Different industries have different regulatory requirements and risk profiles. The framework should provide industry-specific guidance.
Proposed profiles
Financial Services
- SOX, PCI-DSS, and FFIEC alignment
- Focus on data leakage prevention and audit logging
- Emphasis on model risk management (SR 11-7 alignment)
Healthcare
- HIPAA alignment for AI systems handling PHI
- FDA guidance on AI/ML-based SaMD
- Patient safety considerations for clinical AI
Government / Public Sector
- FedRAMP considerations
- NIST SP 800-53 control mapping
- Sovereign AI requirements
Format
Each profile should include:
- Mandatory controls for the industry
- Recommended control priority order
- Regulatory mapping table
- Industry-specific implementation notes
Different industries have different regulatory requirements and risk profiles. The framework should provide industry-specific guidance.
Proposed profiles
Financial Services
Healthcare
Government / Public Sector
Format
Each profile should include: