Simple Governance Framework scope (first version)

vicenteherrera commented 1 month ago

Contact Details

vicente.herrera@control-plane.io

What is the idea

Several times there are questions on the scope of the current work done for the Simple Governance Framework. To make it public until the full framework is opened on 30 September, I've included here this description. Please comment in case of any doubt, or if you have recommendations on what to include next.

Motivation:

Have an initial small scope, that is easy to implement, and won't take long to have a first iteration.
Choose the most common case that financial organizations are facing.
Focus on something we can open-source.

Scope:

Generative AI large language model.
System composed of a SaaS inference endpoint external to the organization.
Usage of Retrieval Augmented Generation (RAG), to provide a knowledge base custom to the organization.
Users are internal to the organization. They interact with the system through an UI and are responsible for what they send and how they use the provided information.

Out of scope (for now)

Pre-trained model (open source or not) that the organization deploys on its own infrastructure.
Fine tunning of a model (be it open source, or SaaS).
AI agents collaborating.
User interacting with the model is external to the organization.
User is not first responsible for action, but the AI model, being it completely independent, or having light supervision.
Most safety/bias consideration are out of scope for the first version of the governance framework, but will for sure be considered later as it is one of the objectives for the group in general.
Small models that are very specialized, and are updated continuosly depending on the data being feeded (example models for organizing cache in a bigger system).

Additional considerations:

There has been mention to explicitely extend the scope for Code Generation models, as they will be a very similar use case.
There is the question how the security evaluation of the external SaaS model should be conducted, as it may change continuously. The current line of thought is that the external model should provide an evaluation status, not to be done by the organization.

Why is it a good idea

This is just a reference so people can understand what is in scope and why.

How does it work?

Just read the information.

primer

artificial intelligence

Any other key information

Please if you have any further question, or you find there is a mistake in the explanation, leave a comment so the information can be ammended or refined.

Code of Conduct

[X] I agree to follow the FINOS Code of Conduct

Neetuj commented 1 month ago

Is the scope of governance framework achieving :-

Secure internally used SaaS RAG AI models or
Safe + best practices internally used SaaS RAG AI models (which will add impartial, fair, ethical, responsible usage monitoring to security , privacy , performance, reliability monitoring)

ColinEberhardt commented 1 week ago

Thanks for authoring this @vicenteherrera - I adapted this a little and added to the governance framework introduction:

https://github.com/finos/ai-readiness/blob/main/docs/index.md#initial-scope---rag-based-qa

If you're happy with this, should we close this issue?

finos / ai-readiness