If disabled because of an incident, can your solution's AI features be re-enabled in a timely manner?
Explanation
Recoverability of AI functionality is what reviewers want to confirm, specifically whether features disabled during an incident can be brought back online promptly. In the context of security compliance, this relates to business continuity and incident response capabilities.
The question aims to understand:
- If you have procedures in place to safely disable AI features when a security incident occurs
- How quickly you can restore those AI features once the incident is resolved
- Whether you have tested these procedures to ensure they work as expected
This is important because AI systems may need to be temporarily disabled during security incidents to prevent exploitation, data leakage, or other security risks. However, if these systems support critical business functions, organizations need to know how quickly normal operations can resume.
A good answer should include:
- The specific process for disabling and re-enabling AI features
- Estimated timeframes for restoration (minutes, hours, days)
- Any dependencies that might affect restoration time
- Whether the process has been tested through drills or actual incidents
- Any contingency plans during the outage period
Guidance
Looking for incident response procedure for shutting down and re-enabling model features due to a security event. Please provide the amount of time it would take to renable your solution's AI feature(s).
Example Responses
Example Response 1
Yes, our AI features can be re-enabled in a timely manner following an incident We have documented procedures for both disabling and re-enabling our AI systems as part of our incident response plan The re-enabling process involves a security validation check, system integrity verification, and a phased restoration approach Typically, our AI features can be restored within 4 hours of incident resolution This timeline has been verified through our quarterly disaster recovery testing During the outage, we maintain business continuity through fallback to non-AI processing methods that, while less efficient, ensure critical operations continue.
Example Response 2
Yes, our solution's AI features can be rapidly re-enabled following an incident We utilize a containerized architecture with immutable infrastructure, allowing us to redeploy clean AI components from verified images within 30 minutes Our incident response team follows a documented checklist that includes security validation before re-enabling services The process is fully automated through our CI/CD pipeline and has been successfully tested during our monthly disaster recovery exercises Additionally, we maintain redundant AI processing capabilities in a separate environment that can be activated within 15 minutes if the primary environment requires extended remediation.
Example Response 3
No, our current implementation does not support rapid re-enabling of AI features following an incident If our AI components need to be disabled due to a security event, the restoration process would require manual intervention by our development team and could take 2-3 business days to complete This is because our AI models require extensive retraining and validation before being returned to production We recognize this as a gap in our incident response capabilities and are currently developing an improved architecture with containerization and automated deployment that will reduce restoration time to under 4 hours This enhancement is scheduled for completion in Q3 of this year.
Context
- Tab
- AI
- Category
- AI Policy
Related questions
- Are your AI developer's policies, processes, procedures, and practices across the organization related to the mapping, measuring, and managing of AI risks conspicuously posted, unambiguous, and implemented effectively?
- Have you identified and measured AI risks?
- In the event of an incident, can your solution's AI features be disabled in a timely manner?
- Do you have documented technical and procedural processes to address potential negative impacts of AI as described by the AI Risk Management Framework (RMF)?

