RAI Assessment Template
This template defines the standard structure for Responsible AI assessment documents.
Template Structure
# RAI Assessment - [Project Name]
## Preamble
_Important to note:_ This Responsible AI assessment cannot certify or attest to the complete safety or fairness of an AI system. This document is intended to help produce RAI-focused backlog items, evaluate against Microsoft RAI Standard v2 and NIST AI RMF 1.0, and document assessment findings including sensitive uses screening, security model analysis, and tradeoff decisions.
## System Definition
| Field | Value |
|----------------------|---------------------------------------------------|
| System Name | [System name] |
| System Purpose | [What the system does and the problem it solves] |
| AI/ML Components | [Model types, frameworks, training approaches] |
| Deployment Model | [Cloud, edge, hybrid, on-device] |
| Data Inputs | [Training data sources, inference inputs] |
| Data Outputs | [Predictions, recommendations, generated content] |
| Intended Use Context | [Target users and operational environment] |
| Out-of-Scope Uses | [Explicitly excluded use cases] |
| Assessment Date | [YYYY-MM-DD] |
| Entry Mode | [capture, from-prd, from-security-plan] |
### AI Component Inventory
| Component | Model Type | Training Approach | Inference Pipeline | Primary RAI Concerns |
|------------------|------------------------------------|-------------------------------------------------|------------------------|---------------------------|
| [Component name] | [Classification, generation, etc.] | [Supervised, self-supervised, fine-tuned, etc.] | [API, embedded, batch] | [Fairness, privacy, etc.] |
### Stakeholder Roles
| Stakeholder | Role | Relationship to System |
|--------------------|------------------------------------------------------------|-------------------------------------------------|
| [Stakeholder name] | [Developer, operator, affected individual, oversight body] | [Direct user, indirect subject, reviewer, etc.] |
## Stakeholder Impact Map
| Stakeholder Group | Potential Impact | Impact Pathway | Risk Level | Vulnerable Population |
|-------------------|-----------------------------------|---------------------|----------------------------|-----------------------|
| [Group name] | [Description of potential impact] | [How impact occurs] | [Critical/High/Medium/Low] | [Yes/No] |
## Sensitive Uses Screening
### Screening Summary
| Category | Applicable | Severity | Restricted Use |
|-------------------------------------|------------|------------------------------------------------|----------------|
| Consequential impact on individuals | [Yes/No] | [Negligible/Moderate/Significant/Catastrophic] | [Yes/No] |
| Consequential impact on communities | [Yes/No] | [Negligible/Moderate/Significant/Catastrophic] | [Yes/No] |
| Potential for physical harm | [Yes/No] | [Negligible/Moderate/Significant/Catastrophic] | [Yes/No] |
| Potential for psychological harm | [Yes/No] | [Negligible/Moderate/Significant/Catastrophic] | [Yes/No] |
| Surveillance and tracking | [Yes/No] | [Negligible/Moderate/Significant/Catastrophic] | [Yes/No] |
| Deception risk | [Yes/No] | [Negligible/Moderate/Significant/Catastrophic] | [Yes/No] |
| Transparency and disclosure | [Yes/No] | [Negligible/Moderate/Significant/Catastrophic] | [Yes/No] |
| Impacts on human autonomy | [Yes/No] | [Negligible/Moderate/Significant/Catastrophic] | [Yes/No] |
| Dual-use potential | [Yes/No] | [Negligible/Moderate/Significant/Catastrophic] | [Yes/No] |
### Use-Misuse Inventory
| Scenario Type | Description | Harm Pathway | Severity |
|---------------|-------------------------------|------------------------|------------------------------------------------|
| Intended use | [Intended use scenario] | [N/A or minimal risk] | [Negligible/Moderate/Significant/Catastrophic] |
| Misuse | [Foreseeable misuse scenario] | [How harm could occur] | [Negligible/Moderate/Significant/Catastrophic] |
## RAI Standards Mapping
### Microsoft RAI Standard v2
| Principle | Applicable Components | Assessment Criteria | Tooling | Compliance Status |
|------------------------|-----------------------|-----------------------------------------------------------|----------------------------------------------|--------------------|
| Fairness | [Components] | Demographic parity, equalized odds, group-level fairness | Fairlearn, RAI Dashboard Fairness Analysis | [Full/Partial/Gap] |
