consistency in governance standards across your organization.

Custom controls

Custom controls allow you to create controls tailored to your organization's specific needs. With custom controls, you can:

• Define controls that address your unique compliance requirements
• Customize and link automated checks for validation
• Specify risk classifications
• Add an existing or create a new category
• Apply them to custom control frameworks

Creating custom controls

To create a custom control:

1. Navigate to the Controls page

2. Click Create control

3. Enter the required information:

   • ID: Provide a short descriptive ID, needs to be unique across all controls
   • Name: Provide a clear, descriptive name
   • Category: Assign a relevant category (optional)
   • Description: Explain what the control addresses
   • Stage: Associate the control with a use case lifecycle stage
   • Risk classification: Select the risk classifications for which this control should apply
   • Checks: Add one or multiple automated checks. Tailor the check options to your needs

4. Click Save to create your control

Applying controls

To apply a control to a use case, it must be part of a control frameworks. To make controls available in your use cases:

1. Add the controls to a control framework
2. Apply that control framework to a Workspace

Once applied, Workspace members can address the controls in their use cases by providing necessary evidence and completing automated checks.

Deleting controls

Controls can be deleted via the option button at the Controls page. Note that once you delete controls they will be removed from your control frameworks and use cases, any provided evidence is also deleted.