Skip to main content

AI Governance Process Overview

This page explains WDC required AI Governance Process, which applies to developing or deploying AI in WDC products or internal services, and for procuring new AI vendors or features.

General Overview

The following steps outline the full AI Governance Process. See the Guidance sections below for more specific details related to Offers, Enterprise Functions, and Vendors:

Step 1: Submit an AI Gov Intake

Provides the AI Governance team an overview of your AI project or an AI vendor’s risk profile. Risks identified in this step will determine if Step 2, an AI Impact Assessment, will be needed.

  • Check the Guidance sections below to confirm you submit the appropriate intake form.
  • An intake is not yet needed for exploration, research, or proof-of-concept stages.

Step 2: Complete an AI Impact Assessment

considerations, training data, testing, monitoring and logging, documentation, and overall alignment with the GAI Policy and WDC Principles for Responsible AI.

  • If you are building a homegrown model or otherwise training a model, you will also be invited to complete a separate model assessment.

Step 3: Risk Treatment

AI Governance will collaborate with your team to implement risk mitigations and controls. This step may also involve follow-up questions or live consultation.

Guidance for Developing and Deploying AI

A) AI in WDC Offers

  1. Complete the AI Gov Intake form for WDC Offers.
  2. Within one week AI Governance will initiate an AI Impact Assessment for the project to be developed, at which point you will receive an email invitation to the OneTrust platform to complete a questionnaire. The AI Governance team may also reach out to schedule a live consultation during this time.
  3. Complete Risk Treatment. See Risk Treatment Process in OneTrust for more details.
    • You may need to request access to OneTrust if you don’t already have an account.

B) AI in Enterprise Functions

This includes any AI system, feature, or functionality developed by WDC that is intended for internal use within WDC. The following steps must be completed after the proof-of-concept stage and before moving to production:

  1. Submit an AI Gov Intake on Credo AI by adding a use case and filling out the AI Gov Intake questionnaire.
  2. If AI Governance finds an AI Impact Assessment is necessary, an additional assessment questionnaire will be added to Credo for you to complete.
  3. AI Governance will engage you via Credo to mitigate any identified risks.
    • See AI Governance Process in Credo AI to learn more.

Step 1: Submit an AI Gov Intake

Provides the AI Governance team an overview of your AI project or an AI vendor’s risk profile. Risks identified in this step will determine if Step 2, an AI Impact Assessment, will be needed.

  • Check the Guidance sections below to confirm you submit the appropriate intake form.
  • An intake is not yet needed for exploration, research, or proof-of-concept stages.

Step 2: Complete an AI Impact Assessment

considerations, training data, testing, monitoring and logging, documentation, and overall alignment with the GAI Policy and WDC Principles for Responsible AI.

  • If you are building a homegrown model or otherwise training a model, you will also be invited to complete a separate model assessment.

Step 3: Risk Treatment

AI Governance will collaborate with your team to implement risk mitigations and controls. This step may also involve follow-up questions or live consultation.

Guidance for Procuring an AI Vendor

A) AI in New Vendors

This is when you want to use a new vendor with AI features. The vendor AI Impact Assessment is integrated in the Cloud and Application Service Provider Remediation (CASPR) process.

  1. Submit a CASPR intake, which asks questions about the new vendor’s AI functionality.
  2. AI Governance will evaluate the intake, make a risk evaluation, and determine if an additional assessment is needed.
  3. You will receive an email informing you of the decision and next steps.

B) New AI in Existing Vendors, or On-prem Vendors

Given existing vendors have already completed CASPR, new AI functionality will need to be evaluated outside of the CASPR review cycle.
On-prem vendors that are exclusively run on WDC hardware also follow this process:

  1. Submit the On-Prem and AI Feature Review Intake Form (sign into Airtable).
  2. The AI Gov team will complete an initial risk evaluation and determine if any additional assessment is needed.
  3. You will receive an email informing you of the decision and next steps.Note: All vendors (new or existing with new AI) will also need to submit a request to Global Procurement Services.

C) Third-party AI models

  • Publicly available, including open-source and source available models: Legal terms need to be reviewed by your product lawyer and, as needed, WDC open innovation counsel.
  • Commercial models: A contract must be finalized through Global Procurement Services. Submit a GAI Procurement Request to initiate the process.

Question or Feedback?

Reach out via email at
support@westerndigital.com
or schedule office hours with the AI Governance team.

Schedule Meeting