Triggers & Actions empower organizations to define and automate their AI governance workflows efficiently. We'll explore how you can define triggers to automatically apply governance actions to Use Cases during Intake.
What Are Triggers & Actions?
The Credo AI Governance Platform is designed to support organizations in implementing AI governance at scale. Triggers & Actions are a core component of the Platform that support an organization in defining and automating their desired AI governance workflows.
Adding Triggers & Actions in a Questionnaire
Triggers in the Credo AI Platform are specific answers to Intake Questionnaires that trigger a specific governance action to be applied to a Use Case. For example, if a user answers “Yes” to the Intake Questionnaire question, “Does your Use Case leverage personally identifiable information as an input or output?”, that might be a trigger for the following governance actions to be applied to the Use Case:
- A Privacy risk alert gets added to the Use Case;
- The Privacy Team gets added as a required reviewer of the Use Case;
- The risk scenario, “The Use Case may leak sensitive data,” gets added to the Use Case Risk Plan;
- The mitigating control, “The Use Case must go through a data privacy governance review,” gets added to the Use Case Risk Plan.
Actions, as illustrated by the above example, can include any of the following:
-
- A new question is added to the Intake Questionnaire;
- A Risk Category gets applied to the Use Case;
- A custom Use Case Metadata Field gets updated to a specific value;
- A specific reviewer (individual or team) gets added to the Use Case;
- An alert gets applied to the Use Case;
- A risk scenario automatically gets added to the Use Case Risk Plan;
- A mitigating control automatically gets added to the Use Case Risk Plan (associated with an existing risk scenario, or with an accompanying risk scenario);
- A Policy Pack automatically gets added to the Use Case Compliance Plan.
Triggers and actions are visible from the Review screen and the Use Case Overview, where triggered alerts and governance requirements will be displayed in the “Governance Plan” of the Use Case.
How can I use Triggers & Actions to define custom AI governance workflows?
Triggers and actions allow you to automatically apply governance requirements to a Use Case based on the information provided during intake, so you can automate custom governance workflows to ensure the right level of oversight for every single AI system in your organization.
You can manage Triggers & Actions from the Policy Center. There are two ways to manage triggers & actions: from the Questionnaires tab (for single-question triggers only), or from the Triggers & Actions tab (for single- and multi-question triggers).
Managing Single-Question Triggers & Actions from the Questionnaire Editing View
From the Questionnaire screen, simply click into the Intake Questionnaire for which you want to add Triggers and Actions. From the Questionnaire detail screen, you can see if there are any triggers that have already been defined.
You can edit triggers and actions from this view directly, or you can also edit triggers and actions from the Questionnaire editor.
Click Edit Questions from the Questionnaire detail screen. Click the pencil icon next to the question that you want to add a trigger to; and click Add Trigger.
You are able to add all action types to triggers that are single- or multi-select questions. If a question is a free text type question or a date-type question, you only have the ability to trigger actions to add a visual alert or set a custom metadata field.
For each trigger you add to a question, you’ll be asked to provide a description of the trigger, and to select the answer option that you would like to be the trigger. Click “Update” to add your trigger.
Then you’ll be able to click Add Action to Trigger to define the specific workflow action that should be applied to the Use Case when the trigger is triggered. You will then select the action type that should be triggered (selecting from the available list), provide an alert description that will be displayed to the user in the “Alerts” section of the Use Case. Then, depending on what action type you selected, you’ll need to define exactly what that action is—whether it’s the specific reviewer that should be added to the Use Case, the Risk Category that should be applied, the Risk Scenario that should be applied, etc.
Managing Single- and Multi-Question Triggers & Actions from the Questionnaire Editing View
Click “New Trigger.”
For the trigger type, select “Questionnaire Evidence Updated” to create a single-question trigger, then select the questionnaire that contains the question you’d like to be a trigger. Then, create the trigger just as you would from the Questionnaire tab.
If you want to create a multi-question trigger, then select “Multi-Trigger” for the trigger type. Add a name and description to your trigger, and then click “Create.”
You can then add as many triggers—from multiple questions and questionnaires—as you want to the trigger, along with the resulting actions. For example, you could set up a trigger that changes the Use Case risk category to “High” if the answer to the question, “Does the Use Case use LLMs?” is “Yes,” and the answer to, “Will the Use Case be customer-facing?” is also “Yes.”
Trigger & Action Alerts
Users will be able to see the description of the trigger and action from the Use Case Review screen and the Overview, summarized as Alerts; so you should aim to make the descriptions of your triggers and actions meaningful to users who are looking at these screens.
Credo AI’s out-of-the-box intake questionnaires come pre-configured with relevant triggers and actions. As part of the configuration of your Credo AI Platform to meet your organization’s needs, the Credo AI team will help you define the Triggers & Actions that are aligned with your ideal governance workflow(s).
Reverting Triggers & Actions
Sometimes, users change their answers to questions that fire automation. When those answers change, the system will revert the automation. As of Q4 2024 the following triggered actions currently reverted if a user changes their answer to the triggering intake question:
- Revert triggered reviewers
- Unless the reviewers added through automation have already left a review, that reviewer will be removed from the use case
- Revert triggered risk scenario
- Unless a user has begun working on the risk scenario, the risk scenario will be removed
- Revert triggered policy packs
- Unless a user has begun working on the policy pack, the policy pack will be removed
- Revert standalone controls
- Unless a user has begun working on the standalone control, the control will be removed
- Revert hidden questions
Editing Triggers & Actions on Questionnaires That Are Already Applied to Use Cases
Editing triggers & actions on questionnaires that have already been applied to Use Cases can sometimes result in instability. The most reliable way to make updates to triggers & actions on Use Cases that already have had the questionnaire applied to them is to create a new questionnaire with the updated triggers & actions, and apply that to the existing Use Cases.
We are planning to address this gap as part of improvements to triggers and actions planned in Q4 2024.