The Gold Standard for Responsible AI Governance & Superintelligence Development Life Cycle SOPs

AI-IRB Gated AI-SDLC
Sample SOP

There's 40 more where this came from...

Practical Gated Process Implementation Procedures

Engineered to exceed typical AI governance checklists.

We are the AI-SDLC Institute: a network of AI thought leaders, practitioners, and executives setting the

Global Standard for AI governance, risk management, and superintelligence readiness.

AI-SDLC_SOP-1000-01:

AI-Integrated Program and Project Management

AI-SDLC_SOP-1000-01: AI-Integrated Program and Project Management

SOP ID: 1000-01-AI

Title: AI-Integrated Program and Project Management (AI-SDLC)

Version: 1.0

Effective Date: 2025-01-28

Previous Version: None

Reason for Update: Initial AI-Integrated SOP incorporating AI-IRB regulatory requirements.

Owner: Chief Technology Officer (CTO) and AI Program Management Office (AI-PMO)

1. Objective

This SOP defines the Program and Project Management framework for AI-Integrated Systems Development Life Cycle (AI-SDLC) at Horizon. It includes processes for engaging the AI Institutional Review Board (AI-IRB) when a project involves regulated -AI components or high-risk AI features.

The objective is to ensure:

Compliance with relevant AI governance, ethical guidelines, and regulatory standards (including AI-IRB).
Efficiency in delivering AI-enabled products or services, balancing scope, cost, and schedule constraints.

Quality in design, documentation, and rollout of new or enhanced functionalities that incorporate AI or ML (machine learning) modules.
Traceability from initial business need through final deployment and post-implementation review.

2. Scope

This SOP covers all AI-related program and project management activities under the AI-SDLC umbrella, including:

Initiation: AI concept approval, preliminary AI risk analysis, scoping.
Planning: Resource estimation, risk planning, integration with AI-IRB gating if needed.
Execution & Monitoring: Development, QA oversight, schedule control, risk management, AI-IRB review(s).
Close-out: Transition to production (or controlled rollout), sign-off, post-implementation reviews.

It applies to all Horizon teams: Product Development, AI-PMO, Engineering (Development, QA, Ops), Technical Support, and any external or contract resources.

3. Definitions

Term - Definition

AI-IRB

AI Institutional Review Board, a governance body ensuring ethical and compliant oversight of AI modules, focusing on risk, bias, and regulatory compliance.

AI-SDLC

AI-Integrated Systems Development Life Cycle, a methodology that extends classical SDLC with specialized AI design, model governance, ethics, and monitoring controls.

Program

A collection of AI-related projects that share dependencies, resources, or strategic goals.

Project

A temporary endeavor to create or enhance AI-driven products/services with a defined scope, time, and cost constraints.

Gate (Business Gate)

A defined checkpoint in the AI-SDLC that requires specific deliverables to be approved before proceeding. Example: Gate 10 (Requirements Lock-Down), Gate 6 (Project Lock-Down), Gate 0 (General Availability).

Deliverable

Any project output requiring formal review/approval (e.g., AI risk assessment, system design, code modules, test results, AI model performance metrics).

Performing Organization

Typically the Engineering Department (Development, QA, Ops, AI specialists).

Contracting Organization

Typically the Product/Technical Support groups or external clients who define requirements and accept deliverables.

4. Roles and Responsibilities

Role - Responsibilities

Senior Management

- Establishes overall AI strategy and R&D budget.

- Commissions new AI projects; appoints AI Project Sponsors.

- Provides final decisions for resource trade-offs.

AI-IRB

- Evaluates high-risk AI designs/changes for ethical, legal, and regulatory compliance.

- Issues formal approval or requests rework for AI modules prior to release.

Project Sponsor

- Champions the AI-related project from concept to closure.

- Escalates issues to Senior Management.

- Final authority on scope changes, cost, schedule trade-offs for the project.

AI-PMO

- Oversees the consolidated portfolio of AI-centric projects.

- Tracks cross-project dependencies, resource conflicts.

- Issues periodic status to Senior Management; ensures common standards, policies, and reporting.