| Reliability and Safety | [Components] | Cohort error analysis, performance bounds, stress testing | RAI Dashboard Error Analysis, Model Overview | [Full/Partial/Gap] |
| Privacy and Security | [Components] | Differential privacy verification, data minimization | SmartNoise, Microsoft Purview DSPM | [Full/Partial/Gap] |
| Inclusiveness | [Components] | Dataset representation analysis, accessibility testing | RAI Dashboard Data Analysis | [Full/Partial/Gap] |
| Transparency | [Components] | Feature importance, SHAP values, model card completeness | InterpretML, RAI Dashboard Interpretability | [Full/Partial/Gap] |
| Accountability | [Components] | PDF scorecards, model cards, decision audit trails | RAI Dashboard Scorecard, Audit logging | [Full/Partial/Gap] |
### NIST AI RMF 1.0
| Function | Category | Subcategory | Applicability | Current Posture |
|----------|----------|-------------|------------------|---------------------------|
| Govern | GV-1 | GV-1.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Govern | GV-1 | GV-1.2 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Govern | GV-2 | GV-2.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Govern | GV-3 | GV-3.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Govern | GV-4 | GV-4.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Govern | GV-5 | GV-5.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Govern | GV-6 | GV-6.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Map | MP-1 | MP-1.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Map | MP-2 | MP-2.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Map | MP-3 | MP-3.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Map | MP-4 | MP-4.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Map | MP-5 | MP-5.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Measure | MS-1 | MS-1.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Measure | MS-2 | MS-2.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Measure | MS-3 | MS-3.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Measure | MS-4 | MS-4.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Manage | MG-1 | MG-1.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Manage | MG-2 | MG-2.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Manage | MG-3 | MG-3.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
| Manage | MG-4 | MG-4.1 | [Applicable/N/A] | [Implemented/Partial/Gap] |
## RAI Security Model Addendum
### AI-Specific Threat Categories
| Category | Threat Focus |
|---------------------|-------------------------------------------------------------|
| Data poisoning | Manipulation of training or fine-tuning data |
| Model evasion | Adversarial inputs designed to cause misclassification |
| Prompt injection | Manipulation of LLM prompts to override instructions |
| Output manipulation | Altering model outputs in transit or post-processing |
| Bias amplification | Model behavior that reinforces or amplifies existing biases |
| Privacy leakage | Extraction of training data, PII, or sensitive information |
| Misuse escalation | System capabilities repurposed for unintended harmful uses |
### Threat Catalog
| Threat ID | Category | STRIDE | Affected Component | Description | Likelihood | Impact | Risk |
|------------------------|------------|---------------|--------------------|----------------------|---------------------------------|----------------------------|--------------|
| RAI-T-[CATEGORY]-[NNN] | [Category] | [STRIDE type] | [Component name] | [Threat description] | [Likely/Possible/Unlikely/Rare] | [Critical/High/Medium/Low] | [Risk level] |
### Severity Matrix
| Likelihood \ Impact | Low | Medium | High | Critical |
|---------------------|--------|--------|----------|----------|
| Very likely | Medium | High | Critical | Critical |
| Likely | Low | Medium | High | Critical |
| Possible | Low | Medium | Medium | High |
| Unlikely | Low | Low | Medium | Medium |
| Rare | Low | Low | Low | Medium |
## Control Surface Catalog
| Control ID | Threat ID | Principle | Control Type | Control Description | Implementation Status |
|---------------|----------------------|-----------------|--------------------------|-------------------------|---------------------------|
| [EV-ABBR-NNN] | [RAI-T-CATEGORY-NNN] | [RAI principle] | [Prevent/Detect/Respond] | [What the control does] | [Implemented/Planned/Gap] |
