AIPL-04

If disabled because of an incident, can your solution's AI features be re-enabled in a timely manner?

Explanation

This question is asking about your organization's ability to restore AI functionality after it has been disabled due to a security incident. In the context of security compliance, this relates to business continuity and incident response capabilities. The question aims to understand: 1. If you have procedures in place to safely disable AI features when a security incident occurs 2. How quickly you can restore those AI features once the incident is resolved 3. Whether you have tested these procedures to ensure they work as expected This is important because AI systems may need to be temporarily disabled during security incidents to prevent exploitation, data leakage, or other security risks. However, if these systems support critical business functions, organizations need to know how quickly normal operations can resume. A good answer should include: - The specific process for disabling and re-enabling AI features - Estimated timeframes for restoration (minutes, hours, days) - Any dependencies that might affect restoration time - Whether the process has been tested through drills or actual incidents - Any contingency plans during the outage period

Guidance

Looking for incident response procedure for shutting down and re-enabling model features due to a security event. Please provide the amount of time it would take to renable your solution's AI feature(s).

Example Responses

Example Response 1

Yes, our AI features can be re-enabled in a timely manner following an incident We have documented procedures for both disabling and re-enabling our AI systems as part of our incident response plan The re-enabling process involves a security validation check, system integrity verification, and a phased restoration approach Typically, our AI features can be restored within 4 hours of incident resolution This timeline has been verified through our quarterly disaster recovery testing During the outage, we maintain business continuity through fallback to non-AI processing methods that, while less efficient, ensure critical operations continue.

Example Response 2

Yes, our solution's AI features can be rapidly re-enabled following an incident We utilize a containerized architecture with immutable infrastructure, allowing us to redeploy clean AI components from verified images within 30 minutes Our incident response team follows a documented checklist that includes security validation before re-enabling services The process is fully automated through our CI/CD pipeline and has been successfully tested during our monthly disaster recovery exercises Additionally, we maintain redundant AI processing capabilities in a separate environment that can be activated within 15 minutes if the primary environment requires extended remediation.

Example Response 3

No, our current implementation does not support rapid re-enabling of AI features following an incident If our AI components need to be disabled due to a security event, the restoration process would require manual intervention by our development team and could take 2-3 business days to complete This is because our AI models require extensive retraining and validation before being returned to production We recognize this as a gap in our incident response capabilities and are currently developing an improved architecture with containerization and automated deployment that will reduce restoration time to under 4 hours This enhancement is scheduled for completion in Q3 of this year.

Context

Tab: AI
Category: AI Policy