Product Manager

- Defines the business requirements for AI features.

- Aligns AI solutions to strategic goals; consults with AI-IRB if risk classification is uncertain.

- Coordinates user acceptance criteria with QA & end-users.

Program Manager

- Manages day-to-day tasks across multiple AI projects under a single program.

- Ensures gating deliverables are completed; organizes reviews with AI-IRB, QA, and other stakeholders.

- Coordinates risk management activities.

Project Manager

- Single project focus: planning, scheduling, budget management.

- Coordinates tasks among development, QA, AI-IRB, and operations.

- Maintains project documentation, issue logs, change requests.

Development

- Implements AI system features and code changes.

- Provides estimates, tracks actuals vs. estimates.

- Submits technical design docs and code to QA & AI-IRB as necessary.

Quality Assurance (QA)

- Defines test strategies for AI systems (functionality, data bias, model performance, ethics compliance).

- Approves system readiness at each gate; logs defects.

- Coordinates with AI-IRB on measuring AI compliance.

Operations

- Provides infrastructure for AI model deployment, environment provisioning, version control, site monitoring.

- Executes deployment steps in production.

Technical Support

- Acts as service organization and possibly training group.

- Provides first-level support for AI product usage after deployment.

5. Procedure Activities

Below are the core phases of AI-SDLC in the context of Program/Project Management.

Note: This SOP references major gates: G-12 → G-10 → G-6 → G-4 → G-2 → G-0.

5.1. Project Initiation (G-12 to G-10)

AI Concept & Risk Preliminary Assessment:

Owner: Project Sponsor, with AI-IRB consultation if the AI use case is classified as high risk.

Output: Initial scope, risk classification, resource estimates.

Define Business Requirements:

Owner: Product Manager.

Output: Business Requirements Document (BRD) capturing high-level AI functionality, success metrics, regulatory constraints.

AI-IRB Consultation (as needed):

Trigger: If the BRD indicates potential high-risk AI or personal data usage.

Outcome: Possibly proceed with standard or expedited AI-IRB gating, or reduce scope.

Gate 10: Requirements Lock-Down

Deliverables: Final BRD, Project Resource Plan, AI Risk Statement.

Approval: Governance, AI-IRB (if triggered).

5.2. Planning & Definition (G-10 to G-6)

Refine Project Plan

Owner: Project Manager, with input from AI-PMO, Development, QA, Ops.

Activities: Detailed schedule, final budget, risk plan, and AI model governance approach.

System Requirements

Owner: Development & QA in close collaboration.

Key Components: AI data pipeline design, user acceptance criteria, performance constraints.

Quality Plan

Owner: QA.

Activities: Incorporates model validation strategy, bias detection procedures, specialized AI test cases.

Gate 6: Project Lock-Down

Deliverables: Project Plan, Final System Requirements, AI Quality Plan.

Approval: Sponsor, AI-IRB, Program Manager.

5.3. Development & Validation (G-6 to G-4)

Technical Design & Implementation

Owner: Development.

Tasks: Code AI modules, follow coding standards, integration with data sources, unit tests.

Integration Testing & Model Tuning

Owner: QA & Development.

Scope: Check end-to-end workflows, data throughput, inference accuracy.

Defects: Logged in SQA Manager; must fix or address.

Gate 4: Begin Validation

Deliverables: Completed integration test results, model performance metrics, updated documentation.

Approval: QA, AI-IRB (for final pre-production clearance if major AI changes).

5.4. System Test & UAT (G-4 to G-2)

System (QA) Testing

Owner: QA.

Activities: Functional, regression, stress, security checks, compliance with AI-IRB guidelines.

Outcome: Sign-off if test coverage meets acceptance criteria.

User Acceptance Test (UAT)

Owner: Product Manager & End-Users.

Focus: Confirm solution meets business needs, user interface usability, data correctness.

Fix Defects

Owner: Development, iteration with QA.

Tools: SQA Manager for logging/tracking.

Gate 2: Begin FOA / Beta

Deliverables: UAT sign-off, final test coverage metrics, final readiness.

