ACorrect
HIPAA
Correct. HIPAA is a US law that governs the handling of medical information (protected health information). It is a regulation referenced when handling AI and data in the healthcare field.
A company is researching external frameworks it can reference when establishing AI governance policy. Which of the following are appropriate as frameworks or regulations referenced in relation to AI and data governance? (Choose TWO.)
1 / 1
Select all that apply
CorrectA, B
Explanation
Choosing TWO frameworks referenced in AI and data governance.
- 1「frameworks or regulations referenced in relation to AI and data governance」External frameworks such as laws and standards
- 2「Which of the following are appropriate」HIPAA and NIST AI RMF apply
BCorrect
NIST AI Risk Management Framework
Correct. NIST AI RMF is the US NIST framework for identifying, assessing, and managing AI risks. It is referenced in responsible AI governance.
CIncorrect
ITIL
ITIL is a set of best practices for IT service operations management.
It is an IT framework, but not a governance framework that targets the protection and risk management of AI and data, so it is incorrect.
DIncorrect
OSI reference model
The OSI reference model is a conceptual model that organizes network communication into seven layers.
It is a technical reference model, not a governance framework or regulation, so it is incorrect.
EIncorrect
Waterfall
Waterfall is a model for how software development proceeds.
It is about the development process, not an AI and data governance framework, so it is incorrect.
Key Takeaway
In AI and data governance, frameworks and regulations such as ISO/IEC 27001, SOC, GDPR, and PCI DSS, as well as 'HIPAA' (the US medical information protection law) and 'NIST AI RMF' (the AI Risk Management Framework), are referenced. Check the applicable regulations based on the data, industry, and region. By contrast, ITIL (IT service operations management), the OSI reference model (network layers), and Waterfall (development process) are IT frameworks, but their scope differs from AI and data governance and regulation.