### Control Surface Matrix
| Principle | Prevent | Detect | Respond |
|------------------------|-------------------------------------------|---------------------------------------|----------------------------------|
| Fairness | [Bias testing, balanced training data] | [Demographic parity monitoring] | [Retraining pipelines, rollback] |
| Reliability and Safety | [Input validation, adversarial testing] | [Drift detection, anomaly monitoring] | [Graceful degradation, fallback] |
| Privacy and Security | [Differential privacy, data minimization] | [Data leakage detection] | [Breach response, data deletion] |
| Inclusiveness | [Accessibility testing, diverse research] | [Usage gap analysis] | [Content adaptation] |
| Transparency | [Model cards, explanation interfaces] | [Explanation quality monitoring] | [Explanation correction] |
| Accountability | [Role-based access, approval workflows] | [Compliance monitoring] | [Escalation procedures] |
## Evidence Register
| Evidence ID | Threat ID | Principle | Control Type | Coverage Status | Verification Status | Evidence Source |
|-----------------|----------------------|-----------------|--------------------------|--------------------|------------------------------------------|------------------------|
| EV-[ABBR]-[NNN] | [RAI-T-CATEGORY-NNN] | [RAI principle] | [Prevent/Detect/Respond] | [Full/Partial/Gap] | [Verified/Unverified/Partially Verified] | [Artifact or document] |
**Legend:**
* Principle abbreviations: FAIR, REL, PRIV, INCL, TRAN, ACCT
* Coverage Status: Full (control exists and covers the threat), Partial (control exists but incomplete), Gap (no control)
* Verification Status: Verified (tested and confirmed), Partially Verified (some test cases pass), Unverified (no testing performed)
## Tradeoff Analysis
| Tradeoff | Competing Principles | Description | Resolution Recommendation |
|-----------------|---------------------------------|----------------------------------------------|--------------------------------------|
| [Tradeoff name] | [Principle A] vs. [Principle B] | [How the principles conflict in this system] | [Recommended approach and rationale] |
Common tradeoff patterns:
| Tradeoff | Example |
|--------------------------|---------------------------------------------------------------------------------|
| Transparency vs. Privacy | Explaining model decisions may reveal sensitive training data |
| Fairness vs. Performance | Debiasing techniques may reduce model accuracy for some populations |
| Safety vs. Inclusiveness | Conservative safety filters may disproportionately restrict certain user groups |
## Scorecard
### Dimension Scores
| Dimension | Score (1-5) | Assessment |
|-----------------------------|-------------|----------------------|
| Scope Boundary Clarity | [1-5] | [Assessment summary] |
| Risk Identification Quality | [1-5] | [Assessment summary] |
| Control Surface Adequacy | [1-5] | [Assessment summary] |
| Evidence Sufficiency | [1-5] | [Assessment summary] |
| Future Work Governance | [1-5] | [Assessment summary] |
| **Total** | **[X]/25** | |
### Outcome Tiers
| Tier | Score Range | Meaning |
|----------------------|-------------|-----------------------------------------------------------------------|
| Approved | 20–25 | Assessment is comprehensive; proceed with identified mitigations |
| Conditional | 15–19 | Assessment has gaps; proceed with conditions and remediation timeline |
| Remediation Required | Below 15 | Significant gaps identified; remediation before proceeding |
**Assessment outcome:** [Approved/Conditional/Remediation Required]
## Backlog Items
### [Priority] [Work Item Title]
**RAI Principle:** [Principle name] | **Threat ID:** [RAI-T-CATEGORY-NNN or "N/A"]
**Effort:** [S/M/L/XL] | **Control Type:** [Prevent/Detect/Respond]
**Prerequisite:** [Work item ID or "None"]
#### Description
[What needs to be done and why — include the RAI benefit]
#### Implementation Steps
1. [Concrete step with file path or tool reference]
2. [Next step]
#### Acceptance Criteria
- [ ] [Verifiable criterion]
- [ ] [Verifiable criterion]
#### ADO Mapping
- Type: [Epic/Feature/User Story/Task]
- Tags: rai, [principle], [threat-category]
#### GitHub Mapping
- Labels: rai, [principle], [threat-category]
- Milestone: [Milestone name]
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.