5.5. FOA/Beta & Deployment (G-2 to G-0)

FOA/Beta

Owner: Contracting Organization, with Dev & QA support.

Scope: Early real-world usage, gather feedback, confirm model performance.

Training & Documentation

Owner: Technical Support.

Deliverables: Final user manuals, training sessions for staff or clients.

Deployment

Owner: Operations.

Activities: Production environment setup, final model push, version control, release notes.

Gate 0: General Availability

Deliverables: Production Release, sign-off from Sponsor, AI-IRB (if required).

5.6. Post Implementation Review

Collect Post-Deployment Data

Owner: QA & Product Manager.

Data Points: AI model usage, performance metrics, error logs, user feedback.

Lessons Learned

Owner: Program Manager.

Method: Conduct a formal post-implementation session, document improvement points, provide feedback to AI-SDLC process.

Close-Out

Owner: Project Manager.

Outcome: Officially close project, archive documents, transition ongoing ops to Tech Support.

6. Forms

(None introduced in this SOP)

Refer to other AI-SDLC SOPs for forms such as Change Request, Production Defect, or Release Planning forms.

7. Exemptions

If an AI-based project is low-risk (as determined by initial AI-IRB consultation), some gates or deliverables may be streamlined or waived, provided that* the final documentation clearly states the justification.

Projects solely with classical software changes (no AI component) may not require AI-IRB gating.

For strictly internal R&D or lab prototypes, standard gating may be replaced by a minimal gate approach if the Project Sponsor and AI-IRB confirm no external user or regulated data is involved.

8. Tools/Software/Technology

SQA Manager: For defect tracking.

Project Management Software: (e.g., Jira, Microsoft Project, or Asana) for tasks, scheduling, resource planning.

Version Control: Git, ClearCase, or other, for code and documentation.

Collaboration: Confluence, Teams, or Slack, for knowledge sharing, updates.

9. References

SOP 1005: Release Planning

SOP 1040: Requirements Definition

SOP 1041: Detail Design

SOP 1101: Training and Documentation

SOP 1200: Development

SOP 1210: Quality Function

SOP 1220: Deployment

10. Revision History

Version

Date

Description

Approved By

1.0

2025-01-28

Initial AI-Integrated SOP w/ AI-IRB compliance references.

CTO, AI-PMO

11. Approvals

Name/Title - Signature - Date

Chief Technology Officer

(digital or ink)

AI-PMO Director

(digital or ink)

Head of AI-IRB

(digital or ink)

END OF SOP 1000-01-AI

Note: This SOP becomes effective upon the date of the final signature and must be used in conjunction with all relevant AI-SDLC procedures.

AI-SDLC-SOP-1000-01-AI UML DIAGRAM

SOP-1000-01-AI PlantUML Diagram Code

UML Diagram Description:

The diagram shows each major role as a swim lane.

It walks through the AI-SDLC program/project management stages, from initiation (where Senior Management commissions an AI project) through requirements gathering, AI-IRB consultation if high-risk AI is identified, formal gates (G-10, G-6, G-4, G-2, G-0), development and testing stages, final deployment, and post-implementation review. Decision points (notably around AI-IRB if the project is high risk, and during UAT and test defect fixes) are shown with if/else paths. The final stage is the project close-out and post-implementation review.

