MANAGE Function

The MANAGE function in the NIST AI Risk Management Framework allocates risk resources to mapped and measured risks on a regular basis. It develops and implements risk treatment plans based on information gathered from the MAP Function and MEASURE Function.

Key Categories:

MANAGE 1: AI risks are prioritized, responded to, and managed based on assessments from MAP and MEASURE functions.

MANAGE 2: Strategies to maximize AI benefits and minimize negative impacts are planned, implemented, and documented with input from relevant AI actors.

MANAGE 3: AI risks and benefits from third-party entities are managed through regular monitoring and risk controls.

MANAGE 4: Risk treatments, including response and recovery plans, are documented and monitored regularly.

The MANAGE function includes:

• Risk Response Options: Mitigating, transferring, avoiding, or accepting risks
• Go/No-Go Decisions: Determining whether AI system development or deployment should proceed
• Incident Response: Procedures for responding to and recovering from unknown risks
• System Deactivation: Mechanisms to supersede or deactivate systems with inconsistent performance
• Continuous Improvement: Regular engagement with stakeholders and system updates
• Communication Plans: Processes for communicating incidents and errors to relevant parties

Effective management requires ongoing resource allocation based on risk prioritization, consideration of non-AI alternatives, and maintenance of deployed systems. The function emphasizes documentation of residual risks for downstream users and affected communities.

Management activities must be sustained throughout the AI lifecycle and adapted as methods, contexts, risks, and stakeholder expectations evolve.