GOVERN Function

The GOVERN function is a cross-cutting function in the NIST AI Risk Management Framework that cultivates and implements a culture of risk management within organizations. It provides the foundational governance structure that enables and informs the other three functions: MAP Function, MEASURE Function, and MANAGE Function.

Key Categories:

GOVERN 1: Policies, processes, procedures, and practices for AI risk management are in place, transparent, and implemented effectively.

GOVERN 2: Accountability structures ensure appropriate teams and individuals are empowered, responsible, and trained for AI risk management.

GOVERN 3: Workforce diversity, equity, inclusion, and accessibility processes are prioritized throughout the AI risk management lifecycle.

GOVERN 4: Organizational teams are committed to a culture that considers and communicates AI risk.

GOVERN 5: Processes are in place for robust engagement with relevant AI actors.

GOVERN 6: Policies and procedures address AI risks from third-party software, data, and supply chain issues.

The GOVERN function emphasizes the importance of senior leadership commitment, diverse teams, transparent documentation, and integration with broader enterprise risk management. It establishes the organizational foundation necessary for effective AI risk management and must be maintained continuously as AI systems, contexts, and risks evolve.