@startuml

skinparam sequenceParticipant underline false

skinparam participantBorderColor #000000

skinparam participantBackgroundColor #DDDDDD

skinparam participantFontColor #000000

skinparam sequenceArrowColor #000000

skinparam sequenceBoxBackgroundColor #EEEEEE

title AI-SDLC Program/Project Management Flow

actor "Senior Management" as SM

participant "AI-IRB" as IRB

participant "Project Sponsor" as PS

participant "AI-PMO" as APMO

participant "Product Manager" as ProdM

participant "Program Manager" as PrgM

participant "Project Manager" as PJM

participant "Development" as Dev

participant "Quality Assurance" as QA

participant "Operations" as Ops

participant "Tech Support" as TS

== Project Initiation (G-12 to G-10) ==

SM -> PS: Commission AI project, name Project Sponsor

PS -> ProdM: Request preliminary business requirements

ProdM -> PS: Provide business requirements draft

PS -> IRB: if (High-Risk AI?) then consult AI-IRB

activate IRB

IRB -> PS: Provide guidance/approval or reduce scope

deactivate IRB

PS -> APMO: Summarize scope, cost, schedule

APMO -> PJM: Provide resources/funding guidelines

== Gate 10: Requirements Lock-Down ==

PJM -> QA: Review final business requirements

QA -> PJM: Approve or request changes

SM -> PS: Final sign-off on scope

PS -> PrgM: Confirm move to planning

== Planning & Definition (G-10 to G-6) ==

PJM -> Dev: Gather system requirements

Dev -> QA: Share system requirements for feedback

QA -> PJM: Provide quality plan input

Ops -> PJM: Provide environment/infrastructure details

PJM -> IRB: if (Revised AI scope) then IRB review

IRB -> PJM: OK or rework

PJM -> PS: Summarize final plan, schedule, cost

== Gate 6: Project Lock-Down ==

PS -> SM: Approve overall plan

SM -> PS: Proceed with development

== Development & Validation (G-6 to G-4) ==

Dev -> Dev: Code & unit test AI modules

Dev -> QA: Turn over to QA for integration test

QA -> Dev: if (Defects) then fix

note over Dev: Repeat until integration is stable

end note

== Gate 4: Begin Validation ==

QA -> PS: Approve readiness for system test

PS -> PrgM: Accept move to system test

== System Test & UAT (G-4 to G-2) ==

QA -> Dev: Perform system test

QA -> Dev: Log defects, retest fixes

Dev -> QA: Provide fixed builds

note over QA: Once tests pass, or partial pass

end note

ProdM -> TS: Prepare user acceptance test plan

TS -> ProdM: Execute UAT with end-users

TS -> Dev: if (UAT defects) fix

note over Dev: Cycle until UAT passes

end note

== Gate 2: Begin FOA/Beta ==

ProdM -> TS: Deploy pilot version

TS -> ProdM: Evaluate user feedback

== FOA/Beta & Deployment (G-2 to G-0) ==

Dev -> Ops: Provide final build

Ops -> TS: if (Training needed) deliver training

TS -> QA: Final checks

QA -> PS: Confirm final readiness

== Gate 0: General Availability ==

PS -> SM: Approve production rollout

Ops -> All: Deploy to production environment

All -> PJM: Project close-out

PJM -> QA: Initiate post-implementation review

== Post Implementation ==

QA -> APMO: Gather lessons learned, finalize

APMO -> IRB: if (Ethics improvements) track for next cycle

@enduml

SOP Library Also Includes 40 More SOPs

Comprehensive SOP List: AI-IRB Governed AI-SDLC

SOP-1000-01-AI: AI-Integrated Program/Project Management

Purpose: Defines how program and project management activities integrate AI-IRB touchpoints, ensuring alignment with AI ethics, regulatory compliance, and stakeholder requirements.

Key Points:

Clarifies roles and responsibilities for AI-related tasks.

Describes program charter creation, milestone tracking, risk management.

Establishes processes for obtaining AI-IRB approvals at critical points.

SOP-1001-01-AI: Document Governance and AI-IRB Compliance

Purpose: Governs the creation, review, revision, and archiving of documents, ensuring AI-IRB compliance and alignment with regulatory requirements.

Key Points:

Document control procedures (versioning, approval matrix).

AI-IRB mandated sign-offs for changes.

Secure document repository and retention rules.

SOP-1002-01-AI: Capacity Management (AI-Integrated)

Purpose: Outlines methods to forecast, allocate, and manage compute and data capacity for AI solutions, factoring in ML model training and inference workloads.

Key Points:

Resource usage tracking for training/inference.

Monitoring of AI load to ensure system reliability.

Threshold-based triggers for additional resources.

SOP-1003-01-AI: Configuration Management

Purpose: Ensures consistent configuration of AI system components (models, data pipelines, supporting infrastructure).

