Who is responsible for tracking stakeholder concerns and communicating how any changes in the system or its operational context may affect them?
What is the process for flagging concerns or incidents and who is responsible for triaging these?
Impacts Tracking and Assessment
Who is responsible for tracking progress on the Statements of Concern?
Who is responsible for continuous harms monitoring and evaluation?
Who is responsible for evaluating tradeoffs?
System Misuse and Robustness
Have you created a plan to prevent the intentional or unintentional manipulation of data or model outputs and identified who is responsible for implementing this plan?
Who is testing how the system can be misused (unintentionally or intentionally) in ways that result in harm or impediments to mission success?
Who is monitoring for system misuse?
Who is testing the system for possible adversarial attacks?
Who is monitoring the threat landscape and providing mitigations?
Who is responsible for assessing and monitoring the integrity of the hardware?
Who is responsible for assessing and monitoring the integrity of the infrastructure and architecture?
Who is responsible for monitoring degradation in the abilities of the operational users?
Who has access to the data?
Who has access to the models?
Who is responsible for managing access controls/permissions?
Who is responsible for assessing and monitoring the integrity of the data/models?
Who has root access and how are permissions for root access managed?
System Monitoring and Auditing
Have you defined procedures and reporting processes for system performance and post deployment monitoring, and identified who is responsible for implementing these procedures? Define these standard operating procedures:
Reporting and addressing undesirable system behavior
Have you defined and assigned roles/positions for government and /or third-party system audits? Explain your approach.
Deployment Context Monitoring
Who on your team is tracking changes to deployment context over time?
Error and Incident Response
What is the process for reacting when error modes are discovered? Who is involved in addressing errors?
What are your rollback procedures? Who makes the decision (and in the event it’s an edge case)?
Who decides when to deactivate the system?
What types of situations will drive your team to downversion? Who makes that decision?
What types of situations will drive your team to eclipse the system? Who makes that decision?
What is the process for deciding when to retrain or upversion a model and who is responsible for that decision?
Is there a specific person (or role) designated to make, track, monitor, and certify changes to the system while in development?
Does that person (or role) have the requisite authority to assess changes, and, if necessary, authorize and execute corrective actions when needed?
Does that person (or role) have full visibility (administrator privileges) on the system inputs, outputs, and evaluation metrics used to track and monitor the system during development?
Has that person (or role) developed procedures that ensure system continuity if they are replaced?
Who is responsible for monitoring emerging capabilities that could augment and improve the system?
What is the process for deciding when to sunset a system, and who is responsible for that decision?
Verifying System Outputs
Have you developed an appropriate plan/interface to verify individual outputs of the system? Explain your plan.
Accountability Flows for Use
Have accountability flows for operational commanders and operational users been established?