Policy Pack Builder Tutorial

In this guide, we’ll dive into using the Policy Center’s Policy Pack Builder to develop your own policy packs and modify existing policy packs.

What is a Policy Pack?

A Policy Pack in Credo AI is a set of specic controls designed to address certain risks, comply with regulations or laws, or adhere to best practices related to AI systems. These packs help you manage compliance and risk for your AI Use Cases.

A Policy Pack contains Controls, which are individual actions or measures needed to meet the policy's demands. Each Control consists of specic Requirements that your AI system or model must meet in order to be compliant with that policy.

Access the Policy Center

The Policy Center is where you can view all of the Policy Packs accessible in your tenant. This is also where you can access the Policy Pack Builder.

Note: Policy Pack Builder is only accessible to Admin-level users.

  1. Policy Center: Clicking on the Policy Center icon will bring you to the Policy Center.

  2. Policy Packs: You can view all “Out of the Box” Policy Packs that come with your tenant as

    well as Custom Policy Packs in the Policy Center.

  3. Create a New Policy Pack in the Policy Center.

  4. Custom Policy Pack Filter: You can filter the Policy Pack view to only include Custom Policy Packs created in your tenant.

  5. Draft Policy Packs: View drafts of Custom Policy Packs not yes published in your tenant. This is visible only to Admin level users.

Create a New Policy Pack

Policy Packs in Credo AI enable you to specify the compliance, regulatory needs, best practices, frameworks, or standards you aim to achieve within your AI Use Case. They consist of a set of Controls, each with its own set of Requirements, that guide your team towards responsible AI governance.

Before creating a Policy Pack, it is crucial to have a good understanding of what you aim to achieve. Whether you need to adhere to specic regulations, comply with industry standards, or implement best practices, understanding your objectives will inform your Policy Pack creation.

Once you've dened your needs, you can start creating your Policy Pack. Begin by clicking "+ New Policy Pack,” where you’ll be prompted to provide the following:

● Key: A unique identier for the pack, including the prex of your Credo AI tenant. Note: Once you select a key, you cannot change it.

● Name: A descriptive name for the pack.

After clicking “Submit,” you will be prompted to “Edit Details” to provide “Info” about your Policy Pack:

  • Description: A detailed explanation of the pack's purpose and scope.
  • Icon: A representative icon for the pack (provide a URL)

  • Provider: The organization or individual providing the pack.

  • Contact Email: A contact for queries related to the pack.

  • Effective Date: Optional enacted time for the pack.

Additionally, you can provide the following “Metadata” for your pack, which will help align your pack with relevant Use Cases and inform recommendations:

  • Domains: a particular eld of application or usage of AI and ML systems.

  • Industries: the industry of your organization.

  • Regions: the region where your AI system will be deployed.

    Tags: any additional metadata you would like to include. Add Controls

Add Controls

After providing the basic metadata, you'll start adding Controls. Controls are individual actions or measures needed to be compliant with a policy.

There are two types of controls:

  • Use Case: This means that only one set of evidence for your use case needs to be provided to meet the control.

  • Model: This means that evidence to meet the control must be provided for each model registered as part of a use case.

You can provide the text of your control in the “Description” field.


Each Control consists of Requirements that dictate what evidence or actions are necessary for compliance. Requirements can take several forms:

  • Text: Evidence is submitted as text (Markdown supported).

  • Select: Evidence is a single or multiple selection.

  • File Upload: Evidence is an uploaded le (like a .pdf or image).

  • Metric: Evidence is a particular metric (which can contain an upper and lower threshold).

  • Statistical Test: Evidence is a statistical test.

  • Table: Evidence is a data table.

  • Radio Yes/No: Evidence is a Yes/No selection.

Publish a Policy Pack

Once you have added all desired information, controls, and requirements; you can “Publish” the Policy Pack. Afterward, the Policy Pack will be visible in the Policy Center and able to be applied to your use cases.

If you would like to make edits to your custom Policy Pack, you can click “New Version” after viewing your Policy Pack in the Policy Center.

Duplicate an Existing Policy Pack

If you would like to use an existing Policy Pack as a template for a new custom Policy Pack, you can click “Duplicate” after viewing the desired Policy Pack in the Policy Center. This will lead you through the workflow above for a new Policy Pack with Policy Pack Info, Controls, and Requirements prepopulated with those of your duplicated Policy Pack.

 

You've finished this tutorial!