Key Points:

Baseline tracking of model versions, datasets, dependencies.

Version control guidelines for code, AI model artifacts.

Procedures for controlled changes and rollbacks.

SOP-1004-01-AI: Procurement and Purchasing for AI-Enabled Systems

Purpose: Standardizes the acquisition process for AI hardware, software, external datasets, and consulting services.

Key Points:

AI-IRB screening for potential ethical or compliance issues in new tools.

Vendor due diligence for bias and data privacy compliance.

Ensures budget approvals align with project scope.

SOP-1005-01-AI: AI-Integrated Release Planning

Purpose: Integrates AI roadmaps and iteration cycles into the standard SDLC release planning.

Key Points:

AI feature backlog refinement, prioritization, and gating by AI-IRB.

Roadmap alignment with data readiness and capacity constraints.

Triggers for re-validation if new models are introduced.

SOP-1006-01-AI: AI-IRB Engagement and Ethical Review Procedure

Purpose: Provides the route for engaging with the AI-IRB to secure ethical clearances, especially for new or high-impact AI features.

Key Points:

Formal submission for ethical risk reviews.

Communication channels for clarifications and re-approvals.

Records of IRB decisions and any mandated conditions.

SOP-1007-01-AI: AI Asset Management

Purpose: Tracks and manages AI hardware, software licenses, pretrained model assets, and data assets across the organization.

Key Points:

Lifecycle tracking from acquisition to retirement.

Warranty, licensing compliance, and usage monitoring.

Asset modifications or reassignments require version logs.

SOP-1008-01-AI: AI Incident and Escalation Management

Purpose: Details how to handle real-time AI production incidents, anomalies, or emergent model misbehavior, including escalation to AI-IRB if ethics-related.

Key Points:

Tiered incident severity definitions for AI anomalies.

Communication guidelines and immediate fix or rollback.

Post-incident root cause analysis to incorporate lessons learned.

SOP-1009-01-AI: AI Model Drift and Re-Validation Procedure

Purpose: Ensures periodic checks for model drift (performance degradation or domain shifts) and triggers re-validation cycles.

Key Points:

Metrics for drift detection.

Retraining or model retirement guidelines.

AI-IRB involvement if drift implicates fairness or ethics.

SOP-1010-01-AI: AI-SDLC Site Monitoring and Incident Management

Purpose: Focuses on 24/7 site monitoring for AI-related production issues, bridging with general operations incident management.

Key Points:

Real-time site monitoring for model performance metrics.

Coordinated escalation if system stability is threatened.

Maintains ongoing compliance with SLA targets.

SOP-1011-01-AI: AI Feature Decommissioning and Model Retirement

Purpose: Lays out a structured approach to retire an AI feature or fully remove a model from production.

Key Points:

Checklist for shutting down active inferences.

Handling dependent functionalities or user workflows.

Archival of associated data and code artifacts.

SOP-1012-01-AI: AI Model Explainability and Interpretability Procedure

Purpose: Establishes mandatory steps to ensure each AI model includes interpretability features and relevant user/engineer documentation.

Key Points:

Setting up model explainers (e.g., SHAP, LIME).

Auditable logs explaining decisions.

IRB checks for transparency levels required.

SOP-1013-01-AI: AI Model Post-Production Monitoring and Ongoing Validation

Purpose: Mandates continuous monitoring of model KPIs and triggers re-validation if significant changes occur in performance or data distributions.

Key Points:

Metrics and thresholds for performance, bias, or drift.

Automated alerts to responsible teams.

Frequencies for scheduled health checks.

SOP-1014-01-AI: Regulatory & Ethical AI Compliance Verification

Purpose: Confirm compliance with relevant laws and internal policy for AI solutions (GDPR, CCPA, internal ethics charters, etc.).

Key Points:

Checklists for privacy laws, disclaimers, user consent.

AI-IRB involvement for expansions of scope or new data usage.

Audit trail for all compliance checks.

