AI Compliance Frameworks: Building a Foundation for Trust and Assurance

LAUREN ROSS: Welcome to the Risk and Advisory Podcast. I'm Lauren Ross, a senior manager in our Cybersecurity Practice at Cherry Bekaert.

LAUREN ROSS: Today I'm joined by STEVE URSILLO, a partner in our Cybersecurity Practice, and MORGAN HAGUE, a senior manager at Metatology Services, a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services for healthcare organizations. We're kicking off a three-part series on AI compliance.

LAUREN ROSS: To start, we want to jump right into AI compliance frameworks. Steve and Morgan, thanks for joining me.


STEVE URSILLO: Thanks, Lauren. Pleasure to be here.


LAUREN ROSS: Starting with SOC 2. While SOC 2 wasn't originally designed for AI-specific risks, it covers security, privacy, availability, confidentiality, and processing integrity, which are critical for AI governance. Steve, how can SOC 2 reporting give confidence in AI systems, and what are some practical add-ons that strengthen overall assurance?


STEVE URSILLO: SOC reporting, System and Organization Controls, is a framework for organizations to provide depth and transparency on their internal control processes related to those criteria.

STEVE URSILLO: If a service organization offers a SaaS, infrastructure-as-a-service, or platform-as-a-service and has service level commitments to customers, such as uptime, security, confidentiality, or KPIs, SOC 2 helps ensure accountability for both the design and operating effectiveness of controls that support those commitments.

STEVE URSILLO: SOC 2 is built on COSO, which is a system of reporting for internal control. For AI, you can unpack the relevant parts to provide transparency, oversight, and accountability. The criteria are predicated on points of focus that are broad and customizable, so organizations can incorporate third-party criteria such as ISO, NIST, or HIPAA privacy and security requirements.

STEVE URSILLO: For AI specifically, SOC 2 should explicitly scope the use of AI in service level commitments to ensure systems operate securely, reliably, and accurately. If an organization relies on AI for core functions, like anomaly detection or fraud monitoring, that should be reflected in the management system description and in the design and operating effectiveness of controls.

STEVE URSILLO: Organizations should document model registries, logs, and monitoring to demonstrate they operate within expected boundaries. Reporting should describe AI purpose, model type, assumptions, data usage, evidence gathering, bias testing, drift monitoring, and any human-in-the-loop processes that support control effectiveness.


LAUREN ROSS: You mentioned AI-specific risks like model bias and drift. Morgan, how can organizations adopt SOC 2 controls to address these risks?


MORGAN HAGUE: SOC 2 is flexible, and there is wide variation between providers. Processing integrity is a primary criterion, and confidentiality extends beyond security. AI presents an opportunity to specify controls in the SOC 2 report that secure AI components and prioritize processing integrity.

MORGAN HAGUE: Practical controls include data validation and data integrity controls beyond traditional processing ecosystems. A model registry is a low-resource control that can be highly beneficial to track model usage, data sources, and authorized access.

MORGAN HAGUE: Organizations should state such controls in the report and perform them appropriately. Emphasizing processing integrity helps address bias and drift by demonstrating a commitment to consistent, accurate model performance.


LAUREN ROSS: Another AI-related standard is ISO 42001, the first AI-specific standard focusing on ethical AI principles, governance, risk assessments, and lifecycle management. Steve, what distinguishes ISO 42001 from traditional security standards like ISO 27001 when it comes to AI governance?


STEVE URSILLO: ISO 27001 focuses on information security and is globally accepted for demonstrating maturity in information security management. AI introduces additional risk beyond information security: ethical, social, operational, and technical risks.

STEVE URSILLO: ISO 42001 is a management system standard specifically designed to govern AI responsibility across its lifecycle. Like other ISO standards, organizations can use the criteria as a benchmark and pursue certification to demonstrate compliance.

STEVE URSILLO: While SOC 2 addresses service level commitments and system-level controls, ISO 27001 safeguards information and data. ISO 42001 focuses on whether AI uses data safely, fairly, and trustworthily. It emphasizes governance, roles for AI risk owners, continuous monitoring, retraining practices, retirement criteria, and model versioning.

