Posted On: Nov 8, 2023

Available today, AWS Audit Manager customers can now access a prebuilt standard framework to help gain visibility into how their generative AI implementation on Amazon Bedrock is working against AWS recommended best practices. With this framework, Amazon Bedrock customers can now start auditing their generative AI usage and automating evidence collection, providing a consistent approach for tracking AI model usage and permissions, flagging sensitive data, and alerting on issues.

Amazon Bedrock customers can access the ‘generative AI best practices framework v1’ in the AWS Audit Manager framework library, where they can identify and select from 110 new controls focused on generative AI best practices in domains such as governance and oversight, data security and privacy, incident management, and business continuity planning. Controls written in this framework are already mapped to Amazon Bedrock data sources, and to begin structuring an automated assessment, customers simply select the specific controls they want to assess. For example, customers seeking to mitigate known biases before feeding data into their model can use the ‘Pre-processing Techniques’ control to require evidence of validation criteria including documentation of data augmentation, re-weighting, or re-sampling.

AWS experts in AI, compliance, and security assurance, developed this framework with additional review by global audit and assurance firm Deloitte, an AWS Partner. The framework is available today in the AWS Audit Manager framework library in all AWS Regions where Amazon Bedrock is available. To learn more, visit AWS Audit Manager user documentation.