Spaces:
Sleeping
Sleeping
Create MODEL_RISK_MANAGEMENT.md
Browse files- MODEL_RISK_MANAGEMENT.md +91 -0
MODEL_RISK_MANAGEMENT.md
ADDED
|
@@ -0,0 +1,91 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# Model Risk Management (SR 11-7–Style Framework)
|
| 2 |
+
|
| 3 |
+
## Scope
|
| 4 |
+
|
| 5 |
+
This document evaluates risks associated with AI components used in
|
| 6 |
+
**Federal FOIA Intelligence Search**.
|
| 7 |
+
|
| 8 |
+
---
|
| 9 |
+
|
| 10 |
+
## 1. Model Inventory
|
| 11 |
+
|
| 12 |
+
| Component | Description |
|
| 13 |
+
|----|----|
|
| 14 |
+
| LLM | External, general-purpose language model |
|
| 15 |
+
| PDF extraction | Optional text extraction utility |
|
| 16 |
+
| Visual analytics | Metadata-only plotting |
|
| 17 |
+
|
| 18 |
+
---
|
| 19 |
+
|
| 20 |
+
## 2. Intended Use
|
| 21 |
+
|
| 22 |
+
- Research assistance
|
| 23 |
+
- Contextual explanation
|
| 24 |
+
- Metadata summarization
|
| 25 |
+
|
| 26 |
+
**Not intended for:**
|
| 27 |
+
- Legal advice
|
| 28 |
+
- Evidence creation
|
| 29 |
+
- Predictive analysis
|
| 30 |
+
- Decision automation
|
| 31 |
+
|
| 32 |
+
---
|
| 33 |
+
|
| 34 |
+
## 3. Risk Identification
|
| 35 |
+
|
| 36 |
+
### Key Risks
|
| 37 |
+
- Hallucinated statements
|
| 38 |
+
- Citation misuse
|
| 39 |
+
- User overreliance
|
| 40 |
+
- Misinterpretation of public records
|
| 41 |
+
|
| 42 |
+
---
|
| 43 |
+
|
| 44 |
+
## 4. Risk Controls
|
| 45 |
+
|
| 46 |
+
| Risk | Control |
|
| 47 |
+
|----|----|
|
| 48 |
+
| Hallucination | Citation anchoring |
|
| 49 |
+
| Overconfidence | Disclosure banners |
|
| 50 |
+
| Scope creep | Feature flags |
|
| 51 |
+
| Data misuse | Public-only constraint |
|
| 52 |
+
|
| 53 |
+
---
|
| 54 |
+
|
| 55 |
+
## 5. Validation & Testing
|
| 56 |
+
|
| 57 |
+
- Manual review of AI outputs
|
| 58 |
+
- Cross-checking against citations
|
| 59 |
+
- Integrity hashing for auditability
|
| 60 |
+
|
| 61 |
+
---
|
| 62 |
+
|
| 63 |
+
## 6. Governance & Oversight
|
| 64 |
+
|
| 65 |
+
- Phase-based feature rollout
|
| 66 |
+
- Hard-gated experimental features
|
| 67 |
+
- Maintainer approval for expansions
|
| 68 |
+
|
| 69 |
+
---
|
| 70 |
+
|
| 71 |
+
## 7. Change Management
|
| 72 |
+
|
| 73 |
+
- Version-controlled releases
|
| 74 |
+
- Feature flags for AI
|
| 75 |
+
- Kill-switch capability
|
| 76 |
+
|
| 77 |
+
---
|
| 78 |
+
|
| 79 |
+
## 8. Residual Risk Assessment
|
| 80 |
+
|
| 81 |
+
Residual risk is **Low to Moderate**, acceptable given:
|
| 82 |
+
- Non-decision-making role
|
| 83 |
+
- Explicit user warnings
|
| 84 |
+
- Absence of automation
|
| 85 |
+
|
| 86 |
+
---
|
| 87 |
+
|
| 88 |
+
## SR 11-7 Alignment Summary
|
| 89 |
+
|
| 90 |
+
This application aligns with **low-risk assistive model classifications**
|
| 91 |
+
under SR 11-7-style governance.
|