Volver a plantillas de gobernanza de IA
Políticas del ciclo de vida de modelos

Post Market Monitoring Policy

Outlines how ongoing monitoring and reporting works for high-risk systems.

Responsable: Post-Market Monitoring Officer

Objetivo

Comply with EU AI Act Article 61 and internal governance objectives by defining how high-risk AI systems are monitored, documented, and reported after deployment.

Alcance

Applies to all high-risk and critical AI systems deployed in the EU or other regulated markets. Medium-risk systems may adopt this policy to strengthen assurance.

  • High-risk Annex III systems (credit, employment, healthcare, safety)
  • Critical internal controls (financial reporting, regulatory submissions)
  • AI services with contractual monitoring clauses

Definiciones

  • Post-Market Monitoring Plan (PMMP): Formal plan describing monitoring metrics, data sources, and reporting cadence.
  • Serious Incident: Event causing harm, security breach, or regulatory non-compliance that must be reported to authorities.
  • Corrective Action: Steps to remediate identified issues, including retraining or disabling the AI system.

Política

All applicable systems must maintain an approved PMMP. Monitoring evidence, incident logs, and corrective actions must be retained and made available to regulators upon request. Serious incidents must be reported within mandated timelines.

Roles y responsabilidades

Post-Market Monitoring Officer (PMMO) owns PMMP templates, consolidates reports, and liaises with regulators. Model Owners execute monitoring tasks and document incidents. Compliance ensures reporting deadlines are met. Responsible AI reviews safety outcomes.

Procedimientos

PMMP must cover:

  • Monitoring scope and metrics (accuracy, bias, safety incidents, data drift).
  • Data sources (monitoring dashboards, user feedback channels, audit logs).
  • Alert thresholds and escalation matrix.
  • Incident reporting workflow with regulatory timelines.
  • Corrective action tracking and closure criteria.
  • Periodic PMMP review schedule.

Excepciones

If a system temporarily ceases operation (e.g., maintenance), PMMO may suspend PMMP activities but must document rationale and restart monitoring before reactivation.

Frecuencia de revisión

PMMP effectiveness is reviewed at least annually or sooner after major incidents or regulatory updates. Results feed into the enterprise risk register.

Referencias

  • EU AI Act Article 61 (Post-market monitoring)
  • ISO/IEC 42001:2023 Clauses 9 and 10 (Performance evaluation, improvement)
  • Internal documents: Incident Response for AI Systems Policy, Monitoring Playbook, Regulatory Reporting SOP

¿Listo para implementar esta política?

Use VerifyWise para personalizar esta plantilla de política, desplegarla y hacer seguimiento del cumplimiento.

Comenzar gratisExplorar todas las plantillas
Post Market Monitoring Policy | Plantillas de gobernanza de IA de VerifyWise