Iso 27090 May 2026

No forensic logging beyond default application logs. No model versioning. Inconsistent evidence preservation.

All inferences logged with input hashes, output, timestamp, and user/system context. Model snapshots daily, hashed and signed. Training data provenance recorded. Incident response plan includes AI-specific scenarios. iso 27090

Continuous integrity monitoring of model parameters. Automated alerting on statistical anomalies (e.g., sudden accuracy drop). Forensic storage with write-once-read-many (WORM) controls. Regular forensic readiness testing. No forensic logging beyond default application logs