[FINOS Community] AI Governance Framework v1 Released

['Colin Eberhardt (He/Him)' via FINOS Announcements]

Hi All,

Over the past few months we have made amazing progress on the AI Governance Framework (AIGF). I am happy to announce that the v1 release is live: 

https://air-governance-framework.finos.org/

This framework was developed by a sub-group of the AI Readiness SIG. We have a total of 34 documented risks and mitigations. That's 2,569 lines of text  and 33,827 words. An amazing effort.

We have mappings to seven different external references:

• OWASP LLM Top 10
• OWASP Machine Learning Security Top 10
• FFIEC
• EU AI Act
• ISO42001
• NIST Trustworthy and Responsible AI (NIST AI 600-1)
• NIST Special Publication 800-53

Which far exceeds are earlier goal to map to just NIST and OWASP. 

A big thank-you to all the recent contributors. Well done all.

So, what's next?

• A closer collaboration with Common Cloud Controls, to make it easier to provably implement AI controls
• An exploration of further "AI Readiness" issues. We have a governance framework that helps ease adoption, what AI challenges do we want to tackle next? (there are more than enough of them)
• Create a reference implementation of an AI system, with AIGF controls.
• Explore how the AIGF needs to evolve to tackle the growing challenges of Agentic AI.
• And more ... this is open source ... your ideas and creativity are critical

Call to action:

• Take a look at the AIGF, if you like it, give it a try within your organisation (I'd be happy to discuss and assist).
• At the very least give the repo a star!
• Join the AI Readiness SIG, to tackle AI challenges

Regards, Colin E.

The contents of this email and any attachments are intended solely for the addressee and may contain confidential or legally privileged information. If you have received this message in error, please send it back to us, and immediately and permanently delete it. The information may not be used or disclosed except for the purpose for which it has been sent.

Email is susceptible to data corruption, interception, unauthorised amendment, viruses, and unforeseen delays. Although Scott Logic Limited has taken reasonable precautions to avoid these situations, it cannot accept responsibility for any loss or damage sustained as a result of any of these actions and the recipient must ensure that the email (and attachments) are virus-free.

Please note, that we do not accept notification of changes to bank account details by email. This applies to notifications from or to us.

Scott Logic Limited is a limited company registered in England and Wales with registration number 05377430. Registered office address: 6th Floor, The Lumen, St James Boulevard, Newcastle Helix, Newcastle upon Tyne, NE4 5BZ . Our VAT number is 866 1051 30.

--
--
To unsubscribe from this group, send email to community+...@finos.org
View this message at https://groups.google.com/a/finos.org/d/msg/community/topic-id/message-id
 
Stay informed on the latest updates from FINOS, including the FINOS newsletter and notifications of upcoming FINOS events - see www.finos.org/sign-up

[Rob Moffat]

Hi Colin,

This is incredible work.  We’re closely following what you’re doing over on the ccc project.  Is there a machine readable or PDF version of this?  That would be super handy during our workshop next week so that we have a fixed version to work off -after all,  I imagine the website will be seeing plenty of future revisions

Thanks,

Rob

On 21 Jun 2025, at 18:15, 'Colin Eberhardt (He/Him)' via FINOS Announcements <anno...@finos.org> wrote:



--
You received this message because you are subscribed to the Google Groups "General List for Symphony related projects" group.
To unsubscribe from this group and stop receiving emails from it, send an email to symphony+u...@finos.org.
To view this discussion visit https://groups.google.com/a/finos.org/d/msgid/symphony/VI1PR09MB36158AF87FA36A3BED05227CBC7FA%40VI1PR09MB3615.eurprd09.prod.outlook.com.

['Mike Long' via FINOS Announcements]

Hi Colin,

Echoing Rob, this is a great effort - well done to everyone involved.  We are also working on a related effort in the DevOps Automation SIG to create a similar project for SDLC controls definitions.  It seems likely that CCC, AI, and SDLC can learn a lot from each other.  Looking forward to hear more about this at the conference....

Best regards,

Mike

Mike Long CEO Kosli

You received this message because you are subscribed to the Google Groups "FINOS members (Private)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to member-privat...@finos.org.
To view this discussion visit https://groups.google.com/a/finos.org/d/msgid/member-private/BF7A0EFD-FD44-490A-A8EB-A64C54F5CA6C%40kite9.com.

[Gabriele Columbro]

Super proud of what this group achieved in less than 1 year from the open sourcing of the AI Readiness SIG!

And just to add to the suspense for OSFF, we’ll be making a big announcement related to AIGF and CCC! So don’t miss it if you are in London :)

Mike, I heard about that related effort - and I would even throw Calm (calm.finos.org) in the mix as part of this cluster of projects - if needed, and when it’s the right time, I’m sure the TOC would love to explore synergies as how projects relate and can build on each others!

Gab

-- 
Executive Director, FINOS
twitter: @mindthegabz | blog: finos.org/blog

“Keyboard not found. Press F1 to continue"

To view this discussion visit https://groups.google.com/a/finos.org/d/msgid/member-private/CAPYF6aVLfDG-vN1jXDyjncph%3D%3DtX39O6sea%3DH3a0w4CpCTtBzA%40mail.gmail.com.