STEVE URSILLO: For example, in healthcare, ISO 42001 would emphasize that diagnostic models are accurate, unbiased, explainable, monitored for drift, and retired appropriately. The best programs often combine multiple frameworks to create a robust risk management structure.


LAUREN ROSS: Morgan, how does ISO 42001 operationalize ethical principles in AI development and deployment?


MORGAN HAGUE: ISO 42001 serves as a North Star for organizations entering the AI space. It provides guidance and structure to address ethical and social considerations such as fairness, transparency, and accountability.

MORGAN HAGUE: For many organizations without strong internal AI skill sets, ISO 42001 prescribes a risk-based approach that includes controls around data acquisition, hygiene, transformation, and retraining. These controls help prevent model poisoning, data inversion, and biased outputs that undermine trust.

MORGAN HAGUE: Beyond ethics, these practices mitigate business and liability risks. In sectors like healthcare, biased or inaccurate outputs can cause significant harm and legal exposure, so ISO 42001 helps organizations take a first step to identify and solve these problems.


LAUREN ROSS: How do standards like GDPR and HIPAA intersect with AI compliance, especially in data-intensive use cases?


MORGAN HAGUE: There is considerable overlap. GDPR and the HIPAA Security Rule set baseline privacy and security controls that apply regardless of AI. The critical distinction is how personal data is used in AI systems.

MORGAN HAGUE: Many AI models require large datasets to perform effectively, which increases liability when handling personal or health data. Organizations consuming such data must align AI-specific controls with HIPAA and GDPR requirements, and compliance is not optional if they process personal data.

MORGAN HAGUE: GDPR penalties can be severe, particularly for organizations operating in Europe. AI systems introduce complexities in data pipelines and acquisition, creating more opportunities for failure, so robust assurance and monitoring are essential.


STEVE URSILLO: History repeats itself in security. Organizations must safeguard production data that may include personal identifiers or controlled unclassified information and implement technologies and solutions, such as tokenization, to preserve accuracy while removing identifiers.


MORGAN HAGUE: Tokenization is transformative across industries and worth a deep dive for organizations implementing AI.


LAUREN ROSS: Steve, can you walk us through how NIST's AI Risk Management Framework complements frameworks like ISO 42001?


STEVE URSILLO: Frameworks are often combined. ISO 42001 provides governance with policies, procedures, and lifecycle audit requirements. The NIST AI Risk Management Framework helps stakeholders identify, map, measure, and manage AI risks at a more tactical level.

STEVE URSILLO: NIST's framework functions like a flexible runbook for executing control mitigations based on identified risks. Coupling ISO 42001's governance with NIST's tactical guidance addresses both strategic and operational needs.

STEVE URSILLO: Additional prescriptive resources, such as the OWASP Top 10 for LLMs, provide technical risk guidance similar to OWASP for web applications. Developer practices and secure SDLC processes are critical to deploy AI safely.

STEVE URSILLO: Combining governance, risk management, and prescriptive technical controls allows organizations to govern AI reliably across different stakeholder groups.


LAUREN ROSS: Morgan, you mentioned HITRUST and NIST CSF. What role do HITRUST and NIST CSF play in multi-framework environments?


MORGAN HAGUE: HITRUST and NIST CSF are more agnostic frameworks compared with specific AI standards. Organizations often align with one or the other based on obligations or client requirements.

MORGAN HAGUE: In healthcare, cyber performance goals such as those tied to promoting interoperability have driven interest in NIST CSF because CSF aligns closely with other performance goals. HITRUST is certifiable, which drives organizations to pursue it when required by business commitments.

MORGAN HAGUE: Control harmonization is a major industry trend to reduce audit burden. Toolkits and automation platforms like Drata and Vanta can help map controls across frameworks.

MORGAN HAGUE: If an organization satisfies many underlying controls for ISO 42001 or HITRUST and already follows a framework like NIST CSF, it can cover a large portion of AI-related security and privacy requirements. The delta typically involves bias, data validation, and data integrity, which require additional, AI-specific controls.


LAUREN ROSS: Thank you, Morgan and Steve, for joining me, and thank you all for tuning in to the Risk and Advisory Podcast. Don't forget to subscribe and join us next time as we continue our discussion with Steve and Morgan on the drivers of AI compliance and strategic options.