Credo AI's glossary for key terms and concepts related to AI governance, risk, and compliance.
AI Use Case | A product, project, or application that can contdain multiple AI/ML Models, deployed in a specific context (i.e. region, domain, industry, etc.) |
Model | An individual AI or machine learning model. |
Use Case Owner | The Credo AI user who registered an AI Use Case becomes its Owner and has permission to make changes to the AI Use Case metadata fields and add Models to the AI Use Case. The original Owner can also add other stakeholders as Owners. |
Use Case Contributor | Use Case Contributors are added to a Use Case and have limited permissions to make changes to the Use Case metadata and to provide answers or evidence against questions and controls that they have been assigned. |
Model Owner | The Credo AI user who creates an AI Model becomes its Owner and has permission to make changes to the Model Overview, add Model Stage evidence, assign tasks within Model Stages, add Contributors to Model Stages and other Owners, and Request Approval of Model Stages. |
Domain | A default Use Case metadata field. The broad category of AI application (i.e. credit risk prediction; facial recognition; external chatbot; etc.). AI Use Cases can have multiple domains. Domains power recommendations of relevant risk scenarios and Policy Packs. |
Region | A default Use Case metadata field. The deployment region of the Use Case; a Use Case can have multiple deployment regions. Region powers recommendations for relevant Policy Packs. |
Industry | A default Use Case metadata field. The industry of the Use Case; a Use Case can have multiple industries. Industry powers recommendations for relevant Policy Packs. |
AI Type | A default Use Case metadata field. Defines the type of AI (traditional machine learning or generative AI) included in the Use Case. AI Type powers recommendations for relevant risk scenarios and Policy Packs. |
Use Case Description | A text field to provide details and context about the AI Use Case. |
Governance Status: Intake | When the Use Case Governance Status is "Intake," the Use Case is going through the initial governance step of defining a governance plan based on information about the Use Case. While a Use Case is in Intake, non-admin users have limited permissions to interact with the Use Case Governance Plan; non-admin users can only interact with the Use Case Intake Questionnaire and the Review screens during Intake. |
Governance Status: Governance | When a Use Case Governance Status is "Governance," the Use Case is actively being governed to manage risk and ensure compliance. The Use Case Governance Plan can be assigned to different stakeholders during governance, and they can provide evidence against those assigned controls. |
Governance Plan | The Governance Plan is the list of governance requirements that a Use Case must meet, including the Risk Plan—the specific risks that must be mitigated—and the Compliance Plan—the specific laws, regulations, standards, and internal company policies that the Use Case must be compliant with. |
Intake Questionnaires | Intake Questionnaires are used in Credo AI to collect information about where, how, and why an AI Use Case is going to be deployed. Intake Questionnaires are customizable and consist of questions, which expect certain answer values (yes/no, multi-select, free text). |
Triggers | Each question in an Intake Questionnaire can have associated triggers, which automate certain governance actions based on the answer provided. |
Actions | The governance actions (e.g. add reviewer, change risk category, apply Policy Pack) that automatically get applied to a Use Case when a certain trigger is met. |
Review | A step in the governance process where the Use Case Governance Plan, including governance requirements and any provided evidence and documentation against those requirements, is evaluated by assigned reviewers. |
Feedback & Signoffs | The ability for reviewers to provide feedback and signoff on steps in the review process. |
Approve Review | A possible review decision to approve the Use Case Governance Plan, allowing the Use Case to proceed. |
Reject Review | A possible review decision to reject the Use Case Governance Plan, blocking the Use Case from proceeding. |
Request Changes | A possible review decision to request changes to the Use Case Governance Plan before approval. |
Review Final Decision | The final determination made by reviewers on whether to approve or reject a review. |
Close Review | An action to complete the review process after a final decision is made. |
Final Signoff | The final step of signing off on a completed governance process for a Use Case or Model. |
Risk Plan | Part of the Governance Plan, the Risk Plan identifies the specific AI risks that must be mitigated for the Use Case. |
Risk Category | The different levels or "buckets" that an organization uses to categorize its AI Use Cases based on risk; for example, "High", "Medium," and "Low"; or "Tier 1," "Tier 2," and "Tier 3." The Risk Category of an AI Use Case is inherent based on information about where, how, and why the AI Use Case will be deployed, and Risk Categories are completely customizable in the Credo AI Platform to support any custom risk taxonomy that an organization wants to use. |
Risk Type | A grouping of related risk scenarios (e.g. Fairness & Bias, Robustness & Performance, Transparency, Legal, etc.) |
Risk Scenario | High-level AI/ML risk that an organization wants to avoid (e.g. "The AI Use Case may be biased against underrepresented groups"). |
Inherent Risk | The initial risk level of an individual risk scenario before any mitigating controls are applied. |
Residual Risk | The risk level of an individual risk scenario remaining after mitigating controls have been applied. |
Mitigation Control | Actions taken to reduce or mitigate an identified risk scenario. |
Compliance Plan | Part of the Governance Plan, the Compliance Plan lists the laws, regulations, standards and policies the Use Case must comply with. |
Policy Pack | A collection of policies and controls related to a specific regulation |
Policy Pack Control | An individual control requirement from a Policy Pack that must be met. |
Evidence Requirement | Documentation or artifacts required to demonstrate compliance with a control. |
Control Docs | Documents or files uploaded as evidence for a control requirement. |
Audit Trail | A log of all actions and changes made related to a Use Case or Model's governance process. |
Reports | Use Case-level reports generated to summarize governance review |
Risk Report | A report showing the identified risks and their mitigation status for a Use Case and its associated Models. |
Compliance Report | A report showing the compliance status against applicable policies and regulations. |
Policy Pack Reports | Reports specific to a Policy Pack showing compliance with those requirements. |
Attestation | Formal certification or sign-off that governance requirements have been completed satisfactorily. |
Task | A to-do action item within Credo AI. Two main types are "Add Evidence" and "Review Requested". |
Mark As Complete | Indication by a user assigned a task that the task requirements have been completed. |
Admin | Admin is a product-level user role. Admin users have full access to read/write any AI Use Case or Model within Credo AI, and they have permission to change the product-level permissions of any other Credo AI user. |
User | User is a product-level user role. User users have access only to the AI Use Cases and Models that they are owners or contributors on in the AI Registry, and they do not have permissions to make changes to their organization's Governance Center or Credo AI tenant configuration. |
Team | A group of Credo AI users that can be assigned tasks. When a Team is assigned a task, anyone on that team can complete the task. |
Vendors | External third-party AI vendors that provide models or services incorporated into an organization's AI Use Cases. |
Dashboard | The main landing screen in Credo AI providing an overview of governance status and metrics. |
Governance Center |
The area in Credo AI where an organization's governance framework is defined, including risk categories, intake questionnaires, triggers and actions, Policy Packs, and other governance assets. |