SOP-1015-01-AI: AI Knowledge Transfer and Handover Procedure

Purpose: Ensures structured knowledge transfer for new AI solutions from the development team to operational owners or support staff.

Key Points:

Documented training sessions, including final readouts.

Code tours, pipeline diagrams, environment replication steps.

Final handover acceptance.

SOP-1020-01-AI: AI Model Lifecycle Management

Purpose: Provides a meta-view of an AI model’s lifespan, from initial concept and prototyping to deployment, maintenance, and eventual retirement.

Key Points:

Stage gates aligned with AI-IRB reviews.

Criteria for scaling up from proof-of-concept to production.

End-of-life triggers and data final dispositions.

SOP-1030-01-AI: AI-Ad Hoc Reporting Procedure

Purpose: Governs how internal teams request quick-turnaround or one-time analysis from existing AI models or data sets.

Key Points:

Quick security/privacy checks for new requests.

IRB oversight if the request expands original data usage.

Prompt escalation or revision if scope creeps.

SOP-1040-01-AI: Requirements Definition

Purpose: Identifies how to capture functional and non-functional requirements for AI solutions, including data needs, acceptance criteria, and AI-IRB constraints.

Key Points:

AI-IRB gating for sensitive data usage or high-risk features.

Clear alignment of acceptance test cases.

Cross-functional reviews for risk, compliance, feasibility.

SOP-1050-01-AI: AI Security Administration and Governance

Purpose: Controls security measures around AI systems: data encryption, API access, key management, and vulnerability scanning for AI pipelines.

Key Points:

AI platform security, software supply chain management.

Periodic vulnerability scans on AI code and dependencies.

Zero-trust posture, especially for privileged AI model endpoints.

SOP-1051-01-AI: Security Administration and Oversight

Purpose: Provides an overarching approach to user account management, privileged account controls, and periodic reviews of access logs for the entire environment.

Key Points:

Role-based access control, especially for data scientists with production data.

Security posture reviews by AI-IRB if emergent risk.

Master accounts and restricted user IDs tracked.

SOP-1052-01-AI: AI Model Lifecycle Oversight and Governance

Purpose: AI-IRB overview ensuring all major steps in a model’s lifecycle comply with established ethical and regulatory frameworks.

Key Points:

Aligns with SOP-1020 but focuses on IRB gating.

Triage critical or sensitive updates for immediate IRB review.

Mandates final sign-off at each milestone.

SOP-1053-01-AI: Ethical Risk Assessment & Mitigation

Purpose: Mandates regular ethical risk assessment (diversity, bias, societal impact) for AI solutions and prescribes mitigation actions.

Key Points:

Periodic ethical risk reviews.

Mitigation plan sign-off by AI-IRB.

Documentation of residual risk acceptance.

SOP-1054-01-AI: AI-Regulated Project Approvals and Sponsorship

Purpose: Documents how AI-IRB obtains the necessary cross-functional approvals and sponsorship for regulated AI projects.

Key Points:

Funding and oversight checkpoints.

Sponsor sign-off from Senior Management.

IRB-structured gating across project phases.

SOP-1055-01-AI: Computer System Controls

Purpose: Ensures that all computing environments that host or serve AI models meet uniform control standards (SOX, HIPAA, ISO).

Key Points:

Automated logging, compliance requirements, access restrictions.

Physical and logical security for server rooms / cloud.

Periodic control audits and recertifications.

SOP-1060-01-AI: Service Level Agreement

Purpose: Stipulates minimum performance, availability, and support commitments for AI solutions.

Key Points:

Defines KPIs such as inference latency and uptime.

Penalties or escalation for repeated SLA breaches.

Review schedule for SLA adjustments.

SOP-1061-01-AI: Incident Tracking

Purpose: Comprehensive approach to log, categorize, and track incidents involving AI, from minor anomalies to critical outages.

Key Points:

Triage rules for severity.

Root cause analysis must consider model aspects.

Post-mortem that can trigger new IRB reviews if changes are required.

SOP-1100-01-AI: Documentation of Training

Purpose: Records job-related training for staff engaged in AI functions and compliance with policy or regulatory demands (AI-IRB included).

Key Points:

Documents training events and curricula.

Ensures staff have required AI knowledge, including bias/fairness.

Central repository of training logs for audits.

SOP-1101-01-AI: Training and Documentation

Purpose: Creates and maintains user instructions, training materials, knowledge base for newly delivered AI solutions.

Key Points:

Trainer selection from Technical Support or SMEs.

Product documentation readiness and acceptance by QA.

Post-training surveys and feedback loops.

SOP-1200-01-AI: Development

Purpose: Outlines coding, integration, unit test strategies specifically for AI components, referencing data pipelines and ML frameworks.

Key Points:

Emphasizes code reviews, test coverage for ML logic.

Aligns with environment config from SOP-1003.

Tools, branches, merges, and iteration cycles.

SOP-1210-01-AI: Quality Function

Purpose: Details test strategy, integration test plan, QA acceptance for both standard software and AI components (performance, bias, correctness).

Key Points:

System test includes functional, load, and regression tests.

Model performance acceptance criteria.

QA gate sign-off required prior to release.

SOP-1220-01-AI: Deployment

Purpose: Final rollout and push to production for AI solutions. Checks that AI-IRB’s final sign-off is present, and that relevant training is complete.

Key Points:

Transition from QA/staging to production.

Monitoring for immediate post-release anomalies.

Post-deployment review and lessons learned.

SOP-1300-01-AI: AI-IRB Governance & Oversight

Purpose: Defines the role, responsibilities, and authority of the AI-IRB to enforce ethical, regulatory, and operational checks.

Key Points:

Composition, decision-making process, meeting intervals.

Mandated reviews for high-impact or ethically sensitive AI projects.

Documentation of all IRB judgments or waivers.

SOP-1301-01-AI: AI Bias & Fairness Evaluation

Purpose: Mandates methods for detecting and mitigating bias within AI models, ensuring fairness across protected classes.

Key Points:

Tools and metrics for measuring bias.

IRB audits for critical classes (e.g., race, gender).

Remediation steps and retesting.

SOP-1302-01-AI: AI Explainability & Model Transparency

Purpose: Ensures that each AI model can be explained at an appropriate level to both internal stakeholders and external regulators/users.

Key Points:

Tracking of model interpretability methods.

Documentation or instrumentation for real-time interpretability.

IRB sign-off for permissible black-box levels if truly necessary.

SOP-1303-01-AI: AI Data Protection & Privacy

Purpose: Protects data used in AI systems from unauthorized access, ensuring compliance with relevant privacy laws (GDPR, HIPAA, etc.).

Key Points:

Pseudonymization or anonymization approach.

Secure data pipelines, encryption at rest/in transit.

IRB data usage approvals or rejections.

SOP-1304-01-AI: AI Validation & Monitoring

Purpose: Ongoing process to validate AI models’ correctness, reliability, and compliance after the initial deployment.

Key Points:

Monitoring plan for performance, unexpected behaviors.

Automated triggers for re-validation.

AI-IRB audit logs for significant anomalies.

SOP-1305-01-AI: AI Ethical Risk & Impact Assessment

Purpose: Formal assessment of the broader societal and ethical impacts of an AI initiative, ensuring that all relevant stakeholders and impacted parties are considered.

Key Points:

Comprehensive methodology for risk identification and rating.

Stakeholder consultation (including vulnerable populations).

Documentation of mitigations and sign-off by IRB.

SOP-1306-01-AI: AI End-of-Life & Sunset Process

Purpose: Provides a structured approach for decommissioning AI models that have outlived their useful or safe lifecycle.

Key Points:

AI-IRB verification that all obligations and user impacts are addressed.

Data and model archiving or destruction.

Post-sunset review of lessons learned.

SOP-2002-01: Control of Quality Records

Purpose: Governs management of all quality records and associated evidence for the entire AI-SDLC (including sign-offs, IRB documents, test logs).

Key Points:

Retention schedules, versioning, authorized destruction.

Cross-referencing for audits.

Accessibility and security for critical records.